Author: markt
Date: Sun Apr 11 11:32:26 2010
New Revision: 932869
URL: http://svn.apache.org/viewvc?rev=932869&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48580
Prevent AccessControlException if first access is to a JSP that uses a
FunctionMapper
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=932869&r1=932868&r2=932869&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Sun Apr 11 11:32:26 2010
@@ -78,13 +78,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kkolinko, markt
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48580
- Prevent AccessControlException if first access is to a JSP that uses a
FunctionMapper
- https://issues.apache.org/bugzilla/attachment.cgi?id=25094
- (it is markt's r915070)
- +1: kkolinko, markt, kfujino
- -1:
-
* Remove JSSE13Factory, JSSE13SocketFactory classes,
because
- TC 5.5 runs on JRE 1.4+ and that comes bundled with JSSE 1.4,
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=932869&r1=932868&r2=932869&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Sun Apr 11
11:32:26 2010
@@ -76,6 +76,11 @@
of JSP.5.3. The specification recommends, but does not require, this
enforcement. (kkolinko)
</fix>
+ <fix>
+ <bug>48580</bug>: Prevent AccessControlException when running under a
+ security manager if the first access is to a JSP that uses a
+ FunctionMapper. (markt/kkolinko)
+ </fix>
</changelog>
</subsection>
</section>
Modified:
tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java?rev=932869&r1=932868&r2=932869&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java
(original)
+++
tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java
Sun Apr 11 11:32:26 2010
@@ -99,6 +99,9 @@ public final class SecurityClassLoad {
loader.loadClass( basePackage +
"runtime.JspContextWrapper");
+ // Trigger loading of class and reading of property (BZ48580)
+ SecurityUtil.isPackageProtectionEnabled();
+
loader.loadClass( basePackage +
"servlet.JspServletWrapper");
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
