tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: [tomcat] 02/02: Additional changes required to enable EnvironmentPropertySource
Date Sat, 14 Sep 2019 19:01:42 GMT

Am 12.09.19 um 22:40 schrieb markt@apache.org:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit cae17a52598393680952aa21cee0e27b13a73455
> Author: Mark Thomas <markt@apache.org>
> AuthorDate: Thu Sep 12 15:31:26 2019 +0100
>
>     Additional changes required to enable EnvironmentPropertySource
> ---
>  .../org/apache/tomcat/util/IntrospectionUtils.java | 49 ++++++++++++++++++++--
>  java/org/apache/tomcat/util/digester/Digester.java | 33 ++++++++++-----
>  webapps/docs/changelog.xml                         |  4 +-
>  3 files changed, 69 insertions(+), 17 deletions(-)
>
> diff --git a/java/org/apache/tomcat/util/IntrospectionUtils.java b/java/org/apache/tomcat/util/IntrospectionUtils.java
> index 3ffa702..f6ac737 100644
> --- a/java/org/apache/tomcat/util/IntrospectionUtils.java
> +++ b/java/org/apache/tomcat/util/IntrospectionUtils.java
> @@ -476,9 +499,27 @@ public final class IntrospectionUtils {
>      // This provides a layer of abstraction
>  
>      public static interface PropertySource {
> -
>          public String getProperty(String key);
> -
>      }
>  
> +
> +    public static interface PropertySourceSecure extends PropertySource {

I think a better name would be SecurePropertySource or
ClassloaderAwarePropertySource. The thing that it represents should be
at the end of the name IMHO.

At work I prototyped a similar approach and introduced a
NamespaceAwarePropertySource. It is basically an interface that has a
getNamespace() method that returns a prefix for the keys. I think that
it would be nice if these two approaches. My prototype didn't try to
call a security manager, but with this commit it would be easy to add.

On the other hand it uses a ServiceLoader approach to automatically find
all NamespaceAwarePropertySources. Do you think this would be a good
addition for Tomcat?

Regards

 Felix

> +
> +        /**
> +         * Obtain a property value, checking that code associated with the
> +         * provided class loader has permission to access the property. If the
> +         * {@code classLoader} is {@code null} or if {@code classLoader} does
> +         * not implement {@link PermissionCheck} then the property value will be
> +         * looked up <b>without</b> a call to
> +         * {@link PermissionCheck#check(java.security.Permission)}
> +         *
> +         * @param key               The key of the requested property
> +         * @param classLoader   The class loader associated with the code that
> +         *                      trigger the property lookup
> +         * @return The property value or {@code null} if it could not be found
> +         *         or if {@link PermissionCheck#check(java.security.Permission)}
> +         *         fails
> +         */
> +        public String getProperty(String key, ClassLoader classLoader);
> +    }

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message