This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 6b95c3b0fa Remove more SecurityManager and related API references
6b95c3b0fa is described below
commit 6b95c3b0fabb1ca290b72ec92ef29f14482a4c8a
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jan 12 14:21:11 2023 +0000
Remove more SecurityManager and related API references
---
.../apache/catalina/loader/LocalStrings.properties | 1 -
.../catalina/loader/LocalStrings_fr.properties | 1 -
.../catalina/loader/LocalStrings_ja.properties | 1 -
.../catalina/loader/LocalStrings_ko.properties | 1 -
.../catalina/loader/LocalStrings_zh_CN.properties | 1 -
.../catalina/loader/WebappClassLoaderBase.java | 228 +--------------------
java/org/apache/catalina/loader/WebappLoader.java | 41 ----
.../org/apache/tomcat/util/IntrospectionUtils.java | 35 +---
.../util/digester/EnvironmentPropertySource.java | 18 +-
.../digester/ServiceBindingPropertySource.java | 26 +--
.../tomcat/util/digester/SystemPropertySource.java | 21 +-
.../tomcat/util/security/PermissionCheck.java | 43 ----
12 files changed, 18 insertions(+), 399 deletions(-)
diff --git a/java/org/apache/catalina/loader/LocalStrings.properties
b/java/org/apache/catalina/loader/LocalStrings.properties
index b861f8b797..0b4792b4ba 100644
--- a/java/org/apache/catalina/loader/LocalStrings.properties
+++ b/java/org/apache/catalina/loader/LocalStrings.properties
@@ -45,7 +45,6 @@ webappClassLoader.readError=Resource read error: Could not
load [{0}].
webappClassLoader.removeTransformer=Removed class file transformer [{0}] from
web application [{1}].
webappClassLoader.resourceModified=Resource [{0}] has been modified. The last
modified time was [{1}] and is now [{2}]
webappClassLoader.restrictedPackage=Security violation, attempt to use
restricted class [{0}]
-webappClassLoader.securityException=Security exception trying to find class
[{0}] in findClassInternal [{1}]
webappClassLoader.stackTrace=The web application [{0}] appears to have started
a thread named [{1}] but has failed to stop it. This is very likely to create a
memory leak. Stack trace of thread:{2}
webappClassLoader.stackTraceRequestThread=The web application [{0}] is still
processing a request that has yet to finish. This is very likely to create a
memory leak. You can control the time allowed for requests to finish by using
the unloadDelay attribute of the standard Context implementation. Stack trace
of request processing thread:[{2}]
webappClassLoader.stopThreadFail=Failed to terminate thread named [{0}] for
web application [{1}]
diff --git a/java/org/apache/catalina/loader/LocalStrings_fr.properties
b/java/org/apache/catalina/loader/LocalStrings_fr.properties
index 3a685eee4c..a360385b60 100644
--- a/java/org/apache/catalina/loader/LocalStrings_fr.properties
+++ b/java/org/apache/catalina/loader/LocalStrings_fr.properties
@@ -45,7 +45,6 @@ webappClassLoader.readError=Erreur lors de la lecture de la
resource : impossibl
webappClassLoader.removeTransformer=Enlevé le transformateur de fichiers de
classe [{0}] de l''application web [{1}]
webappClassLoader.resourceModified=La ressource [{0}] a été modifiée, la date
de dernière modification était [{1}] et est désormais [{2}]
webappClassLoader.restrictedPackage=Violation de sécurité en essayant
d''utiliser à une classe à accès restreint [{0}]
-webappClassLoader.securityException=Exception de sécurité en essayant de
trouver la classe [{0}] dans findClassInternal [{1}]
webappClassLoader.stackTrace=L''application web [{0}] semble avoir démarré un
thread nommé [{1}] mais ne l''a pas arrêté, ce qui va probablement créer une
fuite de mémoire ; la trace du thread est : {2}
webappClassLoader.stackTraceRequestThread=Une requête de l''application web
[{0}] est toujours en cours, ce qui causera certainement une fuite de mémoire,
vous pouvez contrôler le temps alloué en utilisant l''attribut unloadDelay de
l''implémentation standard de Context ; trace du fil d’exécution de la requête
: [{2}]
webappClassLoader.stopThreadFail=Impossible de terminer le thread nommé [{0}]
pour l''application [{1}]
diff --git a/java/org/apache/catalina/loader/LocalStrings_ja.properties
b/java/org/apache/catalina/loader/LocalStrings_ja.properties
index 96717e80b7..e64edd1fda 100644
--- a/java/org/apache/catalina/loader/LocalStrings_ja.properties
+++ b/java/org/apache/catalina/loader/LocalStrings_ja.properties
@@ -45,7 +45,6 @@ webappClassLoader.readError=リソース読み込みエラー: [{0}] が読み
webappClassLoader.removeTransformer=クラスファイル変換器 [{0}] を Web アプリケーション [{1}]
から削除しました。
webappClassLoader.resourceModified=リソース [{0}] は変更されています。直前の更新日時は
[{1}]、最新の更新日時は [{2}] です。
webappClassLoader.restrictedPackage=セキュリティー違反。制限されたクラス [{0}] を使おうとしました。
-webappClassLoader.securityException=indClassInternal [{1}] でクラス [{0}]
を検索中のセキュリティ例外です
webappClassLoader.stackTrace=Webアプリケーション [{0}] は [{1}]
という名前のスレッドを開始したようですが、停止に失敗しました。これはメモリリークを引き起こす可能性が非常に高いです。スレッドのスタックトレース: {2}
webappClassLoader.stackTraceRequestThread=Webアプリケーション[{0}]はまだ完了していないリクエストを処理しています。
これはメモリリークを引き起こす可能性が非常に高いです。
リクエストの終了時間は、StandardContext実装のunloadDelay属性を使用して制御できます。
リクエスト処理スレッドのスタックトレース:[{2}]
webappClassLoader.stopThreadFail=Web アプリケーション [{1}] のスレッド [{0}] は終了できません。
diff --git a/java/org/apache/catalina/loader/LocalStrings_ko.properties
b/java/org/apache/catalina/loader/LocalStrings_ko.properties
index 438086bbad..f7830e97d8 100644
--- a/java/org/apache/catalina/loader/LocalStrings_ko.properties
+++ b/java/org/apache/catalina/loader/LocalStrings_ko.properties
@@ -45,7 +45,6 @@ webappClassLoader.readError=리소스 읽기 오류 : [{0}]을(를) 로드할
webappClassLoader.removeTransformer=웹 애플리케이션 [{1}](으)로부터 클래스 파일 Transformer
[{0}]을(를) 제거했습니다.
webappClassLoader.resourceModified=리소스 [{0}]이(가) 변경된 적이 있습니다. 최종 변경 시간이
[{1}]이었는데, 이제 [{2}](으)로 바뀌었습니다.
webappClassLoader.restrictedPackage=보안 위반 행위: 제한된 클래스 [{0}]을(를) 사용하려 시도했습니다.
-webappClassLoader.securityException=findClassInternal에서, 클래스 [{0}]을(를) 찾으려 시도
중 보안 예외 발생: [{1}]
webappClassLoader.stackTrace=웹 애플리케이션 [{0}]이(가) [{1}](이)라는 이름의 쓰레드를 시작시킨 것으로
보이지만, 해당 쓰레드를 중지시키지 못했습니다. 이는 메모리 누수를 유발할 가능성이 큽니다. 해당 쓰레드의 스택 트레이스:{2}
webappClassLoader.stackTraceRequestThread=웹 애플리케이션 [{0}]이(가) 여전히 완료되지 않은 요청을
처리하고 있습니다. 이는 메모리 누수를 유발할 가능성이 높습니다. 표준 컨텍스트 구현의 unloadDelay 속성을 이용하여, 요청 완료 허용
시간을 통제할 수 있습니다. 요청 처리 쓰레드의 스택 트레이스:[{2}]
webappClassLoader.stopThreadFail=웹 애플리케이션 [{1}]을 위한, [{0}](이)라는 이름의 쓰레드를 종료시키지
못했습니다.
diff --git a/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties
b/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties
index 4661de714c..fb316bd2ab 100644
--- a/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties
+++ b/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties
@@ -45,7 +45,6 @@ webappClassLoader.readError=资源读取错误:不能加载 [{0}].
webappClassLoader.removeTransformer=已从web应用程序[{1}]中删除类文件转换器[{0}]。
webappClassLoader.resourceModified=资源[{0}]已被修改。上次修改时间是[{1}],现在是[{2}]
webappClassLoader.restrictedPackage=安全冲突,尝试使用受限类[{0}]
-webappClassLoader.securityException=尝试在findClassInternal[{1}]中查找类[{0}]时出现安全异常
webappClassLoader.stackTrace=Web应用程序[{0}]似乎启动了一个名为[{1}]的线程,但未能停止它。这很可能会造成内存泄漏。线程的堆栈跟踪:[{2}]
webappClassLoader.stackTraceRequestThread=web应用程序[{0}]仍在处理一个尚未完成的请求。这很可能会造成内存泄漏。您可以使用标准上下文实现的unloadDelay属性来控制请求完成所允许的时间。请求处理线程的堆栈跟踪:[{2}]
webappClassLoader.stopThreadFail=为web应用程序[{1}]终止线程[{0}]失败
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 6ba682b610..1de7b7ac73 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -18,8 +18,6 @@ package org.apache.catalina.loader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStream;
import java.lang.instrument.ClassFileTransformer;
@@ -28,16 +26,11 @@ import java.lang.ref.Reference;
import java.lang.reflect.Field;
import java.lang.reflect.InaccessibleObjectException;
import java.lang.reflect.Method;
-import java.net.URI;
-import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
-import java.security.AccessControlException;
-import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
-import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
@@ -62,7 +55,6 @@ import java.util.jar.Attributes.Name;
import java.util.jar.Manifest;
import org.apache.catalina.Container;
-import org.apache.catalina.Globals;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
@@ -78,7 +70,6 @@ import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.IntrospectionUtils;
import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.res.StringManager;
-import org.apache.tomcat.util.security.PermissionCheck;
import org.apache.tomcat.util.threads.ThreadPoolExecutor;
/**
@@ -125,7 +116,7 @@ import org.apache.tomcat.util.threads.ThreadPoolExecutor;
* @author Craig R. McClanahan
*/
public abstract class WebappClassLoaderBase extends URLClassLoader
- implements Lifecycle, InstrumentableClassLoader, WebappProperties,
PermissionCheck {
+ implements Lifecycle, InstrumentableClassLoader, WebappProperties {
private static final Log log =
LogFactory.getLog(WebappClassLoaderBase.class);
@@ -224,11 +215,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
}
}
this.javaseClassLoader = j;
-
- securityManager = System.getSecurityManager();
- if (securityManager != null) {
- refreshPolicy();
- }
}
@@ -259,11 +245,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
}
}
this.javaseClassLoader = j;
-
- securityManager = System.getSecurityManager();
- if (securityManager != null) {
- refreshPolicy();
- }
}
@@ -315,12 +296,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
protected final HashMap<String, PermissionCollection> loaderPC = new
HashMap<>();
- /**
- * Instance of the SecurityManager installed.
- */
- protected final SecurityManager securityManager;
-
-
/**
* The parent class loader.
*/
@@ -477,64 +452,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
}
- /**
- * If there is a Java SecurityManager create a read permission for the
- * target of the given URL as appropriate.
- *
- * @param url URL for a file or directory on local system
- */
- void addPermission(URL url) {
- if (url == null) {
- return;
- }
- if (securityManager != null) {
- String protocol = url.getProtocol();
- if ("file".equalsIgnoreCase(protocol)) {
- URI uri;
- File f;
- String path;
- try {
- uri = url.toURI();
- f = new File(uri);
- path = f.getCanonicalPath();
- } catch (IOException | URISyntaxException e) {
- log.warn(sm.getString(
- "webappClassLoader.addPermissionNoCanonicalFile",
- url.toExternalForm()));
- return;
- }
- if (f.isFile()) {
- // Allow the file to be read
- addPermission(new FilePermission(path, "read"));
- } else if (f.isDirectory()) {
- addPermission(new FilePermission(path, "read"));
- addPermission(new FilePermission(
- path + File.separator + "-", "read"));
- } else {
- // File does not exist - ignore (shouldn't happen)
- }
- } else {
- // Unsupported URL protocol
- log.warn(sm.getString(
- "webappClassLoader.addPermissionNoProtocol",
- protocol, url.toExternalForm()));
- }
- }
- }
-
-
- /**
- * If there is a Java SecurityManager create a Permission.
- *
- * @param permission The permission
- */
- void addPermission(Permission permission) {
- if ((securityManager != null) && (permission != null)) {
- permissionList.add(permission);
- }
- }
-
-
public boolean getClearReferencesRmiTargets() {
return this.clearReferencesRmiTargets;
}
@@ -831,24 +748,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
checkStateForClassLoading(name);
- // (1) Permission to define this class when using a SecurityManager
- if (securityManager != null) {
- int i = name.lastIndexOf('.');
- if (i >= 0) {
- try {
- if (log.isTraceEnabled()) {
- log.trace("
securityManager.checkPackageDefinition");
- }
-
securityManager.checkPackageDefinition(name.substring(0,i));
- } catch (Exception se) {
- if (log.isTraceEnabled()) {
- log.trace("
-->Exception-->ClassNotFoundException", se);
- }
- throw new ClassNotFoundException(name, se);
- }
- }
- }
-
// Ask our superclass to locate this class, if possible
// (throws ClassNotFoundException if it is not found)
Class<?> clazz = null;
@@ -857,17 +756,7 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
log.trace(" findClassInternal(" + name + ")");
}
try {
- if (securityManager != null) {
- PrivilegedAction<Class<?>> dp =
- new PrivilegedFindClassByName(name);
- clazz = AccessController.doPrivileged(dp);
- } else {
- clazz = findClassInternal(name);
- }
- } catch(AccessControlException ace) {
- log.warn(sm.getString("webappClassLoader.securityException",
name,
- ace.getMessage()), ace);
- throw new ClassNotFoundException(name, ace);
+ clazz = findClassInternal(name);
} catch (RuntimeException e) {
if (log.isTraceEnabled()) {
log.trace(" -->RuntimeException Rethrown", e);
@@ -877,10 +766,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
if ((clazz == null) && hasExternalRepositories) {
try {
clazz = super.findClass(name);
- } catch(AccessControlException ace) {
-
log.warn(sm.getString("webappClassLoader.securityException", name,
- ace.getMessage()), ace);
- throw new ClassNotFoundException(name, ace);
} catch (RuntimeException e) {
if (log.isTraceEnabled()) {
log.trace(" -->RuntimeException Rethrown", e);
@@ -907,13 +792,7 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
}
if (log.isTraceEnabled()) {
- ClassLoader cl;
- if (Globals.IS_SECURITY_ENABLED){
- cl = AccessController.doPrivileged(
- new PrivilegedGetClassLoader(clazz));
- } else {
- cl = clazz.getClassLoader();
- }
+ ClassLoader cl = clazz.getClassLoader();
log.debug(" Loaded by " + cl.toString());
}
return clazz;
@@ -1317,21 +1196,12 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
try {
// Use getResource as it won't trigger an expensive
// ClassNotFoundException if the resource is not available from
- // the Java SE class loader. However (see
- // https://bz.apache.org/bugzilla/show_bug.cgi?id=58125 for
- // details) when running under a security manager in rare cases
- // this call may trigger a ClassCircularityError.
+ // the Java SE class loader.
// See https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 for
// details of how this may trigger a StackOverflowError
- // Given these reported errors, catch Throwable to ensure any
- // other edge cases are also caught
- URL url;
- if (securityManager != null) {
- PrivilegedAction<URL> dp = new
PrivilegedJavaseGetResource(resourceName);
- url = AccessController.doPrivileged(dp);
- } else {
- url = javaseLoader.getResource(resourceName);
- }
+ // Given these reported errors, catch Throwable to ensure all
+ // edge cases are also caught
+ URL url = javaseLoader.getResource(resourceName);
tryLoadingFromJavaseLoader = (url != null);
} catch (Throwable t) {
// Swallow all exceptions apart from those that must be
re-thrown
@@ -1356,20 +1226,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
}
}
- // (0.5) Permission to access this class when using a
SecurityManager
- if (securityManager != null) {
- int i = name.lastIndexOf('.');
- if (i >= 0) {
- try {
-
securityManager.checkPackageAccess(name.substring(0,i));
- } catch (SecurityException se) {
- String error =
sm.getString("webappClassLoader.restrictedPackage", name);
- log.info(error, se);
- throw new ClassNotFoundException(error, se);
- }
- }
- }
-
boolean delegateLoad = delegate || filter(name, true);
// (1) Delegate to our parent if requested
@@ -1485,24 +1341,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
}
- @Override
- public boolean check(Permission permission) {
- if (!Globals.IS_SECURITY_ENABLED) {
- return true;
- }
- Policy currentPolicy = Policy.getPolicy();
- if (currentPolicy != null) {
- URL contextRootUrl = resources.getResource("/").getCodeBase();
- CodeSource cs = new CodeSource(contextRootUrl, (Certificate[])
null);
- PermissionCollection pc = currentPolicy.getPermissions(cs);
- if (pc.implies(permission)) {
- return true;
- }
- }
- return false;
- }
-
-
/**
* {@inheritDoc}
* <p>
@@ -2468,23 +2306,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
}
}
- if (securityManager != null) {
- // Checking sealing
- if (pkg != null) {
- boolean sealCheck = true;
- if (pkg.isSealed()) {
- sealCheck = pkg.isSealed(codeBase);
- } else {
- sealCheck = (manifest == null) ||
!isPackageSealed(packageName, manifest);
- }
- if (!sealCheck) {
- throw new SecurityException
- ("Sealing violation loading " + name + " : Package
"
- + packageName + " is sealed.");
- }
- }
- }
-
try {
clazz = defineClass(name, binaryContent, 0,
binaryContent.length, new CodeSource(codeBase,
certificates));
@@ -2571,25 +2392,6 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
}
- /**
- * Refresh the system policy file, to pick up eventual changes.
- */
- protected void refreshPolicy() {
-
- try {
- // The policy file may have been modified to adjust
- // permissions, so we're reloading it when loading or
- // reloading a Context
- Policy policy = Policy.getPolicy();
- policy.refresh();
- } catch (AccessControlException e) {
- // Some policy files may restrict this, even for the core,
- // so this exception is ignored
- }
-
- }
-
-
/**
* Filter classes.
*
@@ -2741,21 +2543,7 @@ public abstract class WebappClassLoaderBase extends
URLClassLoader
@Override
public boolean hasLoggingConfig() {
- if (Globals.IS_SECURITY_ENABLED) {
- Boolean result = AccessController.doPrivileged(new
PrivilegedHasLoggingConfig());
- return result.booleanValue();
- } else {
- return findResource("logging.properties") != null;
- }
- }
-
-
- private class PrivilegedHasLoggingConfig implements
PrivilegedAction<Boolean> {
-
- @Override
- public Boolean run() {
- return Boolean.valueOf(findResource("logging.properties") != null);
- }
+ return findResource("logging.properties") != null;
}
diff --git a/java/org/apache/catalina/loader/WebappLoader.java
b/java/org/apache/catalina/loader/WebappLoader.java
index ae4f58523d..4e2e46c7d2 100644
--- a/java/org/apache/catalina/loader/WebappLoader.java
+++ b/java/org/apache/catalina/loader/WebappLoader.java
@@ -19,8 +19,6 @@ package org.apache.catalina.loader;
import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
import java.io.File;
-import java.io.FilePermission;
-import java.io.IOException;
import java.lang.reflect.Constructor;
import java.net.URL;
import java.net.URLClassLoader;
@@ -373,8 +371,6 @@ public class WebappLoader extends LifecycleMBeanBase
implements Loader{
// Configure our repositories
setClassPath();
- setPermissions();
-
classLoader.start();
String contextName = context.getName();
@@ -475,43 +471,6 @@ public class WebappLoader extends LifecycleMBeanBase
implements Loader{
}
- /**
- * Configure associated class loader permissions.
- */
- private void setPermissions() {
-
- if (!Globals.IS_SECURITY_ENABLED) {
- return;
- }
- if (context == null) {
- return;
- }
-
- // Tell the class loader the root of the context
- ServletContext servletContext = context.getServletContext();
-
- // Assigning permissions for the work directory
- File workDir =
- (File) servletContext.getAttribute(ServletContext.TEMPDIR);
- if (workDir != null) {
- try {
- String workDirPath = workDir.getCanonicalPath();
- classLoader.addPermission
- (new FilePermission(workDirPath, "read,write"));
- classLoader.addPermission
- (new FilePermission(workDirPath + File.separator + "-",
- "read,write,delete"));
- } catch (IOException e) {
- // Ignore
- }
- }
-
- for (URL url : context.getResources().getBaseUrls()) {
- classLoader.addPermission(url);
- }
- }
-
-
/**
* Set the appropriate context attribute for our class path. This
* is required only because Jasper depends on it.
diff --git a/java/org/apache/tomcat/util/IntrospectionUtils.java
b/java/org/apache/tomcat/util/IntrospectionUtils.java
index c5da1b5f45..1bfd980bb0 100644
--- a/java/org/apache/tomcat/util/IntrospectionUtils.java
+++ b/java/org/apache/tomcat/util/IntrospectionUtils.java
@@ -27,7 +27,6 @@ import java.util.concurrent.ConcurrentHashMap;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.res.StringManager;
-import org.apache.tomcat.util.security.PermissionCheck;
/**
* Utils for introspection and reflection
@@ -334,14 +333,14 @@ public final class IntrospectionUtils {
continue;
}
String n = value.substring(pos + 2, endName);
- String v = getProperty(n, staticProp, dynamicProp,
classLoader);
+ String v = getProperty(n, staticProp, dynamicProp);
if (v == null) {
// {name:default}
int col = n.indexOf(":-");
if (col != -1) {
String dV = n.substring(col + 2);
n = n.substring(0, col);
- v = getProperty(n, staticProp, dynamicProp,
classLoader);
+ v = getProperty(n, staticProp, dynamicProp);
if (v == null) {
v = dV;
}
@@ -369,19 +368,14 @@ public final class IntrospectionUtils {
return replaceProperties(newval, staticProp, dynamicProp, classLoader,
iterationCount+1);
}
- private static String getProperty(String name, Hashtable<Object, Object>
staticProp,
- PropertySource[] dynamicProp, ClassLoader classLoader) {
+ private static String getProperty(String name, Hashtable<Object, Object>
staticProp, PropertySource[] dynamicProp) {
String v = null;
if (staticProp != null) {
v = (String) staticProp.get(name);
}
if (v == null && dynamicProp != null) {
for (PropertySource propertySource : dynamicProp) {
- if (propertySource instanceof SecurePropertySource) {
- v = ((SecurePropertySource)
propertySource).getProperty(name, classLoader);
- } else {
- v = propertySource.getProperty(name);
- }
+ v = propertySource.getProperty(name);
if (v != null) {
break;
}
@@ -600,25 +594,4 @@ public final class IntrospectionUtils {
public static interface PropertySource {
public String getProperty(String key);
}
-
-
- public static interface SecurePropertySource extends PropertySource {
-
- /**
- * Obtain a property value, checking that code associated with the
- * provided class loader has permission to access the property. If the
- * {@code classLoader} is {@code null} or if {@code classLoader} does
- * not implement {@link PermissionCheck} then the property value will
be
- * looked up <b>without</b> a call to
- * {@link PermissionCheck#check(java.security.Permission)}
- *
- * @param key The key of the requested property
- * @param classLoader The class loader associated with the code that
- * trigger the property lookup
- * @return The property value or {@code null} if it could not be found
- * or if {@link
PermissionCheck#check(java.security.Permission)}
- * fails
- */
- public String getProperty(String key, ClassLoader classLoader);
- }
}
diff --git
a/java/org/apache/tomcat/util/digester/EnvironmentPropertySource.java
b/java/org/apache/tomcat/util/digester/EnvironmentPropertySource.java
index 6b4138c9eb..f7de712685 100644
--- a/java/org/apache/tomcat/util/digester/EnvironmentPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/EnvironmentPropertySource.java
@@ -16,13 +16,10 @@
*/
package org.apache.tomcat.util.digester;
-import java.security.Permission;
-
import org.apache.tomcat.util.IntrospectionUtils;
-import org.apache.tomcat.util.security.PermissionCheck;
/**
- * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource}
+ * A {@link org.apache.tomcat.util.IntrospectionUtils.PropertySource}
* that uses environment variables to resolve expressions.
*
* <p><strong>Usage example:</strong></p>
@@ -58,21 +55,10 @@ import org.apache.tomcat.util.security.PermissionCheck;
*
* @see <a
href="https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html#Property_replacements";>Tomcat
Configuration Reference System Properties</a>
*/
-public class EnvironmentPropertySource implements
IntrospectionUtils.SecurePropertySource {
+public class EnvironmentPropertySource implements
IntrospectionUtils.PropertySource {
@Override
public String getProperty(String key) {
- return null;
- }
-
- @Override
- public String getProperty(String key, ClassLoader classLoader) {
- if (classLoader instanceof PermissionCheck) {
- Permission p = new RuntimePermission("getenv." + key, null);
- if (!((PermissionCheck) classLoader).check(p)) {
- return null;
- }
- }
return System.getenv(key);
}
}
diff --git
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index c6b7b6ae12..fb332bd8b2 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -16,18 +16,15 @@
*/
package org.apache.tomcat.util.digester;
-import java.io.FilePermission;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.security.Permission;
import org.apache.tomcat.util.IntrospectionUtils;
-import org.apache.tomcat.util.security.PermissionCheck;
/**
- * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource}
+ * A {@link org.apache.tomcat.util.IntrospectionUtils.PropertySource}
* that uses Kubernetes service bindings to resolve expressions.
*
* <p><strong>Usage example:</strong></p>
@@ -73,25 +70,12 @@ import org.apache.tomcat.util.security.PermissionCheck;
* @see <a
href="https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html#Property_replacements";>Tomcat
* Configuration Reference System Properties</a>
*/
-public class ServiceBindingPropertySource implements
IntrospectionUtils.SecurePropertySource {
+public class ServiceBindingPropertySource implements
IntrospectionUtils.PropertySource {
private static final String SERVICE_BINDING_ROOT_ENV_VAR =
"SERVICE_BINDING_ROOT";
@Override
public String getProperty(String key) {
- return null;
- }
-
- @Override
- public String getProperty(String key, ClassLoader classLoader) {
- // can we determine the service binding root
- if (classLoader instanceof PermissionCheck) {
- Permission p = new RuntimePermission("getenv." +
SERVICE_BINDING_ROOT_ENV_VAR, null);
- if (!((PermissionCheck) classLoader).check(p)) {
- return null;
- }
- }
-
// get the root to search from
String serviceBindingRoot =
System.getenv(SERVICE_BINDING_ROOT_ENV_VAR);
if (serviceBindingRoot == null) {
@@ -106,12 +90,6 @@ public class ServiceBindingPropertySource implements
IntrospectionUtils.SecurePr
Path path = Paths.get(serviceBindingRoot, parts[0], parts[1]);
try {
- if (classLoader instanceof PermissionCheck) {
- Permission p = new FilePermission(path.toString(), "read");
- if (!((PermissionCheck) classLoader).check(p)) {
- return null;
- }
- }
return new String(Files.readAllBytes(path));
} catch (IOException e) {
return null;
diff --git a/java/org/apache/tomcat/util/digester/SystemPropertySource.java
b/java/org/apache/tomcat/util/digester/SystemPropertySource.java
index 49fc765f44..fa42a097e5 100644
--- a/java/org/apache/tomcat/util/digester/SystemPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/SystemPropertySource.java
@@ -16,36 +16,19 @@
*/
package org.apache.tomcat.util.digester;
-import java.security.Permission;
-import java.util.PropertyPermission;
-
import org.apache.tomcat.util.IntrospectionUtils;
-import org.apache.tomcat.util.security.PermissionCheck;
/**
- * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource}
+ * A {@link org.apache.tomcat.util.IntrospectionUtils.PropertySource}
* that uses system properties to resolve expressions.
* This property source is always active by default.
*
* @see Digester
*/
-public class SystemPropertySource implements
IntrospectionUtils.SecurePropertySource {
+public class SystemPropertySource implements IntrospectionUtils.PropertySource
{
@Override
public String getProperty(String key) {
- // For backward compatibility
- return getProperty(key, null);
- }
-
- @Override
- public String getProperty(String key, ClassLoader classLoader) {
- if (classLoader instanceof PermissionCheck) {
- Permission p = new PropertyPermission(key, "read");
- if (!((PermissionCheck) classLoader).check(p)) {
- return null;
- }
- }
return System.getProperty(key);
}
-
}
diff --git a/java/org/apache/tomcat/util/security/PermissionCheck.java
b/java/org/apache/tomcat/util/security/PermissionCheck.java
deleted file mode 100644
index c2a9b86cbd..0000000000
--- a/java/org/apache/tomcat/util/security/PermissionCheck.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.tomcat.util.security;
-
-import java.security.Permission;
-
-/**
- * This interface is implemented by components to enable privileged code to
- * check whether the component has a given permission.
- * This is typically used when a privileged component (e.g. the container) is
- * performing an action on behalf of an untrusted component (e.g. a web
- * application) without the current thread having passed through a code source
- * provided by the untrusted component. Because the current thread has not
- * passed through a code source provided by the untrusted component the
- * SecurityManager assumes the code is trusted so the standard checking
- * mechanisms can't be used.
- */
-public interface PermissionCheck {
-
- /**
- * Does this component have the given permission?
- *
- * @param permission The permission to test
- *
- * @return {@code false} if a SecurityManager is enabled and the component
- * does not have the given permission, otherwise {@code true}
- */
- boolean check(Permission permission);
-}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
