Author: remm
Date: Wed Jan 22 14:39:51 2014
New Revision: 1560363
URL: http://svn.apache.org/r1560363
Log:
- Drop the code from SSO (I didn't know StandardSession.expire was already
setting the context CL.
- Add bind/unbind to StandardSession.expire instead (and only do it if the
classloader actually changes).
- See later if the bind/unbind code can be moved to StandardContext, but all
uses seem slightly different.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java?rev=1560363&r1=1560362&r2=1560363&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java Wed
Jan 22 14:39:51 2014
@@ -20,23 +20,17 @@ package org.apache.catalina.authenticato
import java.io.IOException;
-import java.security.AccessController;
import java.security.Principal;
-import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
-import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
-import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.SessionEvent;
import org.apache.catalina.SessionListener;
-import org.apache.catalina.ThreadBindingListener;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
@@ -421,15 +415,7 @@ public class SingleSignOn extends ValveB
reverse.remove(sessions[i]);
}
// Invalidate this session
- ClassLoader oldContextClassLoader = null;
- try {
- oldContextClassLoader = bindThread(sessions[i]);
- sessions[i].expire();
- } finally {
- if (oldContextClassLoader != null) {
- unbindThread(sessions[i], oldContextClassLoader);
- }
- }
+ sessions[i].expire();
}
// NOTE: Clients may still possess the old single sign on cookie,
@@ -438,97 +424,6 @@ public class SingleSignOn extends ValveB
}
- protected ClassLoader bindThread(Session session) {
-
- Manager manager = session.getManager();
- Context context = null;
- ClassLoader contextClassLoader = null;
- ThreadBindingListener threadBindingListener = null;
- if (manager != null) {
- context = manager.getContext();
- }
- if (context != null) {
- if (context.getLoader() != null &&
context.getLoader().getClassLoader() != null) {
- contextClassLoader = context.getLoader().getClassLoader();
- }
- threadBindingListener = context.getThreadBindingListener();
- }
- if (threadBindingListener == null || contextClassLoader == null) {
- return null;
- }
-
- if (Globals.IS_SECURITY_ENABLED) {
- return AccessController.doPrivileged(new
PrivilegedBind(contextClassLoader, threadBindingListener));
- } else {
- ClassLoader oldContextClassLoader =
- Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(contextClassLoader);
- threadBindingListener.bind();
- return oldContextClassLoader;
- }
-
- }
-
- protected class PrivilegedBind implements PrivilegedAction<ClassLoader> {
- private ClassLoader contextClassLoader;
- private ThreadBindingListener threadBindingListener;
-
- PrivilegedBind(ClassLoader contextClassLoader, ThreadBindingListener
threadBindingListener) {
- this.contextClassLoader = contextClassLoader;
- this.threadBindingListener = threadBindingListener;
- }
-
- @Override
- public ClassLoader run() {
- ClassLoader oldContextClassLoader =
- Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(contextClassLoader);
- threadBindingListener.bind();
- return oldContextClassLoader;
- }
- }
-
- protected void unbindThread(Session session, ClassLoader
oldContextClassLoader) {
-
- Manager manager = session.getManager();
- Context context = null;
- ThreadBindingListener threadBindingListener = null;
- if (manager != null) {
- context = manager.getContext();
- }
- if (context != null) {
- threadBindingListener = context.getThreadBindingListener();
- }
- if (threadBindingListener == null) {
- return;
- }
-
- if (Globals.IS_SECURITY_ENABLED) {
- AccessController.doPrivileged(new
PrivilegedUnbind(oldContextClassLoader, threadBindingListener));
- } else {
- threadBindingListener.unbind();
-
Thread.currentThread().setContextClassLoader(oldContextClassLoader);
- }
-
- }
-
- protected class PrivilegedUnbind implements PrivilegedAction<Void> {
- private ClassLoader oldContextClassLoader;
- private ThreadBindingListener threadBindingListener;
-
- PrivilegedUnbind(ClassLoader oldContextClassLoader,
ThreadBindingListener threadBindingListener) {
- this.oldContextClassLoader = oldContextClassLoader;
- this.threadBindingListener = threadBindingListener;
- }
-
- @Override
- public Void run() {
- threadBindingListener.unbind();
-
Thread.currentThread().setContextClassLoader(oldContextClassLoader);
- return null;
- }
- }
-
/**
* Attempts reauthentication to the given <code>Realm</code> using
* the credentials associated with the single sign-on session
Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1560363&r1=1560362&r2=1560363&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Wed
Jan 22 14:39:51 2014
@@ -42,7 +42,6 @@ public final class SecurityClassLoad {
return;
}
- loadAuthenticatorPackage(loader);
loadCorePackage(loader);
loadCoyotePackage(loader);
loadLoaderPackage(loader);
@@ -56,18 +55,6 @@ public final class SecurityClassLoad {
}
- private static final void loadAuthenticatorPackage(ClassLoader loader)
- throws Exception {
- final String basePackage = "org.apache.catalina.authenticator.";
- loader.loadClass
- (basePackage +
- "SingleSignOn$PrivilegedBind");
- loader.loadClass
- (basePackage +
- "SingleSignOn$PrivilegedUnbind");
- }
-
-
private static final void loadCorePackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.core.";
@@ -148,7 +135,9 @@ public final class SecurityClassLoad {
loader.loadClass
(basePackage + "StandardSession");
loader.loadClass
- (basePackage + "StandardSession$PrivilegedSetTccl");
+ (basePackage + "StandardSession$PrivilegedBind");
+ loader.loadClass
+ (basePackage + "StandardSession$PrivilegedUnbind");
loader.loadClass
(basePackage + "StandardSession$1");
loader.loadClass
Modified: tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/StandardSession.java?rev=1560363&r1=1560362&r2=1560363&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/StandardSession.java Wed Jan
22 14:39:51 2014
@@ -53,6 +53,7 @@ import org.apache.catalina.Manager;
import org.apache.catalina.Session;
import org.apache.catalina.SessionEvent;
import org.apache.catalina.SessionListener;
+import org.apache.catalina.ThreadBindingListener;
import org.apache.catalina.TomcatPrincipal;
import org.apache.catalina.security.SecurityUtil;
import org.apache.tomcat.util.ExceptionUtils;
@@ -802,20 +803,9 @@ public class StandardSession implements
// The call to expire() may not have been triggered by the webapp.
// Make sure the webapp's class loader is set when calling the
// listeners
- ClassLoader oldTccl = null;
- if (context.getLoader() != null &&
- context.getLoader().getClassLoader() != null) {
- oldTccl = Thread.currentThread().getContextClassLoader();
- if (Globals.IS_SECURITY_ENABLED) {
- PrivilegedAction<Void> pa = new PrivilegedSetTccl(
- context.getLoader().getClassLoader());
- AccessController.doPrivileged(pa);
- } else {
- Thread.currentThread().setContextClassLoader(
- context.getLoader().getClassLoader());
- }
- }
+ ClassLoader oldContextClassLoader = null;
try {
+ oldContextClassLoader = bindThread(context);
if (notify) {
Object listeners[] =
context.getApplicationLifecycleListeners();
if (listeners != null && listeners.length > 0) {
@@ -848,15 +838,7 @@ public class StandardSession implements
}
}
} finally {
- if (oldTccl != null) {
- if (Globals.IS_SECURITY_ENABLED) {
- PrivilegedAction<Void> pa =
- new PrivilegedSetTccl(oldTccl);
- AccessController.doPrivileged(pa);
- } else {
- Thread.currentThread().setContextClassLoader(oldTccl);
- }
- }
+ unbindThread(context, oldContextClassLoader);
}
if (ACTIVITY_CHECK) {
@@ -897,6 +879,99 @@ public class StandardSession implements
}
+ protected ClassLoader bindThread(Context context) {
+
+ ClassLoader contextClassLoader = null;
+ ThreadBindingListener threadBindingListener = null;
+ if (context != null) {
+ if (context.getLoader() != null &&
context.getLoader().getClassLoader() != null) {
+ contextClassLoader = context.getLoader().getClassLoader();
+ }
+ threadBindingListener = context.getThreadBindingListener();
+ }
+ if (threadBindingListener == null || contextClassLoader == null) {
+ return null;
+ }
+
+ if (Globals.IS_SECURITY_ENABLED) {
+ return AccessController.doPrivileged(new
PrivilegedBind(contextClassLoader, threadBindingListener));
+ } else {
+ ClassLoader oldContextClassLoader =
+ Thread.currentThread().getContextClassLoader();
+ if (oldContextClassLoader == contextClassLoader) {
+ return null;
+ } else {
+
Thread.currentThread().setContextClassLoader(contextClassLoader);
+ threadBindingListener.bind();
+ return oldContextClassLoader;
+ }
+ }
+
+ }
+
+ protected class PrivilegedBind implements PrivilegedAction<ClassLoader> {
+ private ClassLoader contextClassLoader;
+ private ThreadBindingListener threadBindingListener;
+
+ PrivilegedBind(ClassLoader contextClassLoader, ThreadBindingListener
threadBindingListener) {
+ this.contextClassLoader = contextClassLoader;
+ this.threadBindingListener = threadBindingListener;
+ }
+
+ @Override
+ public ClassLoader run() {
+ ClassLoader oldContextClassLoader =
+ Thread.currentThread().getContextClassLoader();
+ if (oldContextClassLoader == contextClassLoader) {
+ return null;
+ } else {
+
Thread.currentThread().setContextClassLoader(contextClassLoader);
+ threadBindingListener.bind();
+ return oldContextClassLoader;
+ }
+ }
+ }
+
+ protected void unbindThread(Context context, ClassLoader
oldContextClassLoader) {
+
+ if (oldContextClassLoader == null) {
+ return;
+ }
+ ThreadBindingListener threadBindingListener = null;
+ if (context != null) {
+ threadBindingListener = context.getThreadBindingListener();
+ }
+ if (threadBindingListener == null) {
+ return;
+ }
+
+ if (Globals.IS_SECURITY_ENABLED) {
+ AccessController.doPrivileged(new
PrivilegedUnbind(oldContextClassLoader, threadBindingListener));
+ } else {
+ threadBindingListener.unbind();
+
Thread.currentThread().setContextClassLoader(oldContextClassLoader);
+ }
+
+ }
+
+ protected class PrivilegedUnbind implements PrivilegedAction<Void> {
+ private ClassLoader oldContextClassLoader;
+ private ThreadBindingListener threadBindingListener;
+
+ PrivilegedUnbind(ClassLoader oldContextClassLoader,
ThreadBindingListener threadBindingListener) {
+ this.oldContextClassLoader = oldContextClassLoader;
+ this.threadBindingListener = threadBindingListener;
+ }
+
+ @Override
+ public Void run() {
+ threadBindingListener.unbind();
+
Thread.currentThread().setContextClassLoader(oldContextClassLoader);
+ return null;
+ }
+ }
+
+
/**
* Perform the internal processing required to passivate
* this session.
@@ -1838,22 +1913,6 @@ public class StandardSession implements
}
- private static class PrivilegedSetTccl
- implements PrivilegedAction<Void> {
-
- private ClassLoader cl;
-
- PrivilegedSetTccl(ClassLoader cl) {
- this.cl = cl;
- }
-
- @Override
- public Void run() {
- Thread.currentThread().setContextClassLoader(cl);
- return null;
- }
- }
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
