Author: markt
Date: Sat Feb 21 00:44:33 2009
New Revision: 746425
URL: http://svn.apache.org/viewvc?rev=746425&view=rev
Log:
Address Bill's security concerns in previous patch to get TCK to pass under a
security manager.
TCK passes after this patch with and without security manager.
Modified:
tomcat/trunk/java/org/apache/jasper/el/ELContextImpl.java
tomcat/trunk/java/org/apache/jasper/el/ELResolverImpl.java
tomcat/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java
Modified: tomcat/trunk/java/org/apache/jasper/el/ELContextImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/el/ELContextImpl.java?rev=746425&r1=746424&r2=746425&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/el/ELContextImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/el/ELContextImpl.java Sat Feb 21
00:44:33 2009
@@ -26,6 +26,8 @@
import javax.el.ValueExpression;
import javax.el.VariableMapper;
+import org.apache.catalina.Globals;
+
/**
* Implementation of ELContext
*
@@ -61,12 +63,21 @@
private final ELResolver resolver;
- private FunctionMapper functionMapper = NullFunctionMapper; // immutable
+ private FunctionMapper functionMapper;
private VariableMapper variableMapper;
public ELContextImpl() {
- this(ELResolverImpl.DefaultResolver);
+ this(ELResolverImpl.getDefaultResolver());
+ if (Globals.IS_SECURITY_ENABLED) {
+ functionMapper = new FunctionMapper() {
+ public Method resolveFunction(String prefix, String localName)
{
+ return null;
+ }
+ };
+ } else {
+ functionMapper = NullFunctionMapper;
+ }
}
public ELContextImpl(ELResolver resolver) {
Modified: tomcat/trunk/java/org/apache/jasper/el/ELResolverImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/el/ELResolverImpl.java?rev=746425&r1=746424&r2=746425&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/el/ELResolverImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/el/ELResolverImpl.java Sat Feb 21
00:44:33 2009
@@ -32,8 +32,10 @@
import javax.el.ResourceBundleELResolver;
import javax.servlet.jsp.el.VariableResolver;
+import org.apache.catalina.Globals;
+
public final class ELResolverImpl extends ELResolver {
-
+ /** @deprecated - Use getDefaultResolver(). Needs to be made private */
public final static ELResolver DefaultResolver = new
CompositeELResolver();
static {
@@ -69,7 +71,7 @@
}
if (!context.isPropertyResolved()) {
- return DefaultResolver.getValue(context, base,
property);
+ return getDefaultResolver().getValue(context, base,
property);
}
return null;
}
@@ -94,7 +96,7 @@
}
if (!context.isPropertyResolved()) {
- return DefaultResolver.getType(context, base, property);
+ return getDefaultResolver().getType(context, base,
property);
}
return null;
}
@@ -114,7 +116,7 @@
}
if (!context.isPropertyResolved()) {
- DefaultResolver.setValue(context, base, property,
value);
+ getDefaultResolver().setValue(context, base, property,
value);
}
}
@@ -129,18 +131,31 @@
return true;
}
- return DefaultResolver.isReadOnly(context, base, property);
+ return getDefaultResolver().isReadOnly(context, base, property);
}
public Iterator<java.beans.FeatureDescriptor>
getFeatureDescriptors(ELContext context, Object base) {
- return DefaultResolver.getFeatureDescriptors(context, base);
+ return getDefaultResolver().getFeatureDescriptors(context,
base);
}
public Class<?> getCommonPropertyType(ELContext context, Object base) {
if (base == null) {
return String.class;
}
- return DefaultResolver.getCommonPropertyType(context, base);
+ return getDefaultResolver().getCommonPropertyType(context,
base);
}
+ public static ELResolver getDefaultResolver() {
+ if (Globals.IS_SECURITY_ENABLED) {
+ ELResolver defaultResolver = new CompositeELResolver();
+ ((CompositeELResolver) defaultResolver).add(new
MapELResolver());
+ ((CompositeELResolver) defaultResolver).add(new
ResourceBundleELResolver());
+ ((CompositeELResolver) defaultResolver).add(new
ListELResolver());
+ ((CompositeELResolver) defaultResolver).add(new
ArrayELResolver());
+ ((CompositeELResolver) defaultResolver).add(new
BeanELResolver());
+ return defaultResolver;
+ } else {
+ return DefaultResolver;
+ }
+ }
}
Modified: tomcat/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java?rev=746425&r1=746424&r2=746425&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java Sat Feb
21 00:44:33 2009
@@ -37,7 +37,8 @@
public Expression parseExpression(String expression, Class expectedType,
FunctionMapper fMapper) throws ELException {
try {
- ELContextImpl ctx = new
ELContextImpl(ELResolverImpl.DefaultResolver);
+ ELContextImpl ctx =
+ new
ELContextImpl(ELResolverImpl.getDefaultResolver());
if (fMapper != null) {
ctx.setFunctionMapper(new FunctionMapperImpl(fMapper));
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
