You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2003/06/23 21:35:59 UTC
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security SecurityClassLoad.java
jfarcand 2003/06/23 12:35:59
Modified: jasper2 build.xml
jasper2/src/share/org/apache/jasper/compiler
JspRuntimeContext.java
Added: jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Refactorize the way inner classes are loaded when the security manager is turned on. Add a security folder and start moving all security related code into that folder (same design as org.apache.catalina). Add inner classes required to be loaded at startup.
Revision Changes Path
1.23 +1 -0 jakarta-tomcat-jasper/jasper2/build.xml
Index: build.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/build.xml,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- build.xml 12 Mar 2003 20:28:23 -0000 1.22
+++ build.xml 23 Jun 2003 19:35:59 -0000 1.23
@@ -157,6 +157,7 @@
<include name="org/apache/jasper/compiler/Localizer.class" />
<include name="org/apache/jasper/resources/**" />
<include name="org/apache/jasper/runtime/**" />
+ <include name="org/apache/jasper/security/**" />
<include name="org/apache/jasper/util/**" />
</fileset>
</jar>
1.15 +6 -41 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java
Index: JspRuntimeContext.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- JspRuntimeContext.java 29 May 2003 16:34:37 -0000 1.14
+++ JspRuntimeContext.java 23 Jun 2003 19:35:59 -0000 1.15
@@ -85,6 +85,7 @@
import org.apache.jasper.JspCompilationContext;
import org.apache.jasper.Options;
import org.apache.jasper.runtime.JspFactoryImpl;
+import org.apache.jasper.security.SecurityClassLoad;
import org.apache.jasper.servlet.JspServletWrapper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -113,43 +114,7 @@
*/
static {
JspFactoryImpl factory = new JspFactoryImpl();
- if( System.getSecurityManager() != null ) {
- String basePackage = "org.apache.jasper.";
- try {
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.JspFactoryImpl$PrivilegedGetPageContext");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.JspFactoryImpl$PrivilegedReleasePageContext");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.JspRuntimeLibrary");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.ServletResponseWrapperInclude");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.TagHandlerPool");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "servlet.JspServletWrapper");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.JspFragmentHelper");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.ProtectedFunctionMapper");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.ProtectedFunctionMapper$1");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.ProtectedFunctionMapper$2");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.PageContextImpl");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.PageContextImpl$1");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.JspContextWrapper");
- } catch (ClassNotFoundException ex) {
- System.out.println(
- "Jasper JspRuntimeContext preload of class failed: " +
- ex.getMessage());
- }
- }
+ SecurityClassLoad.securityClassLoad(factory.getClass().getClassLoader());
JspFactory.setDefaultFactory(factory);
}
1.1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security/SecurityClassLoad.java
Index: SecurityClassLoad.java
===================================================================
/* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.jasper.security;
/**
* Static class used to preload java classes when using the
* Java SecurityManager so that the defineClassInPackage
* RuntimePermission does not trigger an AccessControlException.
*
* @author Jean-Francois Arcand
*/
public final class SecurityClassLoad {
private static org.apache.commons.logging.Log log=
org.apache.commons.logging.LogFactory.getLog( SecurityClassLoad.class );
public static void securityClassLoad(ClassLoader loader){
if( System.getSecurityManager() == null ){
return;
}
String basePackage = "org.apache.jasper.";
try {
loader.loadClass( basePackage +
"runtime.JspFactoryImpl$PrivilegedGetPageContext");
loader.loadClass( basePackage +
"runtime.JspFactoryImpl$PrivilegedReleasePageContext");
loader.loadClass( basePackage +
"runtime.JspRuntimeLibrary");
loader.loadClass( basePackage +
"runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper");
loader.loadClass( basePackage +
"runtime.ServletResponseWrapperInclude");
loader.loadClass( basePackage +
"runtime.TagHandlerPool");
loader.loadClass( basePackage +
"runtime.JspFragmentHelper");
loader.loadClass( basePackage +
"runtime.ProtectedFunctionMapper");
loader.loadClass( basePackage +
"runtime.ProtectedFunctionMapper$1");
loader.loadClass( basePackage +
"runtime.ProtectedFunctionMapper$2");
loader.loadClass( basePackage +
"runtime.ProtectedFunctionMapper$3");
loader.loadClass( basePackage +
"runtime.ProtectedFunctionMapper$4");
loader.loadClass( basePackage +
"runtime.PageContextImpl");
loader.loadClass( basePackage +
"runtime.PageContextImpl$1");
loader.loadClass( basePackage +
"runtime.JspContextWrapper");
loader.loadClass( basePackage +
"servlet.JspServletWrapper");
} catch (ClassNotFoundException ex) {
System.out.println(
"Jasper SecurityClassLoad preload of class failed: " +
ex.getMessage());
log.error("SecurityClassLoad", ex);
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org