You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2002/01/03 17:36:09 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader WebappClassLoader.java
remm 02/01/03 08:36:09
Modified: catalina/src/share/org/apache/catalina/loader
WebappClassLoader.java
Log:
- Adds some filtering on the JARs, similar to what is done by the ClassLoaderFactory.
That should prevent overriding classes which shouldn't be overridden (and which
is actually a spec requirement). For example, it is now possible to actually run
JSPs even with an old servlet.jar in the /WEB-INF/lib directory.
- I think this patch should be ported to the 4.0.x branch, since it prevents lots
of user errors.
Revision Changes Path
1.30 +88 -11 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
Index: WebappClassLoader.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- WebappClassLoader.java 20 Nov 2001 03:33:07 -0000 1.29
+++ WebappClassLoader.java 3 Jan 2002 16:36:09 -0000 1.30
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v 1.29 2001/11/20 03:33:07 remm Exp $
- * $Revision: 1.29 $
- * $Date: 2001/11/20 03:33:07 $
+ * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v 1.30 2002/01/03 16:36:09 remm Exp $
+ * $Revision: 1.30 $
+ * $Date: 2002/01/03 16:36:09 $
*
* ====================================================================
*
@@ -122,7 +122,7 @@
*
* @author Remy Maucherat
* @author Craig R. McClanahan
- * @version $Revision: 1.29 $ $Date: 2001/11/20 03:33:07 $
+ * @version $Revision: 1.30 $ $Date: 2002/01/03 16:36:09 $
*/
public class WebappClassLoader
extends URLClassLoader
@@ -146,6 +146,32 @@
}
+ // ------------------------------------------------------- Static Variables
+
+
+ /**
+ * The set of trigger classes that will cause a proposed repository not
+ * to be added if this class is visible to the class loader that loaded
+ * this factory class. Typically, trigger classes will be listed for
+ * components that have been integrated into the JDK for later versions,
+ * but where the corresponding JAR files are required to run on
+ * earlier versions.
+ */
+ private static final String[] triggers = {
+ "com.sun.jndi.ldap.LdapCtxFactory", // LDAP added in 1.3
+ "com.sun.net.ssl.internal.ssl.Provider", // JSSE added in 1.4
+ "javax.security.auth.Subject", // JAAS added in 1.4
+ "javax.naming.Context", // JNDI added in 1.3
+ "javax.net.SocketFactory", // JSSE added in 1.4
+ "javax.security.cert.X509Certificate", // JSSE added in 1.4
+ "javax.sql.DataSource", // JDBC ext. added in 1.4
+ "javax.xml.parsers.DocumentBuilder", // JAXP added in 1.4
+ "javax.servlet.Servlet", // Servlet API
+ // "org.apache.crimson.jaxp.DocumentBuilderImpl",
+ // Crimson added in 1.4
+ };
+
+
// ----------------------------------------------------------- Constructors
@@ -565,13 +591,6 @@
}
- JarFile[] result2 = new JarFile[jarFiles.length + 1];
- for (i = 0; i < jarFiles.length; i++) {
- result2[i] = jarFiles[i];
- }
- result2[jarFiles.length] = jarFile;
- jarFiles = result2;
-
try {
// Register the JAR for tracking
@@ -595,7 +614,23 @@
lastModifiedDates = result3;
} catch (NamingException e) {
+ // Ignore
+ }
+
+ if (!validateJarFile(file))
+ System.out.println("Didn't validate:" + file);
+
+ // If the JAR currently contains invalid classes, don't actually use it
+ // for classloading
+ if (!validateJarFile(file))
+ return;
+
+ JarFile[] result2 = new JarFile[jarFiles.length + 1];
+ for (i = 0; i < jarFiles.length; i++) {
+ result2[i] = jarFiles[i];
}
+ result2[jarFiles.length] = jarFile;
+ jarFiles = result2;
// Add the file to the list
File[] result4 = new File[jarRealFiles.length + 1];
@@ -1879,6 +1914,48 @@
return false;
return true;
+
+ }
+
+
+ /**
+ * Check the specified JAR file, and return <code>true</code> if it does
+ * not contain any of the trigger classes.
+ *
+ * @param jarFile The JAR file to be checked
+ *
+ * @exception IOException if an input/output error occurs
+ */
+ private boolean validateJarFile(File jarfile)
+ throws IOException {
+
+ if (triggers == null)
+ return (true);
+ JarFile jarFile = new JarFile(jarfile);
+ for (int i = 0; i < triggers.length; i++) {
+ Class clazz = null;
+ try {
+ if (parent != null) {
+ clazz = parent.loadClass(triggers[i]);
+ } else {
+ clazz = Class.forName(triggers[i]);
+ }
+ } catch (Throwable t) {
+ clazz = null;
+ }
+ if (clazz == null)
+ continue;
+ String name = triggers[i].replace('.', '/') + ".class";
+ if (debug >= 2)
+ log(" Checking for " + name);
+ JarEntry jarEntry = jarFile.getJarEntry(name);
+ if (jarEntry != null) {
+ jarFile.close();
+ return (false);
+ }
+ }
+ jarFile.close();
+ return (true);
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>