You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Jeanfrancois Arcand <je...@sun.com> on 2002/11/27 02:13:00 UTC
[Q] WebappClassloader violates J2SE policy syntax?
Hi,
I've noticed a characteristic in the tomcat
loader.WebappClassloader and was wondering whether someone have any
recollection or insight as to why we did it that way.
Classes loaded with this classloader get a "jar:" tacked as prefix in
their codesource.
The javadoc has this to say:
IMPLEMENTATION NOTE - The class loader generates source URLs which
include the full JAR URL when a class is loaded from a JAR file,
which allows setting security permission at the class level, even
when a class is contained inside a JAR.
Which is indeed true and an interesting feature.
However, it violates the j2se policy syntax because the users
expectation of "/-" no longer works
In other words, with some structure like:
applications/web-modules/web_1
/WEB-INF/lib/foo.jar
...
/web_2
...
If the user wishes to grant permission X to all web module code, they
expect the following to work as documented in the policy syntax:
grant codeBase "file:.../applications/web-modules/-" {
permission X;
};
Turns out it doesn't, because WebappClassloader will make the
codesource something like "jar:file:...../foo.jar!/MyClass.class",
which will not match the grant.
I've see the norte inside the RELEASE-NOTES file, but would like to know
why exactly.
Merci,
-- Jeanfrancois
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [Q] WebappClassloader violates J2SE policy syntax?
Posted by Remy Maucherat <re...@apache.org>.
Glenn Nielsen wrote:
> Jeanfrancois Arcand wrote:
>
>> Hi,
>>
>> I've noticed a characteristic in the tomcat
>> loader.WebappClassloader and was wondering whether someone have any
>> recollection or insight as to why we did it that way.
>>
>> Classes loaded with this classloader get a "jar:" tacked as prefix in
>> their codesource.
>>
>> The javadoc has this to say:
>>
>> IMPLEMENTATION NOTE - The class loader generates source URLs which
>> include the full JAR URL when a class is loaded from a JAR file,
>> which allows setting security permission at the class level, even
>> when a class is contained inside a JAR.
>>
>> Which is indeed true and an interesting feature.
>>
>> However, it violates the j2se policy syntax because the users
>> expectation of "/-" no longer works
>>
>> In other words, with some structure like:
>>
>> applications/web-modules/web_1
>> /WEB-INF/lib/foo.jar
>> ...
>> /web_2
>> ...
>>
>> If the user wishes to grant permission X to all web module code, they
>> expect the following to work as documented in the policy syntax:
>>
>> grant codeBase "file:.../applications/web-modules/-" {
>> permission X;
>> };
>>
>> Turns out it doesn't, because WebappClassloader will make the
>> codesource something like "jar:file:...../foo.jar!/MyClass.class",
>> which will not match the grant.
>>
>> I've see the norte inside the RELEASE-NOTES file, but would like to
>> know why exactly.
>>
>> Merci,
>>
>> -- Jeanfrancois
>>
>
> You can do the grant to the entire jar file like this:
>
> "jar:file:..../foo.jar!/-"
>
> The jar:file syntax is no longer required in Tomcat 4.1, the code for
> Tomcat 5
> must have been forked before this change, or the documentation didn't
> get updated.
> I did a quick search of the release notes and found that it was changed
> in Tomcat
> 4.1.1 to fix bugzilla bug 8611. The change was needed to fix a bug with
> sealed
> jar files.
The patch was ported. The CodeSource object, as well as the package
definition, are made from the file: URL.
definePackage(packageName, entry.manifest,
entry.codeBase);
...
CodeSource codeSource =
new CodeSource(entry.codeBase, entry.certificates);
...
entry.codeBase = getURL(jarRealFiles[i]);
The implementation note should be removed, as it is no loger true
starting in 4.1.x.
Remy
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [Q] WebappClassloader violates J2SE policy syntax?
Posted by Glenn Nielsen <gl...@mail.more.net>.
Jeanfrancois Arcand wrote:
> Hi,
>
> I've noticed a characteristic in the tomcat
> loader.WebappClassloader and was wondering whether someone have any
> recollection or insight as to why we did it that way.
>
> Classes loaded with this classloader get a "jar:" tacked as prefix in
> their codesource.
>
> The javadoc has this to say:
>
> IMPLEMENTATION NOTE - The class loader generates source URLs which
> include the full JAR URL when a class is loaded from a JAR file,
> which allows setting security permission at the class level, even
> when a class is contained inside a JAR.
>
> Which is indeed true and an interesting feature.
>
> However, it violates the j2se policy syntax because the users
> expectation of "/-" no longer works
>
> In other words, with some structure like:
>
> applications/web-modules/web_1
> /WEB-INF/lib/foo.jar
> ...
> /web_2
> ...
>
> If the user wishes to grant permission X to all web module code, they
> expect the following to work as documented in the policy syntax:
>
> grant codeBase "file:.../applications/web-modules/-" {
> permission X;
> };
>
> Turns out it doesn't, because WebappClassloader will make the
> codesource something like "jar:file:...../foo.jar!/MyClass.class",
> which will not match the grant.
>
> I've see the norte inside the RELEASE-NOTES file, but would like to know
> why exactly.
>
> Merci,
>
> -- Jeanfrancois
>
You can do the grant to the entire jar file like this:
"jar:file:..../foo.jar!/-"
The jar:file syntax is no longer required in Tomcat 4.1, the code for Tomcat 5
must have been forked before this change, or the documentation didn't get updated.
I did a quick search of the release notes and found that it was changed in Tomcat
4.1.1 to fix bugzilla bug 8611. The change was needed to fix a bug with sealed
jar files.
Regards,
Glenn
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>