You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/01/11 18:41:50 UTC
[tomcat] branch main updated (9e485cd2a0 -> a5386cbe7e)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from 9e485cd2a0 Update IDE configs for BND update
new eab9740896 Remove SecurityManagaer support from the EL API
new 563ad066a5 Remove references to the SecurityManager from the WebSocket API
new a5386cbe7e Remove SecurityManager support from the Authentication API
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
java/jakarta/el/BeanELResolver.java | 11 +----
java/jakarta/el/ELProcessor.java | 2 +-
java/jakarta/el/ExpressionFactory.java | 37 +++-------------
java/jakarta/el/ImportHandler.java | 2 +-
java/jakarta/el/Util.java | 45 +------------------
.../auth/message/config/AuthConfigFactory.java | 50 +++++-----------------
.../websocket/server/ServerEndpointConfig.java | 18 +-------
7 files changed, 23 insertions(+), 142 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/03: Remove references to the SecurityManager from the WebSocket API
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 563ad066a555637dda838e61029408ec1b7ccb39
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 11 18:32:58 2023 +0000
Remove references to the SecurityManager from the WebSocket API
---
.../jakarta/websocket/server/ServerEndpointConfig.java | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
diff --git a/java/jakarta/websocket/server/ServerEndpointConfig.java b/java/jakarta/websocket/server/ServerEndpointConfig.java
index 036c833621..8de6603669 100644
--- a/java/jakarta/websocket/server/ServerEndpointConfig.java
+++ b/java/jakarta/websocket/server/ServerEndpointConfig.java
@@ -16,8 +16,6 @@
*/
package jakarta.websocket.server;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
@@ -163,12 +161,7 @@ public interface ServerEndpointConfig extends EndpointConfig {
if (defaultImpl == null) {
synchronized (defaultImplLock) {
if (defaultImpl == null) {
- if (System.getSecurityManager() == null) {
- defaultImpl = loadDefault();
- } else {
- defaultImpl =
- AccessController.doPrivileged(new PrivilegedLoadDefault());
- }
+ defaultImpl = loadDefault();
}
}
}
@@ -204,15 +197,6 @@ public interface ServerEndpointConfig extends EndpointConfig {
}
- private static class PrivilegedLoadDefault implements PrivilegedAction<Configurator> {
-
- @Override
- public Configurator run() {
- return Configurator.loadDefault();
- }
- }
-
-
/**
* Return the platform default configurator.
*
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/03: Remove SecurityManagaer support from the EL API
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit eab97408969d44a7b38192fe0af461955c8888de
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 11 18:29:04 2023 +0000
Remove SecurityManagaer support from the EL API
---
java/jakarta/el/BeanELResolver.java | 11 +--------
java/jakarta/el/ELProcessor.java | 2 +-
java/jakarta/el/ExpressionFactory.java | 37 ++++++----------------------
java/jakarta/el/ImportHandler.java | 2 +-
java/jakarta/el/Util.java | 45 +---------------------------------
5 files changed, 11 insertions(+), 86 deletions(-)
diff --git a/java/jakarta/el/BeanELResolver.java b/java/jakarta/el/BeanELResolver.java
index c470b92734..9b99ef50db 100644
--- a/java/jakarta/el/BeanELResolver.java
+++ b/java/jakarta/el/BeanELResolver.java
@@ -22,8 +22,6 @@ import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
@@ -39,14 +37,7 @@ public class BeanELResolver extends ELResolver {
private static final String CACHE_SIZE_PROP = "org.apache.el.BeanELResolver.CACHE_SIZE";
static {
- String cacheSizeStr;
- if (System.getSecurityManager() == null) {
- cacheSizeStr = System.getProperty(CACHE_SIZE_PROP, "1000");
- } else {
- cacheSizeStr = AccessController.doPrivileged(
- (PrivilegedAction<String>) () -> System.getProperty(CACHE_SIZE_PROP, "1000"));
- }
- CACHE_SIZE = Integer.parseInt(cacheSizeStr);
+ CACHE_SIZE = Integer.parseInt(System.getProperty(CACHE_SIZE_PROP, "1000"));
}
private final boolean readOnly;
diff --git a/java/jakarta/el/ELProcessor.java b/java/jakarta/el/ELProcessor.java
index 736ca9ce09..df2fc0120c 100644
--- a/java/jakarta/el/ELProcessor.java
+++ b/java/jakarta/el/ELProcessor.java
@@ -96,7 +96,7 @@ public class ELProcessor {
Class<?> clazz = context.getImportHandler().resolveClass(className);
if (clazz == null) {
- clazz = Class.forName(className, true, Util.getContextClassLoader());
+ clazz = Class.forName(className, true, Thread.currentThread().getContextClassLoader());
}
if (!Modifier.isPublic(clazz.getModifiers())) {
diff --git a/java/jakarta/el/ExpressionFactory.java b/java/jakarta/el/ExpressionFactory.java
index aeacc00b8c..2eca6205df 100644
--- a/java/jakarta/el/ExpressionFactory.java
+++ b/java/jakarta/el/ExpressionFactory.java
@@ -25,8 +25,6 @@ import java.lang.ref.WeakReference;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
@@ -42,27 +40,14 @@ import java.util.concurrent.locks.ReentrantReadWriteLock;
*/
public abstract class ExpressionFactory {
- private static final boolean IS_SECURITY_ENABLED = (System.getSecurityManager() != null);
-
private static final String PROPERTY_NAME = "jakarta.el.ExpressionFactory";
- private static final String PROPERTY_FILE;
+ private static final String PROPERTY_FILE =
+ System.getProperty("java.home") + File.separator + "lib" + File.separator + "el.properties";
private static final CacheValue nullTcclFactory = new CacheValue();
private static final Map<CacheKey, CacheValue> factoryCache = new ConcurrentHashMap<>();
- static {
- if (IS_SECURITY_ENABLED) {
- PROPERTY_FILE = AccessController.doPrivileged(
- (PrivilegedAction<String>) () -> System.getProperty("java.home") + File.separator +
- "lib" + File.separator + "el.properties"
- );
- } else {
- PROPERTY_FILE = System.getProperty("java.home") + File.separator + "lib" +
- File.separator + "el.properties";
- }
- }
-
/**
* Create a new {@link ExpressionFactory}. The class to use is determined by
* the following search order:
@@ -89,7 +74,7 @@ public abstract class ExpressionFactory {
public static ExpressionFactory newInstance(Properties properties) {
ExpressionFactory result = null;
- ClassLoader tccl = Util.getContextClassLoader();
+ ClassLoader tccl = Thread.currentThread().getContextClassLoader();
CacheValue cacheValue;
Class<?> clazz;
@@ -323,20 +308,12 @@ public abstract class ExpressionFactory {
// First services API
className = getClassNameServices(tccl);
if (className == null) {
- if (IS_SECURITY_ENABLED) {
- className = AccessController.doPrivileged((PrivilegedAction<String>) ExpressionFactory::getClassNameJreDir);
- } else {
- // Second el.properties file
- className = getClassNameJreDir();
- }
+ // Second el.properties file
+ className = getClassNameJreDir();
}
if (className == null) {
- if (IS_SECURITY_ENABLED) {
- className = AccessController.doPrivileged((PrivilegedAction<String>) ExpressionFactory::getClassNameSysProp);
- } else {
- // Third system property
- className = getClassNameSysProp();
- }
+ // Third system property
+ className = getClassNameSysProp();
}
if (className == null) {
// Fourth - default
diff --git a/java/jakarta/el/ImportHandler.java b/java/jakarta/el/ImportHandler.java
index 93f1052a26..75faffc689 100644
--- a/java/jakarta/el/ImportHandler.java
+++ b/java/jakarta/el/ImportHandler.java
@@ -447,7 +447,7 @@ public class ImportHandler {
private Class<?> findClass(String name, boolean throwException) {
Class<?> clazz;
- ClassLoader cl = Util.getContextClassLoader();
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
try {
clazz = cl.loadClass(name);
} catch (ClassNotFoundException e) {
diff --git a/java/jakarta/el/Util.java b/java/jakarta/el/Util.java
index ee5848cb2d..fb5efaf80d 100644
--- a/java/jakarta/el/Util.java
+++ b/java/jakarta/el/Util.java
@@ -22,8 +22,6 @@ import java.lang.reflect.Array;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
@@ -43,26 +41,6 @@ class Util {
private static final Class<?>[] EMPTY_CLASS_ARRAY = new Class<?>[0];
private static final Object[] EMPTY_OBJECT_ARRAY = new Object[0];
- private static final boolean IS_SECURITY_ENABLED = (System.getSecurityManager() != null);
-
- private static final boolean GET_CLASSLOADER_USE_PRIVILEGED;
-
- static {
- if (IS_SECURITY_ENABLED) {
- // Defaults to using a privileged block
- // When running on Tomcat this will be set to false in
- // $CATALINA_BASE/conf/catalina.properties
- String value = AccessController.doPrivileged(
- (PrivilegedAction<String>) () -> System.getProperty(
- "org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED", "true"));
- GET_CLASSLOADER_USE_PRIVILEGED = Boolean.parseBoolean(value);
- } else {
- // No security manager - no need to use a privileged block.
- GET_CLASSLOADER_USE_PRIVILEGED = false;
- }
- }
-
-
/**
* Checks whether the supplied Throwable is one that needs to be
* rethrown and swallows all others.
@@ -113,7 +91,7 @@ class Util {
*/
static ExpressionFactory getExpressionFactory() {
- ClassLoader tccl = getContextClassLoader();
+ ClassLoader tccl = Thread.currentThread().getContextClassLoader();
CacheValue cacheValue = null;
ExpressionFactory factory = null;
@@ -673,19 +651,6 @@ class Util {
}
- static ClassLoader getContextClassLoader() {
- ClassLoader tccl;
- if (IS_SECURITY_ENABLED && GET_CLASSLOADER_USE_PRIVILEGED) {
- PrivilegedAction<ClassLoader> pa = new PrivilegedGetTccl();
- tccl = AccessController.doPrivileged(pa);
- } else {
- tccl = Thread.currentThread().getContextClassLoader();
- }
-
- return tccl;
- }
-
-
private abstract static class Wrapper<T> {
public static List<Wrapper<Method>> wrap(Method[] methods, String name) {
@@ -868,12 +833,4 @@ class Util {
return result;
}
}
-
-
- private static class PrivilegedGetTccl implements PrivilegedAction<ClassLoader> {
- @Override
- public ClassLoader run() {
- return Thread.currentThread().getContextClassLoader();
- }
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 03/03: Remove SecurityManager support from the Authentication API
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a5386cbe7e13a722b3bd4a32ed625aaaea7545c4
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 11 18:39:56 2023 +0000
Remove SecurityManager support from the Authentication API
Note some deprecated fields remain and will be removed when removed from
the specification project.
---
.../auth/message/config/AuthConfigFactory.java | 50 +++++-----------------
1 file changed, 11 insertions(+), 39 deletions(-)
diff --git a/java/jakarta/security/auth/message/config/AuthConfigFactory.java b/java/jakarta/security/auth/message/config/AuthConfigFactory.java
index 68282d6c65..011db630bd 100644
--- a/java/jakarta/security/auth/message/config/AuthConfigFactory.java
+++ b/java/jakarta/security/auth/message/config/AuthConfigFactory.java
@@ -16,11 +16,6 @@
*/
package jakarta.security.auth.message.config;
-import java.security.AccessController;
-import java.security.Permission;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.security.SecurityPermission;
import java.util.Map;
@@ -64,7 +59,6 @@ public abstract class AuthConfigFactory {
}
public static AuthConfigFactory getFactory() {
- checkPermission(getFactorySecurityPermission);
if (factory != null) {
return factory;
}
@@ -73,27 +67,18 @@ public abstract class AuthConfigFactory {
if (factory == null) {
final String className = getFactoryClassName();
try {
- factory = AccessController.doPrivileged(
- (PrivilegedExceptionAction<AuthConfigFactory>) () -> {
- // Load this class with the same class loader as used for
- // this class. Note that the Thread context class loader
- // should not be used since that would trigger a memory leak
- // in container environments.
- if (className.equals("org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl")) {
- return new org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl();
- } else {
- Class<?> clazz = Class.forName(className);
- return (AuthConfigFactory) clazz.getConstructor().newInstance();
- }
- });
- } catch (PrivilegedActionException e) {
- Exception inner = e.getException();
- if (inner instanceof InstantiationException) {
- throw new SecurityException("AuthConfigFactory error:" +
- inner.getCause().getMessage(), inner.getCause());
+ // Load this class with the same class loader as used for
+ // this class. Note that the Thread context class loader
+ // should not be used since that would trigger a memory leak
+ // in container environments.
+ if (className.equals("org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl")) {
+ factory = new org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl();
} else {
- throw new SecurityException("AuthConfigFactory error: " + inner, inner);
+ Class<?> clazz = Class.forName(className);
+ factory = (AuthConfigFactory) clazz.getConstructor().newInstance();
}
+ } catch (ReflectiveOperationException e) {
+ throw new RuntimeException("AuthConfigFactory error:" + e.getCause().getMessage(), e.getCause());
}
}
}
@@ -102,7 +87,6 @@ public abstract class AuthConfigFactory {
}
public static synchronized void setFactory(AuthConfigFactory factory) {
- checkPermission(setFactorySecurityPermission);
AuthConfigFactory.factory = factory;
}
@@ -153,20 +137,8 @@ public abstract class AuthConfigFactory {
*/
public abstract void removeServerAuthModule(Object context);
- /**
- * @deprecated Following JEP 411
- */
- @Deprecated(forRemoval = true)
- private static void checkPermission(Permission permission) {
- SecurityManager securityManager = System.getSecurityManager();
- if (securityManager != null) {
- securityManager.checkPermission(permission);
- }
- }
-
private static String getFactoryClassName() {
- String className = AccessController.doPrivileged(
- (PrivilegedAction<String>) () -> Security.getProperty(DEFAULT_FACTORY_SECURITY_PROPERTY));
+ String className = Security.getProperty(DEFAULT_FACTORY_SECURITY_PROPERTY);
if (className != null) {
return className;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org