You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/04/06 20:52:59 UTC
svn commit: r1790462 - in /tomcat/trunk/java/org/apache/jasper:
runtime/PageContextImpl.java security/SecurityClassLoad.java
Author: markt
Date: Thu Apr 6 20:52:59 2017
New Revision: 1790462
URL: http://svn.apache.org/viewvc?rev=1790462&view=rev
Log:
Remove unnecessary privileged block from include.
I can't see anything in doInclude that would trigger a security check.
Modified:
tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=1790462&r1=1790461&r2=1790462&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Thu Apr 6 20:52:59 2017
@@ -21,8 +21,6 @@ import java.io.IOException;
import java.io.Writer;
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
@@ -544,33 +542,7 @@ public class PageContextImpl extends Pag
@Override
public void include(final String relativeUrlPath, final boolean flush)
throws ServletException, IOException {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- AccessController.doPrivileged(
- new PrivilegedExceptionAction<Void>() {
- @Override
- public Void run() throws Exception {
- doInclude(relativeUrlPath, flush);
- return null;
- }
- });
- } catch (PrivilegedActionException e) {
- Exception ex = e.getException();
- if (ex instanceof IOException) {
- throw (IOException) ex;
- } else {
- throw (ServletException) ex;
- }
- }
- } else {
- doInclude(relativeUrlPath, flush);
- }
- }
-
- private void doInclude(String relativeUrlPath, boolean flush)
- throws ServletException, IOException {
- JspRuntimeLibrary.include(request, response, relativeUrlPath, out,
- flush);
+ JspRuntimeLibrary.include(request, response, relativeUrlPath, out, flush);
}
@Override
Modified: tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1790462&r1=1790461&r2=1790462&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java (original)
+++ tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java Thu Apr 6 20:52:59 2017
@@ -54,7 +54,6 @@ public final class SecurityClassLoad {
loader.loadClass( basePackage + "runtime.PageContextImpl$1");
loader.loadClass( basePackage + "runtime.PageContextImpl$2");
loader.loadClass( basePackage + "runtime.PageContextImpl$3");
- loader.loadClass( basePackage + "runtime.PageContextImpl$4");
loader.loadClass( basePackage + "runtime.JspContextWrapper");
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org