You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by cr...@apache.org on 2001/04/08 01:08:45 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader StandardClassLoader.java StandardLoader.java
craigmcc 01/04/07 16:08:45
Modified: catalina/src/conf catalina.policy
catalina/src/share/org/apache/catalina/loader
StandardClassLoader.java StandardLoader.java
Log:
Tentative fix for Bugzilla #1219 so that execution under a security
manager works as well. Now, the default access to the context root of
each web app is calculated dynamically, instead of being identical for
each web app (although they resolved to different actual locations).
Works on Linux + JDK 1.2.2, needs to be tested on other platforms.
Revision Changes Path
1.6 +1 -3 jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
Index: catalina.policy
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- catalina.policy 2001/02/27 03:18:15 1.5
+++ catalina.policy 2001/04/07 23:08:45 1.6
@@ -8,7 +8,7 @@
//
// * Read access to the document root directory
//
-// $Id: catalina.policy,v 1.5 2001/02/27 03:18:15 glenn Exp $
+// $Id: catalina.policy,v 1.6 2001/04/07 23:08:45 craigmcc Exp $
// ============================================================================
@@ -93,8 +93,6 @@
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
- permission java.io.FilePermission "jndi:/WEB-INF/-", "read";
- permission java.io.FilePermission "jar:jndi:/WEB-INF/lib/-", "read";
};
1.13 +54 -14 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java
Index: StandardClassLoader.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- StandardClassLoader.java 2001/03/06 01:43:46 1.12
+++ StandardClassLoader.java 2001/04/07 23:08:45 1.13
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java,v 1.12 2001/03/06 01:43:46 glenn Exp $
- * $Revision: 1.12 $
- * $Date: 2001/03/06 01:43:46 $
+ * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java,v 1.13 2001/04/07 23:08:45 craigmcc Exp $
+ * $Revision: 1.13 $
+ * $Date: 2001/04/07 23:08:45 $
*
* ====================================================================
*
@@ -110,7 +110,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.12 $ $Date: 2001/03/06 01:43:46 $
+ * @version $Revision: 1.13 $ $Date: 2001/04/07 23:08:45 $
*/
public class StandardClassLoader
@@ -296,19 +296,27 @@
/**
- * Instance of the SecurityManager installed.
+ * The context directory path read FilePermission if this loader
+ * is for a web application context, and this web application is running
+ * from an unpacked directory.
*/
- private SecurityManager securityManager = null;
+ private FilePermission rootPermission = null;
/**
- * The context directory path read FilePermission if this loader
+ * The context directory URL read FilePermission if this loader
* is for a web application context.
*/
- private FilePermission filePermission = null;
+ private FilePermission urlPermission = null;
/**
+ * Instance of the SecurityManager installed.
+ */
+ private SecurityManager securityManager = null;
+
+
+ /**
* The parent class loader.
*/
private ClassLoader parent = null;
@@ -372,6 +380,30 @@
}
+
+ /**
+ * If there is a Java SecurityManager, refresh the security
+ * policies from file and set the context security permisions
+ * for the specified context root directory path
+ *
+ * @param path Context directory root directory path
+ */
+ public void setPermissions(String path) {
+ if( securityManager != null ) {
+ // System.out.println("setPermissionsPath: " + path);
+ String contextDir = path;
+ if( contextDir.endsWith(File.separator) )
+ contextDir = contextDir + "-";
+ else
+ contextDir = contextDir + File.separator + "-";
+ // Refresh the security policies
+ Policy policy = Policy.getPolicy();
+ policy.refresh();
+ rootPermission = new FilePermission(contextDir,"read");
+ }
+ }
+
+
/**
* If there is a Java SecurityManager, refresh the security
* policies from file and set the context security permissions.
@@ -380,7 +412,8 @@
*/
public void setPermissions(URL url) {
if( securityManager != null ) {
- String contextDir = url.getFile();
+ // System.out.println("setPermissionsURL: " + url.toString());
+ String contextDir = url.toString();
if( contextDir.endsWith(File.separator) )
contextDir = contextDir + "-";
else
@@ -388,10 +421,11 @@
// Refresh the security policies
Policy policy = Policy.getPolicy();
policy.refresh();
- filePermission = new FilePermission(contextDir,"read");
+ urlPermission = new FilePermission(contextDir,"read");
}
}
+
// ------------------------------------------------------- Reloader Methods
@@ -1052,17 +1086,23 @@
/**
* Get the Permissions for a CodeSource. If this instance
* of StandardClassLoader is for a web application context,
- * add FilePermission "context root", "read".
+ * add FilePermissions for the base directory (if unpacked)
+ * and the context URL.
*
* @param CodeSource where the code was loaded from
* @return PermissionCollection for CodeSource
*/
protected final PermissionCollection getPermissions(CodeSource codeSource) {
PermissionCollection pc = super.getPermissions(codeSource);
- if( filePermission != null && pc != null)
- pc.add(filePermission);
- return pc;
+ if (pc != null) {
+ if (rootPermission != null)
+ pc.add(rootPermission);
+ if (urlPermission != null)
+ pc.add(urlPermission);
+ }
+ return (pc);
}
+
// ------------------------------------------------------ Protected Methods
1.22 +8 -4 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardLoader.java
Index: StandardLoader.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardLoader.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- StandardLoader.java 2001/03/22 00:53:31 1.21
+++ StandardLoader.java 2001/04/07 23:08:45 1.22
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardLoader.java,v 1.21 2001/03/22 00:53:31 remm Exp $
- * $Revision: 1.21 $
- * $Date: 2001/03/22 00:53:31 $
+ * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardLoader.java,v 1.22 2001/04/07 23:08:45 craigmcc Exp $
+ * $Revision: 1.22 $
+ * $Date: 2001/04/07 23:08:45 $
*
* ====================================================================
*
@@ -116,7 +116,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.21 $ $Date: 2001/03/22 00:53:31 $
+ * @version $Revision: 1.22 $ $Date: 2001/04/07 23:08:45 $
*/
public final class StandardLoader
@@ -624,6 +624,10 @@
if( contextURL != null )
((StandardClassLoader)classLoader).setPermissions
(contextURL);
+ String contextRoot = servletContext.getRealPath("/");
+ if (contextRoot != null)
+ ((StandardClassLoader)classLoader).setPermissions
+ (contextRoot);
} catch (MalformedURLException e) {
}
}