You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/11/18 22:12:46 UTC
svn commit: r1543163 - in /tomcat/trunk/java/org/apache/catalina: ./ loader/
webresources/
Author: markt
Date: Mon Nov 18 21:12:46 2013
New Revision: 1543163
URL: http://svn.apache.org/r1543163
Log:
Grant read permissions to all resource locations used by the web
application
Modified:
tomcat/trunk/java/org/apache/catalina/WebResourceRoot.java
tomcat/trunk/java/org/apache/catalina/WebResourceSet.java
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java
tomcat/trunk/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java
tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
tomcat/trunk/java/org/apache/catalina/webresources/JarResourceSet.java
tomcat/trunk/java/org/apache/catalina/webresources/JarWarResourceSet.java
tomcat/trunk/java/org/apache/catalina/webresources/StandardRoot.java
Modified: tomcat/trunk/java/org/apache/catalina/WebResourceRoot.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/WebResourceRoot.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/WebResourceRoot.java (original)
+++ tomcat/trunk/java/org/apache/catalina/WebResourceRoot.java Mon Nov 18 21:12:46 2013
@@ -18,6 +18,7 @@ package org.apache.catalina;
import java.io.InputStream;
import java.net.URL;
+import java.util.List;
import java.util.Set;
/**
@@ -397,6 +398,12 @@ public interface WebResourceRoot extends
void deregisterTracedResource(WebResourceTraceWrapper traceWrapperInputStream);
+ /**
+ * Obtain the set of {@link WebResourceSet#getBaseUrl()} for all
+ * {@link WebResourceSet}s used by this root.
+ */
+ List<URL> getBaseUrls();
+
static enum ResourceSetType {
PRE,
RESOURCE_JAR,
Modified: tomcat/trunk/java/org/apache/catalina/WebResourceSet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/WebResourceSet.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/WebResourceSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/WebResourceSet.java Mon Nov 18 21:12:46 2013
@@ -17,6 +17,7 @@
package org.apache.catalina;
import java.io.InputStream;
+import java.net.URL;
import java.util.Set;
/**
@@ -102,4 +103,11 @@ public interface WebResourceSet extends
boolean getClassLoaderOnly();
void setClassLoaderOnly(boolean classLoaderOnly);
+
+ /**
+ * Obtain the base URL for this set of resources. One of the uses of this is
+ * to grant read permissions to the resources when running under a security
+ * manager.
+ */
+ URL getBaseUrl();
}
Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java (original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java Mon Nov 18 21:12:46 2013
@@ -456,7 +456,7 @@ public class WebappClassLoader extends U
*
* @param filepath file directory path
*/
- public void addPermission(String filepath) {
+ void addPermission(String filepath) {
if (filepath == null) {
return;
}
@@ -465,13 +465,18 @@ public class WebappClassLoader extends U
if (securityManager != null) {
Permission permission = null;
- if (!path.endsWith(File.separator)) {
- permission = new FilePermission(path, "read");
+ if (path.startsWith("file:")) {
+ path = path.substring(5);
+ if (!path.endsWith(File.separator)) {
+ permission = new FilePermission(path, "read");
+ addPermission(permission);
+ path = path + File.separator;
+ }
+ permission = new FilePermission(path + "-", "read");
addPermission(permission);
- path = path + File.separator;
+ } else {
+ // Unsupported resource location.
}
- permission = new FilePermission(path + "-", "read");
- addPermission(permission);
}
}
@@ -482,7 +487,7 @@ public class WebappClassLoader extends U
*
* @param url URL for a file or directory on local system
*/
- public void addPermission(URL url) {
+ void addPermission(URL url) {
if (url != null) {
addPermission(url.toString());
}
@@ -494,7 +499,7 @@ public class WebappClassLoader extends U
*
* @param permission The permission
*/
- public void addPermission(Permission permission) {
+ void addPermission(Permission permission) {
if ((securityManager != null) && (permission != null)) {
permissionList.add(permission);
}
Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java (original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java Mon Nov 18 21:12:46 2013
@@ -25,7 +25,6 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
-import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
import java.net.URLDecoder;
@@ -546,64 +545,8 @@ public class WebappLoader extends Lifecy
}
}
- try {
-
- URL rootURL = servletContext.getResource("/");
- classLoader.addPermission(rootURL);
-
- String contextRoot = servletContext.getRealPath("/");
- if (contextRoot != null) {
- try {
- contextRoot = (new File(contextRoot)).getCanonicalPath();
- classLoader.addPermission(contextRoot);
- } catch (IOException e) {
- // Ignore
- }
- }
-
- URL classesURL = servletContext.getResource("/WEB-INF/classes/");
- classLoader.addPermission(classesURL);
- URL libURL = servletContext.getResource("/WEB-INF/lib/");
- classLoader.addPermission(libURL);
-
- if (contextRoot != null) {
-
- if (libURL != null) {
- File rootDir = new File(contextRoot);
- File libDir = new File(rootDir, "WEB-INF/lib/");
- try {
- String path = libDir.getCanonicalPath();
- classLoader.addPermission(path);
- } catch (IOException e) {
- // Ignore
- }
- }
-
- } else {
-
- if (workDir != null) {
- if (libURL != null) {
- File libDir = new File(workDir, "WEB-INF/lib/");
- try {
- String path = libDir.getCanonicalPath();
- classLoader.addPermission(path);
- } catch (IOException e) {
- // Ignore
- }
- }
- if (classesURL != null) {
- File classesDir = new File(workDir, "WEB-INF/classes/");
- try {
- String path = classesDir.getCanonicalPath();
- classLoader.addPermission(path);
- } catch (IOException e) {
- // Ignore
- }
- }
- }
- }
- } catch (MalformedURLException e) {
- // Ignore
+ for (URL url : context.getResources().getBaseUrls()) {
+ classLoader.addPermission(url);
}
}
Modified: tomcat/trunk/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java Mon Nov 18 21:12:46 2013
@@ -18,6 +18,7 @@ package org.apache.catalina.webresources
import java.io.File;
import java.io.InputStream;
+import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
@@ -32,7 +33,8 @@ import org.apache.catalina.util.Resource
public abstract class AbstractArchiveResourceSet extends AbstractResourceSet {
private final HashMap<String,JarEntry> jarFileEntries = new HashMap<>();
- private String baseUrl;
+ private URL baseUrl;
+ private String baseUrlString;
private Manifest manifest;
@@ -40,12 +42,22 @@ public abstract class AbstractArchiveRes
this.manifest = manifest;
}
- protected final String getBaseUrl() {
+ protected final void setBaseUrl(URL baseUrl) {
+ this.baseUrl = baseUrl;
+ if (baseUrl == null) {
+ this.baseUrlString = null;
+ } else {
+ this.baseUrlString = baseUrl.toString();
+ }
+ }
+
+ @Override
+ public final URL getBaseUrl() {
return baseUrl;
}
- protected final void setBaseUrl(String baseUrl) {
- this.baseUrl = baseUrl;
+ protected final String getBaseUrlString() {
+ return baseUrlString;
}
protected final HashMap<String,JarEntry> getJarFileEntries() {
Modified: tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java Mon Nov 18 21:12:46 2013
@@ -18,6 +18,8 @@ package org.apache.catalina.webresources
import java.io.File;
import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
import org.apache.catalina.LifecycleException;
import org.apache.tomcat.util.http.RequestUtil;
@@ -104,6 +106,16 @@ public abstract class AbstractFileResour
return RequestUtil.normalize(path, File.separatorChar == '/');
}
+ @Override
+ public URL getBaseUrl() {
+ try {
+ return getFileBase().toURI().toURL();
+ } catch (MalformedURLException e) {
+ return null;
+ }
+ }
+
+
//-------------------------------------------------------- Lifecycle methods
@Override
protected void initInternal() throws LifecycleException {
Modified: tomcat/trunk/java/org/apache/catalina/webresources/JarResourceSet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/JarResourceSet.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/webresources/JarResourceSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/webresources/JarResourceSet.java Mon Nov 18 21:12:46 2013
@@ -75,7 +75,7 @@ public class JarResourceSet extends Abst
@Override
protected WebResource createArchiveResource(JarEntry jarEntry,
String webAppPath, Manifest manifest) {
- return new JarResource(getRoot(), webAppPath, getBase(), getBaseUrl(),
+ return new JarResource(getRoot(), webAppPath, getBase(), getBaseUrlString(),
jarEntry, getInternalPath(), manifest);
}
@@ -95,7 +95,7 @@ public class JarResourceSet extends Abst
}
try {
- setBaseUrl((new File(getBase())).toURI().toURL().toString());
+ setBaseUrl((new File(getBase())).toURI().toURL());
} catch (MalformedURLException e) {
throw new IllegalArgumentException(e);
}
Modified: tomcat/trunk/java/org/apache/catalina/webresources/JarWarResourceSet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/JarWarResourceSet.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/webresources/JarWarResourceSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/webresources/JarWarResourceSet.java Mon Nov 18 21:12:46 2013
@@ -78,7 +78,7 @@ public class JarWarResourceSet extends A
@Override
protected WebResource createArchiveResource(JarEntry jarEntry,
String webAppPath, Manifest manifest) {
- return new JarWarResource(getRoot(), webAppPath, getBase(), getBaseUrl(),
+ return new JarWarResource(getRoot(), webAppPath, getBase(), getBaseUrlString(),
jarEntry, archivePath, getInternalPath(), manifest);
}
@@ -103,7 +103,7 @@ public class JarWarResourceSet extends A
}
try {
- setBaseUrl((new File(getBase())).toURI().toURL().toString());
+ setBaseUrl((new File(getBase())).toURI().toURL());
} catch (MalformedURLException e) {
throw new IllegalArgumentException(e);
}
Modified: tomcat/trunk/java/org/apache/catalina/webresources/StandardRoot.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/StandardRoot.java?rev=1543163&r1=1543162&r2=1543163&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/webresources/StandardRoot.java (original)
+++ tomcat/trunk/java/org/apache/catalina/webresources/StandardRoot.java Mon Nov 18 21:12:46 2013
@@ -25,6 +25,7 @@ import java.net.URL;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.LinkedHashSet;
+import java.util.List;
import java.util.Locale;
import java.util.Set;
@@ -527,6 +528,22 @@ public class StandardRoot extends Lifecy
}
+ @Override
+ public List<URL> getBaseUrls() {
+ List<URL> result = new ArrayList<>();
+ for (List<WebResourceSet> list : allResources) {
+ for (WebResourceSet webResourceSet : list) {
+ if (!webResourceSet.getClassLoaderOnly()) {
+ URL url = webResourceSet.getBaseUrl();
+ if (url != null) {
+ result.add(url);
+ }
+ }
+ }
+ }
+ return result;
+ }
+
// ----------------------------------------------------------- JMX Lifecycle
@Override
protected String getDomainInternal() {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org