You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by co...@locus.apache.org on 2000/04/19 01:04:36 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request Jdk12Interceptor.java
costin 00/04/18 16:04:35
Modified: src/share/org/apache/tomcat/core Context.java
ContextManager.java HttpServletRequestFacade.java
HttpServletResponseFacade.java RequestImpl.java
ServletWrapper.java
Added: src/share/org/apache/tomcat/request Jdk12Interceptor.java
Log:
- Removed the fix for bug #116 ( class loader problems with JNDI and other
libs)
- Added back the fix in a better form ( plus support for destroy ). It is now
possible to use it only if you need to ( i.e. no need to do several
introspections if you are in jdk1.1). We use a normal interceptor that will
set the contextClassLoader for JDK1.2 - the code is still jdk independent,
but probably it's usefull to just call the real method instead of using
invoke() - at least faster...
- Start the missing piece for Facade - the ability to restrict access to
tomcat internals. It's still a lot of work in this area - review all
public methods and constructors, including attributes that are set during
jsp processing.
Revision Changes Path
1.79 +10 -1 jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java
Index: Context.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- Context.java 2000/04/06 21:14:45 1.78
+++ Context.java 2000/04/18 23:04:27 1.79
@@ -142,7 +142,9 @@
String formErrorPage;
int debug=0;
-
+ // are servlets allowed to access internal objects?
+ boolean trusted=false;
+
public Context() {
// System.out.println("New Context ");
// XXX customize it per context
@@ -1003,5 +1005,12 @@
this.documentBase=s;
}
+ public void setTrusted( boolean t ) {
+ trusted=t;
+ }
+
+ public boolean isTrusted() {
+ return trusted;
+ }
}
1.71 +1 -0 jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java
Index: ContextManager.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- ContextManager.java 2000/04/17 21:02:26 1.70
+++ ContextManager.java 2000/04/18 23:04:28 1.71
@@ -849,4 +849,5 @@
t.printStackTrace( System.out );
}
}
+
}
1.9 +9 -3 jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletRequestFacade.java
Index: HttpServletRequestFacade.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletRequestFacade.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- HttpServletRequestFacade.java 2000/04/17 21:02:27 1.8
+++ HttpServletRequestFacade.java 2000/04/18 23:04:29 1.9
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletRequestFacade.java,v 1.8 2000/04/17 21:02:27 costin Exp $
- * $Revision: 1.8 $
- * $Date: 2000/04/17 21:02:27 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletRequestFacade.java,v 1.9 2000/04/18 23:04:29 costin Exp $
+ * $Revision: 1.9 $
+ * $Date: 2000/04/18 23:04:29 $
*
* ====================================================================
*
@@ -91,6 +91,12 @@
public Request getRealRequest() {
// XXX In JDK1.2, call a security class to see if the code has
// the right permission !!!
+ Context ctx=request.getContext();
+ if( ctx==null || ! ctx.isTrusted() ) {
+ // you are not allowed to access internal tomcat objects.
+ // finer control with a security manager...
+ // throw new SecurityException("Attempt to access internal objects");
+ }
return request;
}
1.12 +5 -4 jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java
Index: HttpServletResponseFacade.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- HttpServletResponseFacade.java 2000/04/17 21:02:27 1.11
+++ HttpServletResponseFacade.java 2000/04/18 23:04:29 1.12
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v 1.11 2000/04/17 21:02:27 costin Exp $
- * $Revision: 1.11 $
- * $Date: 2000/04/17 21:02:27 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v 1.12 2000/04/18 23:04:29 costin Exp $
+ * $Revision: 1.12 $
+ * $Date: 2000/04/18 23:04:29 $
*
* ====================================================================
*
@@ -80,7 +80,8 @@
*/
public class HttpServletResponseFacade
-implements HttpServletResponse {
+ implements HttpServletResponse
+{
private StringManager sm =
StringManager.getManager(Constants.Package);
1.28 +4 -4 jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java
Index: RequestImpl.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- RequestImpl.java 2000/04/17 21:02:27 1.27
+++ RequestImpl.java 2000/04/18 23:04:30 1.28
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v 1.27 2000/04/17 21:02:27 costin Exp $
- * $Revision: 1.27 $
- * $Date: 2000/04/17 21:02:27 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v 1.28 2000/04/18 23:04:30 costin Exp $
+ * $Revision: 1.28 $
+ * $Date: 2000/04/18 23:04:30 $
*
* ====================================================================
*
@@ -618,7 +618,7 @@
// about security
remoteAddr="127.0.0.1";
remoteHost="localhost";
-
+ for( int i=0; i<ACCOUNTS; i++ ) accTable[i]=0;
}
public MimeHeaders getMimeHeaders() {
1.40 +6 -74 jakarta-tomcat/src/share/org/apache/tomcat/core/ServletWrapper.java
Index: ServletWrapper.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ServletWrapper.java,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- ServletWrapper.java 2000/04/17 21:02:27 1.39
+++ ServletWrapper.java 2000/04/18 23:04:31 1.40
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ServletWrapper.java,v 1.39 2000/04/17 21:02:27 costin Exp $
- * $Revision: 1.39 $
- * $Date: 2000/04/17 21:02:27 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ServletWrapper.java,v 1.40 2000/04/18 23:04:31 costin Exp $
+ * $Revision: 1.40 $
+ * $Date: 2000/04/18 23:04:31 $
*
* ====================================================================
*
@@ -281,10 +281,6 @@
throws ClassNotFoundException, InstantiationException,
IllegalAccessException, ServletException
{
- ClassLoader originalCL=null;
- originalCL = fixJDKContextClassLoader(context.getServletLoader().getClassLoader());
-
- try {
// XXX Move this to an interceptor, so it will be configurable.
// ( and easier to read )
if (servletClass == null) {
@@ -339,10 +335,6 @@
} catch( Exception ex ) {
unavailable=ex;
}
- } finally {
- fixJDKContextClassLoader(originalCL );
- }
-
}
// XXX Move it to interceptor - so it can be customized
@@ -358,6 +350,8 @@
if( loader!=null) {
// XXX no need to check after we remove the old loader
if( loader.shouldReload() ) {
+ // workaround for destroy
+ destroy();
initialized=false;
loader.reload();
servlet=null;
@@ -383,8 +377,6 @@
public void handleRequest(Request req, Response res)
{
- ClassLoader originalCL=null;
-
// Jsp case - JspServlet will be called.
// XXXX Very, very bad code !!!
try {
@@ -478,9 +470,6 @@
}
try {
- originalCL = fixJDKContextClassLoader(context.getServletLoader().getClassLoader());
-
-
// XXX to expensive per/request, un-load is not so frequent and
// the API doesn't require a special state for destroy
// synchronized(this) {
@@ -525,66 +514,9 @@
// Developers can/should use the logs !!!
contextM.handleError( req, res, t, 0 );
}
- } finally {
- fixJDKContextClassLoader(originalCL );
- }
- }
-
- static boolean haveContextClassLoader=true;
- static Class noParams[]=new Class[0];
- static Class clParam[]=new Class[1];
- static Object noObjs[]=new Object[0];
- static { clParam[0]=ClassLoader.class; }
-
-
- // Before we do init() or service(), we need to do some tricks
- // with the class loader - see bug #116.
- // some JDK1.2 code will not work without this fix
- // we save the originalCL because we might be in include
- // and we need to revert to it when we finish
- // that will set a new (JDK)context class loader, and return the old one
- // if we are in JDK1.2
- // XXX move it to interceptor !!!
- /** Reflection trick to set the context class loader for JDK1.2, without
- braking JDK1.1.
-
- This code can be commented out for 3.1 if it creates any problems -
- it should work.
-
- XXX We need to find a better way to do that - maybe make it part of
- the ServletLoader interface.
- */
- ClassLoader fixJDKContextClassLoader( ClassLoader cl ) {
- if( cl==null ) return null;
- if( ! haveContextClassLoader ) return null;
-
- Thread t=Thread.currentThread();
- try {
- java.lang.reflect.Method getCCL=t.getClass().getMethod("getContextClassLoader", noParams);
- java.lang.reflect.Method setCCL=t.getClass().getMethod("setContextClassLoader", clParam) ;
- if( (getCCL==null) || (setCCL==null) ) {
- haveContextClassLoader=false;
- return null;
- }
- ClassLoader old=( ClassLoader)getCCL.invoke( t, noObjs );
- Object params[]=new Object[1];
- params[0]=cl;
- setCCL.invoke( t, params );
- // if( context.getDebug() > 5 ) context.log("Setting system loader " + old + " " + cl );
- // context.log("Setting system loader " + old + " " + cl );
-
- return old;
- } catch (NoSuchMethodException ex ) {
- // we don't have the methods, don't try again
- haveContextClassLoader=false;
- } catch( Exception ex ) {
- haveContextClassLoader = false;
- context.log( "Error setting jdk context class loader", ex );
- }
- return null;
+ }
}
-
/** @deprecated
*/
public void handleRequest(final HttpServletRequestFacade request,
1.1 jakarta-tomcat/src/share/org/apache/tomcat/request/Jdk12Interceptor.java
Index: Jdk12Interceptor.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.request;
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.*;
import java.io.*;
import java.net.*;
import java.util.*;
import javax.servlet.http.*;
/**
* JDK1.2 specific options. Fix the class loader, etc.
*/
public class Jdk12Interceptor extends BaseInterceptor implements RequestInterceptor {
ContextManager cm;
int debug=0;
public Jdk12Interceptor() {
}
public void setContextManager( ContextManager cm ) {
this.cm=cm;
}
public void setDebug( int i ) {
debug=i;
}
public void preServletInit( Context ctx, ServletWrapper sw )
throws TomcatException
{
ClassLoader originalCL=null;
originalCL = fixJDKContextClassLoader(ctx.getServletLoader().getClassLoader());
// System.out.println("Setting class loader for init()");
}
/** Servlet Destroy notification
*/
public void preServletDestroy( Context ctx, ServletWrapper sw )
throws TomcatException
{
fixJDKContextClassLoader(ctx.getServletLoader().getClassLoader());
}
public void postServletInit( Context ctx, ServletWrapper sw )
throws TomcatException
{
// no need to change the cl - next requst will do that
// ( it's per-thread information )
}
/** Called before service method is invoked.
*/
public int preService(Request request, Response response) {
fixJDKContextClassLoader(request.getContext().getServletLoader().getClassLoader());
// System.out.println("Setting class loader for service()");
return 0;
}
static boolean haveContextClassLoader=true;
static Class noParams[]=new Class[0];
static Class clParam[]=new Class[1];
static Object noObjs[]=new Object[0];
static { clParam[0]=ClassLoader.class; }
// Before we do init() or service(), we need to do some tricks
// with the class loader - see bug #116.
// some JDK1.2 code will not work without this fix
// we save the originalCL because we might be in include
// and we need to revert to it when we finish
// that will set a new (JDK)context class loader, and return the old one
// if we are in JDK1.2
// XXX move it to interceptor !!!
/** Reflection trick to set the context class loader for JDK1.2, without
braking JDK1.1.
This code can be commented out for 3.1 if it creates any problems -
it should work.
XXX We need to find a better way to do that - maybe make it part of
the ServletLoader interface.
*/
ClassLoader fixJDKContextClassLoader( ClassLoader cl ) {
if( cl==null ) return null;
if( ! haveContextClassLoader ) return null;
Thread t=Thread.currentThread();
try {
java.lang.reflect.Method getCCL=t.getClass().getMethod("getContextClassLoader", noParams);
java.lang.reflect.Method setCCL=t.getClass().getMethod("setContextClassLoader", clParam) ;
if( (getCCL==null) || (setCCL==null) ) {
haveContextClassLoader=false;
return null;
}
ClassLoader old=( ClassLoader)getCCL.invoke( t, noObjs );
Object params[]=new Object[1];
params[0]=cl;
setCCL.invoke( t, params );
// if( context.getDebug() > 5 ) context.log("Setting system loader " + old + " " + cl );
// context.log("Setting system loader " + old + " " + cl );
return old;
} catch (NoSuchMethodException ex ) {
// we don't have the methods, don't try again
haveContextClassLoader=false;
} catch( Exception ex ) {
haveContextClassLoader = false;
System.out.println( "Error setting jdk context class loader " + ex );
}
return null;
}
}