Author: markt
Date: Mon Aug 1 10:57:28 2016
New Revision: 1754733
URL: http://svn.apache.org/viewvc?rev=1754733&view=rev
Log:
Provide a mechanism that enables the container to check if a component
(typically a web application) has been granted a given permission when running
under a SecurityManager without the current execution stack having to have
passed through the component. Use this new mechanism to extend SecurityManager
protection to the system property replacement feature of the digester.
Added:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/security/PermissionCheck.java
- copied unchanged from r1754728,
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/security/PermissionCheck.java
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/digester/Digester.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 1 10:57:28 2016
@@ -1,4 +1,4 @@
-/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989
,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675,1733942,1734116,1734134,1734532,1737249,1737253,1737968,1738049,1738186,1739778,1741178,1741184,1741193,1741211,1741218,1741228,1741235,1742281,1743121,1743142,1743649,1744061,1744129,1744155,1744241,1744383,1744689,1745230,1746942,1746994,1749377,1750018,1750980,1751066,1754114,1754147
+/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989
,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675,1733942,1734116,1734134,1734532,1737249,1737253,1737968,1738049,1738186,1739778,1741178,1741184,1741193,1741211,1741218,1741228,1741235,1742281,1743121,1743142,1743649,1744061,1744129,1744155,1744241,1744383,1744689,1745230,1746942,1746994,1749377,1750018,1750980,1751066,1754114,1754147,1754728
/tomcat/tc8.0.x/trunk:1637685,1637709,1640674,1641726,1641729-1641730,1643513,1643539,1643571,1643581-1643582,1644018,1648816,1656300,1658801-1658803,1658811,1659522,1663997,1664175,1665086,1666967,1666988,1668634,1669801,1676556,1681182,1681840,1681864,1685827,1689921,1693108,1694291,1694427,1694873,1696379,1701944,1710347,1712618,1712655,1713872,1713998,1714004,1714538,1715207,1715866,1716216-1716217,1716414,1717208-1717209,1720235,1720396,1720442,1720463,1721813,1721882,1722800,1723130,1724434,1724674,1724792,1724803,1725929,1725963-1725965,1725970,1725974,1726172,1726175,1726179-1726182,1726195-1726198,1726200,1726203,1726226,1726576,1726630,1727029,1727037,1727671,1727900,1728449,1729362,1731009,1731955,1731977,1732360,1732672,1733941,1734115,1734133,1734531,1737967,1738173,1739777,1741217,1743647,1744152
-/tomcat/tc8.5.x/trunk:1737199,1737966,1738044,1741174,1741182,1741191,1741209,1741226,1741233,1742277,1743118,1743139-1743140,1744059,1744127,1744151,1744232,1744377,1744687,1745228,1746940,1749375,1750016,1750976,1751062,1754112,1754144
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,656018,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770
809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,890139,890265
,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907727,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,943112,944409,944416,945231,945808,945835,945841,946686,94
8057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004393,1004409,1004415,1004868-1004869,1004912,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1033897,1037715,1037794,1037887,1037924,1038041,1041892,1042022,1042029,1042447,1042452,1042494,1043983,1044944,1044987,1049264,1050249,1055055,1055236,1055458,1055975,1056264,1056828,1056889,1059881,1060486,1061412,1061442,1061446,1061503,1062398,1064652,1066244,1066772,1067039,1067139,1069824,1070139,1070420,1070609,1072042,1073184,1073393,1075458,1076212,1078409,1078412,1079801,1081118,1081334,1088179,1088460,1090022,1
094069,1094089,1095138,1097899,1099575,1099586,1099772,1099789,1100145,1100822,1101094,1101144,1124680,1130774,1133014,1137862,1137996,1138950,1138953,1139280,1140693,1141104,1141441,1142043,1142904,1143134,1143150,1145137,1148216,1148471,1152601,1156171,1156519,1164567,1167394,1172233-1172234,1172236,1173614,1174353,1174882,1174884,1175158,1175190,1176799,1177125,1177245,1177850,1177862,1178228,1178233,1178684,1181028,1181136,1184917,1184919,1185200,1185588,1186011,1186104,1186123,1186137,1186153,1186378,1186712,1186763,1186949,1187381,1189240,1189386,1190388-1190389,1190474,1198622,1201576,1203091,1224801,1233426,1243034,1243038,1244567,1298140,1298628-1298629,1304468,1311997,1331766,1333161,1333173,1342498,1342503,1348425,1348461-1348495,1348989,1350294,1351056,1351636-1351640,1352011,1354685,1354847,1354856,1356125,1359981,1371283,1409007,1413552,1413556,1413562,1417282,1430079,1430481,1430567,1435606,1435636,1435642,1438411,1439054,1441348,1446640,1446650,1447012,1453105,145311
2,1456666-1456678,1456713,1456721,1457968,1460342,1460533,1484862,1486875,1492570,1494143,1500062,1503851,1505843,1513148-1513149,1526469,1533312,1536520,1539157,1539173,1540374,1552804,1555163,1558811,1561054-1561065,1561067-1561070,1561072-1561075,1561083,1561190-1561192,1561635,1561640,1561732,1562742,1562746,1564309,1564312,1568921,1574004,1577315,1577324,1577463,1578812-1578813,1586658,1586894,1586959,1588193,1588197,1589737-1589738,1589763,1589837,1589842,1589980,1590018,1590302,1590646,1590648,1590835,1590842,1590911,1593259,1593261,1593335,1593834,1594229,1595171,1595289,1597532,1600955,1600963,1600978,1600984,1601329-1601330,1601332,1601855,1608963,1609061,1609593,1617362,1617365,1617383,1617456,1623392,1624247,1626579,1627033,1628978,1631155,1631520,1632584,1634117,1634130,1637684,1637695,1640655-1640658,1641656,1641660,1641692,1641707-1641718,1641721-1641722,1642564,1642606,1643045,1643054,1643570,1644017,1648815,1656299,1658799,1658802,1659521,1663995,1664174,1665085,166
6966,1666985,1668630,1669800,1676552,1681837-1681838,1681854,1685826,1687242,1689918,1693105,1694290,1694872,1696378,1701940,1710346,1712617,1712654,1713871,1713997,1714002,1715188,1715206,1716213-1716214,1716413,1716640,1716856,1716858,1716881-1716882,1716886,1716894,1720234,1720394,1720439,1720462,1721812,1721881,1722532,1722799,1722807,1722824,1722828-1722829,1722831,1722859,1723127,1723707,1723736,1724427,1724433,1724673,1724788,1724863,1725113,1725183,1725199,1725202,1725204,1725207,1725263-1725264,1725266,1725278,1725282,1725405,1725646,1725649-1725652,1725696-1725697,1725914,1725926,1726177,1726202,1726628,1726676,1726926,1727162,1727670,1727899,1728448,1729361,1731008,1731953,1731976,1732359,1733940,1734113,1734128,1734192,1737119,1737715,1737834,1737959,1738039,1738043,1739775,1741173,1741181,1741190,1741208,1741213,1741225,1741232,1742090,1742276,1743115,1743117,1743554,1744058,1744125,1744229,1744323,1744684,1745227,1745337,1746939,1748629,1750015,1750975,1751061,1754111,
1754140-1754141
+/tomcat/tc8.5.x/trunk:1737199,1737966,1738044,1741174,1741182,1741191,1741209,1741226,1741233,1742277,1743118,1743139-1743140,1744059,1744127,1744151,1744232,1744377,1744687,1745228,1746940,1749375,1750016,1750976,1751062,1754112,1754144,1754726
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,656018,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770
809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,890139,890265
,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907727,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,943112,944409,944416,945231,945808,945835,945841,946686,94
8057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004393,1004409,1004415,1004868-1004869,1004912,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1033897,1037715,1037794,1037887,1037924,1038041,1041892,1042022,1042029,1042447,1042452,1042494,1043983,1044944,1044987,1049264,1050249,1055055,1055236,1055458,1055975,1056264,1056828,1056889,1059881,1060486,1061412,1061442,1061446,1061503,1062398,1064652,1066244,1066772,1067039,1067139,1069824,1070139,1070420,1070609,1072042,1073184,1073393,1075458,1076212,1078409,1078412,1079801,1081118,1081334,1088179,1088460,1090022,1
094069,1094089,1095138,1097899,1099575,1099586,1099772,1099789,1100145,1100822,1101094,1101144,1124680,1130774,1133014,1137862,1137996,1138950,1138953,1139280,1140693,1141104,1141441,1142043,1142904,1143134,1143150,1145137,1148216,1148471,1152601,1156171,1156519,1164567,1167394,1172233-1172234,1172236,1173614,1174353,1174882,1174884,1175158,1175190,1176799,1177125,1177245,1177850,1177862,1178228,1178233,1178684,1181028,1181136,1184917,1184919,1185200,1185588,1186011,1186104,1186123,1186137,1186153,1186378,1186712,1186763,1186949,1187381,1189240,1189386,1190388-1190389,1190474,1198622,1201576,1203091,1224801,1233426,1243034,1243038,1244567,1298140,1298628-1298629,1304468,1311997,1331766,1333161,1333173,1342498,1342503,1348425,1348461-1348495,1348989,1350294,1351056,1351636-1351640,1352011,1354685,1354847,1354856,1356125,1359981,1371283,1409007,1413552,1413556,1413562,1417282,1430079,1430481,1430567,1435606,1435636,1435642,1438411,1439054,1441348,1446640,1446650,1447012,1453105,145311
2,1456666-1456678,1456713,1456721,1457968,1460342,1460533,1484862,1486875,1492570,1494143,1500062,1503851,1505843,1513148-1513149,1526469,1533312,1536520,1539157,1539173,1540374,1552804,1555163,1558811,1561054-1561065,1561067-1561070,1561072-1561075,1561083,1561190-1561192,1561635,1561640,1561732,1562742,1562746,1564309,1564312,1568921,1574004,1577315,1577324,1577463,1578812-1578813,1586658,1586894,1586959,1588193,1588197,1589737-1589738,1589763,1589837,1589842,1589980,1590018,1590302,1590646,1590648,1590835,1590842,1590911,1593259,1593261,1593335,1593834,1594229,1595171,1595289,1597532,1600955,1600963,1600978,1600984,1601329-1601330,1601332,1601855,1608963,1609061,1609593,1617362,1617365,1617383,1617456,1623392,1624247,1626579,1627033,1628978,1631155,1631520,1632584,1634117,1634130,1637684,1637695,1640655-1640658,1641656,1641660,1641692,1641707-1641718,1641721-1641722,1642564,1642606,1643045,1643054,1643570,1644017,1648815,1656299,1658799,1658802,1659521,1663995,1664174,1665085,166
6966,1666985,1668630,1669800,1676552,1681837-1681838,1681854,1685826,1687242,1689918,1693105,1694290,1694872,1696378,1701940,1710346,1712617,1712654,1713871,1713997,1714002,1715188,1715206,1716213-1716214,1716413,1716640,1716856,1716858,1716881-1716882,1716886,1716894,1720234,1720394,1720439,1720462,1721812,1721881,1722532,1722799,1722807,1722824,1722828-1722829,1722831,1722859,1723127,1723707,1723736,1724427,1724433,1724673,1724788,1724863,1725113,1725183,1725199,1725202,1725204,1725207,1725263-1725264,1725266,1725278,1725282,1725405,1725646,1725649-1725652,1725696-1725697,1725914,1725926,1726177,1726202,1726628,1726676,1726926,1727162,1727670,1727899,1728448,1729361,1731008,1731953,1731976,1732359,1733940,1734113,1734128,1734192,1737119,1737715,1737834,1737959,1738039,1738043,1739775,1741173,1741181,1741190,1741208,1741213,1741225,1741232,1742090,1742276,1743115,1743117,1743554,1744058,1744125,1744229,1744323,1744684,1745227,1745337,1746939,1748629,1750015,1750975,1751061,1754111,
1754140-1754141,1754445
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java?rev=1754733&r1=1754732&r2=1754733&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
Mon Aug 1 10:57:28 2016
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -76,26 +76,27 @@ import org.apache.naming.resources.Resou
import org.apache.naming.resources.ResourceAttributes;
import org.apache.tomcat.util.IntrospectionUtils;
import org.apache.tomcat.util.compat.JreCompat;
+import org.apache.tomcat.util.security.PermissionCheck;
/**
* Specialized web application class loader.
* <p>
- * This class loader is a full reimplementation of the
+ * This class loader is a full reimplementation of the
* <code>URLClassLoader</code> from the JDK. It is designed to be fully
* compatible with a normal <code>URLClassLoader</code>, although its internal
* behavior may be completely different.
* <p>
- * <strong>IMPLEMENTATION NOTE</strong> - This class loader faithfully follows
- * the delegation model recommended in the specification. The system class
- * loader will be queried first, then the local repositories, and only then
- * delegation to the parent class loader will occur. This allows the web
+ * <strong>IMPLEMENTATION NOTE</strong> - This class loader faithfully follows
+ * the delegation model recommended in the specification. The system class
+ * loader will be queried first, then the local repositories, and only then
+ * delegation to the parent class loader will occur. This allows the web
* application to override any shared class except the classes from J2SE.
* Special handling is provided from the JAXP XML parser interfaces, the JNDI
- * interfaces, and the classes from the servlet API, which are never loaded
+ * interfaces, and the classes from the servlet API, which are never loaded
* from the webapp repository.
* <p>
- * <strong>IMPLEMENTATION NOTE</strong> - Due to limitations in Jasper
- * compilation technology, any repository which contains classes from
+ * <strong>IMPLEMENTATION NOTE</strong> - Due to limitations in Jasper
+ * compilation technology, any repository which contains classes from
* the servlet API will be ignored by the class loader.
* <p>
* <strong>IMPLEMENTATION NOTE</strong> - The class loader generates source
@@ -114,10 +115,8 @@ import org.apache.tomcat.util.compat.Jre
* @author Craig R. McClanahan
*
*/
-public class WebappClassLoader
- extends URLClassLoader
- implements Reloader, Lifecycle
- {
+public class WebappClassLoader extends URLClassLoader
+ implements Reloader, Lifecycle, PermissionCheck {
protected static org.apache.juli.logging.Log log=
org.apache.juli.logging.LogFactory.getLog( WebappClassLoader.class );
@@ -129,7 +128,7 @@ public class WebappClassLoader
private static final List<String> JVM_THREAD_GROUP_NAMES =
new ArrayList<String>();
- public static final boolean ENABLE_CLEAR_REFERENCES =
+ public static final boolean ENABLE_CLEAR_REFERENCES =
Boolean.valueOf(System.getProperty("org.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES",
"true")).booleanValue();
/**
@@ -153,7 +152,7 @@ public class WebappClassLoader
}
private static final String JVN_THREAD_GROUP_SYSTEM = "system";
-
+
static {
JVM_THREAD_GROUP_NAMES.add(JVN_THREAD_GROUP_SYSTEM);
JVM_THREAD_GROUP_NAMES.add("RMI Runtime");
@@ -176,7 +175,7 @@ public class WebappClassLoader
}
-
+
protected final class PrivilegedGetClassLoader
implements PrivilegedAction<ClassLoader> {
@@ -186,12 +185,12 @@ public class WebappClassLoader
this.clazz = clazz;
}
- public ClassLoader run() {
+ public ClassLoader run() {
return clazz.getClassLoader();
- }
+ }
}
-
+
// ------------------------------------------------------- Static Variables
@@ -224,13 +223,13 @@ public class WebappClassLoader
protected static final StringManager sm =
StringManager.getManager(Constants.Package);
-
+
/**
* Use anti JAR locking code, which does URL rerouting when accessing
* resources.
*/
- boolean antiJARLocking = false;
-
+ boolean antiJARLocking = false;
+
// ----------------------------------------------------------- Constructors
@@ -262,9 +261,9 @@ public class WebappClassLoader
public WebappClassLoader(ClassLoader parent) {
super(new URL[0], parent);
-
+
this.parent = getParent();
-
+
system = getSystemClassLoader();
securityManager = System.getSecurityManager();
@@ -482,7 +481,7 @@ public class WebappClassLoader
* objects is not performed in a thread-safe manner.
*/
private boolean clearReferencesThreadLocals = false;
-
+
/**
* Should Tomcat call {@link org.apache.juli.logging.LogFactory#release()}
* when the class loader is stopped? If not specified, the default value
@@ -500,7 +499,7 @@ public class WebappClassLoader
* expire however, on a busy system that might not happen for some time.
*/
private boolean clearReferencesHttpClientKeepAliveThread = true;
-
+
/**
* Name of associated context used with logging and JMX to associate with
* the right web application. Particularly useful for the clear references
@@ -574,8 +573,8 @@ public class WebappClassLoader
public boolean getAntiJARLocking() {
return antiJARLocking;
}
-
-
+
+
/**
* @param antiJARLocking The antiJARLocking to set.
*/
@@ -692,7 +691,7 @@ public class WebappClassLoader
this.loaderDir = new File(workDir, "loader");
if (loaderDir == null) {
canonicalLoaderDir = null;
- } else {
+ } else {
try {
canonicalLoaderDir = loaderDir.getCanonicalPath();
if (!canonicalLoaderDir.endsWith(File.separator)) {
@@ -719,7 +718,7 @@ public class WebappClassLoader
return (this.clearReferencesStopThreads);
}
-
+
/**
* Set the clearReferencesStopThreads feature for this Context.
*
@@ -810,7 +809,7 @@ public class WebappClassLoader
clearReferencesHttpClientKeepAliveThread;
}
-
+
// ------------------------------------------------------- Reloader Methods
@@ -840,7 +839,7 @@ public class WebappClassLoader
repositoryURLs = null;
} catch (MalformedURLException e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Invalid repository: " + repository);
+ ("Invalid repository: " + repository);
iae.initCause(e);
throw iae;
}
@@ -971,7 +970,7 @@ public class WebappClassLoader
/**
* Return a String array of the current repositories for this class
* loader. If there are no repositories, a zero-length array is
- * returned.For security reason, returns a clone of the Array (since
+ * returned.For security reason, returns a clone of the Array (since
* String are immutable).
*/
public String[] findRepositories() {
@@ -1006,7 +1005,7 @@ public class WebappClassLoader
((ResourceAttributes) resources.getAttributes(paths[i]))
.getLastModified();
if (lastModified != lastModifiedDates[i]) {
- if( log.isDebugEnabled() )
+ if( log.isDebugEnabled() )
log.debug(" Resource '" + paths[i]
+ "' was modified; Date is now: "
+ new java.util.Date(lastModified) + " Was: "
@@ -1035,7 +1034,7 @@ public class WebappClassLoader
continue;
if (!name.equals(jarNames[i])) {
// Missing JAR
- log.info(" Additional JARs have been added : '"
+ log.info(" Additional JARs have been added : '"
+ name + "'");
return (true);
}
@@ -1043,7 +1042,7 @@ public class WebappClassLoader
}
if (enumeration.hasMoreElements()) {
while (enumeration.hasMoreElements()) {
- NameClassPair ncPair =
+ NameClassPair ncPair =
(NameClassPair) enumeration.nextElement();
String name = ncPair.getName();
// Additional non-JAR files are allowed
@@ -1217,7 +1216,7 @@ public class WebappClassLoader
// Return the class we have located
if (log.isTraceEnabled())
log.debug(" Returning class " + clazz);
-
+
if ((log.isTraceEnabled()) && (clazz != null)) {
ClassLoader cl;
if (Globals.IS_SECURITY_ENABLED){
@@ -1407,13 +1406,13 @@ public class WebappClassLoader
// (2) Search local repositories
url = findResource(name);
if (url != null) {
- // Locating the repository for special handling in the case
+ // Locating the repository for special handling in the case
// of a JAR
if (antiJARLocking) {
ResourceEntry entry = (ResourceEntry)
resourceEntries.get(name);
try {
String repository = entry.codeBase.toString();
- if ((repository.endsWith(".jar"))
+ if ((repository.endsWith(".jar"))
&& (!(name.endsWith(".class")))) {
// Copy binary content to the work directory if not
present
File resourceFile = new File(loaderDir, name);
@@ -1731,6 +1730,26 @@ public class WebappClassLoader
}
+ public boolean check(Permission permission) {
+ if (!Globals.IS_SECURITY_ENABLED) {
+ return true;
+ }
+ Policy currentPolicy = Policy.getPolicy();
+ if (currentPolicy != null) {
+ ResourceEntry entry = findResourceInternal("/", "/");
+ if (entry != null) {
+ CodeSource cs = new CodeSource(
+ entry.codeBase, (java.security.cert.Certificate[])
null);
+ PermissionCollection pc = currentPolicy.getPermissions(cs);
+ if (pc.implies(permission)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+
/**
* Returns the search path of URLs for loading classes and resources.
* This includes the original list of URLs specified to the constructor,
@@ -1798,7 +1817,7 @@ public class WebappClassLoader
/**
- * Get the lifecycle listeners associated with this lifecycle. If this
+ * Get the lifecycle listeners associated with this lifecycle. If this
* Lifecycle has no listeners registered, a zero-length array is returned.
*/
public LifecycleListener[] findLifecycleListeners() {
@@ -1850,9 +1869,9 @@ public class WebappClassLoader
// Clearing references should be done before setting started to
// false, due to possible side effects
clearReferences();
-
+
started = false;
-
+
int length = files.length;
for (int i = 0; i < length; i++) {
files[i] = null;
@@ -1896,13 +1915,13 @@ public class WebappClassLoader
/**
- * Used to periodically signal to the classloader to release
+ * Used to periodically signal to the classloader to release
* JAR resources.
*/
public void closeJARs(boolean force) {
if (jarFiles.length > 0) {
synchronized (jarFiles) {
- if (force || (System.currentTimeMillis()
+ if (force || (System.currentTimeMillis()
> (lastJarAccessed + 90000))) {
for (int i = 0; i < jarFiles.length; i++) {
try {
@@ -1924,7 +1943,7 @@ public class WebappClassLoader
// ------------------------------------------------------ Protected Methods
-
+
/**
* Clear references.
*/
@@ -1935,10 +1954,10 @@ public class WebappClassLoader
// Stop any threads the web application started
clearReferencesThreads();
-
+
// Clear any ThreadLocals loaded by this class loader
clearReferencesThreadLocals();
-
+
// Clear RMI Targets loaded by this class loader
if (clearReferencesRmiTargets) {
clearReferencesRmiTargets();
@@ -1949,15 +1968,15 @@ public class WebappClassLoader
if (ENABLE_CLEAR_REFERENCES) {
clearReferencesStaticFinal();
}
-
+
// Clear the IntrospectionUtils cache.
IntrospectionUtils.clear();
-
+
// Clear the classloader reference in common-logging
if (clearReferencesLogFactoryRelease) {
org.apache.juli.logging.LogFactory.release(this);
}
-
+
// Clear the resource bundle cache
// This shouldn't be necessary, the cache uses weak references but
// it has caused leaks. Oddly, using the leak detection code in
@@ -1978,7 +1997,7 @@ public class WebappClassLoader
* if it checked the context class loader) b) using reflection would
* create a dependency on the DriverManager implementation which can,
* and has, changed.
- *
+ *
* We can't just create an instance of JdbcLeakPrevention as it will be
* loaded by the common class loader (since it's .class file is in the
* $CATALINA_HOME/lib directory). This would fail DriverManager's check
@@ -1986,7 +2005,7 @@ public class WebappClassLoader
* our parent class loader but define the class with this class loader
* so the JdbcLeakPrevention looks like a webapp class to the
* DriverManager.
- *
+ *
* If only apps cleaned up after themselves...
*/
private final void clearReferencesJdbc() {
@@ -2038,7 +2057,7 @@ public class WebappClassLoader
private final void clearReferencesStaticFinal() {
-
+
@SuppressWarnings("unchecked")
Collection<ResourceEntry> values =
((HashMap<String,ResourceEntry>) resourceEntries.clone()).values();
@@ -2074,7 +2093,7 @@ public class WebappClassLoader
for (int i = 0; i < fields.length; i++) {
Field field = fields[i];
int mods = field.getModifiers();
- if (field.getType().isPrimitive()
+ if (field.getType().isPrimitive()
|| (field.getName().indexOf("$") != -1)) {
continue;
}
@@ -2089,13 +2108,13 @@ public class WebappClassLoader
} else {
field.set(null, null);
if (log.isDebugEnabled()) {
- log.debug("Set field " +
field.getName()
+ log.debug("Set field " +
field.getName()
+ " to null in class " +
clazz.getName());
}
}
} catch (Throwable t) {
if (log.isDebugEnabled()) {
- log.debug("Could not set field " +
field.getName()
+ log.debug("Could not set field " +
field.getName()
+ " to null in class " +
clazz.getName(), t);
}
}
@@ -2108,7 +2127,7 @@ public class WebappClassLoader
}
}
}
-
+
}
@@ -2120,7 +2139,7 @@ public class WebappClassLoader
for (int i = 0; i < fields.length; i++) {
Field field = fields[i];
int mods = field.getModifiers();
- if (field.getType().isPrimitive()
+ if (field.getType().isPrimitive()
|| (field.getName().indexOf("$") != -1)) {
continue;
}
@@ -2136,24 +2155,24 @@ public class WebappClassLoader
if (!loadedByThisOrChild(valueClass)) {
if (log.isDebugEnabled()) {
log.debug("Not setting field " + field.getName() +
- " to null in object of class " +
+ " to null in object of class " +
instance.getClass().getName() +
" because the referenced object was of
type " +
- valueClass.getName() +
+ valueClass.getName() +
" which was not loaded by this
WebappClassLoader.");
}
} else {
field.set(instance, null);
if (log.isDebugEnabled()) {
- log.debug("Set field " + field.getName()
+ log.debug("Set field " + field.getName()
+ " to null in class " +
instance.getClass().getName());
}
}
}
} catch (Throwable t) {
if (log.isDebugEnabled()) {
- log.debug("Could not set field " + field.getName()
- + " to null in object instance of class "
+ log.debug("Could not set field " + field.getName()
+ + " to null in object instance of class "
+ instance.getClass().getName(), t);
}
}
@@ -2164,7 +2183,7 @@ public class WebappClassLoader
@SuppressWarnings("deprecation")
private void clearReferencesThreads() {
Thread[] threads = getThreads();
-
+
// Iterate over the set of threads
for (Thread thread : threads) {
if (thread != null) {
@@ -2174,7 +2193,7 @@ public class WebappClassLoader
if (thread == Thread.currentThread()) {
continue;
}
-
+
// JVM controlled threads
ThreadGroup tg = thread.getThreadGroup();
if (tg != null &&
@@ -2187,11 +2206,11 @@ public class WebappClassLoader
log.debug(sm.getString(
"webappClassLoader.checkThreadsHttpClient"));
}
-
+
// Don't warn about remaining JVM controlled threads
continue;
}
-
+
// Skip threads that have already died
if (!thread.isAlive()) {
continue;
@@ -2213,13 +2232,13 @@ public class WebappClassLoader
log.error(sm.getString("webappClassLoader.warnThread",
contextName, thread.getName()));
}
-
+
// Don't try an stop the threads unless explicitly
// configured to do so
if (!clearReferencesStopThreads) {
continue;
}
-
+
// If the thread has been started via an executor, try
// shutting down the executor
try {
@@ -2283,21 +2302,21 @@ public class WebappClassLoader
}
}
-
+
/*
* Look at a threads stack trace to see if it is a request thread or not.
It
* isn't perfect, but it should be good-enough for most cases.
*/
private boolean isRequestThread(Thread thread) {
-
+
StackTraceElement[] elements = thread.getStackTrace();
-
+
if (elements == null || elements.length == 0) {
// Must have stopped already. Too late to ignore it. Assume not a
// request processing thread.
return false;
}
-
+
// Step through the methods in reverse order looking for calls to any
// CoyoteAdapter method. All request threads will have this unless
// Tomcat has been heavily modified - in which case there isn't much we
@@ -2311,8 +2330,8 @@ public class WebappClassLoader
}
return false;
}
-
-
+
+
private void clearReferencesStopTimerThread(Thread thread) {
// Need to get references to:
@@ -2431,7 +2450,7 @@ public class WebappClassLoader
} catch (InvocationTargetException e) {
log.warn(sm.getString("webappClassLoader.clearThreadLocalFail",
contextName), e);
- }
+ }
}
@@ -2597,13 +2616,13 @@ public class WebappClassLoader
* Get the set of current threads as an array.
*/
private Thread[] getThreads() {
- // Get the current thread group
+ // Get the current thread group
ThreadGroup tg = Thread.currentThread( ).getThreadGroup( );
// Find the root thread group
while (tg.getParent() != null) {
tg = tg.getParent();
}
-
+
int threadCountGuess = tg.activeCount() + 50;
Thread[] threads = new Thread[threadCountGuess];
int threadCountActual = tg.enumerate(threads);
@@ -2612,10 +2631,10 @@ public class WebappClassLoader
threadCountGuess *=2;
threads = new Thread[threadCountGuess];
// Note tg.enumerate(Thread[]) silently ignores any threads that
- // can't fit into the array
+ // can't fit into the array
threadCountActual = tg.enumerate(threads);
}
-
+
return threads;
}
@@ -2645,7 +2664,7 @@ public class WebappClassLoader
if (objTable == null) {
return;
}
-
+
// Iterate over the values in the table
if (objTable instanceof Map<?,?>) {
Iterator<?> iter = ((Map<?,?>) objTable).values().iterator();
@@ -2668,7 +2687,7 @@ public class WebappClassLoader
if (implTable == null) {
return;
}
-
+
// Iterate over the values in the table
if (implTable instanceof Map<?,?>) {
Iterator<?> iter = ((Map<?,?>) implTable).values().iterator();
@@ -2708,15 +2727,15 @@ public class WebappClassLoader
}
}
}
-
-
+
+
/**
* Clear the {@link ResourceBundle} cache of any bundles loaded by this
* class loader or any class loader where this loader is a parent class
* loader. Whilst {@link ResourceBundle#clearCache()} could be used there
* are complications around the {@link JasperLoader} that mean a reflection
* based approach is more likely to be complete.
- *
+ *
* The ResourceBundle is using WeakReferences so it shouldn't be pinning
the
* class loader in memory. However, it is. Therefore clear ou the
* references.
@@ -2732,20 +2751,20 @@ public class WebappClassLoader
// Java 5 uses SoftCache extends Abstract Map
// So use Map and it *should* work with both
Map<?,?> cacheList = (Map<?,?>) cacheListField.get(null);
-
+
// Get the keys (loader references are in the key)
Set<?> keys = cacheList.keySet();
-
+
Field loaderRefField = null;
-
+
// Iterate over the keys looking at the loader instances
Iterator<?> keysIter = keys.iterator();
-
+
int countRemoved = 0;
-
+
while (keysIter.hasNext()) {
Object key = keysIter.next();
-
+
if (loaderRefField == null) {
loaderRefField =
key.getClass().getDeclaredField("loaderRef");
@@ -2753,19 +2772,19 @@ public class WebappClassLoader
}
WeakReference<?> loaderRef =
(WeakReference<?>) loaderRefField.get(key);
-
+
ClassLoader loader = (ClassLoader) loaderRef.get();
-
+
while (loader != null && loader != this) {
loader = loader.getParent();
}
-
+
if (loader != null) {
keysIter.remove();
countRemoved++;
}
}
-
+
if (countRemoved > 0 && log.isDebugEnabled()) {
log.debug(sm.getString(
"webappClassLoader.clearReferencesResourceBundlesCount",
@@ -2812,7 +2831,7 @@ public class WebappClassLoader
}
}
return result;
- }
+ }
/**
@@ -2882,9 +2901,9 @@ public class WebappClassLoader
int pos = name.lastIndexOf('.');
if (pos != -1)
packageName = name.substring(0, pos);
-
+
Package pkg = null;
-
+
if (packageName != null) {
pkg = getPackage(packageName);
// Define the package (if null)
@@ -2903,7 +2922,7 @@ public class WebappClassLoader
pkg = getPackage(packageName);
}
}
-
+
if (securityManager != null) {
// Checking sealing
@@ -2920,12 +2939,12 @@ public class WebappClassLoader
("Sealing violation loading " + name + " : Package
"
+ packageName + " is sealed.");
}
-
+
}
try {
clazz = defineClass(name, entry.binaryContent, 0,
- entry.binaryContent.length,
+ entry.binaryContent.length,
new CodeSource(entry.codeBase, entry.certificates));
} catch (UnsupportedClassVersionError ucve) {
throw new UnsupportedClassVersionError(
@@ -2940,7 +2959,7 @@ public class WebappClassLoader
entry.manifest = null;
entry.certificates = null;
}
-
+
return clazz;
}
@@ -2957,10 +2976,10 @@ public class WebappClassLoader
entry.codeBase = getURL(new File(file, path), false);
} catch (MalformedURLException e) {
return null;
- }
+ }
return entry;
}
-
+
/**
* Find specified resource in local repositories.
@@ -3033,7 +3052,7 @@ public class WebappClassLoader
int j;
- long[] result2 =
+ long[] result2 =
new long[lastModifiedDates.length + 1];
for (j = 0; j < lastModifiedDates.length; j++) {
result2[j] = lastModifiedDates[j];
@@ -3068,11 +3087,11 @@ public class WebappClassLoader
return null;
}
for (i = 0; (entry == null) && (i < jarFilesLength); i++) {
-
+
jarEntry = jarFiles[i].getJarEntry(path);
-
+
if (jarEntry != null) {
-
+
entry = new ResourceEntry();
try {
entry.codeBase = getURL(jarRealFiles[i], false);
@@ -3090,7 +3109,7 @@ public class WebappClassLoader
} catch (IOException e) {
return null;
}
-
+
// Extract resources contained in JAR to the workdir
if (antiJARLocking && !(path.endsWith(".class"))) {
byte[] buf = new byte[1024];
@@ -3101,7 +3120,7 @@ public class WebappClassLoader
jarFiles[i].entries();
while (entries.hasMoreElements()) {
JarEntry jarEntry2 =
entries.nextElement();
- if (!(jarEntry2.isDirectory())
+ if (!(jarEntry2.isDirectory())
&& (!jarEntry2.getName().endsWith
(".class"))) {
resourceFile = new File
@@ -3117,7 +3136,7 @@ public class WebappClassLoader
throw new IllegalArgumentException(
sm.getString("webappClassLoader.validationErrorJarPath",
jarEntry2.getName()), ioe);
- }
+ }
resourceFile.getParentFile().mkdirs();
FileOutputStream os = null;
InputStream is = null;
@@ -3153,25 +3172,25 @@ public class WebappClassLoader
}
}
}
-
+
}
-
+
}
-
+
if (entry == null) {
synchronized (notFoundResources) {
notFoundResources.put(name, name);
}
return null;
}
-
+
if (binaryStream != null) {
-
+
byte[] binaryContent = new byte[contentLength];
-
+
int pos = 0;
try {
-
+
while (true) {
int n = binaryStream.read(binaryContent, pos,
binaryContent.length -
pos);
@@ -3196,13 +3215,13 @@ public class WebappClassLoader
}
}
entry.binaryContent = binaryContent;
-
- // The certificates are only available after the JarEntry
+
+ // The certificates are only available after the JarEntry
// associated input stream has been fully read
if (jarEntry != null) {
entry.certificates = jarEntry.getCertificates();
}
-
+
}
} finally {
if (binaryStream != null) {
@@ -3238,7 +3257,7 @@ public class WebappClassLoader
protected boolean isPackageSealed(String name, Manifest man) {
String path = name.replace('.', '/') + '/';
- Attributes attr = man.getAttributes(path);
+ Attributes attr = man.getAttributes(path);
String sealed = null;
if (attr != null) {
sealed = attr.getValue(Name.SEALED);
@@ -3297,8 +3316,8 @@ public class WebappClassLoader
protected void refreshPolicy() {
try {
- // The policy file may have been modified to adjust
- // permissions, so we're reloading it when loading or
+ // The policy file may have been modified to adjust
+ // permissions, so we're reloading it when loading or
// reloading a Context
Policy policy = Policy.getPolicy();
policy.refresh();
@@ -3312,7 +3331,7 @@ public class WebappClassLoader
/**
* Filter classes.
- *
+ *
* @param name class name
* @return true if the class should be filtered
*/
@@ -3340,12 +3359,12 @@ public class WebappClassLoader
/**
- * Validate a classname. As per SRV.9.7.2, we must restict loading of
- * classes from J2SE (java.*) and classes of the servlet API
+ * Validate a classname. As per SRV.9.7.2, we must restict loading of
+ * classes from J2SE (java.*) and classes of the servlet API
* (javax.servlet.*). That should enhance robustness and prevent a number
* of user error (where an older version of servlet.jar would be present
* in /WEB-INF/lib).
- *
+ *
* @param name class name
* @return true if the name is valid
*/
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/digester/Digester.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/digester/Digester.java?rev=1754733&r1=1754732&r2=1754733&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/digester/Digester.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/digester/Digester.java Mon
Aug 1 10:57:28 2016
@@ -26,12 +26,14 @@ import java.io.Reader;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.Permission;
import java.util.EmptyStackException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
+import java.util.PropertyPermission;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
@@ -40,6 +42,7 @@ import javax.xml.parsers.SAXParserFactor
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.IntrospectionUtils;
+import org.apache.tomcat.util.security.PermissionCheck;
import org.xml.sax.Attributes;
import org.xml.sax.EntityResolver;
import org.xml.sax.ErrorHandler;
@@ -80,6 +83,13 @@ public class Digester extends DefaultHan
private static class SystemPropertySource
implements IntrospectionUtils.PropertySource {
public String getProperty( String key ) {
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ if (cl instanceof PermissionCheck) {
+ Permission p = new PropertyPermission(key, "read");
+ if (!((PermissionCheck) cl).check(p)) {
+ return null;
+ }
+ }
return System.getProperty(key);
}
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1754733&r1=1754732&r2=1754733&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Aug 1 10:57:28 2016
@@ -109,6 +109,14 @@
<code>dispatchersUseEncodedPaths</code> attribute of the Context.
(markt)
</fix>
+ <add>
+ Provide a mechanism that enables the container to check if a component
+ (typically a web application) has been granted a given permission when
+ running under a SecurityManager without the current execution stack
+ having to have passed through the component. Use this new mechanism to
+ extend SecurityManager protection to the system property replacement
+ feature of the digester. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
