Author: markt
Date: Sat May 5 20:21:21 2018
New Revision: 1831003
URL: http://svn.apache.org/viewvc?rev=1831003&view=rev
Log:
Refactor to remove the need for explicit property permissions for Cookie code
Modified:
tomcat/trunk/conf/catalina.policy
tomcat/trunk/java/javax/servlet/http/Cookie.java
tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
Modified: tomcat/trunk/conf/catalina.policy
URL:
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?rev=1831003&r1=1831002&r2=1831003&view=diff
==============================================================================
--- tomcat/trunk/conf/catalina.policy (original)
+++ tomcat/trunk/conf/catalina.policy Sat May 5 20:21:21 2018
@@ -172,14 +172,6 @@ grant {
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime.*";
- // The cookie code needs these.
- permission java.util.PropertyPermission
- "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read";
- permission java.util.PropertyPermission
- "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read";
- permission java.util.PropertyPermission
- "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read";
-
// Applications using WebSocket need to be able to access these packages
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.websocket";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.websocket.server";
Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1831003&r1=1831002&r2=1831003&view=diff
==============================================================================
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Sat May 5 20:21:21 2018
@@ -17,6 +17,8 @@
package javax.servlet.http;
import java.io.Serializable;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.BitSet;
import java.util.Locale;
@@ -54,19 +56,66 @@ import java.util.ResourceBundle;
public class Cookie implements Cloneable, Serializable {
private static final CookieNameValidator validation;
+
static {
+ boolean strictServletCompliance;
boolean strictNaming;
- String prop =
System.getProperty("org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING");
- if (prop != null) {
- strictNaming = Boolean.parseBoolean(prop);
+ boolean allowSlash;
+ String propStrictNaming;
+ String propFwdSlashIsSeparator;
+
+ if (System.getSecurityManager() == null) {
+ strictServletCompliance = Boolean.getBoolean(
+ "org.apache.catalina.STRICT_SERVLET_COMPLIANCE");
+ propStrictNaming = System.getProperty(
+ "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING");
+ propFwdSlashIsSeparator = System.getProperty(
+
"org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR");
} else {
- strictNaming =
Boolean.getBoolean("org.apache.catalina.STRICT_SERVLET_COMPLIANCE");
+ strictServletCompliance = AccessController.doPrivileged(
+ new PrivilegedAction<Boolean>() {
+ @Override
+ public Boolean run() {
+ return Boolean.valueOf(System.getProperty(
+
"org.apache.catalina.STRICT_SERVLET_COMPLIANCE"));
+ }
+ }
+ ).booleanValue();
+ propStrictNaming = AccessController.doPrivileged(
+ new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return System.getProperty(
+
"org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING");
+ }
+ }
+ );
+ propFwdSlashIsSeparator = AccessController.doPrivileged(
+ new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return System.getProperty(
+
"org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR");
+ }
+ }
+ );
}
- if (strictNaming) {
- validation = new RFC2109Validator();
+ if (propStrictNaming == null) {
+ strictNaming = strictServletCompliance;
+ } else {
+ strictNaming = Boolean.parseBoolean(propStrictNaming);
+ }
+
+ if (propFwdSlashIsSeparator == null) {
+ allowSlash = !strictServletCompliance;
+ } else {
+ allowSlash = !Boolean.parseBoolean(propFwdSlashIsSeparator);
}
- else {
+
+ if (strictNaming) {
+ validation = new RFC2109Validator(allowSlash);
+ } else {
validation = new RFC6265Validator();
}
}
@@ -428,15 +477,8 @@ class RFC6265Validator extends CookieNam
}
class RFC2109Validator extends RFC6265Validator {
- RFC2109Validator() {
+ RFC2109Validator(boolean allowSlash) {
// special treatment to allow for FWD_SLASH_IS_SEPARATOR property
- boolean allowSlash;
- String prop =
System.getProperty("org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR");
- if (prop != null) {
- allowSlash = !Boolean.parseBoolean(prop);
- } else {
- allowSlash =
!Boolean.getBoolean("org.apache.catalina.STRICT_SERVLET_COMPLIANCE");
- }
if (allowSlash) {
allowed.set('/');
}
Modified: tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java?rev=1831003&r1=1831002&r2=1831003&view=diff
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
(original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java Sat
May 5 20:21:21 2018
@@ -22,11 +22,8 @@ import org.junit.Test;
* Basic tests for Cookie in default configuration.
*/
public class TestCookieRFC2109Validator {
- static {
-
System.setProperty("org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR",
"true");
- }
- private RFC2109Validator validator = new RFC2109Validator();
+ private RFC2109Validator validator = new RFC2109Validator(false);
@Test
public void actualCharactersAllowedInName() {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
