You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/11/19 00:09:47 UTC
svn commit: r1543223 - in /tomcat/trunk/java/org/apache/catalina/loader:
LocalStrings.properties WebappClassLoader.java
Author: markt
Date: Mon Nov 18 23:09:47 2013
New Revision: 1543223
URL: http://svn.apache.org/r1543223
Log:
Better conversion of base URLs to file permissions.
Modified:
tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
Modified: tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties?rev=1543223&r1=1543222&r2=1543223&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/catalina/loader/LocalStrings.properties Mon Nov 18 23:09:47 2013
@@ -13,6 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+webappClassLoader.addPermisionNoCanonicalFile=Unable to obtain a canonical file path from the URL [{0}]
+webappClassLoader.addPermisionNoProtocol=The protocol [{0}] in the URL [{1}] is not supported so no read permission was granted for resources located at this URL
webappClassLoader.illegalJarPath=Illegal JAR entry detected with name {0}
webappClassLoader.jdbcRemoveFailed=JDBC driver de-registration failed for web application [{0}]
webappClassLoader.jdbcRemoveStreamError=Exception closing input stream during JDBC driver de-registration for web application [{0}]
Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java?rev=1543223&r1=1543222&r2=1543223&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java (original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java Mon Nov 18 23:09:47 2013
@@ -28,6 +28,8 @@ import java.lang.ref.WeakReference;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.charset.StandardCharsets;
@@ -451,50 +453,52 @@ public class WebappClassLoader extends U
/**
- * If there is a Java SecurityManager create a read FilePermission
- * or JndiPermission for the file directory path.
+ * If there is a Java SecurityManager create a read permission for the
+ * target of the given URL as appropriate.
*
- * @param filepath file directory path
+ * @param url URL for a file or directory on local system
*/
- void addPermission(String filepath) {
- if (filepath == null) {
+ void addPermission(URL url) {
+ if (url == null) {
return;
}
-
- String path = filepath;
-
if (securityManager != null) {
- Permission permission = null;
- if (path.startsWith("file:")) {
- path = path.substring(5);
- if (!path.endsWith(File.separator)) {
- permission = new FilePermission(path, "read");
- addPermission(permission);
- path = path + File.separator;
+ String protocol = url.getProtocol();
+ if ("file".equalsIgnoreCase(protocol)) {
+ URI uri;
+ File f;
+ String path;
+ try {
+ uri = url.toURI();
+ f = new File(uri);
+ path = f.getCanonicalPath();
+ } catch (IOException | URISyntaxException e) {
+ log.warn(sm.getString(
+ "webappClassLoader.addPermisionNoCanonicalFile",
+ url.toExternalForm()));
+ return;
+ }
+ if (f.isFile()) {
+ // Allow the file to be read
+ addPermission(new FilePermission(path, "read"));
+ } else if (f.isDirectory()) {
+ addPermission(new FilePermission(path, "read"));
+ addPermission(new FilePermission(
+ path + File.separator + "-", "read"));
+ } else {
+ // File does not exist - ignore (shouldn't happen)
}
- permission = new FilePermission(path + "-", "read");
- addPermission(permission);
} else {
- // Unsupported resource location.
+ // Unsupported URL protocol
+ log.warn(sm.getString(
+ "webappClassLoader.addPermisionNoProtocol",
+ protocol, url.toExternalForm()));
}
}
}
/**
- * If there is a Java SecurityManager create a read FilePermission
- * or JndiPermission for URL.
- *
- * @param url URL for a file or directory on local system
- */
- void addPermission(URL url) {
- if (url != null) {
- addPermission(url.toString());
- }
- }
-
-
- /**
* If there is a Java SecurityManager create a Permission.
*
* @param permission The permission
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org