You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/01/11 19:29:14 UTC
[tomcat] branch main updated: Clean-up some unused references to SecurityManager and related APIs
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 887324ecd5 Clean-up some unused references to SecurityManager and related APIs
887324ecd5 is described below
commit 887324ecd556749814969409bc8dea54ea9e549a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 11 19:29:03 2023 +0000
Clean-up some unused references to SecurityManager and related APIs
---
.../catalina/connector/CoyoteInputStream.java | 177 +------------
.../org/apache/catalina/connector/InputBuffer.java | 41 +--
.../apache/catalina/connector/OutputBuffer.java | 40 +--
java/org/apache/catalina/connector/Request.java | 20 --
.../apache/catalina/connector/RequestFacade.java | 279 +--------------------
java/org/apache/catalina/connector/Response.java | 93 +------
.../apache/catalina/connector/ResponseFacade.java | 104 +-------
7 files changed, 28 insertions(+), 726 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteInputStream.java b/java/org/apache/catalina/connector/CoyoteInputStream.java
index 01cc429903..952261e481 100644
--- a/java/org/apache/catalina/connector/CoyoteInputStream.java
+++ b/java/org/apache/catalina/connector/CoyoteInputStream.java
@@ -18,15 +18,11 @@ package org.apache.catalina.connector;
import java.io.IOException;
import java.nio.ByteBuffer;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.Objects;
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
-import org.apache.catalina.security.SecurityUtil;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -67,43 +63,12 @@ public class CoyoteInputStream extends ServletInputStream {
@Override
public int read() throws IOException {
checkNonBlockingRead();
-
- if (SecurityUtil.isPackageProtectionEnabled()) {
-
- try {
- Integer result = AccessController.doPrivileged(new PrivilegedRead(ib));
- return result.intValue();
- } catch (PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof IOException) {
- throw (IOException) e;
- } else {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
- } else {
- return ib.readByte();
- }
+ return ib.readByte();
}
@Override
public int available() throws IOException {
-
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- Integer result = AccessController.doPrivileged(new PrivilegedAvailable(ib));
- return result.intValue();
- } catch (PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof IOException) {
- throw (IOException) e;
- } else {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
- } else {
- return ib.available();
- }
+ return ib.available();
}
@Override
@@ -115,23 +80,7 @@ public class CoyoteInputStream extends ServletInputStream {
@Override
public int read(final byte[] b, final int off, final int len) throws IOException {
checkNonBlockingRead();
-
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- Integer result = AccessController.doPrivileged(
- new PrivilegedReadArray(ib, b, off, len));
- return result.intValue();
- } catch (PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof IOException) {
- throw (IOException) e;
- } else {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
- } else {
- return ib.read(b, off, len);
- }
+ return ib.read(b, off, len);
}
@@ -139,22 +88,7 @@ public class CoyoteInputStream extends ServletInputStream {
public int read(final ByteBuffer b) throws IOException {
Objects.requireNonNull(b);
checkNonBlockingRead();
-
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- Integer result = AccessController.doPrivileged(new PrivilegedReadBuffer(ib, b));
- return result.intValue();
- } catch (PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof IOException) {
- throw (IOException) e;
- } else {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
- } else {
- return ib.read(b);
- }
+ return ib.read(b);
}
@@ -165,21 +99,7 @@ public class CoyoteInputStream extends ServletInputStream {
*/
@Override
public void close() throws IOException {
-
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- AccessController.doPrivileged(new PrivilegedClose(ib));
- } catch (PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof IOException) {
- throw (IOException) e;
- } else {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
- } else {
- ib.close();
- }
+ ib.close();
}
@Override
@@ -208,91 +128,4 @@ public class CoyoteInputStream extends ServletInputStream {
throw new IllegalStateException(sm.getString("coyoteInputStream.nbNotready"));
}
}
-
-
- private static class PrivilegedAvailable implements PrivilegedExceptionAction<Integer> {
-
- private final InputBuffer inputBuffer;
-
- public PrivilegedAvailable(InputBuffer inputBuffer) {
- this.inputBuffer = inputBuffer;
- }
-
- @Override
- public Integer run() throws IOException {
- return Integer.valueOf(inputBuffer.available());
- }
- }
-
-
- private static class PrivilegedClose implements PrivilegedExceptionAction<Void> {
-
- private final InputBuffer inputBuffer;
-
- public PrivilegedClose(InputBuffer inputBuffer) {
- this.inputBuffer = inputBuffer;
- }
-
- @Override
- public Void run() throws IOException {
- inputBuffer.close();
- return null;
- }
- }
-
-
- private static class PrivilegedRead implements PrivilegedExceptionAction<Integer> {
-
- private final InputBuffer inputBuffer;
-
- public PrivilegedRead(InputBuffer inputBuffer) {
- this.inputBuffer = inputBuffer;
- }
-
- @Override
- public Integer run() throws IOException {
- Integer integer = Integer.valueOf(inputBuffer.readByte());
- return integer;
- }
- }
-
-
- private static class PrivilegedReadArray implements PrivilegedExceptionAction<Integer> {
-
- private final InputBuffer inputBuffer;
- private final byte[] buf;
- private final int off;
- private final int len;
-
- public PrivilegedReadArray(InputBuffer inputBuffer, byte[] buf, int off, int len) {
- this.inputBuffer = inputBuffer;
- this.buf = buf;
- this.off = off;
- this.len = len;
- }
-
- @Override
- public Integer run() throws IOException {
- Integer integer = Integer.valueOf(inputBuffer.read(buf, off, len));
- return integer;
- }
- }
-
-
- private static class PrivilegedReadBuffer implements PrivilegedExceptionAction<Integer> {
-
- private final InputBuffer inputBuffer;
- private final ByteBuffer bb;
-
- public PrivilegedReadBuffer(InputBuffer inputBuffer, ByteBuffer bb) {
- this.inputBuffer = inputBuffer;
- this.bb = bb;
- }
-
- @Override
- public Integer run() throws IOException {
- Integer integer = Integer.valueOf(inputBuffer.read(bb));
- return integer;
- }
- }
}
diff --git a/java/org/apache/catalina/connector/InputBuffer.java b/java/org/apache/catalina/connector/InputBuffer.java
index 8d1f5f97c5..d193775a2b 100644
--- a/java/org/apache/catalina/connector/InputBuffer.java
+++ b/java/org/apache/catalina/connector/InputBuffer.java
@@ -22,15 +22,11 @@ import java.nio.Buffer;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import jakarta.servlet.ReadListener;
-import org.apache.catalina.security.SecurityUtil;
import org.apache.coyote.ActionCode;
import org.apache.coyote.Request;
import org.apache.juli.logging.Log;
@@ -556,30 +552,11 @@ public class InputBuffer extends Reader
conv = stack.pop();
if (conv == null) {
- conv = createConverter(charset);
+ conv = new B2CConverter(charset);
}
}
- private static B2CConverter createConverter(Charset charset) throws IOException {
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- return AccessController.doPrivileged(new PrivilegedCreateConverter(charset));
- } catch (PrivilegedActionException ex) {
- Exception e = ex.getException();
- if (e instanceof IOException) {
- throw (IOException) e;
- } else {
- throw new IOException(e);
- }
- }
- } else {
- return new B2CConverter(charset);
- }
-
- }
-
-
@Override
public void setByteBuffer(ByteBuffer buffer) {
bb = buffer;
@@ -650,20 +627,4 @@ public class InputBuffer extends Reader
cb = tmp;
tmp = null;
}
-
-
- private static class PrivilegedCreateConverter
- implements PrivilegedExceptionAction<B2CConverter> {
-
- private final Charset charset;
-
- public PrivilegedCreateConverter(Charset charset) {
- this.charset = charset;
- }
-
- @Override
- public B2CConverter run() throws IOException {
- return new B2CConverter(charset);
- }
- }
}
diff --git a/java/org/apache/catalina/connector/OutputBuffer.java b/java/org/apache/catalina/connector/OutputBuffer.java
index 91b5e0f767..e3fd2b705c 100644
--- a/java/org/apache/catalina/connector/OutputBuffer.java
+++ b/java/org/apache/catalina/connector/OutputBuffer.java
@@ -22,16 +22,12 @@ import java.nio.Buffer;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import jakarta.servlet.WriteListener;
import jakarta.servlet.http.HttpServletResponse;
-import org.apache.catalina.Globals;
import org.apache.coyote.ActionCode;
import org.apache.coyote.CloseNowException;
import org.apache.coyote.Response;
@@ -570,30 +566,12 @@ public class OutputBuffer extends Writer {
conv = encoders.get(charset);
if (conv == null) {
- conv = createConverter(charset);
+ conv = new C2BConverter(charset);
encoders.put(charset, conv);
}
}
- private static C2BConverter createConverter(final Charset charset) throws IOException {
- if (Globals.IS_SECURITY_ENABLED) {
- try {
- return AccessController.doPrivileged(new PrivilegedCreateConverter(charset));
- } catch (PrivilegedActionException ex) {
- Exception e = ex.getException();
- if (e instanceof IOException) {
- throw (IOException) e;
- } else {
- throw new IOException(ex);
- }
- }
- } else {
- return new C2BConverter(charset);
- }
- }
-
-
// -------------------- BufferedOutputStream compatibility
public long getContentWritten() {
@@ -858,20 +836,4 @@ public class OutputBuffer extends Writer {
.position(buffer.limit())
.limit(buffer.capacity());
}
-
-
- private static class PrivilegedCreateConverter
- implements PrivilegedExceptionAction<C2BConverter> {
-
- private final Charset charset;
-
- public PrivilegedCreateConverter(Charset charset) {
- this.charset = charset;
- }
-
- @Override
- public C2BConverter run() throws IOException {
- return new C2BConverter(charset);
- }
- }
}
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index 340d775b15..07b40ed463 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -1500,26 +1500,6 @@ public class Request implements HttpServletRequest {
}
// Add or replace the specified attribute
- // Do the security check before any updates are made
- if (Globals.IS_SECURITY_ENABLED &&
- name.equals(Globals.SENDFILE_FILENAME_ATTR)) {
- // Use the canonical file name to avoid any possible symlink and
- // relative path issues
- String canonicalPath;
- try {
- canonicalPath = new File(value.toString()).getCanonicalPath();
- } catch (IOException e) {
- throw new SecurityException(sm.getString(
- "coyoteRequest.sendfileNotCanonical", value), e);
- }
- // Sendfile is performed in Tomcat's security context so need to
- // check if the web app is permitted to access the file while still
- // in the web app's security context
- System.getSecurityManager().checkRead(canonicalPath);
- // Update the value so the canonical path is used
- value = canonicalPath;
- }
-
Object oldValue = attributes.put(name, value);
// Pass special attributes to the native layer
diff --git a/java/org/apache/catalina/connector/RequestFacade.java b/java/org/apache/catalina/connector/RequestFacade.java
index 5696183984..9c7b138be1 100644
--- a/java/org/apache/catalina/connector/RequestFacade.java
+++ b/java/org/apache/catalina/connector/RequestFacade.java
@@ -18,8 +18,6 @@ package org.apache.catalina.connector;
import java.io.BufferedReader;
import java.io.IOException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Locale;
@@ -43,8 +41,6 @@ import jakarta.servlet.http.HttpUpgradeHandler;
import jakarta.servlet.http.Part;
import jakarta.servlet.http.PushBuilder;
-import org.apache.catalina.Globals;
-import org.apache.catalina.security.SecurityUtil;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -57,169 +53,8 @@ import org.apache.tomcat.util.res.StringManager;
public class RequestFacade implements HttpServletRequest {
- // ----------------------------------------------------------- DoPrivileged
-
- private final class GetAttributePrivilegedAction
- implements PrivilegedAction<Enumeration<String>> {
-
- @Override
- public Enumeration<String> run() {
- return request.getAttributeNames();
- }
- }
-
-
- private final class GetParameterMapPrivilegedAction
- implements PrivilegedAction<Map<String,String[]>> {
-
- @Override
- public Map<String,String[]> run() {
- return request.getParameterMap();
- }
- }
-
-
- private final class GetRequestDispatcherPrivilegedAction
- implements PrivilegedAction<RequestDispatcher> {
-
- private final String path;
-
- public GetRequestDispatcherPrivilegedAction(String path){
- this.path = path;
- }
-
- @Override
- public RequestDispatcher run() {
- return request.getRequestDispatcher(path);
- }
- }
-
-
- private final class GetParameterPrivilegedAction
- implements PrivilegedAction<String> {
-
- public String name;
-
- public GetParameterPrivilegedAction(String name){
- this.name = name;
- }
-
- @Override
- public String run() {
- return request.getParameter(name);
- }
- }
-
-
- private final class GetParameterNamesPrivilegedAction
- implements PrivilegedAction<Enumeration<String>> {
-
- @Override
- public Enumeration<String> run() {
- return request.getParameterNames();
- }
- }
-
-
- private final class GetParameterValuePrivilegedAction
- implements PrivilegedAction<String[]> {
-
- public String name;
-
- public GetParameterValuePrivilegedAction(String name){
- this.name = name;
- }
-
- @Override
- public String[] run() {
- return request.getParameterValues(name);
- }
- }
-
-
- private final class GetCookiesPrivilegedAction
- implements PrivilegedAction<Cookie[]> {
-
- @Override
- public Cookie[] run() {
- return request.getCookies();
- }
- }
-
-
- private final class GetCharacterEncodingPrivilegedAction
- implements PrivilegedAction<String> {
-
- @Override
- public String run() {
- return request.getCharacterEncoding();
- }
- }
-
-
- private final class GetHeadersPrivilegedAction
- implements PrivilegedAction<Enumeration<String>> {
-
- private final String name;
-
- public GetHeadersPrivilegedAction(String name){
- this.name = name;
- }
-
- @Override
- public Enumeration<String> run() {
- return request.getHeaders(name);
- }
- }
-
-
- private final class GetHeaderNamesPrivilegedAction
- implements PrivilegedAction<Enumeration<String>> {
-
- @Override
- public Enumeration<String> run() {
- return request.getHeaderNames();
- }
- }
-
-
- private final class GetLocalePrivilegedAction
- implements PrivilegedAction<Locale> {
-
- @Override
- public Locale run() {
- return request.getLocale();
- }
- }
-
-
- private final class GetLocalesPrivilegedAction
- implements PrivilegedAction<Enumeration<Locale>> {
-
- @Override
- public Enumeration<Locale> run() {
- return request.getLocales();
- }
- }
-
- private final class GetSessionPrivilegedAction
- implements PrivilegedAction<HttpSession> {
-
- private final boolean create;
-
- public GetSessionPrivilegedAction(boolean create){
- this.create = create;
- }
-
- @Override
- public HttpSession run() {
- return request.getSession(create);
- }
- }
-
// ----------------------------------------------------------- Constructors
-
/**
* Construct a wrapper for the specified request.
*
@@ -234,7 +69,6 @@ public class RequestFacade implements HttpServletRequest {
// ----------------------------------------------------- Instance Variables
-
/**
* The wrapped request.
*/
@@ -291,12 +125,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetAttributePrivilegedAction());
- } else {
- return request.getAttributeNames();
- }
+ return request.getAttributeNames();
}
@@ -308,12 +137,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetCharacterEncodingPrivilegedAction());
- } else {
- return request.getCharacterEncoding();
- }
+ return request.getCharacterEncoding();
}
@@ -374,12 +198,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetParameterPrivilegedAction(name));
- } else {
- return request.getParameter(name);
- }
+ return request.getParameter(name);
}
@@ -391,12 +210,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetParameterNamesPrivilegedAction());
- } else {
- return request.getParameterNames();
- }
+ return request.getParameterNames();
}
@@ -408,23 +222,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- String[] ret = null;
-
- /*
- * Clone the returned array only if there is a security manager
- * in place, so that performance won't suffer in the non-secure case
- */
- if (SecurityUtil.isPackageProtectionEnabled()){
- ret = AccessController.doPrivileged(
- new GetParameterValuePrivilegedAction(name));
- if (ret != null) {
- ret = ret.clone();
- }
- } else {
- ret = request.getParameterValues(name);
- }
-
- return ret;
+ return request.getParameterValues(name);
}
@@ -436,12 +234,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetParameterMapPrivilegedAction());
- } else {
- return request.getParameterMap();
- }
+ return request.getParameterMap();
}
@@ -561,12 +354,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetLocalePrivilegedAction());
- } else {
- return request.getLocale();
- }
+ return request.getLocale();
}
@@ -578,12 +366,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetLocalesPrivilegedAction());
- } else {
- return request.getLocales();
- }
+ return request.getLocales();
}
@@ -607,12 +390,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetRequestDispatcherPrivilegedAction(path));
- } else {
- return request.getRequestDispatcher(path);
- }
+ return request.getRequestDispatcher(path);
}
@Override
@@ -635,23 +413,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- Cookie[] ret = null;
-
- /*
- * Clone the returned array only if there is a security manager
- * in place, so that performance won't suffer in the non-secure case
- */
- if (SecurityUtil.isPackageProtectionEnabled()){
- ret = AccessController.doPrivileged(
- new GetCookiesPrivilegedAction());
- if (ret != null) {
- ret = ret.clone();
- }
- } else {
- ret = request.getCookies();
- }
-
- return ret;
+ return request.getCookies();
}
@@ -687,12 +449,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetHeadersPrivilegedAction(name));
- } else {
- return request.getHeaders(name);
- }
+ return request.getHeaders(name);
}
@@ -704,12 +461,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new GetHeaderNamesPrivilegedAction());
- } else {
- return request.getHeaderNames();
- }
+ return request.getHeaderNames();
}
@@ -889,12 +641,7 @@ public class RequestFacade implements HttpServletRequest {
sm.getString("requestFacade.nullRequest"));
}
- if (SecurityUtil.isPackageProtectionEnabled()){
- return AccessController.
- doPrivileged(new GetSessionPrivilegedAction(create));
- } else {
- return request.getSession(create);
- }
+ return request.getSession(create);
}
@Override
diff --git a/java/org/apache/catalina/connector/Response.java b/java/org/apache/catalina/connector/Response.java
index 394614a9aa..38ddd83640 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -24,10 +24,6 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.Charset;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -43,13 +39,11 @@ import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.SessionTrackingMode;
import jakarta.servlet.http.Cookie;
-import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponseWrapper;
import org.apache.catalina.Context;
import org.apache.catalina.Session;
-import org.apache.catalina.security.SecurityUtil;
import org.apache.catalina.util.SessionConfig;
import org.apache.coyote.ActionCode;
import org.apache.coyote.ContinueResponseTiming;
@@ -968,12 +962,7 @@ public class Response implements HttpServletResponse {
public String generateCookieString(final Cookie cookie) {
// Web application code can receive a IllegalArgumentException
// from the generateHeader() invocation
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return AccessController.doPrivileged(
- new PrivilegedGenerateCookieString(getContext(), cookie, request.getRequest()));
- } else {
- return getContext().getCookieProcessor().generateHeader(cookie, request.getRequest());
- }
+ return getContext().getCookieProcessor().generateHeader(cookie, request.getRequest());
}
@@ -1469,13 +1458,7 @@ public class Response implements HttpServletResponse {
return false;
}
- if (SecurityUtil.isPackageProtectionEnabled()) {
- Boolean result = AccessController.doPrivileged(
- new PrivilegedDoIsEncodable(getContext(), hreq, session, location));
- return result.booleanValue();
- } else {
- return doIsEncodeable(getContext(), hreq, session, location);
- }
+ return doIsEncodeable(getContext(), hreq, session, location);
}
@@ -1590,17 +1573,7 @@ public class Response implements HttpServletResponse {
if (!leadingSlash) {
String relativePath = request.getDecodedRequestURI();
int pos = relativePath.lastIndexOf('/');
- CharChunk encodedURI = null;
- if (SecurityUtil.isPackageProtectionEnabled() ){
- try{
- encodedURI = AccessController.doPrivileged(
- new PrivilegedEncodeUrl(urlEncoder, relativePath, pos));
- } catch (PrivilegedActionException pae){
- throw new IllegalArgumentException(location, pae.getException());
- }
- } else {
- encodedURI = urlEncoder.encodeURL(relativePath, 0, pos);
- }
+ CharChunk encodedURI = urlEncoder.encodeURL(relativePath, 0, pos);
redirectURLCC.append(encodedURI);
encodedURI.recycle();
redirectURLCC.append('/');
@@ -1772,64 +1745,4 @@ public class Response implements HttpServletResponse {
sb.append(query);
return sb.toString();
}
-
-
- private static class PrivilegedGenerateCookieString implements PrivilegedAction<String> {
-
- private final Context context;
- private final Cookie cookie;
- private final HttpServletRequest request;
-
- public PrivilegedGenerateCookieString(Context context, Cookie cookie, HttpServletRequest request) {
- this.context = context;
- this.cookie = cookie;
- this.request = request;
- }
-
- @Override
- public String run(){
- return context.getCookieProcessor().generateHeader(cookie, request);
- }
- }
-
-
- private static class PrivilegedDoIsEncodable implements PrivilegedAction<Boolean> {
-
- private final Context context;
- private final Request hreq;
- private final Session session;
- private final String location;
-
- public PrivilegedDoIsEncodable(Context context, Request hreq, Session session,
- String location) {
- this.context = context;
- this.hreq = hreq;
- this.session = session;
- this.location = location;
- }
-
- @Override
- public Boolean run(){
- return Boolean.valueOf(doIsEncodeable(context, hreq, session, location));
- }
- }
-
-
- private static class PrivilegedEncodeUrl implements PrivilegedExceptionAction<CharChunk> {
-
- private final UEncoder urlEncoder;
- private final String relativePath;
- private final int end;
-
- public PrivilegedEncodeUrl(UEncoder urlEncoder, String relativePath, int end) {
- this.urlEncoder = urlEncoder;
- this.relativePath = relativePath;
- this.end = end;
- }
-
- @Override
- public CharChunk run() throws IOException{
- return urlEncoder.encodeURL(relativePath, 0, end);
- }
- }
}
diff --git a/java/org/apache/catalina/connector/ResponseFacade.java b/java/org/apache/catalina/connector/ResponseFacade.java
index fa795660fa..48d6ea5dc2 100644
--- a/java/org/apache/catalina/connector/ResponseFacade.java
+++ b/java/org/apache/catalina/connector/ResponseFacade.java
@@ -18,10 +18,6 @@ package org.apache.catalina.connector;
import java.io.IOException;
import java.io.PrintWriter;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Locale;
import java.util.Map;
@@ -31,8 +27,6 @@ import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletResponse;
-import org.apache.catalina.Globals;
-import org.apache.catalina.security.SecurityUtil;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -43,65 +37,6 @@ import org.apache.tomcat.util.res.StringManager;
*/
public class ResponseFacade implements HttpServletResponse {
- // ----------------------------------------------------------- DoPrivileged
-
- private final class SetContentTypePrivilegedAction
- implements PrivilegedAction<Void> {
-
- private final String contentType;
-
- public SetContentTypePrivilegedAction(String contentType){
- this.contentType = contentType;
- }
-
- @Override
- public Void run() {
- response.setContentType(contentType);
- return null;
- }
- }
-
- private final class DateHeaderPrivilegedAction
- implements PrivilegedAction<Void> {
-
- private final String name;
- private final long value;
- private final boolean add;
-
- DateHeaderPrivilegedAction(String name, long value, boolean add) {
- this.name = name;
- this.value = value;
- this.add = add;
- }
-
- @Override
- public Void run() {
- if(add) {
- response.addDateHeader(name, value);
- } else {
- response.setDateHeader(name, value);
- }
- return null;
- }
- }
-
- private static class FlushBufferPrivilegedAction implements PrivilegedExceptionAction<Void> {
-
- private final Response response;
-
- public FlushBufferPrivilegedAction(Response response) {
- this.response = response;
- }
-
- @Override
- public Void run() throws IOException {
- response.setAppCommitted(true);
- response.flushBuffer();
- return null;
- }
- }
-
-
// ----------------------------------------------------------- Constructors
/**
@@ -117,7 +52,6 @@ public class ResponseFacade implements HttpServletResponse {
// ----------------------------------------------- Class/Instance Variables
-
/**
* The string manager for this package.
*/
@@ -256,12 +190,7 @@ public class ResponseFacade implements HttpServletResponse {
if (isCommitted()) {
return;
}
-
- if (SecurityUtil.isPackageProtectionEnabled()){
- AccessController.doPrivileged(new SetContentTypePrivilegedAction(type));
- } else {
- response.setContentType(type);
- }
+ response.setContentType(type);
}
@@ -297,19 +226,8 @@ public class ResponseFacade implements HttpServletResponse {
return;
}
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try{
- AccessController.doPrivileged(new FlushBufferPrivilegedAction(response));
- } catch(PrivilegedActionException e) {
- Exception ex = e.getException();
- if (ex instanceof IOException) {
- throw (IOException)ex;
- }
- }
- } else {
- response.setAppCommitted(true);
- response.flushBuffer();
- }
+ response.setAppCommitted(true);
+ response.flushBuffer();
}
@@ -477,13 +395,7 @@ public class ResponseFacade implements HttpServletResponse {
return;
}
- if(Globals.IS_SECURITY_ENABLED) {
- AccessController.doPrivileged(new DateHeaderPrivilegedAction
- (name, date, false));
- } else {
- response.setDateHeader(name, date);
- }
-
+ response.setDateHeader(name, date);
}
@@ -494,13 +406,7 @@ public class ResponseFacade implements HttpServletResponse {
return;
}
- if(Globals.IS_SECURITY_ENABLED) {
- AccessController.doPrivileged(new DateHeaderPrivilegedAction
- (name, date, true));
- } else {
- response.addDateHeader(name, date);
- }
-
+ response.addDateHeader(name, date);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org