cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Santiago Gala <sg...@hisitech.com>
Subject [PATCH] [C2] CodeBase set correctly on classloading
Date Fri, 20 Apr 2001 18:34:05 GMT
I have the following changes related with classloading. I made them
while testing Cocoon2 with the tomcat "-security" option.

The rationale is that the classes loaded by the AbstractSitemap class,
if loaded without the patch, will get a "null" CodeSource, that means
they have minimal permissions. They need further permissions, depending
on the "url" that was used to load them.

Possibly here is where we can "cheat" with regards to the classes in
work/repository coming really from WEB-INF/classes, as I said in my
previous mail in the "problem with sitemap_xmap.java" thread.

As I send, I notice that AbstractSitemap could pass the url, and 
classUtils have a defineClass( byte[]. url ) handling the CodeSource 
stuff. It looks cleaner to have separation of classloading stuff into 
ClassUtils.

Note: I'm not sure if the patch is java 2 only. Also, I'm not sure if C2 
is java2 only (I don't use jdk1.1 since several months ago).


Index: src/org/apache/cocoon/sitemap/AbstractSitemap.java
===================================================================
RCS file:
/home/cvspublic/xml-cocoon/src/org/apache/cocoon/sitemap/Attic/AbstractSitemap.java,v
retrieving revision 1.1.2.33
diff -u -r1.1.2.33 AbstractSitemap.java
--- src/org/apache/cocoon/sitemap/AbstractSitemap.java  2001/04/17
18:18:50    1.1.2.33
+++ src/org/apache/cocoon/sitemap/AbstractSitemap.java  2001/04/20 18:19:27
@@ -15,6 +15,8 @@
  import java.util.List;
  import java.util.Map;

+import java.security.CodeSource;
+
  import org.apache.avalon.ComponentManager;
  import org.apache.avalon.Contextualizable;
  import org.apache.avalon.Context;
@@ -132,7 +134,8 @@
           if (classURL.indexOf(':') > 1) {
               URL url = urlFactory.getURL(classURL);
               byte [] b = getByteArrayFromStream(url.openStream());
-            clazz =
((RepositoryClassLoader)ClassUtils.getClassLoader()).defineClass(b);
+            CodeSource cs = new CodeSource(url, null); // No certs
+            clazz =
((RepositoryClassLoader)ClassUtils.getClassLoader()).defineClass(b, cs);
           } else {
               clazz = ClassUtils.loadClass(classURL);
           }
Index:
src/org/apache/cocoon/components/classloader/RepositoryClassLoader.java
===================================================================
RCS file:
/home/cvspublic/xml-cocoon/src/org/apache/cocoon/components/classloader/Attic/RepositoryClassLoader.java,v
retrieving revision 1.1.2.22
diff -u -r1.1.2.22 RepositoryClassLoader.java
---
src/org/apache/cocoon/components/classloader/RepositoryClassLoader.java
     2001/03/12 05:55:19      1.1.2.22
+++
src/org/apache/cocoon/components/classloader/RepositoryClassLoader.java
     2001/04/20 18:19:32
@@ -18,6 +18,8 @@
  import java.net.URLClassLoader;
  import java.net.MalformedURLException;

+import java.security.CodeSource;
+
  import org.apache.cocoon.util.NetUtils;
  import org.apache.cocoon.util.IOUtils;
  import org.apache.cocoon.util.ClassUtils;
@@ -107,7 +109,7 @@
     /**
      * Create a Class from a byte array
      */
-  public Class defineClass(byte [] b) throws ClassFormatError {
-      return super.defineClass(null, b, 0, b.length);
+  public Class defineClass(byte [] b, CodeSource cs) throws
ClassFormatError {
+      return super.defineClass(null, b, 0, b.length, cs);
     }
  }


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message