tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r777554 - in /tomcat/tc6.0.x/trunk: ./ conf/ java/org/apache/catalina/security/ java/org/apache/catalina/util/ java/org/apache/jasper/el/ java/org/apache/jasper/runtime/ webapps/docs/
Date Fri, 22 May 2009 14:54:32 GMT
Author: markt
Date: Fri May 22 14:54:32 2009
New Revision: 777554

URL: http://svn.apache.org/viewvc?rev=777554&view=rev
Log:
Port security manager fixes from trunk. JSP TCK now passes when running under a SecurityManager.

Modified:
    tomcat/tc6.0.x/trunk/   (props changed)
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/conf/catalina.policy
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/DefaultAnnotationProcessor.java
    tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELContextImpl.java
    tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELResolverImpl.java
    tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java
    tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspApplicationContextImpl.java
    tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspFactoryImpl.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri May 22 14:54:32 2009
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719119,719124,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757774,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Fri May 22 14:54:32 2009
@@ -47,32 +47,6 @@
       So to make this bug actually worth while fixing, and not impact performance, then it
should only do this check on files that 
       are relevant to the reload of an application, in other words a watched resource
 
-* Changes required to run with a security manager
-  http://svn.apache.org/viewvc?rev=721286&view=rev (original)
-  http://svn.apache.org/viewvc?rev=721704&view=rev (original)
-  http://svn.apache.org/viewvc?rev=721708&view=rev (original)
-  http://svn.apache.org/viewvc?rev=721886&view=rev (original)
-  http://svn.apache.org/viewvc?rev=746425&view=rev (to address Bill's concerns)
-  http://svn.apache.org/viewvc?rev=757335&view=rev (to remove the Catalina dep)
-  +1: markt, billbarker
-  +1: kkolinko (good, but I have some concerns:
-    r721286 : 
-     You have added an anonymous inner class to JspFactoryImpl. That class is
-     preloaded by o.a.jasper.security.SecurityClassLoad. I wonder, whether the
-     new inner class should also be preloaded. Do not have experience to prove
-     it, though.
-     Plus, see issue #47214 in Bugzilla for my concerns on naming.
-    r721704 :
-     o.k.
-     (I have concerns about DefaultInstanceManager (see issue #47214), but
-     that class does not exist in TC 6.0)
-    r746425:
-     Implementation of ELResolverImpl.getDefaultResolver():
-       All those "(CompositeELResolver)" casts can be removed if you change
-       type of the local variable.
-    r721708, r721886, r757335: o.k.
-  )
-
 * Backport cleanup of semantics of thisAccessedTime and
   lastAccessedTime for sessions:
   - preparational whitespace changes

Modified: tomcat/tc6.0.x/trunk/conf/catalina.policy
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/conf/catalina.policy?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/conf/catalina.policy (original)
+++ tomcat/tc6.0.x/trunk/conf/catalina.policy Fri May 22 14:54:32 2009
@@ -134,13 +134,14 @@
     // Allow read of JAXP compliant XML parser debug
     permission java.util.PropertyPermission "jaxp.debug", "read";
 
-    // Precompiled JSPs need access to this package.
+    // Precompiled JSPs need access to these packages.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
     
-    // Precompiled JSPs need access to this system property.
+    // Precompiled JSPs need access to these system properties.
     permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER",
"read";
-
+    permission java.util.PropertyPermission "org.apache.el.parser.COERCE_TO_ZERO", "read";
 };
 
 

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Fri May
22 14:54:32 2009
@@ -100,6 +100,10 @@
         loader.loadClass
             (basePackage + "util.URL");
         loader.loadClass(basePackage + "util.Enumerator");
+        loader.loadClass(basePackage + "util.DefaultAnnotationProcessor$1");
+        loader.loadClass(basePackage + "util.DefaultAnnotationProcessor$2");
+        loader.loadClass(basePackage + "util.DefaultAnnotationProcessor$3");
+        loader.loadClass(basePackage + "util.DefaultAnnotationProcessor$4");
     }
     
     

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/DefaultAnnotationProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/DefaultAnnotationProcessor.java?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/DefaultAnnotationProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/DefaultAnnotationProcessor.java Fri
May 22 14:54:32 2009
@@ -111,7 +111,20 @@
         Class<?> clazz = instance.getClass();
         
         while (clazz != null) {
-            Method[] methods = clazz.getDeclaredMethods();
+            Method[] methods;
+            // Hack so PrivilegedAction can access clazz object
+            final Class<?> clazz2 = clazz;
+            if (Globals.IS_SECURITY_ENABLED) {
+                methods = AccessController.doPrivileged(
+                        new PrivilegedAction<Method[]>(){
+                            public Method[] run(){
+                                return clazz2.getDeclaredMethods();
+                            }
+                        });
+            } else {
+                methods = clazz.getDeclaredMethods();
+            }
+
             Method preDestroy = null;
             for (int i = 0; i < methods.length; i++) {
                 if (methods[i].isAnnotationPresent(PreDestroy.class)) {

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELContextImpl.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELContextImpl.java?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELContextImpl.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELContextImpl.java Fri May 22 14:54:32
2009
@@ -26,6 +26,8 @@
 import javax.el.ValueExpression;
 import javax.el.VariableMapper;
 
+import org.apache.jasper.Constants;
+
 /**
  * Implementation of ELContext
  * 
@@ -61,12 +63,21 @@
 
     private final ELResolver resolver;
 
-    private FunctionMapper functionMapper = NullFunctionMapper; // immutable
+    private FunctionMapper functionMapper;
 
     private VariableMapper variableMapper;
 
     public ELContextImpl() {
-        this(ELResolverImpl.DefaultResolver);
+        this(ELResolverImpl.getDefaultResolver());
+        if (Constants.IS_SECURITY_ENABLED) {
+            functionMapper = new FunctionMapper() {
+                public Method resolveFunction(String prefix, String localName) {
+                    return null;
+                }
+            };
+        } else {
+            functionMapper = NullFunctionMapper;
+        }
     }
 
     public ELContextImpl(ELResolver resolver) {

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELResolverImpl.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELResolverImpl.java?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELResolverImpl.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ELResolverImpl.java Fri May 22 14:54:32
2009
@@ -32,8 +32,10 @@
 import javax.el.ResourceBundleELResolver;
 import javax.servlet.jsp.el.VariableResolver;
 
+import org.apache.jasper.Constants;
+
 public final class ELResolverImpl extends ELResolver {
-	
+	/** @deprecated - Use getDefaultResolver(). Needs to be made private */
 	public final static ELResolver DefaultResolver = new CompositeELResolver();
 
 	static {
@@ -69,7 +71,7 @@
 		}
 
 		if (!context.isPropertyResolved()) {
-			return DefaultResolver.getValue(context, base, property);
+			return getDefaultResolver().getValue(context, base, property);
 		}
 		return null;
 	}
@@ -94,7 +96,7 @@
 		}
 
 		if (!context.isPropertyResolved()) {
-			return DefaultResolver.getType(context, base, property);
+			return getDefaultResolver().getType(context, base, property);
 		}
 		return null;
 	}
@@ -114,7 +116,7 @@
 		}
 
 		if (!context.isPropertyResolved()) {
-			DefaultResolver.setValue(context, base, property, value);
+			getDefaultResolver().setValue(context, base, property, value);
 		}
 	}
 
@@ -129,18 +131,31 @@
 			return true;
 		}
 
-		return DefaultResolver.isReadOnly(context, base, property);
+		return getDefaultResolver().isReadOnly(context, base, property);
 	}
 
 	public Iterator<java.beans.FeatureDescriptor> getFeatureDescriptors(ELContext context,
Object base) {
-		return DefaultResolver.getFeatureDescriptors(context, base);
+		return getDefaultResolver().getFeatureDescriptors(context, base);
 	}
 
 	public Class<?> getCommonPropertyType(ELContext context, Object base) {
 		if (base == null) {
 			return String.class;
 		}
-		return DefaultResolver.getCommonPropertyType(context, base);
+		return getDefaultResolver().getCommonPropertyType(context, base);
 	}
 
+	public static ELResolver getDefaultResolver() {
+	    if (Constants.IS_SECURITY_ENABLED) {
+	        ELResolver defaultResolver = new CompositeELResolver();
+	        ((CompositeELResolver) defaultResolver).add(new MapELResolver());
+	        ((CompositeELResolver) defaultResolver).add(new ResourceBundleELResolver());
+	        ((CompositeELResolver) defaultResolver).add(new ListELResolver());
+	        ((CompositeELResolver) defaultResolver).add(new ArrayELResolver());
+	        ((CompositeELResolver) defaultResolver).add(new BeanELResolver());
+	        return defaultResolver;
+	    } else {
+	        return DefaultResolver;
+	    }
+	}
 }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java Fri May 22
14:54:32 2009
@@ -38,7 +38,8 @@
 	public Expression parseExpression(String expression, Class expectedType,
 			FunctionMapper fMapper) throws ELException {
 		try {
-			ELContextImpl ctx = new ELContextImpl(ELResolverImpl.DefaultResolver);
+			ELContextImpl ctx =
+			    new ELContextImpl(ELResolverImpl.getDefaultResolver());
             if (fMapper != null) {
                 ctx.setFunctionMapper(new FunctionMapperImpl(fMapper));
             }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspApplicationContextImpl.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspApplicationContextImpl.java?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspApplicationContextImpl.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspApplicationContextImpl.java Fri
May 22 14:54:32 2009
@@ -16,6 +16,8 @@
  */
 package org.apache.jasper.runtime;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
@@ -37,6 +39,7 @@
 import javax.servlet.jsp.el.ScopedAttributeELResolver;
 
 import org.apache.el.ExpressionFactoryImpl;
+import org.apache.jasper.Constants;
 import org.apache.jasper.el.ELContextImpl;
 
 /**
@@ -88,8 +91,19 @@
 		}
 
 		// create ELContext for JspContext
-		ELResolver r = this.createELResolver();
-		ELContextImpl ctx = new ELContextImpl(r);
+		final ELResolver r = this.createELResolver();
+		ELContextImpl ctx;
+		if (Constants.IS_SECURITY_ENABLED) {
+		    ctx = AccessController.doPrivileged(
+		            new PrivilegedAction<ELContextImpl>() {
+		                public ELContextImpl run() {
+		                    return new ELContextImpl(r);
+		                }
+		            });
+		} else {
+		    ctx = new ELContextImpl(r);
+		}
+
 		ctx.putContext(JspContext.class, context);
 
 		// alert all ELContextListeners

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspFactoryImpl.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspFactoryImpl.java?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspFactoryImpl.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/runtime/JspFactoryImpl.java Fri May 22 14:54:32
2009
@@ -196,7 +196,17 @@
 
     }
 
-    public JspApplicationContext getJspApplicationContext(ServletContext context) {
-        return JspApplicationContextImpl.getInstance(context);
+    public JspApplicationContext getJspApplicationContext(
+            final ServletContext context) {
+        if (Constants.IS_SECURITY_ENABLED) {
+            return AccessController.doPrivileged(
+                    new PrivilegedAction<JspApplicationContext>() {
+                public JspApplicationContext run() {
+                    return JspApplicationContextImpl.getInstance(context);
+                }
+            });
+        } else {
+            return JspApplicationContextImpl.getInstance(context);
+        }
     }
 }

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=777554&r1=777553&r2=777554&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri May 22 14:54:32 2009
@@ -32,6 +32,17 @@
   </properties>
 
 <body>
+<section name="Tomcat 6.0.21 (remm)">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        Fix issues with expression language when running under a
+        SecurityManager. (markt)
+      </fix>
+    </changelog>
+  </subsection>
+</section>
+
 <section name="Tomcat 6.0.20 (remm)">
   <subsection name="Catalina">
     <changelog>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message