Author: markt
Date: Wed May 9 15:11:41 2018
New Revision: 1831256
URL: http://svn.apache.org/viewvc?rev=1831256&view=rev
Log:
Ensure that JNDI names used for <lookup-name> entries in web.xml and for lookup
elements of @Resource annotations specify a name with an explicit java:
namespace.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties?rev=1831256&r1=1831255&r2=1831256&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties
Wed May 9 15:11:41 2018
@@ -15,6 +15,7 @@
filterDef.invalidFilterName=Invalid <filter-name> [{0}] in filter definition.
+resourceBase.lookupNotJava=Lookup-name values must explicitly reference the
java: namespace but [{0}] does not
securityConstraint.uncoveredHttpMethod=For security constraints with URL
pattern [{0}] only the HTTP methods [{1}] are covered. All other methods are
uncovered.
securityConstraint.uncoveredHttpMethodFix=Adding security constraints with URL
pattern [{0}] to deny access with the uncovered HTTP methods that are not one
of the following [{1}]
securityConstraint.uncoveredHttpOmittedMethod=For security constraints with
URL pattern [{0}] the HTTP methods [{1}] are uncovered.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java?rev=1831256&r1=1831255&r2=1831256&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java
Wed May 9 15:11:41 2018
@@ -23,6 +23,8 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import org.apache.tomcat.util.res.StringManager;
+
/**
* Representation of an Context element
@@ -33,9 +35,11 @@ public class ResourceBase implements Ser
private static final long serialVersionUID = 1L;
- // ------------------------------------------------------------- Properties
+ private static final StringManager sm =
StringManager.getManager(ResourceBase.class);
+ // ------------------------------------------------------------- Properties
+
/**
* The description of this resource.
*/
@@ -87,6 +91,15 @@ public class ResourceBase implements Ser
}
public void setLookupName(String lookupName) {
+ // EE.5.3.3: Must explicitly use java: namespace
+ if (lookupName == null || lookupName.length() == 0) {
+ this.lookupName = null;
+ return;
+ }
+ if (!lookupName.startsWith("java:")) {
+ throw new IllegalArgumentException(
+ sm.getString("resourceBase.lookupNotJava", lookupName));
+ }
this.lookupName = lookupName;
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1831256&r1=1831255&r2=1831256&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed May 9 15:11:41 2018
@@ -71,6 +71,12 @@
JNDI resources that are defined with injection targets but no value are
now treated as if the resource is not defined. (markt)
</fix>
+ <fix>
+ Ensure that JNDI names used for <code><lookup-name></code>
entries
+ in web.xml and for <code>lookup</code> elements of
+ <code>@Resource</code> annotations specify a name with an explicit
+ <code>java:</code> namespace. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
