tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gl...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core ApplicationContext.java
Date Sun, 04 Feb 2001 00:49:41 GMT
glenn       01/02/03 16:49:41

  Modified:    catalina/src/share/org/apache/catalina/core
                        ApplicationContext.java
  Log:
  Implement SecurityManager
  
  Revision  Changes    Path
  1.14      +92 -25    jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
  
  Index: ApplicationContext.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationContext.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- ApplicationContext.java	2001/01/25 19:09:15	1.13
  +++ ApplicationContext.java	2001/02/04 00:49:41	1.14
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationContext.java,v
1.13 2001/01/25 19:09:15 remm Exp $
  - * $Revision: 1.13 $
  - * $Date: 2001/01/25 19:09:15 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationContext.java,v
1.14 2001/02/04 00:49:41 glenn Exp $
  + * $Revision: 1.14 $
  + * $Date: 2001/02/04 00:49:41 $
    *
    * ====================================================================
    *
  @@ -69,6 +69,10 @@
   import java.io.File;
   import java.net.MalformedURLException;
   import java.net.URL;
  +import java.security.AccessController;
  +import java.security.PrivilegedAction;
  +import java.security.PrivilegedExceptionAction;
  +import java.security.PrivilegedActionException;
   import java.util.ArrayList;
   import java.util.Arrays;
   import java.util.Enumeration;
  @@ -107,12 +111,60 @@
    *
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.13 $ $Date: 2001/01/25 19:09:15 $
  + * @version $Revision: 1.14 $ $Date: 2001/02/04 00:49:41 $
    */
   
   public final class ApplicationContext
       implements ServletContext {
   
  +    protected class PrivilegedGetRequestDispatcher implements PrivilegedAction {
  +        private String contextPath;
  +        private String relativeURI;
  +        private String queryString;                                       
  +
  +        PrivilegedGetRequestDispatcher(String contextPath, String relativeURI,
  +	    String queryString)
  +        {                                    
  +            this.contextPath = contextPath;
  +            this.relativeURI = relativeURI;
  +            this.queryString = queryString;
  +        }                                 
  +                                          
  +        public Object run() {
  +	    HttpRequestBase request = new HttpRequestBase();
  +            request.setContext(context);       
  +            request.setContextPath(context.getPath());
  +            request.setRequestURI(contextPath + relativeURI);
  +            request.setQueryString(queryString);
  +            Wrapper wrapper = (Wrapper) context.map(request, true);
  +            if (wrapper == null)               
  +                return (null);  
  +
  +            // Construct a RequestDispatcher to process this request
  +            HttpServletRequest hrequest = (HttpServletRequest) request.getRequest();
  +            return (RequestDispatcher) new ApplicationDispatcher(wrapper,
  +                hrequest.getServletPath(),     
  +                hrequest.getPathInfo(),   
  +                hrequest.getQueryString(),
  +                null);
  +        }                                    
  +    }
  +
  +    protected class PrivilegedGetResource implements PrivilegedExceptionAction {
  +	private String path;
  +	private DirContext resources;
  +
  +        PrivilegedGetResource(String path, DirContext resources)
  +        {
  +            this.path = path;
  +            this.resources = resources;
  +        }
  +         
  +        public Object run() throws Exception {
  +            return new URL("jndi", null, 0, path,
  +                   new DirContextURLStreamHandler(resources));
  +        }
  +    }
   
       // ----------------------------------------------------------- Constructors
   
  @@ -128,7 +180,6 @@
   	super();
   	this.context = context;
           this.basePath = basePath;
  -
       }
   
   
  @@ -397,25 +448,31 @@
               relativeURI = path.substring(0, question);
               queryString = path.substring(question + 1);
           }
  -        HttpRequestBase request = new HttpRequestBase();
  -        request.setContext(context);
  -        request.setContextPath(context.getPath());
  -        request.setRequestURI(contextPath + relativeURI);
  -        request.setQueryString(queryString);
  -        Wrapper wrapper = (Wrapper) context.map(request, true);
  -        if (wrapper == null)
  -            return (null);
  +	if( System.getSecurityManager() != null ) {
  +	    PrivilegedGetRequestDispatcher dp =
  +		new PrivilegedGetRequestDispatcher(contextPath,
  +			relativeURI,queryString);
  +	    return (RequestDispatcher)AccessController.doPrivileged(dp);
  +	}
   
  -        // Construct a RequestDispatcher to process this request
  -        HttpServletRequest hrequest =
  -            (HttpServletRequest) request.getRequest();
  -        ApplicationDispatcher dispatcher =
  -          new ApplicationDispatcher(wrapper,
  -                                    hrequest.getServletPath(),
  -                                    hrequest.getPathInfo(),
  -                                    hrequest.getQueryString(),
  -                                    null);
  -        return ((RequestDispatcher) dispatcher);
  +	// The remaining code is duplicated in PrivilegedGetRequestDispatcher,
  +	// we need to make sure they stay in sync
  +	HttpRequestBase request = new HttpRequestBase();
  +	request.setContext(context);   
  +	request.setContextPath(context.getPath());
  +	request.setRequestURI(contextPath + relativeURI);
  +	request.setQueryString(queryString);
  +	Wrapper wrapper = (Wrapper) context.map(request, true);
  +	if (wrapper == null)           
  +	    return (null);  
  +
  +	// Construct a RequestDispatcher to process this request
  +	HttpServletRequest hrequest = (HttpServletRequest) request.getRequest();
  +        return (RequestDispatcher) new ApplicationDispatcher(wrapper,
  +                        hrequest.getServletPath(), 
  +                        hrequest.getPathInfo(),    
  +                        hrequest.getQueryString(),
  +                        null);                   
   
       }
   
  @@ -432,14 +489,24 @@
        *  in the correct form
        */
       public URL getResource(String path) throws MalformedURLException {
  -
   	DirContext resources = context.getResources();
   	if (resources != null) {
               try {
                   resources.lookup(path);
  -                return new URL("jndi", null, 0, path, 
  +	        if( System.getSecurityManager() != null ) {
  +	            try {
  +	                PrivilegedGetResource dp =
  +			    new PrivilegedGetResource(path,resources);
  +	                return (URL)AccessController.doPrivileged(dp);
  +	            } catch( PrivilegedActionException pe) {
  +	                throw pe.getException();
  +	            }
  +	        } else {
  +                    return new URL("jndi", null, 0, path, 
                                  new DirContextURLStreamHandler(resources));
  +		}
               } catch (Exception e) {
  +		e.printStackTrace();
               }
           }
           return (null);
  
  
  

Mime
View raw message