Author: markt
Date: Thu Apr 6 20:32:40 2017
New Revision: 1790456
URL: http://svn.apache.org/viewvc?rev=1790456&view=rev
Log:
Remove unnecessary privileged block from forward.
I can't see anything in doForward that would trigger a security check.
Modified:
tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=1790456&r1=1790455&r2=1790456&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Thu Apr 6
20:32:40 2017
@@ -608,41 +608,14 @@ public class PageContextImpl extends Pag
}
@Override
- public void forward(final String relativeUrlPath) throws ServletException,
- IOException {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- AccessController.doPrivileged(
- new PrivilegedExceptionAction<Void>() {
- @Override
- public Void run() throws Exception {
- doForward(relativeUrlPath);
- return null;
- }
- });
- } catch (PrivilegedActionException e) {
- Exception ex = e.getException();
- if (ex instanceof IOException) {
- throw (IOException) ex;
- } else {
- throw (ServletException) ex;
- }
- }
- } else {
- doForward(relativeUrlPath);
- }
- }
-
- private void doForward(String relativeUrlPath) throws ServletException,
- IOException {
-
+ public void forward(final String relativeUrlPath) throws ServletException,
IOException {
// JSP.4.5 If the buffer was flushed, throw IllegalStateException
try {
out.clear();
baseOut.clear();
} catch (IOException ex) {
- IllegalStateException ise = new IllegalStateException(Localizer
- .getMessage("jsp.error.attempt_to_clear_flushed_buffer"));
+ IllegalStateException ise = new
IllegalStateException(Localizer.getMessage(
+ "jsp.error.attempt_to_clear_flushed_buffer"));
ise.initCause(ex);
throw ise;
}
@@ -653,17 +626,16 @@ public class PageContextImpl extends Pag
}
final String path = getAbsolutePathRelativeToContext(relativeUrlPath);
- String includeUri = (String) request.getAttribute(
- RequestDispatcher.INCLUDE_SERVLET_PATH);
+ String includeUri = (String)
request.getAttribute(RequestDispatcher.INCLUDE_SERVLET_PATH);
if (includeUri != null)
request.removeAttribute(RequestDispatcher.INCLUDE_SERVLET_PATH);
try {
context.getRequestDispatcher(path).forward(request, response);
} finally {
- if (includeUri != null)
- request.setAttribute(RequestDispatcher.INCLUDE_SERVLET_PATH,
- includeUri);
+ if (includeUri != null) {
+ request.setAttribute(RequestDispatcher.INCLUDE_SERVLET_PATH,
includeUri);
+ }
}
}
Modified: tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1790456&r1=1790455&r2=1790456&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java Thu Apr
6 20:32:40 2017
@@ -58,7 +58,6 @@ public final class SecurityClassLoad {
loader.loadClass( basePackage + "runtime.PageContextImpl$5");
loader.loadClass( basePackage + "runtime.PageContextImpl$6");
loader.loadClass( basePackage + "runtime.PageContextImpl$7");
- loader.loadClass( basePackage + "runtime.PageContextImpl$8");
loader.loadClass( basePackage + "runtime.JspContextWrapper");
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
