This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 68bc8ad Fix Bz 65714 - security manager + TLS + NIO2
68bc8ad is described below
commit 68bc8adbac45e8d28c11c47f6b742788b549a572
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Dec 1 09:27:36 2021 +0000
Fix Bz 65714 - security manager + TLS + NIO2
---
java/org/apache/tomcat/util/net/Constants.java | 2 ++
java/org/apache/tomcat/util/net/SecureNio2Channel.java | 18 ++++++++++++++----
webapps/docs/changelog.xml | 6 ++++++
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Constants.java
b/java/org/apache/tomcat/util/net/Constants.java
index ca5c0e4..9cda5e1 100644
--- a/java/org/apache/tomcat/util/net/Constants.java
+++ b/java/org/apache/tomcat/util/net/Constants.java
@@ -38,4 +38,6 @@ public class Constants {
public static final String SSL_PROTO_SSLv3 = "SSLv3";
public static final String SSL_PROTO_SSLv2 = "SSLv2";
public static final String SSL_PROTO_SSLv2Hello = "SSLv2Hello";
+
+ public static final boolean IS_SECURITY_ENABLED =
(System.getSecurityManager() != null);
}
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index f0e4bb7..66daeb4 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -101,12 +101,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
- endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
false);
+ // When running under a security manager always dispatch so the
+ // processing occurs on a thread with the correct security
+ // context.
+ endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase<Nio2Channel>
attachment) {
- endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+ // When running under a security manager always dispatch so the
+ // processing occurs on a thread with the correct security context.
+ endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
@@ -118,12 +123,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
- endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
false);
+ // When running under a security manager always dispatch so the
+ // processing occurs on a thread with the correct security
+ // context.
+ endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase<Nio2Channel>
attachment) {
- endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+ // When running under a security manager always dispatch so the
+ // processing occurs on a thread with the correct security context.
+ endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0e88b55..8bd4b5c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -167,6 +167,11 @@
<code>RST</code> frame sent to the client is the one associated with
the
error that triggered the reset. (markt)
</fix>
+ <fix>
+ <bug>65714</bug>: Fix exceptions when the security manager is enabled
+ and the first request received after starting is an HTTP request to a
+ TLS enabled NIO2 connector. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
@@ -12105,3 +12110,4 @@
</body>
</document>
+
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
