You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/11/08 13:17:29 UTC
[tomcat] branch 10.1.x updated: Fix BZ 66294. Make use of privileged block optional. Performance hotspot
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 7b3bc9f30e Fix BZ 66294. Make use of privileged block optional. Performance hotspot
7b3bc9f30e is described below
commit 7b3bc9f30e927afe48b1083f54657a51643b404c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Nov 8 13:16:32 2022 +0000
Fix BZ 66294. Make use of privileged block optional. Performance hotspot
https://bz.apache.org/bugzilla/show_bug.cgi?id=66294
---
java/jakarta/el/Util.java | 5 ++++-
webapps/docs/changelog.xml | 7 +++++++
webapps/docs/config/systemprops.xml | 9 +++++++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/java/jakarta/el/Util.java b/java/jakarta/el/Util.java
index b0a995c59b..71527d2429 100644
--- a/java/jakarta/el/Util.java
+++ b/java/jakarta/el/Util.java
@@ -43,6 +43,9 @@ class Util {
private static final Class<?>[] EMPTY_CLASS_ARRAY = new Class<?>[0];
private static final Object[] EMPTY_OBJECT_ARRAY = new Object[0];
+ private static final boolean GET_CLASSLOADER_USE_PRIVILEGED =
+ Boolean.getBoolean("org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED");
+
/**
* Checks whether the supplied Throwable is one that needs to be
* rethrown and swallows all others.
@@ -655,7 +658,7 @@ class Util {
static ClassLoader getContextClassLoader() {
ClassLoader tccl;
- if (System.getSecurityManager() != null) {
+ if (System.getSecurityManager() != null && GET_CLASSLOADER_USE_PRIVILEGED) {
PrivilegedAction<ClassLoader> pa = new PrivilegedGetTccl();
tccl = AccessController.doPrivileged(pa);
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2db3d895a7..a3eea6f9e6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -159,6 +159,13 @@
</subsection>
<subsection name="Jasper">
<changelog>
+ <fix>
+ <bug>66294</bug>: Make the use of a privileged block to obtain the
+ thread context class loader added to address <bug>62080</bug> optional
+ and disabled by default. This is now controlled by the
+ <code>org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED</code> system
+ property. (markt)
+ </fix>
<fix>
<bug>66317</bug>: Fix for Lambda coercion security manager missing
privileges. Based on pull request #557 by Isaac Rivera Rivas (lihan)
diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml
index 4225fd2bec..0def5feb97 100644
--- a/webapps/docs/config/systemprops.xml
+++ b/webapps/docs/config/systemprops.xml
@@ -74,6 +74,15 @@
<section name="Expression Language">
<properties>
+ <property name="org.apache.el. GET_CLASSLOADER_USE_PRIVILEGED">
+ <p>Controls whether the EL API classes make use of a privileged block to
+ obtain the thread context class loader. When using the EL API within
+ Apache Tomcat this does not need to be set as all calls are already
+ wrapped in a privileged block further up the stack. It may be required if
+ using the EL API under a SecurityManager outside of Apache Tomcat.</p>
+ <p>If not specified, the default of <code>false</code> will be used.</p>
+ </property>
+
<property name="org.apache.el.BeanELResolver. CACHE_SIZE">
<p>The number of jakarta.el.BeanELResolver.BeanProperties objects that will
be cached by the EL Parser.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org