Author: markt Date: Thu Nov 5 21:06:00 2015 New Revision: 1712866 URL: http://svn.apache.org/viewvc?rev=1712866&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58585 Fix security exceptions when starting with a security manager.
Modified: tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java tomcat/trunk/java/org/apache/coyote/http2/Stream.java Modified: tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java?rev=1712866&r1=1712865&r2=1712866&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java (original) +++ tomcat/trunk/java/org/apache/catalina/connector/OutputBuffer.java Thu Nov 5 21:06:00 2015 @@ -558,7 +558,7 @@ public class OutputBuffer extends Writer enc = org.apache.coyote.Constants.DEFAULT_CHARACTER_ENCODING; } - final Charset charset = B2CConverter.getCharset(enc); + final Charset charset = getCharset(enc); SynchronizedStack<C2BConverter> stack = encoders.get(charset); if (stack == null) { stack = new SynchronizedStack<>(); @@ -572,6 +572,30 @@ public class OutputBuffer extends Writer } } + + private static Charset getCharset(String encoding) throws IOException { + if (Globals.IS_SECURITY_ENABLED) { + try { + return AccessController.doPrivileged( + new PrivilegedExceptionAction<Charset>() { + @Override + public Charset run() throws IOException { + return B2CConverter.getCharset(encoding); + } + }); + } catch (PrivilegedActionException ex) { + Exception e = ex.getException(); + if (e instanceof IOException) { + throw (IOException) e; + } else { + throw new IOException(ex); + } + } + } else { + return B2CConverter.getCharset(encoding); + } + } + private static C2BConverter createConverter(Charset charset) throws IOException { if (Globals.IS_SECURITY_ENABLED){ Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1712866&r1=1712865&r2=1712866&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original) +++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu Nov 5 21:06:00 2015 @@ -70,6 +70,9 @@ public final class SecurityClassLoad { "ApplicationDispatcher$PrivilegedInclude"); loader.loadClass (basePackage + + "ApplicationPushBuilder"); + loader.loadClass + (basePackage + "AsyncContextImpl"); loader.loadClass (basePackage + @@ -167,6 +170,7 @@ public final class SecurityClassLoad { // Make sure system property is read at this point Class<?> clazz = loader.loadClass(basePackage + "Constants"); clazz.newInstance(); + loader.loadClass(basePackage + "http2.Stream$1"); } @@ -232,6 +236,9 @@ public final class SecurityClassLoad { "OutputBuffer$1"); loader.loadClass (basePackage + + "OutputBuffer$2"); + loader.loadClass + (basePackage + "CoyoteInputStream$1"); loader.loadClass (basePackage + @@ -268,10 +275,17 @@ public final class SecurityClassLoad { loader.loadClass(basePackage + "util.buf.StringCache"); loader.loadClass(basePackage + "util.buf.StringCache$ByteEntry"); loader.loadClass(basePackage + "util.buf.StringCache$CharEntry"); + // collections + loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap"); + loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntryImpl"); + loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntryIterator"); + loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntrySet"); + loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$Key"); // http + loader.loadClass(basePackage + "util.http.CookieProcessor"); + loader.loadClass(basePackage + "util.http.NamesEnumerator"); // Make sure system property is read at this point - Class<?> clazz = loader.loadClass( - basePackage + "util.http.FastHttpDateFormat"); + Class<?> clazz = loader.loadClass(basePackage + "util.http.FastHttpDateFormat"); clazz.newInstance(); loader.loadClass(basePackage + "util.http.parser.HttpParser"); loader.loadClass(basePackage + "util.http.parser.MediaType"); Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Stream.java?rev=1712866&r1=1712865&r2=1712866&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Thu Nov 5 21:06:00 2015 @@ -18,6 +18,9 @@ package org.apache.coyote.http2; import java.io.IOException; import java.nio.ByteBuffer; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.Iterator; import org.apache.coyote.ActionCode; @@ -387,10 +390,36 @@ public class Stream extends AbstractStre // TODO: Handle default ports request.getMimeHeaders().addValue(":authority").setString( request.serverName().getString() + ":" + request.getServerPort()); - handler.push(request, this); + push (handler, request, this); } + private static void push(Http2UpgradeHandler handler, Request request, Stream stream) + throws IOException { + if (org.apache.coyote.Constants.IS_SECURITY_ENABLED) { + try { + AccessController.doPrivileged( + new PrivilegedExceptionAction<Void>() { + @Override + public Void run() throws IOException { + handler.push(request, stream); + return null; + } + }); + } catch (PrivilegedActionException ex) { + Exception e = ex.getException(); + if (e instanceof IOException) { + throw (IOException) e; + } else { + throw new IOException(ex); + } + } + + } else { + handler.push(request, stream); + } + } + class StreamOutputBuffer implements OutputBuffer { private final ByteBuffer buffer = ByteBuffer.allocate(8 * 1024); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org