You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/11/10 06:36:35 UTC
svn commit: r1200161 - in
/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security: Constants.java
SecurityClassLoad.java SecurityConfig.java SecurityListener.java
SecurityUtil.java
Author: kkolinko
Date: Thu Nov 10 05:36:35 2011
New Revision: 1200161
URL: http://svn.apache.org/viewvc?rev=1200161&view=rev
Log:
Merging revision 1187801 from tomcat/trunk:
Whitespace removal from remaining /java/org/apache/catalina
Part 6
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/Constants.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityConfig.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityListener.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/Constants.java?rev=1200161&r1=1200160&r2=1200161&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/Constants.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/Constants.java Thu Nov 10 05:36:35 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1200161&r1=1200160&r2=1200161&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu Nov 10 05:36:35 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -36,7 +36,7 @@ public final class SecurityClassLoad {
if( System.getSecurityManager() == null ){
return;
}
-
+
loadCorePackage(loader);
loadCoyotePackage(loader);
loadLoaderPackage(loader);
@@ -44,11 +44,11 @@ public final class SecurityClassLoad {
loadSessionPackage(loader);
loadUtilPackage(loader);
loadJavaxPackage(loader);
- loadConnectorPackage(loader);
+ loadConnectorPackage(loader);
loadTomcatPackage(loader);
}
-
-
+
+
private static final void loadCorePackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.core.";
@@ -95,8 +95,8 @@ public final class SecurityClassLoad {
(basePackage +
"ApplicationHttpRequest$AttributeNamesEnumerator");
}
-
-
+
+
private static final void loadLoaderPackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.loader.";
@@ -104,8 +104,8 @@ public final class SecurityClassLoad {
(basePackage +
"WebappClassLoader$PrivilegedFindResourceByName");
}
-
-
+
+
private static final void loadRealmPackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.realm.";
@@ -126,16 +126,16 @@ public final class SecurityClassLoad {
loader.loadClass
(basePackage + "StandardManager$PrivilegedDoUnload");
}
-
-
+
+
private static final void loadUtilPackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.util.";
loader.loadClass(basePackage + "Enumerator");
loader.loadClass(basePackage + "ParameterMap");
}
-
-
+
+
private static final void loadCoyotePackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.coyote.";
@@ -151,7 +151,7 @@ public final class SecurityClassLoad {
throws Exception {
loader.loadClass("javax.servlet.http.Cookie");
}
-
+
private static final void loadConnectorPackage(ClassLoader loader)
throws Exception {
@@ -182,7 +182,7 @@ public final class SecurityClassLoad {
"RequestFacade$GetHeadersPrivilegedAction");
loader.loadClass
(basePackage +
- "RequestFacade$GetHeaderNamesPrivilegedAction");
+ "RequestFacade$GetHeaderNamesPrivilegedAction");
loader.loadClass
(basePackage +
"RequestFacade$GetCookiesPrivilegedAction");
@@ -196,7 +196,7 @@ public final class SecurityClassLoad {
(basePackage +
"ResponseFacade$SetContentTypePrivilegedAction");
loader.loadClass
- (basePackage +
+ (basePackage +
"ResponseFacade$DateHeaderPrivilegedAction");
loader.loadClass
(basePackage +
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityConfig.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityConfig.java?rev=1200161&r1=1200160&r2=1200161&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityConfig.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityConfig.java Thu Nov 10 05:36:35 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -32,17 +32,17 @@ public final class SecurityConfig{
private static final org.apache.juli.logging.Log log=
org.apache.juli.logging.LogFactory.getLog( SecurityConfig.class );
-
+
private static final String PACKAGE_ACCESS = "sun.,"
- + "org.apache.catalina."
+ + "org.apache.catalina."
+ ",org.apache.jasper."
+ ",org.apache.coyote."
+ ",org.apache.tomcat.";
-
+
// FIX ME package "javax." was removed to prevent HotSpot
// fatal internal errors
private static final String PACKAGE_DEFINITION= "java.,sun."
- + ",org.apache.catalina."
+ + ",org.apache.catalina."
+ ",org.apache.coyote."
+ ",org.apache.tomcat."
+ ",org.apache.jasper.";
@@ -50,29 +50,29 @@ public final class SecurityConfig{
* List of protected package from conf/catalina.properties
*/
private String packageDefinition;
-
-
+
+
/**
* List of protected package from conf/catalina.properties
*/
- private String packageAccess;
-
-
+ private String packageAccess;
+
+
/**
* Create a single instance of this class.
*/
- private SecurityConfig(){
+ private SecurityConfig(){
try{
packageDefinition = CatalinaProperties.getProperty("package.definition");
packageAccess = CatalinaProperties.getProperty("package.access");
} catch (java.lang.Exception ex){
if (log.isDebugEnabled()){
- log.debug("Unable to load properties using CatalinaProperties", ex);
- }
+ log.debug("Unable to load properties using CatalinaProperties", ex);
+ }
}
}
-
-
+
+
/**
* Returns the singleton instance of that class.
* @return an instance of that class.
@@ -83,21 +83,21 @@ public final class SecurityConfig{
}
return singleton;
}
-
-
+
+
/**
* Set the security package.access value.
*/
public void setPackageAccess(){
// If catalina.properties is missing, protect all by default.
if (packageAccess == null){
- setSecurityProperty("package.access", PACKAGE_ACCESS);
+ setSecurityProperty("package.access", PACKAGE_ACCESS);
} else {
- setSecurityProperty("package.access", packageAccess);
+ setSecurityProperty("package.access", packageAccess);
}
}
-
-
+
+
/**
* Set the security package.definition value.
*/
@@ -109,8 +109,8 @@ public final class SecurityConfig{
setSecurityProperty("package.definition", packageDefinition);
}
}
-
-
+
+
/**
* Set the proper security property
* @param properties the package.* property.
@@ -129,8 +129,8 @@ public final class SecurityConfig{
Security.setProperty(properties, definition);
}
}
-
-
+
+
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityListener.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityListener.java?rev=1200161&r1=1200160&r2=1200161&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityListener.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityListener.java Thu Nov 10 05:36:35 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -32,7 +32,7 @@ public class SecurityListener implements
private static final Log log = LogFactory.getLog(SecurityListener.class);
private static final StringManager sm =
- StringManager.getManager(Constants.PACKAGE);
+ StringManager.getManager(Constants.PACKAGE);
private static final String UMASK_PROPERTY_NAME =
Constants.PACKAGE + ".SecurityListener.UMASK";
@@ -71,7 +71,7 @@ public class SecurityListener implements
* with null or the empty string will clear the list of users and
* effectively disables this check. User names will always be checked in a
* case insensitive manner.
- *
+ *
* @param userNameList A comma separated list of operating system users not
* permitted to run Tomcat
*/
@@ -92,7 +92,7 @@ public class SecurityListener implements
/**
* Returns the current list of operating system users not permitted to run
* Tomcat.
- *
+ *
* @return A comma separated list of operating sytem user names.
*/
public String getCheckedOsUsers() {
@@ -113,7 +113,7 @@ public class SecurityListener implements
/**
* Set the minimum umask that must be configured before Tomcat will start.
- *
+ *
* @param umask The 4-digit umask as returned by the OS command <i>umask</i>
*/
public void setMinimumUmask(String umask) {
@@ -127,7 +127,7 @@ public class SecurityListener implements
/**
* Get the minimum umask that must be configured before Tomcat will start.
- *
+ *
* @return The 4-digit umask as used by the OS command <i>umask</i>
*/
public String getMinimumUmask() {
@@ -142,13 +142,13 @@ public class SecurityListener implements
checkOsUser();
checkUmask();
}
-
+
protected void checkOsUser() {
String userName = System.getProperty("user.name");
if (userName != null) {
String userNameLC = userName.toLowerCase();
-
+
if (checkedOsUsers.contains(userNameLC)) {
// Have to throw Error to force start process to be aborted
throw new Error(sm.getString(
@@ -156,7 +156,7 @@ public class SecurityListener implements
}
}
}
-
+
protected void checkUmask() {
String prop = System.getProperty(UMASK_PROPERTY_NAME);
@@ -185,7 +185,7 @@ public class SecurityListener implements
return;
}
}
-
+
if ((umask.intValue() & minimumUmask.intValue()) !=
minimumUmask.intValue()) {
throw new Error(sm.getString("SecurityListener.checkUmaskFail",
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java?rev=1200161&r1=1200160&r2=1200161&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityUtil.java Thu Nov 10 05:36:35 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -37,9 +37,9 @@ import javax.servlet.http.HttpSession;
import org.apache.catalina.Globals;
import org.apache.tomcat.util.res.StringManager;
/**
- * This utility class associates a <code>Subject</code> to the current
+ * This utility class associates a <code>Subject</code> to the current
* <code>AccessControlContext</code>. When a <code>SecurityManager</code> is
- * used, * the container will always associate the called thread with an
+ * used, * the container will always associate the called thread with an
* AccessControlContext * containing only the principal of the requested
* Servlet/Filter.
*
@@ -49,100 +49,100 @@ import org.apache.tomcat.util.res.String
*/
public final class SecurityUtil{
-
+
private static final int INIT= 0;
private static final int SERVICE = 1;
private static final int DOFILTER = 1;
private static final int EVENT = 2;
private static final int DOFILTEREVENT = 2;
private static final int DESTROY = 3;
-
+
private static final String INIT_METHOD = "init";
private static final String DOFILTER_METHOD = "doFilter";
private static final String SERVICE_METHOD = "service";
private static final String EVENT_METHOD = "event";
private static final String DOFILTEREVENT_METHOD = "doFilterEvent";
private static final String DESTROY_METHOD = "destroy";
-
+
/**
* Cache every object for which we are creating method on it.
*/
private static final Map<Object,Method[]> objectCache =
new ConcurrentHashMap<Object,Method[]>();
-
+
private static final org.apache.juli.logging.Log log=
org.apache.juli.logging.LogFactory.getLog( SecurityUtil.class );
-
- private static boolean packageDefinitionEnabled =
- (System.getProperty("package.definition") == null &&
+
+ private static boolean packageDefinitionEnabled =
+ (System.getProperty("package.definition") == null &&
System.getProperty("package.access") == null) ? false : true;
-
+
/**
* The string resources for this package.
*/
private static final StringManager sm =
- StringManager.getManager(Constants.PACKAGE);
-
-
+ StringManager.getManager(Constants.PACKAGE);
+
+
/**
* Perform work as a particular </code>Subject</code>. Here the work
- * will be granted to a <code>null</code> subject.
+ * will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
*/
- public static void doAsPrivilege(final String methodName,
+ public static void doAsPrivilege(final String methodName,
final Servlet targetObject) throws java.lang.Exception{
- doAsPrivilege(methodName, targetObject, null, null, null);
+ doAsPrivilege(methodName, targetObject, null, null, null);
}
-
+
/**
* Perform work as a particular </code>Subject</code>. Here the work
- * will be granted to a <code>null</code> subject.
+ * will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
* @param targetType <code>Class</code> array used to instantiate a
* <code>Method</code> object.
- * @param targetArguments <code>Object</code> array contains the runtime
+ * @param targetArguments <code>Object</code> array contains the runtime
* parameters instance.
*/
- public static void doAsPrivilege(final String methodName,
- final Servlet targetObject,
+ public static void doAsPrivilege(final String methodName,
+ final Servlet targetObject,
final Class<?>[] targetType,
- final Object[] targetArguments)
- throws java.lang.Exception{
+ final Object[] targetArguments)
+ throws java.lang.Exception{
- doAsPrivilege(methodName,
- targetObject,
- targetType,
- targetArguments,
- null);
+ doAsPrivilege(methodName,
+ targetObject,
+ targetType,
+ targetArguments,
+ null);
}
-
-
+
+
/**
* Perform work as a particular </code>Subject</code>. Here the work
- * will be granted to a <code>null</code> subject.
+ * will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
- * @param targetType <code>Class</code> array used to instantiate a
+ * @param targetType <code>Class</code> array used to instantiate a
* <code>Method</code> object.
- * @param targetArguments <code>Object</code> array contains the
+ * @param targetArguments <code>Object</code> array contains the
* runtime parameters instance.
- * @param principal the <code>Principal</code> to which the security
+ * @param principal the <code>Principal</code> to which the security
* privilege apply..
- */
- public static void doAsPrivilege(final String methodName,
- final Servlet targetObject,
+ */
+ public static void doAsPrivilege(final String methodName,
+ final Servlet targetObject,
final Class<?>[] targetType,
final Object[] targetArguments,
- Principal principal)
+ Principal principal)
throws java.lang.Exception{
Method method = null;
@@ -151,7 +151,7 @@ public final class SecurityUtil{
method = createMethodAndCacheIt(methodsCache,
methodName,
targetObject,
- targetType);
+ targetType);
} else {
method = findMethod(methodsCache, methodName);
if (method == null) {
@@ -164,74 +164,74 @@ public final class SecurityUtil{
execute(method, targetObject, targetArguments, principal);
}
-
-
+
+
/**
* Perform work as a particular </code>Subject</code>. Here the work
- * will be granted to a <code>null</code> subject.
+ * will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Filter</code> on which the method will
+ * @param targetObject the <code>Filter</code> on which the method will
* be called.
- */
- public static void doAsPrivilege(final String methodName,
- final Filter targetObject)
+ */
+ public static void doAsPrivilege(final String methodName,
+ final Filter targetObject)
throws java.lang.Exception{
- doAsPrivilege(methodName, targetObject, null, null);
+ doAsPrivilege(methodName, targetObject, null, null);
}
-
-
+
+
/**
* Perform work as a particular <code>Subject</code>. Here the work
- * will be granted to a <code>null</code> subject.
+ * will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Filter</code> on which the method will
+ * @param targetObject the <code>Filter</code> on which the method will
* be called.
* @param targetType <code>Class</code> array used to instantiate a
* <code>Method</code> object.
- * @param targetArguments <code>Object</code> array contains the
+ * @param targetArguments <code>Object</code> array contains the
* runtime parameters instance.
- */
- public static void doAsPrivilege(final String methodName,
- final Filter targetObject,
+ */
+ public static void doAsPrivilege(final String methodName,
+ final Filter targetObject,
final Class<?>[] targetType,
- final Object[] targetArguments)
+ final Object[] targetArguments)
throws java.lang.Exception{
doAsPrivilege(
methodName, targetObject, targetType, targetArguments, null);
}
-
+
/**
* Perform work as a particular <code>Subject</code>. Here the work
- * will be granted to a <code>null</code> subject.
+ * will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Filter</code> on which the method will
+ * @param targetObject the <code>Filter</code> on which the method will
* be called.
* @param targetType <code>Class</code> array used to instantiate a
* <code>Method</code> object.
- * @param targetArguments <code>Object</code> array contains the
+ * @param targetArguments <code>Object</code> array contains the
* runtime parameters instance.
- * @param principal the <code>Principal</code> to which the security
+ * @param principal the <code>Principal</code> to which the security
* privilege apply
- */
- public static void doAsPrivilege(final String methodName,
- final Filter targetObject,
+ */
+ public static void doAsPrivilege(final String methodName,
+ final Filter targetObject,
final Class<?>[] targetType,
final Object[] targetArguments,
- Principal principal)
+ Principal principal)
throws java.lang.Exception{
-
+
Method method = null;
Method[] methodsCache = objectCache.get(targetObject);
if(methodsCache == null) {
method = createMethodAndCacheIt(methodsCache,
methodName,
targetObject,
- targetType);
+ targetType);
} else {
method = findMethod(methodsCache, methodName);
if (method == null) {
@@ -244,27 +244,27 @@ public final class SecurityUtil{
execute(method, targetObject, targetArguments, principal);
}
-
-
+
+
/**
* Perform work as a particular </code>Subject</code>. Here the work
- * will be granted to a <code>null</code> subject.
+ * will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
- * @param targetArguments <code>Object</code> array contains the
+ * @param targetArguments <code>Object</code> array contains the
* runtime parameters instance.
- * @param principal the <code>Principal</code> to which the security
+ * @param principal the <code>Principal</code> to which the security
* privilege applies
- */
+ */
private static void execute(final Method method,
- final Object targetObject,
+ final Object targetObject,
final Object[] targetArguments,
- Principal principal)
+ Principal principal)
throws java.lang.Exception{
-
- try{
+
+ try{
Subject subject = null;
PrivilegedExceptionAction<Void> pea =
new PrivilegedExceptionAction<Void>(){
@@ -276,22 +276,22 @@ public final class SecurityUtil{
};
// The first argument is always the request object
- if (targetArguments != null
+ if (targetArguments != null
&& targetArguments[0] instanceof HttpServletRequest){
- HttpServletRequest request =
+ HttpServletRequest request =
(HttpServletRequest)targetArguments[0];
boolean hasSubject = false;
HttpSession session = request.getSession(false);
if (session != null){
- subject =
+ subject =
(Subject)session.getAttribute(Globals.SUBJECT_ATTR);
hasSubject = (subject != null);
}
if (subject == null){
subject = new Subject();
-
+
if (principal != null){
subject.getPrincipals().add(principal);
}
@@ -302,7 +302,7 @@ public final class SecurityUtil{
}
}
- Subject.doAsPrivileged(subject, pea, null);
+ Subject.doAsPrivileged(subject, pea, null);
} catch( PrivilegedActionException pe) {
Throwable e;
if (pe.getException() instanceof InvocationTargetException) {
@@ -311,11 +311,11 @@ public final class SecurityUtil{
} else {
e = pe;
}
-
+
if (log.isDebugEnabled()){
- log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e);
+ log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e);
}
-
+
if (e instanceof UnavailableException)
throw (UnavailableException) e;
else if (e instanceof ServletException)
@@ -326,10 +326,10 @@ public final class SecurityUtil{
throw (RuntimeException) e;
else
throw new ServletException(e.getMessage(), e);
- }
+ }
}
-
-
+
+
/**
* Find a method stored within the cache.
* @param methodsCache the cache used to store method instance
@@ -338,51 +338,51 @@ public final class SecurityUtil{
*/
private static Method findMethod(Method[] methodsCache,
String methodName){
- if (methodName.equalsIgnoreCase(INIT_METHOD)
+ if (methodName.equalsIgnoreCase(INIT_METHOD)
&& methodsCache[INIT] != null){
return methodsCache[INIT];
- } else if (methodName.equalsIgnoreCase(DESTROY_METHOD)
+ } else if (methodName.equalsIgnoreCase(DESTROY_METHOD)
&& methodsCache[DESTROY] != null){
- return methodsCache[DESTROY];
- } else if (methodName.equalsIgnoreCase(SERVICE_METHOD)
+ return methodsCache[DESTROY];
+ } else if (methodName.equalsIgnoreCase(SERVICE_METHOD)
&& methodsCache[SERVICE] != null){
return methodsCache[SERVICE];
- } else if (methodName.equalsIgnoreCase(DOFILTER_METHOD)
+ } else if (methodName.equalsIgnoreCase(DOFILTER_METHOD)
&& methodsCache[DOFILTER] != null){
- return methodsCache[DOFILTER];
- } else if (methodName.equalsIgnoreCase(EVENT_METHOD)
+ return methodsCache[DOFILTER];
+ } else if (methodName.equalsIgnoreCase(EVENT_METHOD)
&& methodsCache[EVENT] != null){
- return methodsCache[EVENT];
- } else if (methodName.equalsIgnoreCase(DOFILTEREVENT_METHOD)
+ return methodsCache[EVENT];
+ } else if (methodName.equalsIgnoreCase(DOFILTEREVENT_METHOD)
&& methodsCache[DOFILTEREVENT] != null){
- return methodsCache[DOFILTEREVENT];
- }
+ return methodsCache[DOFILTEREVENT];
+ }
return null;
}
-
-
+
+
/**
* Create the method and cache it for further re-use.
* @param methodsCache the cache used to store method instance
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
- * @param targetType <code>Class</code> array used to instantiate a
+ * @param targetType <code>Class</code> array used to instantiate a
* <code>Method</code> object.
* @return the method instance.
*/
private static Method createMethodAndCacheIt(Method[] methodsCache,
String methodName,
Object targetObject,
- Class<?>[] targetType)
+ Class<?>[] targetType)
throws Exception{
-
+
if ( methodsCache == null){
methodsCache = new Method[4];
- }
-
- Method method =
- targetObject.getClass().getMethod(methodName, targetType);
+ }
+
+ Method method =
+ targetObject.getClass().getMethod(methodName, targetType);
if (methodName.equalsIgnoreCase(INIT_METHOD)){
methodsCache[INIT] = method;
@@ -396,14 +396,14 @@ public final class SecurityUtil{
methodsCache[EVENT] = method;
} else if (methodName.equalsIgnoreCase(DOFILTEREVENT_METHOD)){
methodsCache[DOFILTEREVENT] = method;
- }
-
+ }
+
objectCache.put(targetObject, methodsCache );
-
+
return method;
}
-
+
/**
* Remove the object from the cache.
*
@@ -412,8 +412,8 @@ public final class SecurityUtil{
public static void remove(Object cachedObject){
objectCache.remove(cachedObject);
}
-
-
+
+
/**
* Return the <code>SecurityManager</code> only if Security is enabled AND
* package protection mechanism is enabled.
@@ -424,6 +424,6 @@ public final class SecurityUtil{
}
return false;
}
-
-
+
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org