You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/11/05 22:06:01 UTC
svn commit: r1712866 - in /tomcat/trunk/java/org/apache:
catalina/connector/OutputBuffer.java
catalina/security/SecurityClassLoad.java coyote/http2/Stream.java
Author: markt
Date: Thu Nov 5 21:06:00 2015
New Revision: 1712866
URL: http://svn.apache.org/viewvc?rev=1712866&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58585
Fix security exceptions when starting with a security manager.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java
tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/trunk/java/org/apache/coyote/http2/Stream.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java?rev=1712866&r1=1712865&r2=1712866&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java Thu Nov 5 21:06:00 2015
@@ -558,7 +558,7 @@ public class OutputBuffer extends Writer
enc = org.apache.coyote.Constants.DEFAULT_CHARACTER_ENCODING;
}
- final Charset charset = B2CConverter.getCharset(enc);
+ final Charset charset = getCharset(enc);
SynchronizedStack<C2BConverter> stack = encoders.get(charset);
if (stack == null) {
stack = new SynchronizedStack<>();
@@ -572,6 +572,30 @@ public class OutputBuffer extends Writer
}
}
+
+ private static Charset getCharset(String encoding) throws IOException {
+ if (Globals.IS_SECURITY_ENABLED) {
+ try {
+ return AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Charset>() {
+ @Override
+ public Charset run() throws IOException {
+ return B2CConverter.getCharset(encoding);
+ }
+ });
+ } catch (PrivilegedActionException ex) {
+ Exception e = ex.getException();
+ if (e instanceof IOException) {
+ throw (IOException) e;
+ } else {
+ throw new IOException(ex);
+ }
+ }
+ } else {
+ return B2CConverter.getCharset(encoding);
+ }
+ }
+
private static C2BConverter createConverter(Charset charset) throws IOException {
if (Globals.IS_SECURITY_ENABLED){
Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1712866&r1=1712865&r2=1712866&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original)
+++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu Nov 5 21:06:00 2015
@@ -70,6 +70,9 @@ public final class SecurityClassLoad {
"ApplicationDispatcher$PrivilegedInclude");
loader.loadClass
(basePackage +
+ "ApplicationPushBuilder");
+ loader.loadClass
+ (basePackage +
"AsyncContextImpl");
loader.loadClass
(basePackage +
@@ -167,6 +170,7 @@ public final class SecurityClassLoad {
// Make sure system property is read at this point
Class<?> clazz = loader.loadClass(basePackage + "Constants");
clazz.newInstance();
+ loader.loadClass(basePackage + "http2.Stream$1");
}
@@ -232,6 +236,9 @@ public final class SecurityClassLoad {
"OutputBuffer$1");
loader.loadClass
(basePackage +
+ "OutputBuffer$2");
+ loader.loadClass
+ (basePackage +
"CoyoteInputStream$1");
loader.loadClass
(basePackage +
@@ -268,10 +275,17 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "util.buf.StringCache");
loader.loadClass(basePackage + "util.buf.StringCache$ByteEntry");
loader.loadClass(basePackage + "util.buf.StringCache$CharEntry");
+ // collections
+ loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap");
+ loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntryImpl");
+ loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntryIterator");
+ loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntrySet");
+ loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$Key");
// http
+ loader.loadClass(basePackage + "util.http.CookieProcessor");
+ loader.loadClass(basePackage + "util.http.NamesEnumerator");
// Make sure system property is read at this point
- Class<?> clazz = loader.loadClass(
- basePackage + "util.http.FastHttpDateFormat");
+ Class<?> clazz = loader.loadClass(basePackage + "util.http.FastHttpDateFormat");
clazz.newInstance();
loader.loadClass(basePackage + "util.http.parser.HttpParser");
loader.loadClass(basePackage + "util.http.parser.MediaType");
Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Stream.java?rev=1712866&r1=1712865&r2=1712866&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Thu Nov 5 21:06:00 2015
@@ -18,6 +18,9 @@ package org.apache.coyote.http2;
import java.io.IOException;
import java.nio.ByteBuffer;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import org.apache.coyote.ActionCode;
@@ -387,10 +390,36 @@ public class Stream extends AbstractStre
// TODO: Handle default ports
request.getMimeHeaders().addValue(":authority").setString(
request.serverName().getString() + ":" + request.getServerPort());
- handler.push(request, this);
+ push (handler, request, this);
}
+ private static void push(Http2UpgradeHandler handler, Request request, Stream stream)
+ throws IOException {
+ if (org.apache.coyote.Constants.IS_SECURITY_ENABLED) {
+ try {
+ AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Void>() {
+ @Override
+ public Void run() throws IOException {
+ handler.push(request, stream);
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException ex) {
+ Exception e = ex.getException();
+ if (e instanceof IOException) {
+ throw (IOException) e;
+ } else {
+ throw new IOException(ex);
+ }
+ }
+
+ } else {
+ handler.push(request, stream);
+ }
+ }
+
class StreamOutputBuffer implements OutputBuffer {
private final ByteBuffer buffer = ByteBuffer.allocate(8 * 1024);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org