Author: markt
Date: Fri Jul 29 10:05:59 2016
New Revision: 1754494
URL: http://svn.apache.org/viewvc?rev=1754494&view=rev
Log:
When retrieving an object via a ResourceLink, ensure that the object obtained
is of the expected type.
This addresses a long standing FIXME
Modified:
tomcat/trunk/java/org/apache/naming/factory/ResourceLinkFactory.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/naming/factory/ResourceLinkFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/factory/ResourceLinkFactory.java?rev=1754494&r1=1754493&r2=1754494&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/naming/factory/ResourceLinkFactory.java
(original)
+++ tomcat/trunk/java/org/apache/naming/factory/ResourceLinkFactory.java Fri
Jul 29 10:05:59 2016
@@ -14,8 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.naming.factory;
import java.util.Hashtable;
@@ -29,22 +27,15 @@ import javax.naming.spi.ObjectFactory;
import org.apache.naming.ResourceLinkRef;
-
/**
* <p>Object factory for resource links.</p>
*
* @author Remy Maucherat
*/
-public class ResourceLinkFactory
- implements ObjectFactory {
-
-
- // ----------------------------------------------------------- Constructors
-
+public class ResourceLinkFactory implements ObjectFactory {
// ------------------------------------------------------- Static Variables
-
/**
* Global naming context.
*/
@@ -53,7 +44,6 @@ public class ResourceLinkFactory
// --------------------------------------------------------- Public Methods
-
/**
* Set the global context (note: can only be used once).
*
@@ -71,7 +61,6 @@ public class ResourceLinkFactory
// -------------------------------------------------- ObjectFactory Methods
-
/**
* Create a new DataSource instance.
*
@@ -79,11 +68,11 @@ public class ResourceLinkFactory
*/
@Override
public Object getObjectInstance(Object obj, Name name, Context nameCtx,
- Hashtable<?,?> environment)
- throws NamingException {
+ Hashtable<?,?> environment) throws NamingException {
- if (!(obj instanceof ResourceLinkRef))
+ if (!(obj instanceof ResourceLinkRef)) {
return null;
+ }
// Can we process this request?
Reference ref = (Reference) obj;
@@ -95,14 +84,20 @@ public class ResourceLinkFactory
globalName = refAddr.getContent().toString();
Object result = null;
result = globalContext.lookup(globalName);
- // FIXME: Check type
+ // Check the expected type
+ String expectedClassName = ref.getClassName();
+ try {
+ Class<?> expectedClazz = Class.forName(
+ expectedClassName, true,
Thread.currentThread().getContextClassLoader());
+ if (!expectedClazz.isAssignableFrom(result.getClass())) {
+ throw new IllegalArgumentException();
+ }
+ } catch (ClassNotFoundException e) {
+ throw new IllegalStateException(e);
+ }
return result;
}
- return (null);
-
-
+ return null;
}
-
-
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1754494&r1=1754493&r2=1754494&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jul 29 10:05:59 2016
@@ -80,6 +80,10 @@
<bug>59839</bug>: Apply <code>roleSearchAsUser</code> to all nested
searches
in JNDIRealm. (fschumacher)
</fix>
+ <add>
+ When retrieving an object via a <code>ResourceLink</code>, ensure that
+ the object obtained is of the expected type. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
