tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kkoli...@apache.org
Subject svn commit: r1722923 - in /tomcat/trunk: java/org/apache/catalina/core/DefaultInstanceManager.java java/org/apache/catalina/core/LocalStrings.properties webapps/docs/changelog.xml
Date Mon, 04 Jan 2016 17:31:16 GMT
Author: kkolinko
Date: Mon Jan  4 17:31:16 2016
New Revision: 1722923

URL: http://svn.apache.org/viewvc?rev=1722923&view=rev
Log:
Simplify code and fix messages in org.apache.catalina.core.DefaultInstanceManager class.

Modified:
    tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java
    tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?rev=1722923&r1=1722922&r2=1722923&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java Mon Jan  4 17:31:16
2016
@@ -27,10 +27,13 @@ import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.Set;
 import java.util.WeakHashMap;
 
 import javax.annotation.PostConstruct;
@@ -41,8 +44,6 @@ import javax.naming.Context;
 import javax.naming.NamingException;
 import javax.persistence.PersistenceContext;
 import javax.persistence.PersistenceUnit;
-import javax.servlet.Filter;
-import javax.servlet.Servlet;
 import javax.xml.ws.WebServiceRef;
 
 import org.apache.catalina.ContainerServlet;
@@ -72,9 +73,7 @@ public class DefaultInstanceManager impl
     protected final ClassLoader containerClassLoader;
     protected final boolean privileged;
     protected final boolean ignoreAnnotations;
-    private final Properties restrictedFilters;
-    private final Properties restrictedListeners;
-    private final Properties restrictedServlets;
+    private final Set<String> restrictedClasses;
     private final Map<Class<?>, AnnotationCacheEntry[]> annotationCache =
         new WeakHashMap<>();
     private final Map<String, String> postConstructMethods;
@@ -89,15 +88,17 @@ public class DefaultInstanceManager impl
         this.containerClassLoader = containerClassLoader;
         ignoreAnnotations = catalinaContext.getIgnoreAnnotations();
         Log log = catalinaContext.getLogger();
-        restrictedServlets = loadProperties(
+        Set<String> classNames = new HashSet<>();
+        loadProperties(classNames,
                 "org/apache/catalina/core/RestrictedServlets.properties",
                 "defaultInstanceManager.restrictedServletsResource", log);
-        restrictedListeners = loadProperties(
+        loadProperties(classNames,
                 "org/apache/catalina/core/RestrictedListeners.properties",
                 "defaultInstanceManager.restrictedListenersResource", log);
-        restrictedFilters = loadProperties(
+        loadProperties(classNames,
                 "org/apache/catalina/core/RestrictedFilters.properties",
                 "defaultInstanceManager.restrictedFiltersResource", log);
+        restrictedClasses = Collections.unmodifiableSet(classNames);
         this.context = context;
         this.injectionMap = injectionMap;
         this.postConstructMethods = catalinaContext.findPostConstructMethods();
@@ -521,27 +522,17 @@ public class DefaultInstanceManager impl
         if (privileged) {
             return;
         }
-        if (Filter.class.isAssignableFrom(clazz)) {
-            checkAccess(clazz, restrictedFilters);
-        } else if (Servlet.class.isAssignableFrom(clazz)) {
-            if (ContainerServlet.class.isAssignableFrom(clazz)) {
-                throw new SecurityException("Restricted (ContainerServlet) " +
-                        clazz);
-            }
-            checkAccess(clazz, restrictedServlets);
-        } else {
-            checkAccess(clazz, restrictedListeners);
+        if (ContainerServlet.class.isAssignableFrom(clazz)) {
+            throw new SecurityException(sm.getString(
+                    "defaultInstanceManager.restrictedContainerServlet", clazz));
         }
-    }
-
-    private void checkAccess(Class<?> clazz, Properties restricted) {
         while (clazz != null) {
-            if ("restricted".equals(restricted.getProperty(clazz.getName()))) {
-                throw new SecurityException("Restricted " + clazz);
+            if (restrictedClasses.contains(clazz.getName())) {
+                throw new SecurityException(sm.getString(
+                        "defaultInstanceManager.restrictedClass", clazz));
             }
             clazz = clazz.getSuperclass();
         }
-
     }
 
     /**
@@ -621,19 +612,31 @@ public class DefaultInstanceManager impl
         }
     }
 
-    private static Properties loadProperties(String resourceName, String messageKey, Log
log) {
-        Properties result = new Properties();
+    private static void loadProperties(Set<String> classNames, String resourceName,
+            String messageKey, Log log) {
+        Properties properties = new Properties();
         ClassLoader cl = DefaultInstanceManager.class.getClassLoader();
         try (InputStream is = cl.getResourceAsStream(resourceName)) {
             if (is == null) {
                 log.error(sm.getString(messageKey, resourceName));
             } else {
-                result.load(is);
+                properties.load(is);
             }
         } catch (IOException ioe) {
             log.error(sm.getString(messageKey, resourceName), ioe);
         }
-        return result;
+        if (properties.isEmpty()) {
+            return;
+        }
+        for (Map.Entry<Object, Object> e : properties.entrySet()) {
+            if ("restricted".equals(e.getValue())) {
+                classNames.add(e.getKey().toString());
+            } else {
+                log.warn(sm.getString(
+                        "defaultInstanceManager.restrictedWrongValue",
+                        resourceName, e.getKey(), e.getValue()));
+            }
+        }
     }
 
     private static String normalize(String jndiName){

Modified: tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties?rev=1722923&r1=1722922&r2=1722923&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties Mon Jan  4 17:31:16
2016
@@ -222,6 +222,9 @@ threadLocalLeakPreventionListener.lifecy
 threadLocalLeakPreventionListener.containerEvent.error=Exception processing container event
{0}
 
 defaultInstanceManager.invalidInjection=Invalid method resource injection annotation
+defaultInstanceManager.restrictedClass=Access to class [{0}] is forbidden. It is a restricted
class. A web application must be configured as privileged to be able to load it
+defaultInstanceManager.restrictedContainerServlet=Access to class [{0}] is forbidden. It
is a restricted class (implements ContainerServlet interface). A web application must be configured
as privileged to be able to load it
+defaultInstanceManager.restrictedWrongValue=Wrong value in restricted classes property file
[{0}] for class name [{1}]. Expected value: [restricted], actual value: [{2}]
 defaultInstanceManager.restrictedFiltersResource=Restricted filters property file not found
[{0}]
 defaultInstanceManager.restrictedListenersResource=Restricted listeners property file not
found [{0}]
 defaultInstanceManager.restrictedServletsResource=Restricted servlets property file not found
[{0}]

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1722923&r1=1722922&r2=1722923&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jan  4 17:31:16 2016
@@ -159,6 +159,11 @@
         Add the <code>StatusManagerServlet</code> to the list of Servlets that
         can only be loaded by privileged applications. (markt)
       </fix>
+      <fix>
+        Simplify code and fix messages in
+        <code>org.apache.catalina.core.DefaultInstanceManager</code> class.
+        (kkolinko)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message