You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/11/08 13:18:20 UTC
[tomcat] branch 8.5.x updated: Fix BZ 66294. Make use of privileged block optional. Performance hotspot
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new ace5902d14 Fix BZ 66294. Make use of privileged block optional. Performance hotspot
ace5902d14 is described below
commit ace5902d14f280fd0c3ee3374a6f98a3e8a42391
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Nov 8 13:16:32 2022 +0000
Fix BZ 66294. Make use of privileged block optional. Performance hotspot
https://bz.apache.org/bugzilla/show_bug.cgi?id=66294
---
java/javax/el/Util.java | 5 ++++-
webapps/docs/changelog.xml | 7 +++++++
webapps/docs/config/systemprops.xml | 9 +++++++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/java/javax/el/Util.java b/java/javax/el/Util.java
index 7e7812a102..58d16e8d77 100644
--- a/java/javax/el/Util.java
+++ b/java/javax/el/Util.java
@@ -43,6 +43,9 @@ class Util {
private static final Class<?>[] EMPTY_CLASS_ARRAY = new Class<?>[0];
private static final Object[] EMPTY_OBJECT_ARRAY = new Object[0];
+ private static final boolean GET_CLASSLOADER_USE_PRIVILEGED =
+ Boolean.getBoolean("org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED");
+
/**
* Checks whether the supplied Throwable is one that needs to be
* rethrown and swallows all others.
@@ -649,7 +652,7 @@ class Util {
static ClassLoader getContextClassLoader() {
ClassLoader tccl;
- if (System.getSecurityManager() != null) {
+ if (System.getSecurityManager() != null && GET_CLASSLOADER_USE_PRIVILEGED) {
PrivilegedAction<ClassLoader> pa = new PrivilegedGetTccl();
tccl = AccessController.doPrivileged(pa);
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 21ecf497b1..fcd0ce3c6f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -150,6 +150,13 @@
</subsection>
<subsection name="Jasper">
<changelog>
+ <fix>
+ <bug>66294</bug>: Make the use of a privileged block to obtain the
+ thread context class loader added to address <bug>62080</bug> optional
+ and disabled by default. This is now controlled by the
+ <code>org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED</code> system
+ property. (markt)
+ </fix>
<fix>
<bug>66325</bug>: Fix concurrency issue in evaluation of expression
language containing lambda expressions. (markt)
diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml
index 0448008e48..691e22420e 100644
--- a/webapps/docs/config/systemprops.xml
+++ b/webapps/docs/config/systemprops.xml
@@ -89,6 +89,15 @@
<section name="Expression Language">
<properties>
+ <property name="org.apache.el. GET_CLASSLOADER_USE_PRIVILEGED">
+ <p>Controls whether the EL API classes make use of a privileged block to
+ obtain the thread context class loader. When using the EL API within
+ Apache Tomcat this does not need to be set as all calls are already
+ wrapped in a privileged block further up the stack. It may be required if
+ using the EL API under a SecurityManager outside of Apache Tomcat.</p>
+ <p>If not specified, the default of <code>false</code> will be used.</p>
+ </property>
+
<property name="org.apache.el.BeanELResolver. CACHE_SIZE">
<p>The number of javax.el.BeanELResolver.BeanProperties objects that will
be cached by the EL Parser.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org