You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/04/06 22:06:15 UTC
svn commit: r1790476 - in /tomcat/trunk:
java/org/apache/jasper/runtime/JspWriterImpl.java
java/org/apache/jasper/security/SecurityClassLoad.java
webapps/docs/changelog.xml
Author: markt
Date: Thu Apr 6 22:06:15 2017
New Revision: 1790476
URL: http://svn.apache.org/viewvc?rev=1790476&view=rev
Log:
Remove unnecessary privileged block for getLocalizeMessage.
I can't see anything in getLocalizeMessage that would trigger a security check. I checked back through the svn history and it was the JSP TCK that triggered this. I've been unable to recreate that issue with this method removed.
Modified:
tomcat/trunk/java/org/apache/jasper/runtime/JspWriterImpl.java
tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/jasper/runtime/JspWriterImpl.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/JspWriterImpl.java?rev=1790476&r1=1790475&r2=1790476&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/runtime/JspWriterImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/JspWriterImpl.java Thu Apr 6 22:06:15 2017
@@ -19,15 +19,12 @@ package org.apache.jasper.runtime;
import java.io.IOException;
import java.io.Writer;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import javax.servlet.ServletResponse;
import javax.servlet.jsp.JspWriter;
import org.apache.jasper.Constants;
import org.apache.jasper.compiler.Localizer;
-import org.apache.jasper.security.SecurityUtil;
/**
* Write text to a character-output stream, buffering characters so as
@@ -119,19 +116,6 @@ public class JspWriterImpl extends JspWr
}
}
- private String getLocalizeMessage(final String message){
- if (SecurityUtil.isPackageProtectionEnabled()){
- return AccessController.doPrivileged(new PrivilegedAction<String>(){
- @Override
- public String run(){
- return Localizer.getMessage(message);
- }
- });
- } else {
- return Localizer.getMessage(message);
- }
- }
-
/**
* Discard the output buffer.
*/
@@ -140,10 +124,10 @@ public class JspWriterImpl extends JspWr
if ((bufferSize == 0) && (out != null))
// clear() is illegal after any unbuffered output (JSP.5.5)
throw new IllegalStateException(
- getLocalizeMessage("jsp.error.ise_on_clear"));
+ Localizer.getMessage("jsp.error.ise_on_clear"));
if (flushed)
throw new IOException(
- getLocalizeMessage("jsp.error.attempt_to_clear_flushed_buffer"));
+ Localizer.getMessage("jsp.error.attempt_to_clear_flushed_buffer"));
ensureOpen();
nextChar = 0;
}
@@ -152,13 +136,13 @@ public class JspWriterImpl extends JspWr
public void clearBuffer() throws IOException {
if (bufferSize == 0)
throw new IllegalStateException(
- getLocalizeMessage("jsp.error.ise_on_clear"));
+ Localizer.getMessage("jsp.error.ise_on_clear"));
ensureOpen();
nextChar = 0;
}
private final void bufferOverflow() throws IOException {
- throw new IOException(getLocalizeMessage("jsp.error.overflow"));
+ throw new IOException(Localizer.getMessage("jsp.error.overflow"));
}
/**
Modified: tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1790476&r1=1790475&r2=1790476&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java (original)
+++ tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java Thu Apr 6 22:06:15 2017
@@ -58,8 +58,6 @@ public final class SecurityClassLoad {
SecurityUtil.isPackageProtectionEnabled();
loader.loadClass( basePackage + "servlet.JspServletWrapper");
-
- loader.loadClass( basePackage + "runtime.JspWriterImpl$1");
} catch (ClassNotFoundException ex) {
log.error("SecurityClassLoad", ex);
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1790476&r1=1790475&r2=1790476&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Apr 6 22:06:15 2017
@@ -65,6 +65,10 @@
running HTTP connector where TLS is not enabled. (markt)
</fix>
<fix>
+ <bug>47214</bug>: Refactor code so that explicitly referenced inner
+ classes are given explit names rather than being anonymous. (markt)
+ </fix>
+ <fix>
<bug>60940</bug>: Improve the handling of the <code>META-INF/</code> and
<code>META-INF/MANIFEST.MF</code> entries for Jar files located in
<code>/WEB-INF/lib</code> when running a web application from a packed
@@ -81,6 +85,10 @@
<subsection name="Jasper">
<changelog>
<fix>
+ <bug>47214</bug>: Refactor code so that explicitly referenced inner
+ classes are given explit names rather than being anonymous. (markt)
+ </fix>
+ <fix>
<bug>60925</bug>: Improve the handling of access to properties defined
by interfaces when a <code>BeanELResolver</code> is used under a
<code>SecurityManager</code>. (markt)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org