tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r932869 - in /tomcat/tc5.5.x/trunk: STATUS.txt container/webapps/docs/changelog.xml jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java
Date Sun, 11 Apr 2010 11:32:27 GMT
Author: markt
Date: Sun Apr 11 11:32:26 2010
New Revision: 932869

URL: http://svn.apache.org/viewvc?rev=932869&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48580
Prevent AccessControlException if first access is to a JSP that uses a FunctionMapper

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
    tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=932869&r1=932868&r2=932869&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Sun Apr 11 11:32:26 2010
@@ -78,13 +78,6 @@ PATCHES PROPOSED TO BACKPORT:
   +1: kkolinko, markt
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48580
-  Prevent AccessControlException if first access is to a JSP that uses a FunctionMapper
-  https://issues.apache.org/bugzilla/attachment.cgi?id=25094
-  (it is markt's r915070)
-  +1: kkolinko, markt, kfujino
-  -1:
-
 * Remove JSSE13Factory, JSSE13SocketFactory classes,
   because
     - TC 5.5 runs on JRE 1.4+ and that comes bundled with JSSE 1.4,

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=932869&r1=932868&r2=932869&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Sun Apr 11 11:32:26 2010
@@ -76,6 +76,11 @@
         of JSP.5.3. The specification recommends, but does not require, this
         enforcement. (kkolinko)
       </fix>
+      <fix>
+        <bug>48580</bug>: Prevent AccessControlException when running under a
+        security manager if the first access is to a JSP that uses a
+        FunctionMapper. (markt/kkolinko)
+      </fix>
     </changelog>
   </subsection>
 </section>

Modified: tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java?rev=932869&r1=932868&r2=932869&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java
(original)
+++ tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/security/SecurityClassLoad.java
Sun Apr 11 11:32:26 2010
@@ -99,6 +99,9 @@ public final class SecurityClassLoad {
             loader.loadClass( basePackage +
                 "runtime.JspContextWrapper");   
 
+            // Trigger loading of class and reading of property (BZ48580)
+            SecurityUtil.isPackageProtectionEnabled();
+
             loader.loadClass( basePackage +
                 "servlet.JspServletWrapper");
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message