Author: cziegeler Date: Wed Sep 20 09:42:37 2017 New Revision: 1808979 URL: http://svn.apache.org/viewvc?rev=1808979&view=rev Log: Use correct access control context
Modified: felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java Modified: felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java?rev=1808979&r1=1808978&r2=1808979&view=diff ============================================================================== --- felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java (original) +++ felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java Wed Sep 20 09:42:37 2017 @@ -133,7 +133,8 @@ public final class Dispatcher final HttpServletRequest wrappedRequest = new ServletRequestWrapper(req, servletContext, requestInfo, null, pr.handler.getContextServiceId(), pr.handler.getServletInfo().isAsyncSupported(), - pr.handler.getMultipartConfig()); + pr.handler.getMultipartConfig(), + pr.handler.getMultipartSecurityContext()); final FilterHandler[] filterHandlers = handlerRegistry.getFilters(pr, req.getDispatcherType(), pr.requestURI); try Modified: felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java?rev=1808979&r1=1808978&r2=1808979&view=diff ============================================================================== --- felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java (original) +++ felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java Wed Sep 20 09:42:37 2017 @@ -66,7 +66,8 @@ public final class RequestDispatcherImpl DispatcherType.FORWARD, this.resolution.handler.getContextServiceId(), this.resolution.handler.getServletInfo().isAsyncSupported(), - this.resolution.handler.getMultipartConfig()); + this.resolution.handler.getMultipartConfig(), + this.resolution.handler.getMultipartSecurityContext()); final String requestURI = UriUtils.concat(this.requestInfo.servletPath, this.requestInfo.pathInfo); final FilterHandler[] filterHandlers = this.resolution.handlerRegistry.getFilterHandlers(this.resolution.handler, DispatcherType.FORWARD, requestURI); @@ -103,7 +104,8 @@ public final class RequestDispatcherImpl DispatcherType.INCLUDE, this.resolution.handler.getContextServiceId(), this.resolution.handler.getServletInfo().isAsyncSupported(), - this.resolution.handler.getMultipartConfig()); + this.resolution.handler.getMultipartConfig(), + this.resolution.handler.getMultipartSecurityContext()); final String requestURI = UriUtils.concat(this.requestInfo.servletPath, this.requestInfo.pathInfo); final FilterHandler[] filterHandlers = this.resolution.handlerRegistry.getFilterHandlers(this.resolution.handler, DispatcherType.INCLUDE, requestURI); Modified: felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java?rev=1808979&r1=1808978&r2=1808979&view=diff ============================================================================== --- felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java (original) +++ felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java Wed Sep 20 09:42:37 2017 @@ -31,6 +31,7 @@ import static org.apache.felix.http.base import java.io.File; import java.io.IOException; import java.io.InputStream; +import java.security.AccessControlContext; import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; @@ -58,6 +59,7 @@ import org.apache.commons.fileupload.ser import org.apache.commons.fileupload.servlet.ServletRequestContext; import org.apache.felix.http.base.internal.context.ExtServletContext; import org.apache.felix.http.base.internal.handler.HttpSessionWrapper; +import org.osgi.framework.Bundle; import org.osgi.service.http.HttpContext; import org.osgi.service.useradmin.Authorization; @@ -69,6 +71,8 @@ final class ServletRequestWrapper extend private final long contextId; private final boolean asyncSupported; private final MultipartConfig multipartConfig; + private final Bundle bundleForSecurityCheck; + private Collection<Part> parts; public ServletRequestWrapper(final HttpServletRequest req, @@ -77,7 +81,8 @@ final class ServletRequestWrapper extend final DispatcherType type, final Long contextId, final boolean asyncSupported, - final MultipartConfig multipartConfig) + final MultipartConfig multipartConfig, + final Bundle bundleForSecurityCheck) { super(req); @@ -87,6 +92,7 @@ final class ServletRequestWrapper extend this.requestInfo = requestInfo; this.type = type; this.contextId = contextId; + this.bundleForSecurityCheck = bundleForSecurityCheck; } @Override @@ -371,6 +377,7 @@ final class ServletRequestWrapper extend } else { + final AccessControlContext ctx = bundleForSecurityCheck.adapt(AccessControlContext.class); final IOException ioe = AccessController.doPrivileged(new PrivilegedAction<IOException>() { @@ -387,7 +394,7 @@ final class ServletRequestWrapper extend } return null; } - }); + }, ctx); if ( ioe != null ) { throw ioe; Modified: felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java?rev=1808979&r1=1808978&r2=1808979&view=diff ============================================================================== --- felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java (original) +++ felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java Wed Sep 20 09:42:37 2017 @@ -107,7 +107,12 @@ final class ServletResponseWrapper exten final ServletRequestWrapper reqWrapper = new ServletRequestWrapper(request, errorResolution.getContext(), - requestInfo, null, errorResolution.getContextServiceId(), false, null); + requestInfo, + null, + errorResolution.getContextServiceId(), + false, + null, + null); final FilterChain filterChain = new InvocationChain(errorResolution, filterHandlers); filterChain.doFilter(reqWrapper, this); Modified: felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java?rev=1808979&r1=1808978&r2=1808979&view=diff ============================================================================== --- felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java (original) +++ felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java Wed Sep 20 09:42:37 2017 @@ -28,6 +28,7 @@ import org.apache.felix.http.base.intern import org.apache.felix.http.base.internal.dispatch.MultipartConfig; import org.apache.felix.http.base.internal.logger.SystemLogger; import org.apache.felix.http.base.internal.runtime.ServletInfo; +import org.osgi.framework.Bundle; import org.osgi.service.http.runtime.dto.DTOConstants; /** @@ -227,4 +228,9 @@ public abstract class ServletHandler imp { return mpConfig; } + + public Bundle getMultipartSecurityContext() + { + return null; + } } Modified: felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java?rev=1808979&r1=1808978&r2=1808979&view=diff ============================================================================== --- felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java (original) +++ felix/trunk/osgi-r7/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java Wed Sep 20 09:42:37 2017 @@ -37,6 +37,8 @@ public final class WhiteboardServletHand private final int multipartErrorCode; + private final Bundle multipartSecurityContext; + public WhiteboardServletHandler(final long contextServiceId, final ExtServletContext context, final ServletInfo servletInfo, @@ -52,6 +54,7 @@ public final class WhiteboardServletHand if ( servletInfo.getMultipartConfig().multipartLocation == null ) { // default location + multipartSecurityContext = httpWhiteboardBundle; if ( !httpWhiteboardBundle.hasPermission(writePerm)) { errorCode = DTOConstants.FAILURE_REASON_WHITEBOARD_WRITE_TO_DEFAULT_DENIED; @@ -67,6 +70,7 @@ public final class WhiteboardServletHand } else { + multipartSecurityContext = bundleContext.getBundle(); // provided location if ( !bundleContext.getBundle().hasPermission(writePerm) ) { @@ -74,6 +78,10 @@ public final class WhiteboardServletHand } } } + else + { + multipartSecurityContext = null; + } multipartErrorCode = errorCode; } @@ -126,4 +134,10 @@ public final class WhiteboardServletHand } return false; } + + @Override + public Bundle getMultipartSecurityContext() + { + return multipartSecurityContext; + } }