You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/01/19 13:43:21 UTC
[tomcat] branch main updated (954cb1c3f2 -> 4ce8c0a059)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from 954cb1c3f2 Remove JreCompat support for Java 16 and associated Java < 16 code
new cec322c87d More clean-up after removing support for using a SecurityManager
new 4ce8c0a059 Fix test broken by Java 16 deprecation fixes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
TOMCAT-NEXT.txt | 6 ++----
conf/web.xml | 4 ----
java/jakarta/servlet/ServletContext.java | 3 ---
java/org/apache/catalina/core/StandardWrapper.java | 6 ------
java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java | 6 +++---
test/org/apache/juli/TestThreadNameCache.java | 2 +-
webapps/docs/cgi-howto.xml | 3 +--
webapps/docs/config/systemprops.xml | 9 ---------
webapps/docs/jasper-howto.xml | 4 ++--
webapps/docs/ssi-howto.xml | 4 +---
10 files changed, 10 insertions(+), 37 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Fix test broken by Java 16 deprecation fixes
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 4ce8c0a059807dc7b282ac02422894a78618e9e4
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 19 13:43:06 2023 +0000
Fix test broken by Java 16 deprecation fixes
---
test/org/apache/juli/TestThreadNameCache.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/org/apache/juli/TestThreadNameCache.java b/test/org/apache/juli/TestThreadNameCache.java
index d32efb8127..65c7a6e6b2 100644
--- a/test/org/apache/juli/TestThreadNameCache.java
+++ b/test/org/apache/juli/TestThreadNameCache.java
@@ -32,7 +32,7 @@ public class TestThreadNameCache {
final CountDownLatch cacheLatch = new CountDownLatch(1);
OneLineFormatter olf = new OneLineFormatter();
- Method getThreadName = olf.getClass().getDeclaredMethod("getThreadName", int.class);
+ Method getThreadName = olf.getClass().getDeclaredMethod("getThreadName", long.class);
getThreadName.setAccessible(true);
Thread thread = new Thread() {
@Override
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: More clean-up after removing support for using a SecurityManager
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit cec322c87dae9b8fd67d36e76d506c1722f4338b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 19 13:41:00 2023 +0000
More clean-up after removing support for using a SecurityManager
---
TOMCAT-NEXT.txt | 6 ++----
conf/web.xml | 4 ----
java/jakarta/servlet/ServletContext.java | 3 ---
java/org/apache/catalina/core/StandardWrapper.java | 6 ------
java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java | 6 +++---
webapps/docs/cgi-howto.xml | 3 +--
webapps/docs/config/systemprops.xml | 9 ---------
webapps/docs/jasper-howto.xml | 4 ++--
webapps/docs/ssi-howto.xml | 4 +---
9 files changed, 9 insertions(+), 36 deletions(-)
diff --git a/TOMCAT-NEXT.txt b/TOMCAT-NEXT.txt
index 2968daa1bf..018f1f4634 100644
--- a/TOMCAT-NEXT.txt
+++ b/TOMCAT-NEXT.txt
@@ -26,9 +26,7 @@ Notes of things to consider for the next major Tomcat release (11.x)
3. Add QUIC support using OpenSSL and Panama.
- 4. Remove SecurityManager.
+ 4. Update minimum Java version to 21.
- 5. Update minimum Java version to 21 (or maybe 17).
-
- 6. Implement an optional Loom module that provides
+ 5. Implement an optional Loom module that provides
o.a.c.http11.Http11BioLoomProtocol
diff --git a/conf/web.xml b/conf/web.xml
index df7927df58..68583546e6 100644
--- a/conf/web.xml
+++ b/conf/web.xml
@@ -180,8 +180,6 @@
<!-- engineOptionsClass Allows specifying the Options class used to -->
<!-- configure Jasper. If not present, the default -->
<!-- EmbeddedServletOptions will be used. -->
- <!-- This option is ignored when running under a -->
- <!-- SecurityManager. -->
<!-- -->
<!-- errorOnUseBeanInvalidClassAttribute -->
<!-- Should Jasper issue an error when the value of -->
@@ -239,8 +237,6 @@
<!-- scratchdir What scratch directory should we use when -->
<!-- compiling JSP pages? [default work directory -->
<!-- for the current web application] -->
- <!-- This option is ignored when running under a -->
- <!-- SecurityManager. -->
<!-- -->
<!-- suppressSmap Should the generation of SMAP info for JSR45 -->
<!-- debugging be suppressed? [false] -->
diff --git a/java/jakarta/servlet/ServletContext.java b/java/jakarta/servlet/ServletContext.java
index 96d4a1dc52..cf5696f466 100644
--- a/java/jakarta/servlet/ServletContext.java
+++ b/java/jakarta/servlet/ServletContext.java
@@ -874,9 +874,6 @@ public interface ServletContext {
*
* @return The associated web application class loader
*
- * @throws SecurityException if access to the class loader is prevented by a
- * SecurityManager
- *
* @since Servlet 3.0
*/
public ClassLoader getClassLoader();
diff --git a/java/org/apache/catalina/core/StandardWrapper.java b/java/org/apache/catalina/core/StandardWrapper.java
index 540bf0ce3a..af12983b7c 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -226,12 +226,6 @@ public class StandardWrapper extends ContainerBase
private boolean overridable = false;
- /**
- * Static class array used when the SecurityManager is turned on and
- * <code>Servlet.init</code> is invoked.
- */
- protected static Class<?>[] classType = new Class[]{ServletConfig.class};
-
private final ReentrantReadWriteLock parametersLock =
new ReentrantReadWriteLock();
diff --git a/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java b/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java
index 6f187559e5..5c9f89a71b 100644
--- a/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java
+++ b/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java
@@ -21,9 +21,9 @@ import java.text.DateFormat;
import java.text.SimpleDateFormat;
/**
- * CallStack strategy that uses the stack trace from a {@link Throwable}. This strategy, while slower than the
- * SecurityManager implementation, provides call stack method names and other metadata in addition to the call stack
- * of classes.
+ * CallStack strategy that uses the stack trace from a {@link Throwable}. This
+ * strategy provides call stack method names and other metadata in addition to
+ * the call stack of classes.
*
* @see Throwable#fillInStackTrace()
* @since 2.4.3
diff --git a/webapps/docs/cgi-howto.xml b/webapps/docs/cgi-howto.xml
index e00faf0a19..d1f3e0d0c9 100644
--- a/webapps/docs/cgi-howto.xml
+++ b/webapps/docs/cgi-howto.xml
@@ -57,8 +57,7 @@ this servlet is mapped to the URL pattern "/cgi-bin/*".</p>
<section name="Installation">
<p><strong>CAUTION</strong> - CGI scripts are used to execute programs
-external to the Tomcat JVM. If you are using the Java SecurityManager this
-will bypass your security policy configuration in <code>catalina.policy.</code></p>
+external to the Tomcat JVM.</p>
<p>To enable CGI support:</p>
diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml
index 0def5feb97..4225fd2bec 100644
--- a/webapps/docs/config/systemprops.xml
+++ b/webapps/docs/config/systemprops.xml
@@ -74,15 +74,6 @@
<section name="Expression Language">
<properties>
- <property name="org.apache.el. GET_CLASSLOADER_USE_PRIVILEGED">
- <p>Controls whether the EL API classes make use of a privileged block to
- obtain the thread context class loader. When using the EL API within
- Apache Tomcat this does not need to be set as all calls are already
- wrapped in a privileged block further up the stack. It may be required if
- using the EL API under a SecurityManager outside of Apache Tomcat.</p>
- <p>If not specified, the default of <code>false</code> will be used.</p>
- </property>
-
<property name="org.apache.el.BeanELResolver. CACHE_SIZE">
<p>The number of jakarta.el.BeanELResolver.BeanProperties objects that will
be cached by the EL Parser.</p>
diff --git a/webapps/docs/jasper-howto.xml b/webapps/docs/jasper-howto.xml
index d027ffb51e..516a89275f 100644
--- a/webapps/docs/jasper-howto.xml
+++ b/webapps/docs/jasper-howto.xml
@@ -132,7 +132,7 @@ default <code>true</code>.
<li><strong>engineOptionsClass</strong> - Allows specifying the Options class
used to configure Jasper. If not present, the default EmbeddedServletOptions
-will be used. This option is ignored if running under a SecurityManager.
+will be used.
</li>
<li><strong>errorOnUseBeanInvalidClassAttribute</strong> - Should Jasper issue
@@ -181,7 +181,7 @@ may be expensive and could lead to excessive resource usage.</li>
<li><strong>scratchdir</strong> - What scratch directory should we use when
compiling JSP pages? Default is the work directory for the current web
-application. This option is ignored if running under a SecurityManager.</li>
+application.</li>
<li><strong>suppressSmap</strong> - Should the generation of SMAP info for JSR45
debugging be suppressed? <code>true</code> or <code>false</code>, default
diff --git a/webapps/docs/ssi-howto.xml b/webapps/docs/ssi-howto.xml
index 234ae2cf5e..10d3c3472f 100644
--- a/webapps/docs/ssi-howto.xml
+++ b/webapps/docs/ssi-howto.xml
@@ -68,9 +68,7 @@ JavaScript, or any other content you wish.</p>
<section name="Installation">
<p><strong>CAUTION</strong> - SSI directives can be used to execute programs
-external to the Tomcat JVM. If you are using the Java SecurityManager this
-will bypass your security policy configuration in <code>catalina.policy.</code>
-</p>
+external to the Tomcat JVM.</p>
<p>To use the SSI servlet, remove the XML comments from around the SSI servlet
and servlet-mapping configuration in
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org