You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by lu...@apache.org on 2005/03/29 20:33:21 UTC
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet JasperLoader.java
luehe 2005/03/29 10:33:21
Modified: jasper2/src/share/org/apache/jasper/servlet
JasperLoader.java
Log:
Simplified the loading of class resources in JasperLoader.
There is no reason for it to use "different" classloaders depending on
whether security is on (classloader returned by
Thread.currentThread().getContextClassLoader()) or off ("parent"
classloader).
I think we have been using "different" classloaders for historical
reasons, because JspC.java didn't use to set thread context
classloader until the fix for Bugzilla 20155 required it to do so.
Instead, we should use "parent" classloader consistently, which always
corresponds to the URLClassLoader with access to WEB-INF/lib[classes]:
1. In JspC.java, we construct URLClassLoader and set it as the parent
of JasperLoader.
2. When invoked from JspServlet, we acquire the context classloader
(which corresponds to WebappClassLoader) inside the constructor of
JspRuntimeContext (no need for doing this inside a privileged block
there) and set it as the parent of JasperLoader.
Ran all TCKs and jsp-examples with and without security enabled.
Let me know if you see anything wrong.
Revision Changes Path
1.18 +3 -31 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java
Index: JasperLoader.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- JasperLoader.java 17 Dec 2004 14:55:30 -0000 1.17
+++ JasperLoader.java 29 Mar 2005 18:33:21 -0000 1.18
@@ -44,7 +44,6 @@
private String className;
private ClassLoader parent;
private SecurityManager securityManager;
- private PrivilegedLoadClass privLoadClass;
public JasperLoader(URL[] urls, ClassLoader parent,
PermissionCollection permissionCollection,
@@ -53,7 +52,6 @@
this.permissionCollection = permissionCollection;
this.codeSource = codeSource;
this.parent = parent;
- this.privLoadClass = new PrivilegedLoadClass();
this.securityManager = System.getSecurityManager();
}
@@ -127,29 +125,10 @@
}
}
- // Class is in a package, delegate to thread context class loader
if( !name.startsWith(Constants.JSP_PACKAGE_NAME) ) {
- if (securityManager != null) {
- final ClassLoader classLoader = (ClassLoader)AccessController.doPrivileged(privLoadClass);
- try{
- clazz = (Class)AccessController.doPrivileged(new PrivilegedExceptionAction(){
- public Object run() throws Exception{
- return classLoader.loadClass(name);
- }
- });
- } catch(PrivilegedActionException ex){
- Exception rootCause = ex.getException();
- if (rootCause instanceof ClassNotFoundException) {
- throw (ClassNotFoundException) rootCause;
- } else {
- throw new ClassNotFoundException("JasperLoader",
- rootCause);
- }
- }
- } else {
- clazz = parent.loadClass(name);
- }
-
+ // Class is not in org.apache.jsp, therefore, have our
+ // parent load it
+ clazz = parent.loadClass(name);
if( resolve )
resolveClass(clazz);
return clazz;
@@ -193,11 +172,4 @@
public final PermissionCollection getPermissions(CodeSource codeSource) {
return permissionCollection;
}
-
- private class PrivilegedLoadClass implements PrivilegedAction {
-
- public Object run() {
- return Thread.currentThread().getContextClassLoader();
- }
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org