You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by co...@apache.org on 2001/01/25 06:07:41 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/compat Action.java Jdk11Compat.java Jdk12Support.java
costin 01/01/24 21:07:40
Modified: . build.xml
src/etc server.xml tomcat.policy
src/facade22/org/apache/tomcat/facade
RequestDispatcherImpl.java
src/share/org/apache/tomcat/core BaseInterceptor.java
src/share/org/apache/tomcat/modules/config
LoaderInterceptor11.java PolicyInterceptor.java
ServerXmlInterceptor.java
src/share/org/apache/tomcat/modules/generators
Jdk12Interceptor.java
src/share/org/apache/tomcat/modules/session
SimpleSessionStore.java
Added: src/share/org/apache/tomcat/modules/config PolicyLoader.java
src/share/org/apache/tomcat/util/compat Action.java
Jdk11Compat.java Jdk12Support.java
Log:
Fixes and changes for JDK1.1 support.
The build on 1.1 was broken for few weeks, and I hope this solution
will improve the things a bit (in addition, I'll check the nightly 1.1
build until we're done ).
The util.compat package contains a helper that will avoid the use of
introspection or other (complex) solutions to maintain 1.1 compatibility.
It's just a small wrapper around common methods, with 2 implementations -
one for jdk1.1 ( doing nothing for doPriviledged, returning SimpleClassLoader,
etc) and one for jdk1.2+ ( wrapping and performing PriviledgedAction,
returning the URLClassLoader, etc).
As a result:
- LoaderInterceptor12 is no longer needed
- LoaderInterceptor11 will automatically use URLClassLoader if in Java2
environment, no need to edit server.xml for that
- Jdk12Interceptor compiles and can be loaded in jdk1.1. It'll do
java2 tasks if java2 is detected ( there is another trick to add it only
if needed - see next )
- and of course, it builds and work fine on JDK1.1 ( again )
As a related change, PolicyInterceptor will be automatically
loaded if Java2 is detected and a security manager is set (or a
secure option is set on the contextmanager ). To do that we use
PolicyLoader, that detect the conditions where we want sandboxing
and if java2 is available and loads the "real" policy interceptor.
That simplifies a lot the configuration, we no longer need to explain
how to change the config just to run JNDI in java2 environment.
I also added the permissions needed to run /admin in a sandbox, there
are few tests that are failing in sandbox - I'm working on a fix
( but probably next week, I have a deadline for monday )
Also, added a small comment ( to be expanded ) in BaseInterceptor.
Revision Changes Path
1.106 +3 -1 jakarta-tomcat/build.xml
Index: build.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/build.xml,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- build.xml 2001/01/22 16:42:00 1.105
+++ build.xml 2001/01/25 05:07:32 1.106
@@ -107,6 +107,7 @@
<!-- no dependencies -->
<include name="org/apache/tomcat/util/**"/>
<exclude name="**/util/net/SSLSocketFactory.java" unless="jsse.present"/>
+ <exclude name="**/util/compat/Jdk12Support.java" unless="jdk12.present"/>
</javac>
<jar jarfile="${tomcat.build}/lib/tomcat_util.jar"
basedir="${tomcat.build}/classes">
@@ -238,9 +239,10 @@
<pathelement location="${tomcat.build}/lib/tomcat_core.jar"/>
</classpath>
<include name="org/apache/tomcat/modules/**"/>
- <exclude
+ <!-- <exclude
name="org/apache/tomcat/modules/generators/Jdk12Interceptor.java"
unless="jdk12.present"/>
+ -->
<exclude
name="org/apache/tomcat/modules/config/LoaderInterceptor12.java"
unless="jdk12.present"/>
1.60 +6 -3 jakarta-tomcat/src/etc/server.xml
Index: server.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- server.xml 2001/01/01 02:07:23 1.59
+++ server.xml 2001/01/25 05:07:33 1.60
@@ -112,6 +112,9 @@
<ContextInterceptor
className="org.apache.tomcat.facade.WebXmlReader" />
+ <ContextInterceptor
+ className="org.apache.tomcat.modules.config.PolicyLoader" />
+
<!-- Uncomment out if you have JDK1.2 and want to implement
the Java SecurityManager
<ContextInterceptor
@@ -149,11 +152,11 @@
className="org.apache.tomcat.modules.mappers.SimpleMapper1"
debug="0" />
- <!-- fix the context class loader, other JDK1.2 specific code
+ <!-- fix the context class loader, other JDK1.2 specific code -->
<RequestInterceptor
- className="org.apache.tomcat.modules.mappers.Jdk12Interceptor"
+ className="org.apache.tomcat.modules.generators.Jdk12Interceptor"
debug="0" />
- -->
+ <!-- -->
<!-- Non-standard invoker, for backward compat. ( /servlet/* )
-->
1.8 +8 -0 jakarta-tomcat/src/etc/tomcat.policy
Index: tomcat.policy
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/etc/tomcat.policy,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- tomcat.policy 2001/01/08 12:15:21 1.7
+++ tomcat.policy 2001/01/25 05:07:34 1.8
@@ -23,3 +23,11 @@
permission java.util.PropertyPermission "*", "read";
};
+grant codeBase "file:${tomcat.home}/webapps/admin/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${tomcat.home}/work/DEFAULT/admin/-" {
+ permission java.security.AllPermission;
+};
+
1.12 +70 -26 jakarta-tomcat/src/facade22/org/apache/tomcat/facade/RequestDispatcherImpl.java
Index: RequestDispatcherImpl.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/facade22/org/apache/tomcat/facade/RequestDispatcherImpl.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- RequestDispatcherImpl.java 2001/01/20 21:33:04 1.11
+++ RequestDispatcherImpl.java 2001/01/25 05:07:35 1.12
@@ -62,6 +62,7 @@
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.StringManager;
+import org.apache.tomcat.util.compat.*;
import java.io.*;
import java.util.*;
import java.security.*;
@@ -135,27 +136,37 @@
}
// -------------------- Public methods --------------------
+ Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
+ RDIAction forwardAction=new RDIAction( this,false);
+ RDIAction includeAction=new RDIAction( this,true);
public void forward(ServletRequest request, ServletResponse response)
throws ServletException, IOException
{
if( System.getSecurityManager() != null ) {
- final ServletRequest req = request;
- final ServletResponse res = response;
+// final ServletRequest req = request;
+// final ServletResponse res = response;
try {
- java.security.AccessController.doPrivileged(
- new java.security.PrivilegedExceptionAction()
- {
- public Object run() throws ServletException, IOException {
- doForward(req,res);
- return null;
- }
- }
- );
- } catch( PrivilegedActionException pe) {
- Exception e = pe.getException();
+ forwardAction.prepare( request, response );
+ jdk11Compat.doPrivileged( forwardAction );
+
+// java.security.AccessController.doPrivileged(
+// new java.security.PrivilegedExceptionAction()
+// {
+// public Object run() throws ServletException, IOException {
+// doForward(req,res);
+// return null;
+// }
+// }
+// );
+// } catch( PrivilegedActionException pe) {
+// Exception e = pe.getException();
+ } catch( Exception e) {
if( e instanceof ServletException )
throw (ServletException)e;
+ if( e instanceof RuntimeException )
+ throw (RuntimeException)e;
+ // can only be IOException
throw (IOException)e;
}
} else {
@@ -246,24 +257,35 @@
throws ServletException, IOException
{
if( System.getSecurityManager() != null ) {
- final ServletRequest req = request;
- final ServletResponse res = response;
+// final ServletRequest req = request;
+// final ServletResponse res = response;
try {
- java.security.AccessController.doPrivileged(
- new java.security.PrivilegedExceptionAction()
- {
- public Object run() throws ServletException, IOException {
- doInclude(req,res);
- return null;
- }
- }
- );
- } catch( PrivilegedActionException pe) {
- Exception e = pe.getException();
+ includeAction.prepare( request, response );
+ jdk11Compat.doPrivileged( includeAction );
+
+// java.security.AccessController.doPrivileged(
+// new java.security.PrivilegedExceptionAction()
+// {
+// public Object run() throws ServletException, IOException {
+// doInclude(req,res);
+// return null;
+// }
+// }
+// );
+// } catch( PrivilegedActionException pe) {
+ } catch( Exception e) {
if( e instanceof ServletException )
throw (ServletException)e;
+ if( e instanceof RuntimeException )
+ throw (RuntimeException)e;
+ // can only be IOException
throw (IOException)e;
}
+// Exception e = pe.getException();
+// if( e instanceof ServletException )
+// throw (ServletException)e;
+// throw (IOException)e;
+// }
} else {
doInclude(request,response);
}
@@ -599,6 +621,28 @@
if( ex instanceof IOException )
throw (IOException)ex;
throw new ServletException( ex );
+ }
+ }
+
+ static class RDIAction extends Action {
+ ServletRequest req;
+ ServletResponse res;
+ RequestDispatcherImpl rdi;
+ boolean include;
+ RDIAction(RequestDispatcherImpl rdi, boolean incl) {
+ this.rdi=rdi;
+ include=incl;
+ }
+ public void prepare( ServletRequest req, ServletResponse res ) {
+ this.req=req;
+ this.res=res;
+ }
+ public Object action() throws Exception {
+ if( include )
+ rdi.doInclude( req, res );
+ else
+ rdi.doForward( req, res );
+ return null;
}
}
}
1.37 +11 -1 jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java
Index: BaseInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- BaseInterceptor.java 2001/01/01 00:17:23 1.36
+++ BaseInterceptor.java 2001/01/25 05:07:35 1.37
@@ -78,7 +78,17 @@
*
* Interceptors are the main extension mechanism for tomcat. They have full
* access and control all aspects in tomcat operation.
- *
+ *
+ * <p><b>Sandboxing. </b> Tomcat may be run in a java2 sandboxed environment.
+ * All request processing callbacks can be initiated as a result of
+ * user ( untrusted ) code ( for example - a servlet creating a new session ).
+ *
+ * The module is responsible for using doPriviledged() blocks for all
+ * actions that require special priviledges. "Base" modules ( included
+ * in the distribution ) that perform essential functionality must also
+ * ensure JDK1.1 compatibility. The priviledged block must be as small
+ * as possible and do only a clearly defined action.
+ *
*/
public class BaseInterceptor
{
1.4 +50 -12 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/LoaderInterceptor11.java
Index: LoaderInterceptor11.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/LoaderInterceptor11.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- LoaderInterceptor11.java 2001/01/07 01:53:55 1.3
+++ LoaderInterceptor11.java 2001/01/25 05:07:36 1.4
@@ -61,6 +61,7 @@
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.*;
+import org.apache.tomcat.util.compat.*;
import org.apache.tomcat.util.depend.*;
import java.io.*;
import java.net.*;
@@ -69,15 +70,32 @@
/**
* Set class loader based on WEB-INF/classes, lib.
- * Use with JDK1.1.
+ * Compatible with JDK1.1, but takes advantage of URLClassLoader if
+ * java2 is detected.
+ *
*
* @author costin@dnt.ro
*/
public class LoaderInterceptor11 extends BaseInterceptor {
-
+ boolean useAL=false;
+ boolean useNoParent=false;
+
public LoaderInterceptor11() {
}
+ /** Use ContextManager.getParentLoader() - typlically the class loader
+ * that is set by the application embedding tomcat.
+ */
+ public void setUseApplicationLoader( boolean b ) {
+ useAL=b;
+ }
+
+ /** Use no parent loader. The contexts will be completely isolated.
+ */
+ public void setUseNoParent( boolean b ) {
+ useNoParent=b;
+ }
+
public void addContext( ContextManager cm, Context context)
throws TomcatException
{
@@ -136,13 +154,22 @@
dm=new DependManager();
context.setDependManager( dm );
}
-
- // XXX Customize this - based on context prefs,
- // select the right parent - it may be CM.getParentLoader()
- ClassLoader parent=this.getClass().getClassLoader();
- SimpleClassLoader loader=new SimpleClassLoader(classP, parent);
+ ClassLoader parent=null;
+ if( useAL )
+ parent=cm.getParentLoader();
+ else if( useNoParent )
+ parent=null;
+ else
+ parent=this.getClass().getClassLoader();
+
+ // Construct a class loader. Use URLClassLoader if Java2,
+ // replacement ( SimpleClassLoader ) if not
+ // SimpleClassLoader loader=new SimpleClassLoader(classP, parent);
+ ClassLoader loader=jdk11Compat.newClassLoaderInstance( classP, parent);
DependClassLoader dcl=new DependClassLoader( dm, loader);
+ if( debug > 0 )
+ log("Loader " + loader.getClass().getName() + " " + parent);
context.setClassLoader( dcl );
}
@@ -164,15 +191,26 @@
"oldLoader");
context.getContainer().setNote( oldLoaderNote, oldLoader);
- // XXX Customize this - based on context prefs,
- // select the right parent - it may be CM.getParentLoader()
- ClassLoader parent=this.getClass().getClassLoader();
-
- SimpleClassLoader loader=new SimpleClassLoader(urls, parent);
+ ClassLoader parent=null;
+ if( useAL )
+ parent=cm.getParentLoader();
+ else if( useNoParent )
+ parent=null;
+ else
+ parent=this.getClass().getClassLoader();
+
+ // Construct a class loader. Use URLClassLoader if Java2,
+ // replacement ( SimpleClassLoader ) if not
+ // SimpleClassLoader loader=new SimpleClassLoader(urls, parent);
+ ClassLoader loader=jdk11Compat.newClassLoaderInstance( urls, parent);
DependClassLoader dcl=new DependClassLoader( dm, loader);
context.setClassLoader( dcl );
}
+ // --------------------
+
+ static final Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
+
private void getJars(Vector v, File f) {
FilenameFilter jarfilter = new FilenameFilter() {
public boolean accept(File dir, String fname) {
1.5 +18 -3 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyInterceptor.java
Index: PolicyInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyInterceptor.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- PolicyInterceptor.java 2001/01/23 05:08:38 1.4
+++ PolicyInterceptor.java 2001/01/25 05:07:36 1.5
@@ -78,7 +78,8 @@
* @author Glenn Nielsen
* @author costin@dnt.ro
*/
-public class PolicyInterceptor extends BaseInterceptor {
+public class PolicyInterceptor extends PolicyLoader { // BaseInterceptor {
+ // PolicyLoader is used to load PolicyInterceptor
String securityManagerClass="java.lang.SecurityManager";
String policyFile=null;
@@ -92,7 +93,13 @@
public void setPolicyFile( String pf) {
policyFile=pf;
}
-
+
+ public void addInterceptor(ContextManager cm, Context ctx,
+ BaseInterceptor module)
+ throws TomcatException
+ {
+ }
+
/** Set the security manager, so that policy will be used
*/
public void engineInit(ContextManager cm) throws TomcatException {
@@ -129,9 +136,16 @@
protected void addDefaultPermissions( Context context,String base,
Permissions p )
{
+ if( context.isTrusted() ) {
+ AllPermission aP=new AllPermission();
+ p.add( aP );
+ return;
+ }
+
// Add default read "-" FilePermission for docBase, classes, lib
// Default per context permissions
- FilePermission fp = new FilePermission(base + File.separator + "-", "read");
+ FilePermission fp = new FilePermission(base + File.separator + "-",
+ "read");
if( fp != null )
p.add((Permission)fp);
// JspFactory.getPageContext() runs in JSP Context and needs the below
@@ -152,6 +166,7 @@
{
ContextManager cm = context.getContextManager();
String base = context.getAbsolutePath();
+ // File wd = context.getWorkDir();
try {
File dir = new File(base);
1.6 +1 -1 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ServerXmlInterceptor.java
Index: ServerXmlInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ServerXmlInterceptor.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ServerXmlInterceptor.java 2001/01/20 21:40:47 1.5
+++ ServerXmlInterceptor.java 2001/01/25 05:07:37 1.6
@@ -109,7 +109,7 @@
cm.setInstallDir( tchome);
// load server.xml
- File f = null;
+ File f = null;
if (configFile != null)
f=new File(configFile);
else
1.1 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyLoader.java
Index: PolicyLoader.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.modules.config;
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.*;
import org.apache.tomcat.util.compat.*;
import java.io.*;
import java.net.*;
import java.util.*;
import java.security.*;
import org.apache.tomcat.util.log.*;
/**
* Load the PolicyInterceptor if JDK1.2 is detected and if "sandbox"
* property of ContextManager is set.
*
* This simplifies the configuration of tomcat - we don't need to
* use special configs for jdk1.1/jdk1.2+ ( the code can auto-detect that ).
* We use a simple ContextManager property ( that can be set from command
* line, or via sandbox="true" ).
*
* This class acts as a proxy for the PolicyInterceptor.
*/
public class PolicyLoader extends BaseInterceptor {
String securityManagerClass="java.lang.SecurityManager";
String policyFile=null;
public PolicyLoader() {
}
public void setSecurityManagerClass(String cls) {
securityManagerClass=cls;
}
public String getSecurityManagerClass() {
return securityManagerClass;
}
public String getPolicyFile() {
return policyFile;
}
public void setPolicyFile(String pf) {
policyFile=pf;
}
static Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
public void addInterceptor(ContextManager cm, Context ctx,
BaseInterceptor module)
throws TomcatException
{
if( this != module ) return;
if( ! jdk11Compat.isJava2() )
return;
// find if PolicyInterceptor has already been loaded
if( System.getSecurityManager() != null ||
cm.getProperty("sandbox") != null )
{
log("Found security manager ");
try {
Class c=Class.
forName( "org.apache.tomcat.modules.config.PolicyInterceptor" );
// trick to configure PolicyInterceptor.
PolicyLoader policyModule=(PolicyLoader)c.newInstance();
policyModule.setSecurityManagerClass( securityManagerClass);
policyModule.setPolicyFile( policyFile );
cm.addInterceptor( policyModule );
// we could also remove PolicyLoader, since it's no longer
// needed
} catch( Exception ex ) {
ex.printStackTrace();
}
}
// load the PolicyInterceptor
}
}
1.2 +22 -18 jakarta-tomcat/src/share/org/apache/tomcat/modules/generators/Jdk12Interceptor.java
Index: Jdk12Interceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/generators/Jdk12Interceptor.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Jdk12Interceptor.java 2001/01/01 02:01:30 1.1
+++ Jdk12Interceptor.java 2001/01/25 05:07:38 1.2
@@ -61,6 +61,7 @@
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.*;
+import org.apache.tomcat.util.compat.*;
import java.io.*;
import java.net.*;
import java.util.*;
@@ -101,10 +102,10 @@
public int preService(Request request, Response response) {
if( request.getContext() == null ) return 0;
fixJDKContextClassLoader(request.getContext());
- // log("Setting class loader for service()");
return 0;
}
+ static Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
// Before we do init() or service(), we need to do some tricks
@@ -121,24 +122,27 @@
log("ERROR: Jdk12Interceptor: classloader==null");
return;
}
- // this may be called from include(), in which case we
- // have the codebase==jsp or servlet
- java.security.AccessController.doPrivileged(new
- java.security.PrivilegedAction()
- {
- public Object run() {
- Thread.currentThread().setContextClassLoader(cl);
- return null;
- }
- });
+ if( cl == jdk11Compat.getContextClassLoader() )
+ return; // nothing to do - or in include if same context
-// try {
-// Thread t=Thread.currentThread();
-// t.setContextClassLoader( cl );
-// // log("Jdk12Interceptor: Setting CL " + cl );
-// } catch( Throwable t ) {
-// t.print Stack Trace();
-// }
+ jdk11Compat.setContextClassLoader(cl);
+ // XXX if sandboxing is enabled and include() is not doing
+ // doPriviledged, then the code that checks for cross-context
+ // calls must also set the class loader or doPriviledged.
+
+ // include() has it's own doPrivileged, no need for a second.
+
+// // this may be called from include(), in which case we
+// // have the codebase==jsp or servlet
+// java.security.AccessController.doPrivileged(new
+// java.security.PrivilegedAction()
+// {
+// public Object run() {
+// Thread.currentThread().setContextClassLoader(cl);
+// return null;
+// }
+// });
+
}
}
1.8 +12 -3 jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SimpleSessionStore.java
Index: SimpleSessionStore.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SimpleSessionStore.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- SimpleSessionStore.java 2001/01/08 12:15:22 1.7
+++ SimpleSessionStore.java 2001/01/25 05:07:39 1.8
@@ -61,6 +61,7 @@
import java.io.*;
import java.util.Random;
import org.apache.tomcat.util.*;
+import org.apache.tomcat.util.compat.*;
import org.apache.tomcat.util.threads.*;
import org.apache.tomcat.core.*;
import java.util.*;
@@ -410,6 +411,8 @@
public ServerSession getNewSession() {
return getNewSession( null ) ;
}
+
+ static Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
public ServerSession getNewSession(String jsIdent) {
if ((maxActiveSessions >= 0) &&
@@ -436,7 +439,7 @@
*/
String newId;
if( System.getSecurityManager() != null ) {
- class doInit implements PrivilegedAction {
+ class doInit extends Action { // implements PrivilegedAction {
private Random randomSource;
private String jsIdent;
public doInit(Random rs, String ident) {
@@ -444,11 +447,17 @@
jsIdent = ident;
}
public Object run() {
- return SessionIdGenerator.getIdentifier(randomSource, jsIdent);
+ return SessionIdGenerator.getIdentifier(randomSource,
+ jsIdent);
}
}
doInit di = new doInit(randomSource,jsIdent);
- newId= (String)AccessController.doPrivileged(di);
+ try {
+ newId= (String)jdk11Compat.doPrivileged(di);
+ } catch( Exception ex ) {
+ newId=null;
+ }
+ //AccessController.doPrivileged(di);
} else {
newId= SessionIdGenerator.getIdentifier(randomSource, jsIdent);
}
1.1 jakarta-tomcat/src/share/org/apache/tomcat/util/compat/Action.java
Index: Action.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.util.compat;
/**
*
*/
public class Action {
Object proxy;
public Object getProxy() {return proxy;}
public void setProxy(Object v) {this.proxy = v;}
public Object run() throws Exception {
return null;
}
}
1.1 jakarta-tomcat/src/share/org/apache/tomcat/util/compat/Jdk11Compat.java
Index: Jdk11Compat.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.util.compat;
import java.net.URL;
// XXX move it here, it's 1.1 specific
import org.apache.tomcat.util.SimpleClassLoader;
/** General-purpose utility to provide backward-compatibility and JDK
independence. This allow use of JDK1.2 ( or higher ) facilities if
available, while maintaining the code compatible with older VMs.
The goal is to make backward-compatiblity reasonably easy.
The base class supports JDK1.1 behavior.
*/
public class Jdk11Compat {
/** Return java version as a string
*/
public static String getJavaVersion() {
return javaVersion;
}
public static boolean isJava2() {
return java2;
}
/** Return a class loader. For JDK1.2+ will return a URLClassLoader.
* For JDK1.1 will return a substitute ( util.SimpleClassLoader )
*/
public ClassLoader newClassLoaderInstance( URL urls[],
ClassLoader parent )
{
return new SimpleClassLoader( urls, parent );
}
/** Do a priviledged action. For java2 a wrapper will be provided
and the AccesscController will be called.
*/
public Object doPrivileged( Action action ) throws Exception {
// ( using util's permissions !)
return action.run();
}
/** Set the context class loader - if possible.
*/
public void setContextClassLoader( ClassLoader cl ) {
// nothing
}
/** Get the context class loader, if java2.
*/
public ClassLoader getContextClassLoader() {
return null;
}
// Other methods, as needed
// -------------------- Factory --------------------
/** Get a compatibiliy helper class.
*/
public static Jdk11Compat getJdkCompat() {
return compat;
}
// -------------------- Implementation --------------------
// from ant
public static final String JAVA_1_0 = "1.0";
public static final String JAVA_1_1 = "1.1";
public static final String JAVA_1_2 = "1.2";
public static final String JAVA_1_3 = "1.3";
static String javaVersion;
static boolean java2=false;
static Jdk11Compat compat;
static {
init();
}
// class providing java2 support
static final String JAVA2_SUPPORT=
"org.apache.tomcat.util.compat.Jdk12Support";
private static void init() {
try {
javaVersion = JAVA_1_0;
Class.forName("java.lang.Void");
javaVersion = JAVA_1_1;
Class.forName("java.lang.ThreadLocal");
java2=true;
javaVersion = JAVA_1_2;
Class.forName("java.lang.StrictMath");
javaVersion = JAVA_1_3;
} catch (ClassNotFoundException cnfe) {
// swallow as we've hit the max class version that we have
}
if( java2 ) {
try {
Class c=Class.forName(JAVA2_SUPPORT);
compat=(Jdk11Compat)c.newInstance();
} catch( Exception ex ) {
compat=new Jdk11Compat();
}
} else {
compat=new Jdk11Compat();
}
}
}
1.1 jakarta-tomcat/src/share/org/apache/tomcat/util/compat/Jdk12Support.java
Index: Jdk12Support.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.util.compat;
import java.net.*;
import java.util.*;
import java.security.*;
/**
*
*/
public class Jdk12Support extends Jdk11Compat {
/** Return a class loader. For JDK1.2+ will return a URLClassLoader.
* For JDK1.1 will return the util.SimepleClassLoader
*/
public ClassLoader newClassLoaderInstance( URL urls[],
ClassLoader parent )
{
return URLClassLoader.newInstance( urls, parent );
}
public Object doPrivileged( Action action ) throws Exception {
Object proxy=action.getProxy();
if( proxy==null ) {
proxy=new PrivilegedProxy(action);
action.setProxy( proxy );
}
try {
return AccessController.
doPrivileged((PrivilegedExceptionAction)proxy);
} catch( PrivilegedActionException pe ) {
Exception e = pe.getException();
throw e;
}
}
public void setContextClassLoader( ClassLoader cl ) {
// we can't doPrivileged here - it'll be a major security
// problem
Thread.currentThread().setContextClassLoader(cl);
}
public ClassLoader getContextClassLoader() {
return Thread.currentThread().getContextClassLoader();
}
// -------------------- Support --------------------
static class PrivilegedProxy implements PrivilegedExceptionAction
{
Action action;
PrivilegedProxy( Action act ) {
action=act;
}
public Object run() throws Exception
{
return action.run();
}
}
}