tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader WebappClassLoader.java WebappLoader.java
Date Wed, 31 Oct 2001 23:17:37 GMT
remm        01/10/31 15:17:37

  Modified:    catalina/src/share/org/apache/catalina/loader
                        WebappClassLoader.java WebappLoader.java
  Log:
  - If webapp is privileged, give it AllPermissions. This allows the relocated manager
    and admin webapp to work under a security manager (Jasper was causing
    some trouble).
  - Rename setPermissions methods to addPermission (that seems closer to what
    they actually do).
  - Most of the classloader setters now will do an explicit check for AllPermission.
  
  Revision  Changes    Path
  1.24      +52 -9     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
  
  Index: WebappClassLoader.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- WebappClassLoader.java	2001/10/31 19:00:43	1.23
  +++ WebappClassLoader.java	2001/10/31 23:17:37	1.24
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
1.23 2001/10/31 19:00:43 remm Exp $
  - * $Revision: 1.23 $
  - * $Date: 2001/10/31 19:00:43 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
1.24 2001/10/31 23:17:37 remm Exp $
  + * $Revision: 1.24 $
  + * $Date: 2001/10/31 23:17:37 $
    *
    * ====================================================================
    *
  @@ -124,7 +124,7 @@
    *
    * @author Remy Maucherat
    * @author Craig R. McClanahan
  - * @version $Revision: 1.23 $ $Date: 2001/10/31 19:00:43 $
  + * @version $Revision: 1.24 $ $Date: 2001/10/31 23:17:37 $
    */
   public class WebappClassLoader
       extends URLClassLoader
  @@ -347,6 +347,12 @@
       protected boolean hasExternalRepositories = false;
   
   
  +    /**
  +     * All permission.
  +     */
  +    private Permission allPermission = new java.security.AllPermission();
  +
  +
       // ------------------------------------------------------------- Properties
   
   
  @@ -367,6 +373,9 @@
        */
       public void setDebug(int debug) {
   
  +        if (securityManager != null)
  +            securityManager.checkPermission(allPermission);
  +
           this.debug = debug;
   
       }
  @@ -389,6 +398,9 @@
        */
       public void setDelegate(boolean delegate) {
   
  +        if (securityManager != null)
  +            securityManager.checkPermission(allPermission);
  +
           this.delegate = delegate;
   
       }
  @@ -400,15 +412,15 @@
        *
        * @param path file directory path
        */
  -    public void setPermissions(String path) {
  -        if( securityManager != null ) {
  +    public void addPermission(String path) {
  +        if (securityManager != null) {
               Permission permission = null;
               if( path.startsWith("jndi:") || path.startsWith("jar:jndi:") ) {
                   permission = new JndiPermission(path + "*");
               } else {
                   permission = new FilePermission(path + "-","read");
               }
  -            permissionList.add(permission);
  +            addPermission(permission);
           }
       }
   
  @@ -419,12 +431,25 @@
        *
        * @param url URL for a file or directory on local system
        */
  -    public void setPermissions(URL url) {
  -        setPermissions(url.toString());
  +    public void addPermission(URL url) {
  +        addPermission(url.toString());
       }
   
   
       /**
  +     * If there is a Java SecurityManager create a Permission.
  +     *
  +     * @param url URL for a file or directory on local system
  +     */
  +    public void addPermission(Permission permission) {
  +        if ((securityManager != null) && (permission != null)) {
  +            securityManager.checkPermission(allPermission);
  +            permissionList.add(permission);
  +        }
  +    }
  +
  +
  +    /**
        * Return the JAR path.
        */
       public String getJarPath() {
  @@ -439,6 +464,9 @@
        */
       public void setJarPath(String jarPath) {
   
  +        if (securityManager != null)
  +            securityManager.checkPermission(allPermission);
  +
           this.jarPath = jarPath;
   
       }
  @@ -459,6 +487,9 @@
        */
       public void addRepository(String repository) {
   
  +        if (securityManager != null)
  +            securityManager.checkPermission(allPermission);
  +
           // Ignore any of the standard repositories, as they are set up using
           // either addJar or addRepository
           if (repository.startsWith("/WEB-INF/lib")
  @@ -489,6 +520,9 @@
        */
       synchronized void addRepository(String repository, File file) {
   
  +        if (securityManager != null)
  +            securityManager.checkPermission(allPermission);
  +
           // Note : There should be only one (of course), but I think we should
           // keep this a bit generic
   
  @@ -522,6 +556,9 @@
       synchronized void addJar(String jar, JarFile jarFile, File file)
           throws IOException {
   
  +        if (securityManager != null)
  +            securityManager.checkPermission(allPermission);
  +
           if (jar == null)
               return;
           if (jarFile == null)
  @@ -1426,6 +1463,9 @@
        */
       public void start() throws LifecycleException {
   
  +        if (securityManager != null)
  +            securityManager.checkPermission(allPermission);
  +
           started = true;
   
       }
  @@ -1437,6 +1477,9 @@
        * @exception LifecycleException if a lifecycle error occurs
        */
       public void stop() throws LifecycleException {
  +
  +        if (securityManager != null)
  +            securityManager.checkPermission(allPermission);
   
           started = false;
   
  
  
  
  1.17      +16 -11    jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappLoader.java
  
  Index: WebappLoader.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappLoader.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- WebappLoader.java	2001/10/31 19:00:43	1.16
  +++ WebappLoader.java	2001/10/31 23:17:37	1.17
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappLoader.java,v
1.16 2001/10/31 19:00:43 remm Exp $
  - * $Revision: 1.16 $
  - * $Date: 2001/10/31 19:00:43 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappLoader.java,v
1.17 2001/10/31 23:17:37 remm Exp $
  + * $Revision: 1.17 $
  + * $Date: 2001/10/31 23:17:37 $
    *
    * ====================================================================
    *
  @@ -119,7 +119,7 @@
    *
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.16 $ $Date: 2001/10/31 19:00:43 $
  + * @version $Revision: 1.17 $ $Date: 2001/10/31 23:17:37 $
    */
   
   public class WebappLoader
  @@ -798,6 +798,11 @@
           if (!(container instanceof Context))
               return;
   
  +        if (((Context) container).getPrivileged()) {
  +            classLoader.addPermission(new java.security.AllPermission());
  +            return;
  +        }
  +
           // Tell the class loader the root of the context
           ServletContext servletContext =
               ((Context) container).getServletContext();
  @@ -805,7 +810,7 @@
           try {
   
               URL rootURL = servletContext.getResource("/");
  -            classLoader.setPermissions(rootURL);
  +            classLoader.addPermission(rootURL);
   
               String contextRoot = servletContext.getRealPath("/");
               if (contextRoot != null) {
  @@ -813,7 +818,7 @@
                       contextRoot = 
                           (new File(contextRoot)).getCanonicalPath() 
                           + File.separator;
  -                    classLoader.setPermissions(contextRoot);
  +                    classLoader.addPermission(contextRoot);
                   } catch (IOException e) {
                       // Ignore
                   }
  @@ -822,11 +827,11 @@
               URL classesURL =
                   servletContext.getResource("/WEB-INF/classes/");
               if (classesURL != null)
  -                classLoader.setPermissions(classesURL);
  +                classLoader.addPermission(classesURL);
   
               URL libURL = servletContext.getResource("/WEB-INF/lib/");
               if (libURL != null) {
  -                classLoader.setPermissions(libURL);
  +                classLoader.addPermission(libURL);
               }
   
               if (contextRoot != null) {
  @@ -840,7 +845,7 @@
                       } catch (IOException e) {
                       }
                       if (path != null)
  -                        classLoader.setPermissions(path);
  +                        classLoader.addPermission(path);
                   }
   
               } else {
  @@ -856,7 +861,7 @@
                               path = libDir.getCanonicalPath() + File.separator;
                           } catch (IOException e) {
                           }
  -                        classLoader.setPermissions(path);
  +                        classLoader.addPermission(path);
                       }
                       if (classesURL != null) {
                           File classesDir =
  @@ -867,7 +872,7 @@
                                   + File.separator;
                           } catch (IOException e) {
                           }
  -                        classLoader.setPermissions(path);
  +                        classLoader.addPermission(path);
                       }
                   }
   
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message