Author: rjung
Date: Sun Apr 11 17:47:00 2010
New Revision: 932953
URL: http://svn.apache.org/viewvc?rev=932953&view=rev
Log:
Allow JioEndpoint to switch context class loader
under security manager. Code copied from standard session.
Add two more classes to class pre-loading to improve
security manager interoperability.
Modified:
tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/trunk/java/org/apache/tomcat/util/net/JIoEndpoint.java
Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=932953&r1=932952&r2=932953&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Sun
Apr 11 17:47:00 2010
@@ -131,6 +131,7 @@ public final class SecurityClassLoad {
throws Exception {
String basePackage = "org.apache.catalina.";
loader.loadClass(basePackage + "util.Enumerator");
+ loader.loadClass(basePackage + "util.ParameterMap");
}
@@ -234,6 +235,8 @@ public final class SecurityClassLoad {
throws Exception {
String basePackage = "org.apache.tomcat.";
loader.loadClass(basePackage + "util.net.SSLSupport$CipherData");
+ loader.loadClass
+ (basePackage + "util.net.JIoEndpoint$PrivilegedSetTccl");
}
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/JIoEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/JIoEndpoint.java?rev=932953&r1=932952&r2=932953&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/JIoEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/JIoEndpoint.java Sun Apr 11
17:47:00 2010
@@ -22,10 +22,13 @@ import java.net.BindException;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.RejectedExecutionException;
+import org.apache.catalina.Globals;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.IntrospectionUtils;
@@ -507,10 +510,22 @@ public class JIoEndpoint extends Abstrac
ClassLoader loader =
Thread.currentThread().getContextClassLoader();
try {
//threads should not be created by the webapp
classloader
-
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
+ if (Globals.IS_SECURITY_ENABLED) {
+ PrivilegedAction<Void> pa = new PrivilegedSetTccl(
+ getClass().getClassLoader());
+ AccessController.doPrivileged(pa);
+ } else {
+ Thread.currentThread().setContextClassLoader(
+ getClass().getClassLoader());
+ }
getExecutor().execute(proc);
}finally {
- Thread.currentThread().setContextClassLoader(loader);
+ if (Globals.IS_SECURITY_ENABLED) {
+ PrivilegedAction<Void> pa = new
PrivilegedSetTccl(loader);
+ AccessController.doPrivileged(pa);
+ } else {
+
Thread.currentThread().setContextClassLoader(loader);
+ }
}
}
}
@@ -524,5 +539,20 @@ public class JIoEndpoint extends Abstrac
}
protected ConcurrentLinkedQueue<SocketWrapper> waitingRequests = new
ConcurrentLinkedQueue<SocketWrapper>();
+
+ private static class PrivilegedSetTccl
+ implements PrivilegedAction<Void> {
+
+ private ClassLoader cl;
+
+ PrivilegedSetTccl(ClassLoader cl) {
+ this.cl = cl;
+ }
+
+ public Void run() {
+ Thread.currentThread().setContextClassLoader(cl);
+ return null;
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
