You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2003/10/31 02:30:01 UTC
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security SecurityClassLoad.java
jfarcand 2003/10/30 17:30:01
Modified: catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
http11/src/java/org/apache/coyote/http11
Http11Processor.java InternalOutputBuffer.java
jasper2/src/share/org/apache/jasper/runtime
JspWriterImpl.java PageContextImpl.java
jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Fix for bug 24270: NoClassDefFoundError when running in security mode
Next time I will update my tcks before syaing they all passes ;-)
Revision Changes Path
1.11 +14 -4 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityClassLoad.java
Index: SecurityClassLoad.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityClassLoad.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- SecurityClassLoad.java 19 Sep 2003 22:03:35 -0000 1.10
+++ SecurityClassLoad.java 31 Oct 2003 01:30:01 -0000 1.11
@@ -89,6 +89,7 @@
loadUtilPackage(loader);
loadJavaxPackage(loader);
loadCoyotePackage(loader);
+ loadHttp11Package(loader);
}
@@ -148,6 +149,15 @@
private final static void loadJavaxPackage(ClassLoader loader)
throws Exception {
loader.loadClass("javax.servlet.http.Cookie");
+ }
+
+
+ private final static void loadHttp11Package(ClassLoader loader)
+ throws Exception {
+ String basePackage = "org.apache.coyote.http11.";
+ loader.loadClass(basePackage + "Http11Processor$1");
+ loader.loadClass(basePackage + "InternalOutputBuffer$1");
+ loader.loadClass(basePackage + "InternalOutputBuffer$2");
}
1.85 +19 -3 jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
Index: Http11Processor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- Http11Processor.java 17 Oct 2003 18:45:40 -0000 1.84
+++ Http11Processor.java 31 Oct 2003 01:30:01 -0000 1.85
@@ -66,6 +66,8 @@
import java.net.InetAddress;
import java.net.Socket;
import java.util.StringTokenizer;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.coyote.ActionCode;
import org.apache.coyote.ActionHook;
@@ -1434,9 +1436,23 @@
}
// Add date header
- if (! response.containsHeader("Date"))
- response.addHeader("Date", FastHttpDateFormat.getCurrentDate());
-
+ if (! response.containsHeader("Date")){
+
+ String date = null;
+ if (System.getSecurityManager() != null){
+ date = (String)AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run(){
+ return FastHttpDateFormat.getCurrentDate();
+ }
+ }
+ );
+ } else {
+ date = FastHttpDateFormat.getCurrentDate();
+ }
+ response.addHeader("Date", date);
+ }
+
// Add server header
response.addHeader("Server", Constants.SERVER);
1.20 +28 -2 jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java
Index: InternalOutputBuffer.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- InternalOutputBuffer.java 12 Sep 2003 13:15:36 -0000 1.19
+++ InternalOutputBuffer.java 31 Oct 2003 01:30:01 -0000 1.20
@@ -61,6 +61,8 @@
import java.io.IOException;
import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
@@ -489,16 +491,40 @@
// Write message
String message = response.getMessage();
if (message == null) {
- write(HttpMessages.getMessage(status));
+ write(getMessage(status));
} else {
write(message);
}
// End the response status line
- write(Constants.CRLF_BYTES);
+ if (System.getSecurityManager() != null){
+ AccessController.doPrivileged(
+ new PrivilegedAction(){
+ public Object run(){
+ write(Constants.CRLF_BYTES);
+ return null;
+ }
+ }
+ );
+ } else {
+ write(Constants.CRLF_BYTES);
+ }
}
+ private String getMessage(final int message){
+ if (System.getSecurityManager() != null){
+ return (String)AccessController.doPrivileged(
+ new PrivilegedAction(){
+ public Object run(){
+ return HttpMessages.getMessage(message);
+ }
+ }
+ );
+ } else {
+ return HttpMessages.getMessage(message);
+ }
+ }
/**
* Send a header.
1.8 +20 -7 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspWriterImpl.java
Index: JspWriterImpl.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspWriterImpl.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JspWriterImpl.java 22 Jan 2003 20:08:25 -0000 1.7
+++ JspWriterImpl.java 31 Oct 2003 01:30:01 -0000 1.8
@@ -63,6 +63,8 @@
import java.io.IOException;
import java.io.Writer;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import javax.servlet.ServletResponse;
import javax.servlet.jsp.JspWriter;
@@ -166,6 +168,17 @@
}
}
+ private String getLocalizeMessage(final String message){
+ if (System.getSecurityManager() != null){
+ return (String)AccessController.doPrivileged(new PrivilegedAction(){
+ public Object run(){
+ return Localizer.getMessage(message);
+ }
+ });
+ } else {
+ return Localizer.getMessage(message);
+ }
+ }
/**
* Discard the output buffer.
@@ -173,10 +186,10 @@
public final void clear() throws IOException {
if (bufferSize == 0)
throw new IllegalStateException(
- Localizer.getMessage("jsp.error.ise_on_clear"));
+ getLocalizeMessage("jsp.error.ise_on_clear"));
if (flushed)
throw new IOException(
- Localizer.getMessage("jsp.error.attempt_to_clear_flushed_buffer"));
+ getLocalizeMessage("jsp.error.attempt_to_clear_flushed_buffer"));
ensureOpen();
nextChar = 0;
}
@@ -184,13 +197,13 @@
public void clearBuffer() throws IOException {
if (bufferSize == 0)
throw new IllegalStateException(
- Localizer.getMessage("jsp.error.ise_on_clear"));
+ getLocalizeMessage("jsp.error.ise_on_clear"));
ensureOpen();
nextChar = 0;
}
private final void bufferOverflow() throws IOException {
- throw new IOException(Localizer.getMessage("jsp.error.overflow"));
+ throw new IOException(getLocalizeMessage("jsp.error.overflow"));
}
/**
1.56 +13 -8 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java
Index: PageContextImpl.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- PageContextImpl.java 1 Oct 2003 16:15:33 -0000 1.55
+++ PageContextImpl.java 31 Oct 2003 01:30:01 -0000 1.56
@@ -479,18 +479,23 @@
}
public Object findAttribute(final String name) {
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage("jsp.error.attribute.null_name"));
- }
-
if (System.getSecurityManager() != null){
return AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
+ if (name == null) {
+ throw new NullPointerException(
+ Localizer.getMessage("jsp.error.attribute.null_name"));
+ }
+
return doFindAttribute(name);
}
});
} else {
+ if (name == null) {
+ throw new NullPointerException(
+ Localizer.getMessage("jsp.error.attribute.null_name"));
+ }
+
return doFindAttribute(name);
}
}
1.3 +2 -0 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security/SecurityClassLoad.java
Index: SecurityClassLoad.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security/SecurityClassLoad.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SecurityClassLoad.java 19 Sep 2003 21:24:48 -0000 1.2
+++ SecurityClassLoad.java 31 Oct 2003 01:30:01 -0000 1.3
@@ -143,6 +143,8 @@
loader.loadClass( basePackage +
"servlet.JspServletWrapper");
+ loader.loadClass( basePackage +
+ "runtime.JspWriterImpl$1");
} catch (ClassNotFoundException ex) {
System.out.println(
"Jasper SecurityClassLoad preload of class failed: " +
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org