You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2002/10/16 22:05:29 UTC
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityConfig.java
jfarcand 2002/10/16 13:05:29
Added: catalina/src/share/org/apache/catalina/security
SecurityConfig.java
Log:
Refactorize Catalina.java and CatalinaService.java. Merge the security code into a single class.
Revision Changes Path
1.1 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityConfig.java
Index: SecurityConfig.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.catalina.security;
import java.security.Security;
/**
* Util class to protect Catalina against package access and insertion.
* The code are been moved from Catalina.java
* @author the Catalina.java authors
* @author Jean-Francois Arcand
*/
public final class SecurityConfig{
private static SecurityConfig singleton = null;
private final static String PACKAGE_ACCESS = "org.apache.catalina."
+ ",org.apache.jasper."
+ ",org.apache.coyote."
+ ",org.apache.tomcat.";
private final static String PACKAGE_DEFINITION= "java.,"
+ PACKAGE_ACCESS;
/**
* Create a single instance of this class.
*/
private SecurityConfig(){
}
/**
* Retuens the singleton instance of that class.
* @return an instance of that class.
*/
public static SecurityConfig newInstance(){
if (singleton == null){
singleton = new SecurityConfig();
}
return singleton;
}
/**
* Set the security package.access value.
*/
public void setPackageAccess(){
setSecurityProperty("package.access", PACKAGE_ACCESS);
}
/**
* Set the security package.definition value.
*/
public void setPackageDefinition(){
setSecurityProperty("package.definition", PACKAGE_DEFINITION);
}
/**
* Set the proper security property
* @param properties the package.* property.
*/
private final void setSecurityProperty(String properties, String packageList){
String definition = Security.getProperty(properties);
if( definition != null && definition.length() > 0 )
definition += ",";
else
definition = "sun.,";
Security.setProperty(properties,
// FIX ME package "javax." was removed to prevent HotSpot
// fatal internal errors
definition + packageList);
}
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>