svn commit: r1543223 - in /tomcat/trunk/java/org/apache/catalina/loader: LocalStrings.properties WebappClassLoader.java

Mon, 18 Nov 2013 15:10:39 -0800 

Author: markt
Date: Mon Nov 18 23:09:47 2013
New Revision: 1543223

URL: http://svn.apache.org/r1543223
Log:
Better conversion of base URLs to file permissions.

Modified:
    tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties
    tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java

Modified: tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties?rev=1543223&r1=1543222&r2=1543223&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties Mon 
Nov 18 23:09:47 2013
@@ -13,6 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+webappClassLoader.addPermisionNoCanonicalFile=Unable to obtain a canonical 
file path from the URL [{0}]
+webappClassLoader.addPermisionNoProtocol=The protocol [{0}] in the URL [{1}] 
is not supported so no read permission was granted for resources located at 
this URL
 webappClassLoader.illegalJarPath=Illegal JAR entry detected with name {0}
 webappClassLoader.jdbcRemoveFailed=JDBC driver de-registration failed for web 
application [{0}]
 webappClassLoader.jdbcRemoveStreamError=Exception closing input stream during 
JDBC driver de-registration for web application [{0}]

Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java?rev=1543223&r1=1543222&r2=1543223&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java Mon Nov 
18 23:09:47 2013
@@ -28,6 +28,8 @@ import java.lang.ref.WeakReference;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.net.URLClassLoader;
 import java.nio.charset.StandardCharsets;
@@ -451,50 +453,52 @@ public class WebappClassLoader extends U
 
 
     /**
-     * If there is a Java SecurityManager create a read FilePermission
-     * or JndiPermission for the file directory path.
+     * If there is a Java SecurityManager create a read permission for the
+     * target of the given URL as appropriate.
      *
-     * @param filepath file directory path
+     * @param url URL for a file or directory on local system
      */
-    void addPermission(String filepath) {
-        if (filepath == null) {
+    void addPermission(URL url) {
+        if (url == null) {
             return;
         }
-
-        String path = filepath;
-
         if (securityManager != null) {
-            Permission permission = null;
-            if (path.startsWith("file:")) {
-                path = path.substring(5);
-                if (!path.endsWith(File.separator)) {
-                    permission = new FilePermission(path, "read");
-                    addPermission(permission);
-                    path = path + File.separator;
+            String protocol = url.getProtocol();
+            if ("file".equalsIgnoreCase(protocol)) {
+                URI uri;
+                File f;
+                String path;
+                try {
+                    uri = url.toURI();
+                    f = new File(uri);
+                    path = f.getCanonicalPath();
+                } catch (IOException | URISyntaxException e) {
+                    log.warn(sm.getString(
+                            "webappClassLoader.addPermisionNoCanonicalFile",
+                            url.toExternalForm()));
+                    return;
+                }
+                if (f.isFile()) {
+                    // Allow the file to be read
+                    addPermission(new FilePermission(path, "read"));
+                } else if (f.isDirectory()) {
+                    addPermission(new FilePermission(path, "read"));
+                    addPermission(new FilePermission(
+                            path + File.separator + "-", "read"));
+                } else {
+                    // File does not exist - ignore (shouldn't happen)
                 }
-                permission = new FilePermission(path + "-", "read");
-                addPermission(permission);
             } else {
-                // Unsupported resource location.
+                // Unsupported URL protocol
+                log.warn(sm.getString(
+                        "webappClassLoader.addPermisionNoProtocol",
+                        protocol, url.toExternalForm()));
             }
         }
     }
 
 
     /**
-     * If there is a Java SecurityManager create a read FilePermission
-     * or JndiPermission for URL.
-     *
-     * @param url URL for a file or directory on local system
-     */
-    void addPermission(URL url) {
-        if (url != null) {
-            addPermission(url.toString());
-        }
-    }
-
-
-    /**
      * If there is a Java SecurityManager create a Permission.
      *
      * @param permission The permission



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to