This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4fa1a1a1b2 Remove Globals.IS_SECURITY_ENABLED
4fa1a1a1b2 is described below
commit 4fa1a1a1b25aabca96c349072d742ae16316b7cc
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jan 12 16:32:04 2023 +0000
Remove Globals.IS_SECURITY_ENABLED
---
java/org/apache/catalina/Globals.java | 6 -
java/org/apache/catalina/ant/ValidatorTask.java | 4 +-
java/org/apache/catalina/connector/Connector.java | 7 +-
java/org/apache/catalina/connector/Request.java | 27 -
.../catalina/core/ApplicationContextFacade.java | 549 +++------------------
.../catalina/core/ApplicationFilterConfig.java | 12 +-
.../catalina/core/ApplicationFilterFactory.java | 11 +-
.../org/apache/catalina/core/AsyncContextImpl.java | 9 +-
java/org/apache/catalina/core/StandardHost.java | 3 +-
.../apache/catalina/core/StandardHostValve.java | 4 +-
java/org/apache/catalina/core/StandardWrapper.java | 33 +-
.../org/apache/catalina/security/SecurityUtil.java | 19 -
.../apache/catalina/servlets/DefaultServlet.java | 94 +---
.../apache/catalina/session/DataSourceStore.java | 9 +-
java/org/apache/catalina/session/FileStore.java | 5 +-
java/org/apache/catalina/session/ManagerBase.java | 16 -
.../apache/catalina/session/StandardSession.java | 9 +-
.../apache/catalina/valves/PersistentValve.java | 5 +-
18 files changed, 93 insertions(+), 729 deletions(-)
diff --git a/java/org/apache/catalina/Globals.java
b/java/org/apache/catalina/Globals.java
index f04839ff79..5c7eaa6d43 100644
--- a/java/org/apache/catalina/Globals.java
+++ b/java/org/apache/catalina/Globals.java
@@ -262,12 +262,6 @@ public final class Globals {
Boolean.parseBoolean(System.getProperty("org.apache.catalina.STRICT_SERVLET_COMPLIANCE",
"false"));
- /**
- * Has security been turned on?
- */
- public static final boolean IS_SECURITY_ENABLED =
(System.getSecurityManager() != null);
-
-
/**
* Default domain for MBeans if none can be determined
*/
diff --git a/java/org/apache/catalina/ant/ValidatorTask.java
b/java/org/apache/catalina/ant/ValidatorTask.java
index d239684d3e..28a145362c 100644
--- a/java/org/apache/catalina/ant/ValidatorTask.java
+++ b/java/org/apache/catalina/ant/ValidatorTask.java
@@ -22,7 +22,6 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
-import org.apache.catalina.Globals;
import org.apache.tomcat.util.descriptor.DigesterFactory;
import org.apache.tomcat.util.digester.Digester;
import org.apache.tools.ant.BuildException;
@@ -87,8 +86,7 @@ public class ValidatorTask extends BaseRedirectorHelperTask {
// Called through trusted manager interface. If running under a
// SecurityManager assume that untrusted applications may be deployed.
- Digester digester = DigesterFactory.newDigester(
- true, true, null, Globals.IS_SECURITY_ENABLED);
+ Digester digester = DigesterFactory.newDigester(true, true, null,
false);
try (InputStream stream = new BufferedInputStream(new
FileInputStream(file.getCanonicalFile()))) {
InputSource is = new
InputSource(file.toURI().toURL().toExternalForm());
is.setByteStream(stream);
diff --git a/java/org/apache/catalina/connector/Connector.java
b/java/org/apache/catalina/connector/Connector.java
index 3b6d94a788..ad6fde7d32 100644
--- a/java/org/apache/catalina/connector/Connector.java
+++ b/java/org/apache/catalina/connector/Connector.java
@@ -25,7 +25,6 @@ import java.util.HashSet;
import javax.management.ObjectName;
-import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Service;
@@ -404,12 +403,10 @@ public class Connector extends LifecycleMBeanBase {
/**
- * @return <code>true</code> if the object facades are discarded, either
- * when the discardFacades value is <code>true</code> or when the
- * security manager is enabled.
+ * @return <code>true</code> if the object facades are discarded.
*/
public boolean getDiscardFacades() {
- return discardFacades || Globals.IS_SECURITY_ENABLED;
+ return discardFacades;
}
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 07b40ed463..e35dbcd085 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -1929,37 +1929,10 @@ public class Request implements HttpServletRequest {
* @param principal The user Principal
*/
public void setUserPrincipal(final Principal principal) {
- if (Globals.IS_SECURITY_ENABLED && principal != null) {
- if (subject == null) {
- final HttpSession session = getSession(false);
- if (session == null) {
- // Cache the subject in the request
- subject = newSubject(principal);
- } else {
- // Cache the subject in the request and the session
- subject = (Subject)
session.getAttribute(Globals.SUBJECT_ATTR);
- if (subject == null) {
- subject = newSubject(principal);
- session.setAttribute(Globals.SUBJECT_ATTR, subject);
- } else {
- subject.getPrincipals().add(principal);
- }
- }
- } else {
- subject.getPrincipals().add(principal);
- }
- }
userPrincipal = principal;
}
- private Subject newSubject(final Principal principal) {
- final Subject result = new Subject();
- result.getPrincipals().add(principal);
- return result;
- }
-
-
// --------------------------------------------- HttpServletRequest Methods
@Override
diff --git a/java/org/apache/catalina/core/ApplicationContextFacade.java
b/java/org/apache/catalina/core/ApplicationContextFacade.java
index ff89aa0b9e..93a0fe49ae 100644
--- a/java/org/apache/catalina/core/ApplicationContextFacade.java
+++ b/java/org/apache/catalina/core/ApplicationContextFacade.java
@@ -18,17 +18,13 @@ package org.apache.catalina.core;
import java.io.InputStream;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.net.MalformedURLException;
import java.net.URL;
-import java.security.PrivilegedActionException;
import java.util.Enumeration;
import java.util.EventListener;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterRegistration;
@@ -42,10 +38,6 @@ import jakarta.servlet.SessionCookieConfig;
import jakarta.servlet.SessionTrackingMode;
import jakarta.servlet.descriptor.JspConfigDescriptor;
-import org.apache.catalina.Globals;
-import org.apache.catalina.security.SecurityUtil;
-import org.apache.tomcat.util.ExceptionUtils;
-
/**
* Facade object which masks the internal <code>ApplicationContext</code>
@@ -62,15 +54,8 @@ public class ApplicationContextFacade implements
ServletContext {
private final Map<String,Class<?>[]> classCache;
- /**
- * Cache method object.
- */
- private final Map<String,Method> objectCache;
-
-
// ----------------------------------------------------------- Constructors
-
/**
* Construct a new instance of this class, associated with the specified
* Context instance.
@@ -82,7 +67,6 @@ public class ApplicationContextFacade implements
ServletContext {
this.context = context;
classCache = new HashMap<>();
- objectCache = new ConcurrentHashMap<>();
initClassCache();
}
@@ -135,13 +119,7 @@ public class ApplicationContextFacade implements
ServletContext {
@Override
public ServletContext getContext(String uripath) {
- ServletContext theContext = null;
- if (SecurityUtil.isPackageProtectionEnabled()) {
- theContext = (ServletContext)
- doPrivileged("getContext", new Object[]{uripath});
- } else {
- theContext = context.getContext(uripath);
- }
+ ServletContext theContext = context.getContext(uripath);
if ((theContext != null) &&
(theContext instanceof ApplicationContext)){
theContext = ((ApplicationContext)theContext).getFacade();
@@ -164,711 +142,310 @@ public class ApplicationContextFacade implements
ServletContext {
@Override
public String getMimeType(String file) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String)doPrivileged("getMimeType", new Object[]{file});
- } else {
- return context.getMimeType(file);
- }
+ return context.getMimeType(file);
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<String> getResourcePaths(String path) {
- if (SecurityUtil.isPackageProtectionEnabled()){
- return (Set<String>)doPrivileged("getResourcePaths",
- new Object[]{path});
- } else {
- return context.getResourcePaths(path);
- }
+ return context.getResourcePaths(path);
}
@Override
- public URL getResource(String path)
- throws MalformedURLException {
- if (Globals.IS_SECURITY_ENABLED) {
- try {
- return (URL) invokeMethod(context, "getResource",
- new Object[]{path});
- } catch(Throwable t) {
- ExceptionUtils.handleThrowable(t);
- if (t instanceof MalformedURLException){
- throw (MalformedURLException)t;
- }
- return null;
- }
- } else {
- return context.getResource(path);
- }
+ public URL getResource(String path) throws MalformedURLException {
+ return context.getResource(path);
}
@Override
public InputStream getResourceAsStream(String path) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (InputStream) doPrivileged("getResourceAsStream",
- new Object[]{path});
- } else {
- return context.getResourceAsStream(path);
- }
+ return context.getResourceAsStream(path);
}
@Override
public RequestDispatcher getRequestDispatcher(final String path) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (RequestDispatcher) doPrivileged("getRequestDispatcher",
- new Object[]{path});
- } else {
- return context.getRequestDispatcher(path);
- }
+ return context.getRequestDispatcher(path);
}
@Override
public RequestDispatcher getNamedDispatcher(String name) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (RequestDispatcher) doPrivileged("getNamedDispatcher",
- new Object[]{name});
- } else {
- return context.getNamedDispatcher(name);
- }
+ return context.getNamedDispatcher(name);
}
@Override
public void log(String msg) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("log", new Object[]{msg} );
- } else {
- context.log(msg);
- }
+ context.log(msg);
}
@Override
public void log(String message, Throwable throwable) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("log", new Class[]{String.class, Throwable.class},
- new Object[]{message, throwable});
- } else {
- context.log(message, throwable);
- }
+ context.log(message, throwable);
}
@Override
public String getRealPath(String path) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String) doPrivileged("getRealPath", new Object[]{path});
- } else {
- return context.getRealPath(path);
- }
+ return context.getRealPath(path);
}
@Override
public String getServerInfo() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String) doPrivileged("getServerInfo", null);
- } else {
- return context.getServerInfo();
- }
+ return context.getServerInfo();
}
@Override
public String getInitParameter(String name) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String) doPrivileged("getInitParameter",
- new Object[]{name});
- } else {
- return context.getInitParameter(name);
- }
+ return context.getInitParameter(name);
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Enumeration<String> getInitParameterNames() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (Enumeration<String>) doPrivileged(
- "getInitParameterNames", null);
- } else {
- return context.getInitParameterNames();
- }
+ return context.getInitParameterNames();
}
@Override
public Object getAttribute(String name) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return doPrivileged("getAttribute", new Object[]{name});
- } else {
- return context.getAttribute(name);
- }
+ return context.getAttribute(name);
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Enumeration<String> getAttributeNames() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (Enumeration<String>) doPrivileged(
- "getAttributeNames", null);
- } else {
- return context.getAttributeNames();
- }
+ return context.getAttributeNames();
}
@Override
public void setAttribute(String name, Object object) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("setAttribute", new Object[]{name,object});
- } else {
- context.setAttribute(name, object);
- }
+ context.setAttribute(name, object);
}
@Override
public void removeAttribute(String name) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("removeAttribute", new Object[]{name});
- } else {
- context.removeAttribute(name);
- }
+ context.removeAttribute(name);
}
@Override
public String getServletContextName() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String) doPrivileged("getServletContextName", null);
- } else {
- return context.getServletContextName();
- }
+ return context.getServletContextName();
}
@Override
public String getContextPath() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String) doPrivileged("getContextPath", null);
- } else {
- return context.getContextPath();
- }
+ return context.getContextPath();
}
@Override
- public FilterRegistration.Dynamic addFilter(String filterName,
- String className) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (FilterRegistration.Dynamic) doPrivileged(
- "addFilter", new Object[]{filterName, className});
- } else {
- return context.addFilter(filterName, className);
- }
+ public FilterRegistration.Dynamic addFilter(String filterName, String
className) {
+ return context.addFilter(filterName, className);
}
@Override
- public FilterRegistration.Dynamic addFilter(String filterName,
- Filter filter) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (FilterRegistration.Dynamic) doPrivileged("addFilter",
- new Class[]{String.class, Filter.class},
- new Object[]{filterName, filter});
- } else {
- return context.addFilter(filterName, filter);
- }
+ public FilterRegistration.Dynamic addFilter(String filterName, Filter
filter) {
+ return context.addFilter(filterName, filter);
}
@Override
public FilterRegistration.Dynamic addFilter(String filterName,
Class<? extends Filter> filterClass) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (FilterRegistration.Dynamic) doPrivileged("addFilter",
- new Class[]{String.class, Class.class},
- new Object[]{filterName, filterClass});
- } else {
- return context.addFilter(filterName, filterClass);
- }
+ return context.addFilter(filterName, filterClass);
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
- public <T extends Filter> T createFilter(Class<T> c)
- throws ServletException {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- return (T) invokeMethod(context, "createFilter",
- new Object[]{c});
- } catch (Throwable t) {
- ExceptionUtils.handleThrowable(t);
- if (t instanceof ServletException) {
- throw (ServletException) t;
- }
- return null;
- }
- } else {
- return context.createFilter(c);
- }
+ public <T extends Filter> T createFilter(Class<T> c) throws
ServletException {
+ return context.createFilter(c);
}
@Override
public FilterRegistration getFilterRegistration(String filterName) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (FilterRegistration) doPrivileged(
- "getFilterRegistration", new Object[]{filterName});
- } else {
- return context.getFilterRegistration(filterName);
- }
+ return context.getFilterRegistration(filterName);
}
@Override
- public ServletRegistration.Dynamic addServlet(String servletName,
- String className) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (ServletRegistration.Dynamic) doPrivileged(
- "addServlet", new Object[]{servletName, className});
- } else {
- return context.addServlet(servletName, className);
- }
+ public ServletRegistration.Dynamic addServlet(String servletName, String
className) {
+ return context.addServlet(servletName, className);
}
@Override
- public ServletRegistration.Dynamic addServlet(String servletName,
- Servlet servlet) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (ServletRegistration.Dynamic) doPrivileged("addServlet",
- new Class[]{String.class, Servlet.class},
- new Object[]{servletName, servlet});
- } else {
- return context.addServlet(servletName, servlet);
- }
+ public ServletRegistration.Dynamic addServlet(String servletName, Servlet
servlet) {
+ return context.addServlet(servletName, servlet);
}
@Override
- public ServletRegistration.Dynamic addServlet(String servletName,
- Class<? extends Servlet> servletClass) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (ServletRegistration.Dynamic) doPrivileged("addServlet",
- new Class[]{String.class, Class.class},
- new Object[]{servletName, servletClass});
- } else {
- return context.addServlet(servletName, servletClass);
- }
+ public ServletRegistration.Dynamic addServlet(String servletName, Class<?
extends Servlet> servletClass) {
+ return context.addServlet(servletName, servletClass);
}
@Override
public Dynamic addJspFile(String jspName, String jspFile) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (ServletRegistration.Dynamic) doPrivileged("addJspFile",
- new Object[]{jspName, jspFile});
- } else {
- return context.addJspFile(jspName, jspFile);
- }
+ return context.addJspFile(jspName, jspFile);
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
- public <T extends Servlet> T createServlet(Class<T> c)
- throws ServletException {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- return (T) invokeMethod(context, "createServlet",
- new Object[]{c});
- } catch (Throwable t) {
- ExceptionUtils.handleThrowable(t);
- if (t instanceof ServletException) {
- throw (ServletException) t;
- }
- return null;
- }
- } else {
- return context.createServlet(c);
- }
+ public <T extends Servlet> T createServlet(Class<T> c) throws
ServletException {
+ return context.createServlet(c);
}
@Override
public ServletRegistration getServletRegistration(String servletName) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (ServletRegistration) doPrivileged(
- "getServletRegistration", new Object[]{servletName});
- } else {
- return context.getServletRegistration(servletName);
- }
+ return context.getServletRegistration(servletName);
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (Set<SessionTrackingMode>)
- doPrivileged("getDefaultSessionTrackingModes", null);
- } else {
- return context.getDefaultSessionTrackingModes();
- }
+ return context.getDefaultSessionTrackingModes();
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (Set<SessionTrackingMode>)
- doPrivileged("getEffectiveSessionTrackingModes", null);
- } else {
- return context.getEffectiveSessionTrackingModes();
- }
+ return context.getEffectiveSessionTrackingModes();
}
@Override
public SessionCookieConfig getSessionCookieConfig() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (SessionCookieConfig)
- doPrivileged("getSessionCookieConfig", null);
- } else {
- return context.getSessionCookieConfig();
- }
+ return context.getSessionCookieConfig();
}
@Override
- public void setSessionTrackingModes(
- Set<SessionTrackingMode> sessionTrackingModes) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("setSessionTrackingModes",
- new Object[]{sessionTrackingModes});
- } else {
- context.setSessionTrackingModes(sessionTrackingModes);
- }
+ public void setSessionTrackingModes(Set<SessionTrackingMode>
sessionTrackingModes) {
+ context.setSessionTrackingModes(sessionTrackingModes);
}
@Override
public boolean setInitParameter(String name, String value) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return ((Boolean) doPrivileged("setInitParameter",
- new Object[]{name, value})).booleanValue();
- } else {
- return context.setInitParameter(name, value);
- }
+ return context.setInitParameter(name, value);
}
@Override
public void addListener(Class<? extends EventListener> listenerClass) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("addListener",
- new Class[]{Class.class},
- new Object[]{listenerClass});
- } else {
- context.addListener(listenerClass);
- }
+ context.addListener(listenerClass);
}
@Override
public void addListener(String className) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("addListener",
- new Object[]{className});
- } else {
- context.addListener(className);
- }
+ context.addListener(className);
}
@Override
public <T extends EventListener> void addListener(T t) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("addListener",
- new Class[]{EventListener.class},
- new Object[]{t});
- } else {
- context.addListener(t);
- }
+ context.addListener(t);
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
- public <T extends EventListener> T createListener(Class<T> c)
- throws ServletException {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- return (T) invokeMethod(context, "createListener",
- new Object[]{c});
- } catch (Throwable t) {
- ExceptionUtils.handleThrowable(t);
- if (t instanceof ServletException) {
- throw (ServletException) t;
- }
- return null;
- }
- } else {
- return context.createListener(c);
- }
+ public <T extends EventListener> T createListener(Class<T> c) throws
ServletException {
+ return context.createListener(c);
}
@Override
public void declareRoles(String... roleNames) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("declareRoles", new Object[]{roleNames});
- } else {
- context.declareRoles(roleNames);
- }
+ context.declareRoles(roleNames);
}
@Override
public ClassLoader getClassLoader() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (ClassLoader) doPrivileged("getClassLoader", null);
- } else {
- return context.getClassLoader();
- }
+ return context.getClassLoader();
}
@Override
public int getEffectiveMajorVersion() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return ((Integer) doPrivileged("getEffectiveMajorVersion",
- null)).intValue();
- } else {
- return context.getEffectiveMajorVersion();
- }
+ return context.getEffectiveMajorVersion();
}
@Override
public int getEffectiveMinorVersion() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return ((Integer) doPrivileged("getEffectiveMinorVersion",
- null)).intValue();
- } else {
- return context.getEffectiveMinorVersion();
- }
+ return context.getEffectiveMinorVersion();
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Map<String, ? extends FilterRegistration> getFilterRegistrations() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (Map<String, ? extends FilterRegistration>) doPrivileged(
- "getFilterRegistrations", null);
- } else {
- return context.getFilterRegistrations();
- }
+ return context.getFilterRegistrations();
}
@Override
public JspConfigDescriptor getJspConfigDescriptor() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (JspConfigDescriptor) doPrivileged("getJspConfigDescriptor",
- null);
- } else {
- return context.getJspConfigDescriptor();
- }
+ return context.getJspConfigDescriptor();
}
@Override
- @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Map<String, ? extends ServletRegistration>
getServletRegistrations() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (Map<String, ? extends ServletRegistration>) doPrivileged(
- "getServletRegistrations", null);
- } else {
- return context.getServletRegistrations();
- }
+ return context.getServletRegistrations();
}
@Override
public String getVirtualServerName() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String) doPrivileged("getVirtualServerName", null);
- } else {
- return context.getVirtualServerName();
- }
+ return context.getVirtualServerName();
}
@Override
public int getSessionTimeout() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return ((Integer) doPrivileged("getSessionTimeout",
null)).intValue();
- } else {
- return context.getSessionTimeout();
- }
+ return context.getSessionTimeout();
}
@Override
public void setSessionTimeout(int sessionTimeout) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("setSessionTimeout", new Object[] {
Integer.valueOf(sessionTimeout) });
- } else {
- context.setSessionTimeout(sessionTimeout);
- }
+ context.setSessionTimeout(sessionTimeout);
}
@Override
public String getRequestCharacterEncoding() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String) doPrivileged("getRequestCharacterEncoding", null);
- } else {
- return context.getRequestCharacterEncoding();
- }
+ return context.getRequestCharacterEncoding();
}
@Override
public void setRequestCharacterEncoding(String encoding) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("setRequestCharacterEncoding", new Object[] {
encoding });
- } else {
- context.setRequestCharacterEncoding(encoding);
- }
+ context.setRequestCharacterEncoding(encoding);
}
@Override
public String getResponseCharacterEncoding() {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (String) doPrivileged("getResponseCharacterEncoding", null);
- } else {
- return context.getResponseCharacterEncoding();
- }
+ return context.getResponseCharacterEncoding();
}
@Override
public void setResponseCharacterEncoding(String encoding) {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- doPrivileged("setResponseCharacterEncoding", new Object[] {
encoding });
- } else {
- context.setResponseCharacterEncoding(encoding);
- }
- }
-
-
- /**
- * Use reflection to invoke the requested method. Cache the method object
- * to speed up the process
- * @param methodName The method to call.
- * @param params The arguments passed to the called method.
- */
- private Object doPrivileged(final String methodName, final Object[]
params) {
- try{
- return invokeMethod(context, methodName, params);
- }catch(Throwable t){
- ExceptionUtils.handleThrowable(t);
- throw new RuntimeException(t.getMessage(), t);
- }
- }
-
-
- /**
- * Use reflection to invoke the requested method. Cache the method object
- * to speed up the process
- * @param appContext The ApplicationContext object on which the method
- * will be invoked
- * @param methodName The method to call.
- * @param params The arguments passed to the called method.
- */
- private Object invokeMethod(ApplicationContext appContext,
- final String methodName,
- Object[] params)
- throws Throwable{
-
- try{
- Method method = objectCache.get(methodName);
- if (method == null){
- method = appContext.getClass()
- .getMethod(methodName, classCache.get(methodName));
- objectCache.put(methodName, method);
- }
-
- return method.invoke(context, params);
- } catch (Exception ex){
- handleException(ex);
- return null;
- } finally {
- params = null;
- }
- }
-
- /**
- * Use reflection to invoke the requested method. Cache the method object
- * to speed up the process
- * @param methodName The method to invoke.
- * @param clazz The class where the method is.
- * @param params The arguments passed to the called method.
- */
- private Object doPrivileged(final String methodName,
- final Class<?>[] clazz,
- Object[] params) {
-
- try{
- Method method = context.getClass().getMethod(methodName, clazz);
- return method.invoke(context, params);
- } catch (Exception ex){
- try {
- handleException(ex);
- } catch (Throwable t){
- ExceptionUtils.handleThrowable(t);
- throw new RuntimeException(t.getMessage());
- }
- return null;
- } finally {
- params = null;
- }
- }
-
-
- /**
- * Throw the real exception.
- *
- * @param ex The current exception
- */
- private void handleException(Exception ex)
- throws Throwable {
-
- Throwable realException;
-
- if (ex instanceof PrivilegedActionException) {
- ex = ((PrivilegedActionException) ex).getException();
- }
-
- if (ex instanceof InvocationTargetException) {
- realException = ex.getCause();
- if (realException == null) {
- realException = ex;
- }
- } else {
- realException = ex;
- }
-
- throw realException;
+ context.setResponseCharacterEncoding(encoding);
}
}
diff --git a/java/org/apache/catalina/core/ApplicationFilterConfig.java
b/java/org/apache/catalina/core/ApplicationFilterConfig.java
index 3b81f7303e..ac8626bb34 100644
--- a/java/org/apache/catalina/core/ApplicationFilterConfig.java
+++ b/java/org/apache/catalina/core/ApplicationFilterConfig.java
@@ -34,8 +34,6 @@ import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
-import org.apache.catalina.security.SecurityUtil;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
@@ -294,15 +292,7 @@ public final class ApplicationFilterConfig implements
FilterConfig, Serializable
if (this.filter != null) {
try {
- if (Globals.IS_SECURITY_ENABLED) {
- try {
- SecurityUtil.doAsPrivilege("destroy", filter);
- } finally {
- SecurityUtil.remove(filter);
- }
- } else {
- filter.destroy();
- }
+ filter.destroy();
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
context.getLogger().error(sm.getString(
diff --git a/java/org/apache/catalina/core/ApplicationFilterFactory.java
b/java/org/apache/catalina/core/ApplicationFilterFactory.java
index 62bae04237..18dc37561b 100644
--- a/java/org/apache/catalina/core/ApplicationFilterFactory.java
+++ b/java/org/apache/catalina/core/ApplicationFilterFactory.java
@@ -62,15 +62,10 @@ public final class ApplicationFilterFactory {
ApplicationFilterChain filterChain = null;
if (request instanceof Request) {
Request req = (Request) request;
- if (Globals.IS_SECURITY_ENABLED) {
- // Security: Do not recycle
+ filterChain = (ApplicationFilterChain) req.getFilterChain();
+ if (filterChain == null) {
filterChain = new ApplicationFilterChain();
- } else {
- filterChain = (ApplicationFilterChain) req.getFilterChain();
- if (filterChain == null) {
- filterChain = new ApplicationFilterChain();
- req.setFilterChain(filterChain);
- }
+ req.setFilterChain(filterChain);
}
} else {
// Request dispatcher in use
diff --git a/java/org/apache/catalina/core/AsyncContextImpl.java
b/java/org/apache/catalina/core/AsyncContextImpl.java
index d38f1ae8f9..776aa8acf9 100644
--- a/java/org/apache/catalina/core/AsyncContextImpl.java
+++ b/java/org/apache/catalina/core/AsyncContextImpl.java
@@ -37,7 +37,6 @@ import jakarta.servlet.http.HttpServletResponse;
import org.apache.catalina.AsyncDispatcher;
import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
import org.apache.catalina.Host;
import org.apache.catalina.Valve;
import org.apache.catalina.connector.Request;
@@ -99,7 +98,7 @@ public class AsyncContextImpl implements AsyncContext,
AsyncContextCallback {
}
List<AsyncListenerWrapper> listenersCopy = new ArrayList<>(listeners);
- ClassLoader oldCL = context.bind(Globals.IS_SECURITY_ENABLED, null);
+ ClassLoader oldCL = context.bind(false, null);
try {
for (AsyncListenerWrapper listener : listenersCopy) {
try {
@@ -113,7 +112,7 @@ public class AsyncContextImpl implements AsyncContext,
AsyncContextCallback {
} finally {
context.fireRequestDestroyEvent(request.getRequest());
clearServletRequestResponse();
- context.unbind(Globals.IS_SECURITY_ENABLED, oldCL);
+ context.unbind(false, oldCL);
}
}
@@ -544,7 +543,7 @@ public class AsyncContextImpl implements AsyncContext,
AsyncContextCallback {
@Override
public void run() {
- ClassLoader oldCL = context.bind(Globals.IS_SECURITY_ENABLED,
null);
+ ClassLoader oldCL = context.bind(false, null);
try {
wrapped.run();
} catch (Throwable t) {
@@ -555,7 +554,7 @@ public class AsyncContextImpl implements AsyncContext,
AsyncContextCallback {
coyoteResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
coyoteResponse.setError();
} finally {
- context.unbind(Globals.IS_SECURITY_ENABLED, oldCL);
+ context.unbind(false, oldCL);
}
// Since this runnable is not executing as a result of a socket
diff --git a/java/org/apache/catalina/core/StandardHost.java
b/java/org/apache/catalina/core/StandardHost.java
index 07df3d9f1f..2f5a758617 100644
--- a/java/org/apache/catalina/core/StandardHost.java
+++ b/java/org/apache/catalina/core/StandardHost.java
@@ -32,7 +32,6 @@ import javax.management.ObjectName;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
-import org.apache.catalina.Globals;
import org.apache.catalina.Host;
import org.apache.catalina.JmxEnabled;
import org.apache.catalina.Lifecycle;
@@ -139,7 +138,7 @@ public class StandardHost extends ContainerBase implements
Host {
/**
* deploy Context XML config files property.
*/
- private boolean deployXML = !Globals.IS_SECURITY_ENABLED;
+ private boolean deployXML = true;
/**
diff --git a/java/org/apache/catalina/core/StandardHostValve.java
b/java/org/apache/catalina/core/StandardHostValve.java
index 8e0c5b283f..159eb26296 100644
--- a/java/org/apache/catalina/core/StandardHostValve.java
+++ b/java/org/apache/catalina/core/StandardHostValve.java
@@ -100,7 +100,7 @@ final class StandardHostValve extends ValveBase {
boolean asyncAtStart = request.isAsync();
try {
- context.bind(Globals.IS_SECURITY_ENABLED, MY_CLASSLOADER);
+ context.bind(false, MY_CLASSLOADER);
if (!asyncAtStart &&
!context.fireRequestInitEvent(request.getRequest())) {
// Don't fire listeners during async processing (the listener
@@ -167,7 +167,7 @@ final class StandardHostValve extends ValveBase {
request.getSession(false);
}
- context.unbind(Globals.IS_SECURITY_ENABLED, MY_CLASSLOADER);
+ context.unbind(false, MY_CLASSLOADER);
}
}
diff --git a/java/org/apache/catalina/core/StandardWrapper.java
b/java/org/apache/catalina/core/StandardWrapper.java
index c54680a8f8..540bf0ce3a 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -47,11 +47,9 @@ import jakarta.servlet.annotation.MultipartConfig;
import org.apache.catalina.Container;
import org.apache.catalina.ContainerServlet;
import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Wrapper;
-import org.apache.catalina.security.SecurityUtil;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.InstanceManager;
@@ -973,25 +971,7 @@ public class StandardWrapper extends ContainerBase
// Call the initialization method of this servlet
try {
- if( Globals.IS_SECURITY_ENABLED) {
- boolean success = false;
- try {
- Object[] args = new Object[] { facade };
- SecurityUtil.doAsPrivilege("init",
- servlet,
- classType,
- args);
- success = true;
- } finally {
- if (!success) {
- // destroy() will not be called, thus clear the
reference now
- SecurityUtil.remove(servlet);
- }
- }
- } else {
- servlet.init(facade);
- }
-
+ servlet.init(facade);
instanceInitialized = true;
} catch (UnavailableException f) {
unavailable(f);
@@ -1142,16 +1122,7 @@ public class StandardWrapper extends ContainerBase
// Call the servlet destroy() method
try {
- if( Globals.IS_SECURITY_ENABLED) {
- try {
- SecurityUtil.doAsPrivilege("destroy", instance);
- } finally {
- SecurityUtil.remove(instance);
- }
- } else {
- instance.destroy();
- }
-
+ instance.destroy();
} catch (Throwable t) {
t = ExceptionUtils.unwrapInvocationTargetException(t);
ExceptionUtils.handleThrowable(t);
diff --git a/java/org/apache/catalina/security/SecurityUtil.java
b/java/org/apache/catalina/security/SecurityUtil.java
index 20b5c0e498..5a245217b8 100644
--- a/java/org/apache/catalina/security/SecurityUtil.java
+++ b/java/org/apache/catalina/security/SecurityUtil.java
@@ -76,10 +76,6 @@ public final class SecurityUtil{
private static final Log log = LogFactory.getLog(SecurityUtil.class);
- private static final boolean packageDefinitionEnabled =
- (System.getProperty("package.definition") == null &&
- System.getProperty("package.access") == null) ? false : true;
-
/**
* The string resources for this package.
*/
@@ -413,19 +409,4 @@ public final class SecurityUtil{
public static void remove(Object cachedObject){
classCache.remove(cachedObject);
}
-
-
- /**
- * Return the <code>SecurityManager</code> only if Security is enabled AND
- * package protection mechanism is enabled.
- * @return <code>true</code> if package level protection is enabled
- */
- public static boolean isPackageProtectionEnabled(){
- if (packageDefinitionEnabled && Globals.IS_SECURITY_ENABLED){
- return true;
- }
- return false;
- }
-
-
}
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 7a647b0804..dc00ef6897 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -43,14 +43,10 @@ import java.util.List;
import java.util.Locale;
import java.util.function.Function;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
@@ -83,10 +79,6 @@ import org.apache.tomcat.util.http.parser.EntityTag;
import org.apache.tomcat.util.http.parser.Ranges;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.security.Escape;
-import org.w3c.dom.Document;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-import org.xml.sax.ext.EntityResolver2;
/**
@@ -140,10 +132,6 @@ public class DefaultServlet extends HttpServlet {
*/
protected static final StringManager sm =
StringManager.getManager(DefaultServlet.class);
- private static final DocumentBuilderFactory factory;
-
- private static final SecureEntityResolver secureEntityResolver;
-
/**
* Full range marker.
*/
@@ -162,21 +150,6 @@ public class DefaultServlet extends HttpServlet {
protected static final int BUFFER_SIZE = 4096;
- // ----------------------------------------------------- Static Initializer
-
- static {
- if (Globals.IS_SECURITY_ENABLED) {
- factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setValidating(false);
- secureEntityResolver = new SecureEntityResolver();
- } else {
- factory = null;
- secureEntityResolver = null;
- }
- }
-
-
// ----------------------------------------------------- Instance Variables
/**
@@ -2008,11 +1981,7 @@ public class DefaultServlet extends HttpServlet {
if (resource.isFile()) {
InputStream is = resource.getInputStream();
if (is != null) {
- if (Globals.IS_SECURITY_ENABLED) {
- return secureXslt(is);
- } else {
- return new StreamSource(is);
- }
+ return new StreamSource(is);
}
}
if (debug > 10) {
@@ -2024,11 +1993,7 @@ public class DefaultServlet extends HttpServlet {
InputStream is =
getServletContext().getResourceAsStream(contextXsltFile);
if (is != null) {
- if (Globals.IS_SECURITY_ENABLED) {
- return secureXslt(is);
- } else {
- return new StreamSource(is);
- }
+ return new StreamSource(is);
}
if (debug > 10) {
@@ -2104,31 +2069,6 @@ public class DefaultServlet extends HttpServlet {
}
- private Source secureXslt(InputStream is) {
- // Need to filter out any external entities
- Source result = null;
- try {
- DocumentBuilder builder = factory.newDocumentBuilder();
- builder.setEntityResolver(secureEntityResolver);
- Document document = builder.parse(is);
- result = new DOMSource(document);
- } catch (ParserConfigurationException | SAXException | IOException e) {
- if (debug > 0) {
- log(e.getMessage(), e);
- }
- } finally {
- if (is != null) {
- try {
- is.close();
- } catch (IOException e) {
- // Ignore
- }
- }
- }
- return result;
- }
-
-
// -------------------------------------------------------- protected
Methods
/**
@@ -2656,36 +2596,6 @@ public class DefaultServlet extends HttpServlet {
}
- /**
- * This is secure in the sense that any attempt to use an external entity
- * will trigger an exception.
- */
- private static class SecureEntityResolver implements EntityResolver2 {
-
- @Override
- public InputSource resolveEntity(String publicId, String systemId)
- throws SAXException, IOException {
- throw new
SAXException(sm.getString("defaultServlet.blockExternalEntity",
- publicId, systemId));
- }
-
- @Override
- public InputSource getExternalSubset(String name, String baseURI)
- throws SAXException, IOException {
- throw new
SAXException(sm.getString("defaultServlet.blockExternalSubset",
- name, baseURI));
- }
-
- @Override
- public InputSource resolveEntity(String name, String publicId,
- String baseURI, String systemId) throws SAXException,
- IOException {
- throw new
SAXException(sm.getString("defaultServlet.blockExternalEntity2",
- name, publicId, baseURI, systemId));
- }
- }
-
-
/**
* Gets the ordering character to be used for a particular column.
*
diff --git a/java/org/apache/catalina/session/DataSourceStore.java
b/java/org/apache/catalina/session/DataSourceStore.java
index 1178eac41d..7bd8957a1e 100644
--- a/java/org/apache/catalina/session/DataSourceStore.java
+++ b/java/org/apache/catalina/session/DataSourceStore.java
@@ -37,7 +37,6 @@ import javax.naming.NamingException;
import javax.sql.DataSource;
import org.apache.catalina.Container;
-import org.apache.catalina.Globals;
import org.apache.catalina.Session;
import org.apache.juli.logging.Log;
@@ -466,7 +465,7 @@ public class DataSourceStore extends StoreBase {
return null;
}
- ClassLoader oldThreadContextCL =
context.bind(Globals.IS_SECURITY_ENABLED, null);
+ ClassLoader oldThreadContextCL = context.bind(false, null);
try (PreparedStatement preparedLoadSql =
_conn.prepareStatement(loadSql)){
preparedLoadSql.setString(1, id);
@@ -493,7 +492,7 @@ public class DataSourceStore extends StoreBase {
} catch (SQLException e) {
contextLog.error(sm.getString(getStoreName() +
".SQLException", e));
} finally {
- context.unbind(Globals.IS_SECURITY_ENABLED,
oldThreadContextCL);
+ context.unbind(false, oldThreadContextCL);
release(_conn);
}
numberOfTries--;
@@ -698,7 +697,7 @@ public class DataSourceStore extends StoreBase {
org.apache.catalina.Context context = getManager().getContext();
ClassLoader oldThreadContextCL = null;
if (localDataSource) {
- oldThreadContextCL = context.bind(Globals.IS_SECURITY_ENABLED,
null);
+ oldThreadContextCL = context.bind(false, null);
}
Context initCtx;
@@ -712,7 +711,7 @@ public class DataSourceStore extends StoreBase {
this.dataSourceName), e);
} finally {
if (localDataSource) {
- context.unbind(Globals.IS_SECURITY_ENABLED,
oldThreadContextCL);
+ context.unbind(false, oldThreadContextCL);
}
}
}
diff --git a/java/org/apache/catalina/session/FileStore.java
b/java/org/apache/catalina/session/FileStore.java
index 1aba87e719..22107f3141 100644
--- a/java/org/apache/catalina/session/FileStore.java
+++ b/java/org/apache/catalina/session/FileStore.java
@@ -30,7 +30,6 @@ import java.util.List;
import jakarta.servlet.ServletContext;
import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
import org.apache.catalina.Session;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -226,7 +225,7 @@ public final class FileStore extends StoreBase {
contextLog.debug(sm.getString(getStoreName()+".loading", id,
file.getAbsolutePath()));
}
- ClassLoader oldThreadContextCL =
context.bind(Globals.IS_SECURITY_ENABLED, null);
+ ClassLoader oldThreadContextCL = context.bind(false, null);
try (FileInputStream fis = new FileInputStream(file.getAbsolutePath());
ObjectInputStream ois = getObjectInputStream(fis)) {
@@ -241,7 +240,7 @@ public final class FileStore extends StoreBase {
}
return null;
} finally {
- context.unbind(Globals.IS_SECURITY_ENABLED, oldThreadContextCL);
+ context.unbind(false, oldThreadContextCL);
}
}
diff --git a/java/org/apache/catalina/session/ManagerBase.java
b/java/org/apache/catalina/session/ManagerBase.java
index c78b1ae4c2..a5973932cd 100644
--- a/java/org/apache/catalina/session/ManagerBase.java
+++ b/java/org/apache/catalina/session/ManagerBase.java
@@ -206,22 +206,6 @@ public abstract class ManagerBase extends
LifecycleMBeanBase implements Manager
private boolean sessionLastAccessAtStart =
Globals.STRICT_SERVLET_COMPLIANCE;
- // ------------------------------------------------------------
Constructors
-
- public ManagerBase() {
- if (Globals.IS_SECURITY_ENABLED) {
- // Minimum set required for default distribution/persistence to
work
- // plus String
- // plus SerializablePrincipal and String[] (required for
authentication persistence)
- setSessionAttributeValueClassNameFilter(
- "java\\.lang\\.(?:Boolean|Integer|Long|Number|String)"
- +
"|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal"
- + "|\\[Ljava.lang.String;");
- setWarnOnSessionAttributeFilterFailure(true);
- }
- }
-
-
// --------------------------------------------------------------
Properties
@Override
diff --git a/java/org/apache/catalina/session/StandardSession.java
b/java/org/apache/catalina/session/StandardSession.java
index bb02064506..13b7d2af7d 100644
--- a/java/org/apache/catalina/session/StandardSession.java
+++ b/java/org/apache/catalina/session/StandardSession.java
@@ -48,7 +48,6 @@ import jakarta.servlet.http.HttpSessionIdListener;
import jakarta.servlet.http.HttpSessionListener;
import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
import org.apache.catalina.Manager;
import org.apache.catalina.Session;
import org.apache.catalina.SessionEvent;
@@ -764,7 +763,7 @@ public class StandardSession implements HttpSession,
Session, Serializable {
if (notify) {
ClassLoader oldContextClassLoader = null;
try {
- oldContextClassLoader =
context.bind(Globals.IS_SECURITY_ENABLED, null);
+ oldContextClassLoader = context.bind(false, null);
Object listeners[] =
context.getApplicationLifecycleListeners();
if (listeners != null && listeners.length > 0) {
HttpSessionEvent event =
@@ -796,7 +795,7 @@ public class StandardSession implements HttpSession,
Session, Serializable {
}
}
} finally {
- context.unbind(Globals.IS_SECURITY_ENABLED,
oldContextClassLoader);
+ context.unbind(false, oldContextClassLoader);
}
}
@@ -832,12 +831,12 @@ public class StandardSession implements HttpSession,
Session, Serializable {
String keys[] = keys();
ClassLoader oldContextClassLoader = null;
try {
- oldContextClassLoader =
context.bind(Globals.IS_SECURITY_ENABLED, null);
+ oldContextClassLoader = context.bind(false, null);
for (String key : keys) {
removeAttributeInternal(key, notify);
}
} finally {
- context.unbind(Globals.IS_SECURITY_ENABLED,
oldContextClassLoader);
+ context.unbind(false, oldContextClassLoader);
}
}
diff --git a/java/org/apache/catalina/valves/PersistentValve.java
b/java/org/apache/catalina/valves/PersistentValve.java
index a63794caa1..cd36b1386d 100644
--- a/java/org/apache/catalina/valves/PersistentValve.java
+++ b/java/org/apache/catalina/valves/PersistentValve.java
@@ -26,7 +26,6 @@ import jakarta.servlet.http.HttpServletResponse;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
-import org.apache.catalina.Globals;
import org.apache.catalina.Host;
import org.apache.catalina.Manager;
import org.apache.catalina.Session;
@@ -231,14 +230,14 @@ public class PersistentValve extends ValveBase {
private void bind(Context context) {
if (clBindRequired) {
- context.bind(Globals.IS_SECURITY_ENABLED, MY_CLASSLOADER);
+ context.bind(false, MY_CLASSLOADER);
}
}
private void unbind(Context context) {
if (clBindRequired) {
- context.unbind(Globals.IS_SECURITY_ENABLED, MY_CLASSLOADER);
+ context.unbind(false, MY_CLASSLOADER);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
