You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/04/06 20:47:38 UTC
svn commit: r1790461 - in /tomcat/trunk/java/org/apache/jasper:
runtime/PageContextImpl.java security/SecurityClassLoad.java
Author: markt
Date: Thu Apr 6 20:47:38 2017
New Revision: 1790461
URL: http://svn.apache.org/viewvc?rev=1790461&view=rev
Log:
Remove unnecessary privileged block from handlePageException.
I can't see anything in doHandlePageException that would trigger a security check.
Modified:
tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=1790461&r1=1790460&r2=1790461&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Thu Apr 6 20:47:38 2017
@@ -676,39 +676,12 @@ public class PageContextImpl extends Pag
}
@Override
- public void handlePageException(final Throwable t) throws IOException,
- ServletException {
- if (t == null)
+ @SuppressWarnings("deprecation") // Still jave to support old JSP EL
+ public void handlePageException(final Throwable t) throws IOException, ServletException {
+ if (t == null) {
throw new NullPointerException("null Throwable");
-
- if (SecurityUtil.isPackageProtectionEnabled()) {
- try {
- AccessController.doPrivileged(
- new PrivilegedExceptionAction<Void>() {
- @Override
- public Void run() throws Exception {
- doHandlePageException(t);
- return null;
- }
- });
- } catch (PrivilegedActionException e) {
- Exception ex = e.getException();
- if (ex instanceof IOException) {
- throw (IOException) ex;
- } else {
- throw (ServletException) ex;
- }
- }
- } else {
- doHandlePageException(t);
}
- }
-
- @SuppressWarnings("deprecation") // Still jave to support old JSP EL
- private void doHandlePageException(Throwable t) throws IOException,
- ServletException {
-
if (errorPageURL != null && !errorPageURL.equals("")) {
/*
@@ -735,8 +708,7 @@ public class PageContextImpl extends Pag
// The error page could be inside an include.
- Object newException =
- request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
+ Object newException = request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
// t==null means the attribute was not set.
if ((newException != null) && (newException == t)) {
@@ -763,12 +735,12 @@ public class PageContextImpl extends Pag
Throwable rootCause = null;
if (t instanceof JspException || t instanceof ELException ||
t instanceof javax.servlet.jsp.el.ELException) {
- rootCause =t.getCause();
+ rootCause = t.getCause();
}
if (rootCause != null) {
- throw new ServletException(t.getClass().getName() + ": "
- + t.getMessage(), rootCause);
+ throw new ServletException(
+ t.getClass().getName() + ": " + t.getMessage(), rootCause);
}
throw new ServletException(t);
Modified: tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1790461&r1=1790460&r2=1790461&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java (original)
+++ tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java Thu Apr 6 20:47:38 2017
@@ -55,7 +55,6 @@ public final class SecurityClassLoad {
loader.loadClass( basePackage + "runtime.PageContextImpl$2");
loader.loadClass( basePackage + "runtime.PageContextImpl$3");
loader.loadClass( basePackage + "runtime.PageContextImpl$4");
- loader.loadClass( basePackage + "runtime.PageContextImpl$5");
loader.loadClass( basePackage + "runtime.JspContextWrapper");
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org