You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/05/05 19:39:32 UTC
svn commit: r1831000 - in /tomcat/trunk: conf/catalina.policy
java/org/apache/jasper/runtime/BodyContentImpl.java
webapps/docs/changelog.xml
Author: markt
Date: Sat May 5 19:39:31 2018
New Revision: 1831000
URL: http://svn.apache.org/viewvc?rev=1831000&view=rev
Log:
Refactor org.apache.jasper.runtime.BodyContentImpl so an additional permission is not required in catalina.policy
This is a follow-up to the fix for 43925.
Modified:
tomcat/trunk/conf/catalina.policy
tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/conf/catalina.policy
URL: http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?rev=1831000&r1=1830999&r2=1831000&view=diff
==============================================================================
--- tomcat/trunk/conf/catalina.policy (original)
+++ tomcat/trunk/conf/catalina.policy Sat May 5 19:39:31 2018
@@ -174,10 +174,6 @@ grant {
// Precompiled JSPs need access to these system properties.
permission java.util.PropertyPermission
- "org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE", "read";
- permission java.util.PropertyPermission
- "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
- permission java.util.PropertyPermission
"org.apache.el.parser.COERCE_TO_ZERO", "read";
// The cookie code needs these.
Modified: tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java?rev=1831000&r1=1830999&r2=1831000&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/BodyContentImpl.java Sat May 5 19:39:31 2018
@@ -21,6 +21,8 @@ import java.io.CharArrayReader;
import java.io.IOException;
import java.io.Reader;
import java.io.Writer;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import javax.servlet.jsp.JspWriter;
import javax.servlet.jsp.tagext.BodyContent;
@@ -39,13 +41,40 @@ import org.apache.jasper.Constants;
*/
public class BodyContentImpl extends BodyContent {
- private static final boolean LIMIT_BUFFER =
- Boolean.parseBoolean(System.getProperty(
- "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "false"));
+ private static final boolean LIMIT_BUFFER;
+ private static final int TAG_BUFFER_SIZE;
- private static final int TAG_BUFFER_SIZE =
- Integer.getInteger("org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE",
+ static {
+ if (System.getSecurityManager() == null) {
+ LIMIT_BUFFER = Boolean.parseBoolean(System.getProperty(
+ "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "false"));
+ TAG_BUFFER_SIZE = Integer.getInteger(
+ "org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE",
Constants.DEFAULT_TAG_BUFFER_SIZE).intValue();
+ } else {
+ LIMIT_BUFFER = AccessController.doPrivileged(
+ new PrivilegedAction<Boolean>() {
+ @Override
+ public Boolean run() {
+ return Boolean.valueOf(System.getProperty(
+ "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER",
+ "false"));
+ }
+ }
+ ).booleanValue();
+ TAG_BUFFER_SIZE = AccessController.doPrivileged(
+ new PrivilegedAction<Integer>() {
+ @Override
+ public Integer run() {
+ return Integer.getInteger(
+ "org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE",
+ Constants.DEFAULT_TAG_BUFFER_SIZE);
+ }
+ }
+ ).intValue();
+ }
+ }
+
private char[] cb;
private int nextChar;
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1831000&r1=1830999&r2=1831000&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sat May 5 19:39:31 2018
@@ -87,11 +87,12 @@
<subsection name="Jasper">
<changelog>
<fix>
- <bug>62350</bug>: Amend <code>catalina.policy</code> file to allow
- reading system property
- <code>org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE</code>
- when running under a SecurityManager. This is a follow-up to
- the fix for <bug>43925</bug>. (kkolinko)
+ <bug>62350</bug>: Refactor
+ <code>org.apache.jasper.runtime.BodyContentImpl</code> so a
+ <code>SecurityException</code> is not thrown when running under a
+ SecurityManger and additional permissions are not required in the
+ <code>catalina.policy</code> file. This is a follow-up to the fix for
+ <bug>43925</bug>. (kkolinko/markt)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org