You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2021/04/28 12:53:23 UTC
[tomcat] branch 9.0.x updated: Refactor system property source to
be more flexible
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 06eb5b1 Refactor system property source to be more flexible
06eb5b1 is described below
commit 06eb5b10d1c7852dac3d4022e45c3d28721dfd9a
Author: remm <re...@apache.org>
AuthorDate: Wed Apr 28 14:43:55 2021 +0200
Refactor system property source to be more flexible
Allows explicit use if desired.
---
java/org/apache/tomcat/util/digester/Digester.java | 43 ++++++------------
.../tomcat/util/digester/SystemPropertySource.java | 51 ++++++++++++++++++++++
webapps/docs/changelog.xml | 5 +++
webapps/docs/config/systemprops.xml | 3 ++
4 files changed, 72 insertions(+), 30 deletions(-)
diff --git a/java/org/apache/tomcat/util/digester/Digester.java b/java/org/apache/tomcat/util/digester/Digester.java
index 0b76684..12a72e4 100644
--- a/java/org/apache/tomcat/util/digester/Digester.java
+++ b/java/org/apache/tomcat/util/digester/Digester.java
@@ -24,16 +24,13 @@ import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.net.URISyntaxException;
-import java.security.Permission;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.EmptyStackException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
-import java.util.PropertyPermission;
import java.util.Set;
import java.util.StringTokenizer;
@@ -48,7 +45,6 @@ import org.apache.tomcat.util.IntrospectionUtils;
import org.apache.tomcat.util.IntrospectionUtils.PropertySource;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.res.StringManager;
-import org.apache.tomcat.util.security.PermissionCheck;
import org.xml.sax.Attributes;
import org.xml.sax.EntityResolver;
import org.xml.sax.ErrorHandler;
@@ -175,26 +171,6 @@ public class Digester extends DefaultHandler2 {
// --------------------------------------------------- Instance Variables
- private static class SystemPropertySource implements IntrospectionUtils.SecurePropertySource {
-
- @Override
- public String getProperty(String key) {
- // For backward compatibility
- return getProperty(key, null);
- }
-
- @Override
- public String getProperty(String key, ClassLoader classLoader) {
- if (classLoader instanceof PermissionCheck) {
- Permission p = new PropertyPermission(key, "read");
- if (!((PermissionCheck) classLoader).check(p)) {
- return null;
- }
- }
- return System.getProperty(key);
- }
- }
-
/**
* A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource}
* that uses environment variables to resolve expressions. Still available
@@ -208,8 +184,7 @@ public class Digester extends DefaultHandler2 {
}
- protected IntrospectionUtils.PropertySource[] source = new IntrospectionUtils.PropertySource[] {
- new SystemPropertySource() };
+ protected IntrospectionUtils.PropertySource[] source;
/**
@@ -393,12 +368,20 @@ public class Digester extends DefaultHandler2 {
public Digester() {
propertySourcesSet = true;
+ ArrayList<IntrospectionUtils.PropertySource> sourcesList = new ArrayList<>();
+ boolean systemPropertySourceFound = false;
if (propertySources != null) {
- ArrayList<IntrospectionUtils.PropertySource> sourcesList = new ArrayList<>();
- sourcesList.addAll(Arrays.asList(propertySources));
- sourcesList.add(source[0]);
- source = sourcesList.toArray(new IntrospectionUtils.PropertySource[0]);
+ for (IntrospectionUtils.PropertySource source : propertySources) {
+ if (source instanceof SystemPropertySource) {
+ systemPropertySourceFound = true;
+ }
+ sourcesList.add(source);
+ }
+ }
+ if (!systemPropertySourceFound) {
+ sourcesList.add(new SystemPropertySource());
}
+ source = sourcesList.toArray(new IntrospectionUtils.PropertySource[0]);
}
diff --git a/java/org/apache/tomcat/util/digester/SystemPropertySource.java b/java/org/apache/tomcat/util/digester/SystemPropertySource.java
new file mode 100644
index 0000000..49fc765
--- /dev/null
+++ b/java/org/apache/tomcat/util/digester/SystemPropertySource.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.digester;
+
+import java.security.Permission;
+import java.util.PropertyPermission;
+
+import org.apache.tomcat.util.IntrospectionUtils;
+import org.apache.tomcat.util.security.PermissionCheck;
+
+/**
+ * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource}
+ * that uses system properties to resolve expressions.
+ * This property source is always active by default.
+ *
+ * @see Digester
+ */
+public class SystemPropertySource implements IntrospectionUtils.SecurePropertySource {
+
+ @Override
+ public String getProperty(String key) {
+ // For backward compatibility
+ return getProperty(key, null);
+ }
+
+ @Override
+ public String getProperty(String key, ClassLoader classLoader) {
+ if (classLoader instanceof PermissionCheck) {
+ Permission p = new PropertyPermission(key, "read");
+ if (!((PermissionCheck) classLoader).check(p)) {
+ return null;
+ }
+ }
+ return System.getProperty(key);
+ }
+
+}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ae0f7ad..053ea70 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -182,6 +182,11 @@
<update>
Update the CXF module to Apache CXF 3.4.3. (remm)
</update>
+ <fix>
+ Move <code>SystemPropertySource</code> to be a regular class to allow
+ more precise configuration if needed. The system property source will
+ still always be enabled. (remm)
+ </fix>
</changelog>
</subsection>
</section>
diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml
index 106a8db..c286703 100644
--- a/webapps/docs/config/systemprops.xml
+++ b/webapps/docs/config/systemprops.xml
@@ -55,6 +55,9 @@
can be used to replace parameters from the process' environment
variables, e.g. injected ConfigMaps or Secret objects in container
based systems like OpenShift or Kubernetes.</p>
+ <p><code>org.apache.tomcat.util.digester.SystemPropertySource</code>
+ does replacement with system properties. It is always enabled,
+ but can also be spefied as part of the property value.</p>
</property>
<property name="org.apache.tomcat.util.digester. REPLACE_SYSTEM_PROPERTIES">
<p>Set this boolean system property to <code>true</code> to cause
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org