Author: markt
Date: Fri Dec 5 14:04:29 2014
New Revision: 1643285
URL: http://svn.apache.org/r1643285
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57281
Enable non-public Filter and Servlet classes to be configured programmatically
via the Servlet 3.0 API and then used without error when running under a
SecurityManager.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Dec 5 14:04:29 2014
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642668,1642679,1642697,1642699,1643002,1643066,1643121,1643206,1643209-1643210,1643216,1643249,1643270
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642668,1642679,1642697,1642699,1643002,1643066,1643121,1643206,1643209-1643210,1643216,1643249,1643270,1643283
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java?rev=1643285&r1=1643284&r2=1643285&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java
Fri Dec 5 14:04:29 2014
@@ -67,10 +67,9 @@ public final class SecurityUtil{
private static final String DESTROY_METHOD = "destroy";
/**
- * Cache every object for which we are creating method on it.
+ * Cache every class for which we are creating methods.
*/
- private static final Map<Object,Method[]> objectCache =
- new ConcurrentHashMap<>();
+ private static final Map<Class<?>,Method[]> classCache = new
ConcurrentHashMap<>();
private static final org.apache.juli.logging.Log log=
org.apache.juli.logging.LogFactory.getLog( SecurityUtil.class );
@@ -133,7 +132,7 @@ public final class SecurityUtil{
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
- * @param targetType <code>Class</code> array used to instantiate a
+ * @param targetParameterTypes <code>Class</code> array used to
instantiate a
* <code>Method</code> object.
* @param targetArguments <code>Object</code> array contains the
* runtime parameters instance.
@@ -142,25 +141,25 @@ public final class SecurityUtil{
*/
public static void doAsPrivilege(final String methodName,
final Servlet targetObject,
- final Class<?>[] targetType,
+ final Class<?>[] targetParameterTypes,
final Object[] targetArguments,
Principal principal)
throws java.lang.Exception{
Method method = null;
- Method[] methodsCache = objectCache.get(targetObject);
+ Method[] methodsCache = classCache.get(Servlet.class);
if(methodsCache == null) {
method = createMethodAndCacheIt(methodsCache,
+ Servlet.class,
methodName,
- targetObject,
- targetType);
+ targetParameterTypes);
} else {
method = findMethod(methodsCache, methodName);
if (method == null) {
method = createMethodAndCacheIt(methodsCache,
+ Servlet.class,
methodName,
- targetObject,
- targetType);
+ targetParameterTypes);
}
}
@@ -213,38 +212,38 @@ public final class SecurityUtil{
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Filter</code> on which the method will
* be called.
- * @param targetType <code>Class</code> array used to instantiate a
+ * @param targetParameterTypes <code>Class</code> array used to
instantiate a
* <code>Method</code> object.
- * @param targetArguments <code>Object</code> array contains the
+ * @param targetParameterValues <code>Object</code> array contains the
* runtime parameters instance.
* @param principal the <code>Principal</code> to which the security
* privilege apply
*/
public static void doAsPrivilege(final String methodName,
final Filter targetObject,
- final Class<?>[] targetType,
- final Object[] targetArguments,
+ final Class<?>[] targetParameterTypes,
+ final Object[] targetParameterValues,
Principal principal)
throws java.lang.Exception{
Method method = null;
- Method[] methodsCache = objectCache.get(targetObject);
+ Method[] methodsCache = classCache.get(Filter.class);
if(methodsCache == null) {
method = createMethodAndCacheIt(methodsCache,
+ Filter.class,
methodName,
- targetObject,
- targetType);
+ targetParameterTypes);
} else {
method = findMethod(methodsCache, methodName);
if (method == null) {
method = createMethodAndCacheIt(methodsCache,
+ Filter.class,
methodName,
- targetObject,
- targetType);
+ targetParameterTypes);
}
}
- execute(method, targetObject, targetArguments, principal);
+ execute(method, targetObject, targetParameterValues, principal);
}
@@ -360,25 +359,23 @@ public final class SecurityUtil{
/**
* Create the method and cache it for further re-use.
* @param methodsCache the cache used to store method instance
+ * @param targetType the class on which the method will be called.
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Servlet</code> on which the method will
- * be called.
- * @param targetType <code>Class</code> array used to instantiate a
+ * @param parameterTypes <code>Class</code> array used to instantiate a
* <code>Method</code> object.
* @return the method instance.
*/
private static Method createMethodAndCacheIt(Method[] methodsCache,
+ Class<?> targetType,
String methodName,
- Object targetObject,
- Class<?>[] targetType)
- throws Exception{
+ Class<?>[] parameterTypes)
+ throws Exception {
- if ( methodsCache == null){
+ if (methodsCache == null) {
methodsCache = new Method[4];
}
- Method method =
- targetObject.getClass().getMethod(methodName, targetType);
+ Method method = targetType.getMethod(methodName, parameterTypes);
if (methodName.equals(INIT_METHOD)){
methodsCache[INIT] = method;
@@ -394,7 +391,7 @@ public final class SecurityUtil{
methodsCache[DOFILTEREVENT] = method;
}
- objectCache.put(targetObject, methodsCache );
+ classCache.put(targetType, methodsCache);
return method;
}
@@ -406,7 +403,7 @@ public final class SecurityUtil{
* @param cachedObject The object to remove
*/
public static void remove(Object cachedObject){
- objectCache.remove(cachedObject);
+ classCache.remove(cachedObject);
}
Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1643285&r1=1643284&r2=1643285&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Fri Dec 5 14:04:29 2014
@@ -103,6 +103,11 @@
chance to handle an async error before the built-in error reporting.
(markt)
</fix>
+ <fix>
+ <bug>57281</bug>: Enable non-public Filter and Servlet classes to be
+ configured programmatically via the Servlet 3.0 API and then used
+ without error when running under a SecurityManager. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
