You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2019/05/08 19:33:44 UTC
[tomcat] branch master updated: 63412: Fix security manager issue
with async IO
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new c662b54 63412: Fix security manager issue with async IO
c662b54 is described below
commit c662b54b1328acf9db89085ffba0b2ad5e186306
Author: remm <re...@apache.org>
AuthorDate: Wed May 8 21:33:35 2019 +0200
63412: Fix security manager issue with async IO
Seen with websockets.
---
java/org/apache/catalina/security/SecurityClassLoad.java | 8 ++++++++
java/org/apache/tomcat/util/net/Nio2Endpoint.java | 10 +++-------
java/org/apache/tomcat/util/net/NioEndpoint.java | 10 +++-------
webapps/docs/changelog.xml | 4 ++++
4 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java b/java/org/apache/catalina/security/SecurityClassLoad.java
index 2d902bc..8e34f4e 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -190,6 +190,14 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "util.net.NioBlockingSelector$BlockPoller$RunnableAdd");
loader.loadClass(basePackage + "util.net.NioBlockingSelector$BlockPoller$RunnableCancel");
loader.loadClass(basePackage + "util.net.NioBlockingSelector$BlockPoller$RunnableRemove");
+ loader.loadClass(basePackage + "util.net.NioEndpoint$NioSocketWrapper$OperationState");
+ loader.loadClass(basePackage + "util.net.NioEndpoint$NioSocketWrapper$VectoredIOCompletionHandler");
+ loader.loadClass(basePackage + "util.net.Nio2Endpoint$Nio2SocketWrapper$OperationState");
+ loader.loadClass(basePackage + "util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler");
+ loader.loadClass(basePackage + "util.net.SocketWrapperBase$BlockingMode");
+ loader.loadClass(basePackage + "util.net.SocketWrapperBase$CompletionCheck");
+ loader.loadClass(basePackage + "util.net.SocketWrapperBase$CompletionHandlerCall");
+ loader.loadClass(basePackage + "util.net.SocketWrapperBase$CompletionState");
// security
loader.loadClass(basePackage + "util.security.PrivilegedGetTccl");
loader.loadClass(basePackage + "util.security.PrivilegedSetTccl");
diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
index a4844bc..c307369 100644
--- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
+++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
@@ -1148,15 +1148,11 @@ public class Nio2Endpoint extends AbstractJsseEndpoint<Nio2Channel,AsynchronousS
boolean complete = true;
boolean completion = true;
if (state.check != null) {
- switch (state.check.callHandler(currentState, state.buffers, state.offset, state.length)) {
- case CONTINUE:
+ CompletionHandlerCall call = state.check.callHandler(currentState, state.buffers, state.offset, state.length);
+ if (call == CompletionHandlerCall.CONTINUE) {
complete = false;
- break;
- case DONE:
- break;
- case NONE:
+ } else if (call == CompletionHandlerCall.NONE) {
completion = false;
- break;
}
}
if (complete) {
diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java b/java/org/apache/tomcat/util/net/NioEndpoint.java
index a087ed8..1910bed 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
@@ -1719,15 +1719,11 @@ public class NioEndpoint extends AbstractJsseEndpoint<NioChannel,SocketChannel>
boolean complete = true;
boolean completion = true;
if (state.check != null) {
- switch (state.check.callHandler(currentState, state.buffers, state.offset, state.length)) {
- case CONTINUE:
+ CompletionHandlerCall call = state.check.callHandler(currentState, state.buffers, state.offset, state.length);
+ if (call == CompletionHandlerCall.CONTINUE) {
complete = false;
- break;
- case DONE:
- break;
- case NONE:
+ } else if (call == CompletionHandlerCall.NONE) {
completion = false;
- break;
}
}
if (complete) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1a2085c..69c5f45 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -62,6 +62,10 @@
<fix>
Filter out some cases of incorrect HTTP/2 connection timeout. (remm)
</fix>
+ <fix>
+ <bug>63412</bug>: Security manager failure when using the async IO
+ API from a webapp. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org