You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/08/30 22:35:39 UTC
svn commit: r1758487 - in /tomcat/trunk: conf/ java/org/apache/jasper/
java/org/apache/jasper/resources/ java/org/apache/jasper/servlet/
webapps/docs/
Author: markt
Date: Tue Aug 30 22:35:38 2016
New Revision: 1758487
URL: http://svn.apache.org/viewvc?rev=1758487&view=rev
Log:
Ignore some JSP options when running under a SecurityManager
Modified:
tomcat/trunk/conf/web.xml
tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java
tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/jasper-howto.xml
Modified: tomcat/trunk/conf/web.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/conf/web.xml?rev=1758487&r1=1758486&r2=1758487&view=diff
==============================================================================
--- tomcat/trunk/conf/web.xml (original)
+++ tomcat/trunk/conf/web.xml Tue Aug 30 22:35:38 2016
@@ -163,6 +163,8 @@
<!-- engineOptionsClass Allows specifying the Options class used to -->
<!-- configure Jasper. If not present, the default -->
<!-- EmbeddedServletOptions will be used. -->
+ <!-- This option is ignored when running under a -->
+ <!-- SecurityManager. -->
<!-- -->
<!-- errorOnUseBeanInvalidClassAttribute -->
<!-- Should Jasper issue an error when the value of -->
@@ -224,6 +226,8 @@
<!-- scratchdir What scratch directory should we use when -->
<!-- compiling JSP pages? [default work directory -->
<!-- for the current web application] -->
+ <!-- This option is ignored when running under a -->
+ <!-- SecurityManager. -->
<!-- -->
<!-- suppressSmap Should the generation of SMAP info for JSR45 -->
<!-- debugging be suppressed? [false] -->
Modified: tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java?rev=1758487&r1=1758486&r2=1758487&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java (original)
+++ tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java Tue Aug 30 22:35:38 2016
@@ -660,6 +660,10 @@ public final class EmbeddedServletOption
* scratchdir
*/
String dir = config.getInitParameter("scratchdir");
+ if (dir != null && Constants.IS_SECURITY_ENABLED) {
+ log.info(Localizer.getMessage("jsp.info.ignoreSetting", "scratchdir", dir));
+ dir = null;
+ }
if (dir != null) {
scratchDir = new File(dir);
} else {
Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1758487&r1=1758486&r2=1758487&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Tue Aug 30 22:35:38 2016
@@ -355,6 +355,7 @@ jsp.error.unbalanced.endtag=The end tag
jsp.error.invalid.bean=The value for the useBean class attribute {0} is invalid.
jsp.error.prefix.use_before_dcl=The prefix {0} specified in this tag directive has been previously used by an action in file {1} line {2}.
jsp.error.lastModified=Unable to determine last modified date for file [{0}]
+jsp.info.ignoreSetting=Ignored setting for [{0}] of [{1}] because a SecurityManager was enabled
jsp.exception=An exception occurred processing JSP page {0} at line {1}
Modified: tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java?rev=1758487&r1=1758486&r2=1758487&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java (original)
+++ tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java Tue Aug 30 22:35:38 2016
@@ -71,8 +71,8 @@ public class JspServlet extends HttpServ
private ServletConfig config;
private transient Options options;
private transient JspRuntimeContext rctxt;
- //jspFile for a jsp configured explicitly as a servlet, in environments where this configuration is
- //translated into an init-param for this servlet.
+ // jspFile for a jsp configured explicitly as a servlet, in environments where this
+ // configuration is translated into an init-param for this servlet.
private String jspFile;
@@ -89,6 +89,11 @@ public class JspServlet extends HttpServ
// Initialize the JSP Runtime Context
// Check for a custom Options implementation
String engineOptionsName = config.getInitParameter("engineOptionsClass");
+ if (Constants.IS_SECURITY_ENABLED && engineOptionsName != null) {
+ log.info(Localizer.getMessage(
+ "jsp.info.ignoreSetting", "engineOptionsClass", engineOptionsName));
+ engineOptionsName = null;
+ }
if (engineOptionsName != null) {
// Instantiate the indicated Options implementation
try {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1758487&r1=1758486&r2=1758487&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug 30 22:35:38 2016
@@ -264,6 +264,10 @@
<bug>60032</bug>: Fix handling of method calls that use varargs within
EL value expressions. (markt)
</fix>
+ <fix>
+ Ignore <code>engineOptionsClass</code> and <code>scratchdir</code> when
+ running under a security manager. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="WebSocket">
Modified: tomcat/trunk/webapps/docs/jasper-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/jasper-howto.xml?rev=1758487&r1=1758486&r2=1758487&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/jasper-howto.xml (original)
+++ tomcat/trunk/webapps/docs/jasper-howto.xml Tue Aug 30 22:35:38 2016
@@ -132,7 +132,7 @@ default <code>true</code>.
<li><strong>engineOptionsClass</strong> - Allows specifying the Options class
used to configure Jasper. If not present, the default EmbeddedServletOptions
-will be used.
+will be used. This option is ignored if running under a SecurityManager.
</li>
<li><strong>errorOnUseBeanInvalidClassAttribute</strong> - Should Jasper issue
@@ -185,7 +185,7 @@ may be expensive and could lead to exces
<li><strong>scratchdir</strong> - What scratch directory should we use when
compiling JSP pages? Default is the work directory for the current web
-application.</li>
+application. This option is ignored if running under a SecurityManager.</li>
<li><strong>suppressSmap</strong> - Should the generation of SMAP info for JSR45
debugging be suppressed? <code>true</code> or <code>false</code>, default
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org