Am 12.09.19 um 22:40 schrieb [email protected]:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit cae17a52598393680952aa21cee0e27b13a73455
> Author: Mark Thomas <[email protected]>
> AuthorDate: Thu Sep 12 15:31:26 2019 +0100
>
> Additional changes required to enable EnvironmentPropertySource
> ---
> .../org/apache/tomcat/util/IntrospectionUtils.java | 49
> ++++++++++++++++++++--
> java/org/apache/tomcat/util/digester/Digester.java | 33 ++++++++++-----
> webapps/docs/changelog.xml | 4 +-
> 3 files changed, 69 insertions(+), 17 deletions(-)
>
> diff --git a/java/org/apache/tomcat/util/IntrospectionUtils.java
> b/java/org/apache/tomcat/util/IntrospectionUtils.java
> index 3ffa702..f6ac737 100644
> --- a/java/org/apache/tomcat/util/IntrospectionUtils.java
> +++ b/java/org/apache/tomcat/util/IntrospectionUtils.java
> @@ -476,9 +499,27 @@ public final class IntrospectionUtils {
> // This provides a layer of abstraction
>
> public static interface PropertySource {
> -
> public String getProperty(String key);
> -
> }
>
> +
> + public static interface PropertySourceSecure extends PropertySource {
I think a better name would be SecurePropertySource or
ClassloaderAwarePropertySource. The thing that it represents should be
at the end of the name IMHO.
At work I prototyped a similar approach and introduced a
NamespaceAwarePropertySource. It is basically an interface that has a
getNamespace() method that returns a prefix for the keys. I think that
it would be nice if these two approaches. My prototype didn't try to
call a security manager, but with this commit it would be easy to add.
On the other hand it uses a ServiceLoader approach to automatically find
all NamespaceAwarePropertySources. Do you think this would be a good
addition for Tomcat?
Regards
Felix
> +
> + /**
> + * Obtain a property value, checking that code associated with the
> + * provided class loader has permission to access the property. If
> the
> + * {@code classLoader} is {@code null} or if {@code classLoader} does
> + * not implement {@link PermissionCheck} then the property value
> will be
> + * looked up <b>without</b> a call to
> + * {@link PermissionCheck#check(java.security.Permission)}
> + *
> + * @param key The key of the requested property
> + * @param classLoader The class loader associated with the code
> that
> + * trigger the property lookup
> + * @return The property value or {@code null} if it could not be
> found
> + * or if {@link
> PermissionCheck#check(java.security.Permission)}
> + * fails
> + */
> + public String getProperty(String key, ClassLoader classLoader);
> + }
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
