This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/master by this push:
new 469904920f FELIX-6833 : Drop support for Security Manager
469904920f is described below
commit 469904920f362db59a2edc116125c89b1d081dd3
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Fri May 29 10:16:03 2026 +0200
FELIX-6833 : Drop support for Security Manager
---
http/base/pom.xml | 2 +-
.../http/base/internal/dispatch/Dispatcher.java | 3 +-
.../internal/dispatch/RequestDispatcherImpl.java | 6 +--
.../dispatch/ServletRequestMultipartWrapper.java | 33 ++----------
.../http/base/internal/handler/ServletHandler.java | 6 ---
.../internal/handler/WhiteboardServletHandler.java | 63 +---------------------
.../internal/whiteboard/WhiteboardManager.java | 4 +-
http/itest/pom.xml | 12 ++---
http/jetty/README | 5 +-
http/jetty/pom.xml | 2 +-
http/jetty12/pom.xml | 2 +-
11 files changed, 21 insertions(+), 117 deletions(-)
diff --git a/http/base/pom.xml b/http/base/pom.xml
index bdbd0cd62d..730c555e7a 100644
--- a/http/base/pom.xml
+++ b/http/base/pom.xml
@@ -28,7 +28,7 @@
<name>Apache Felix Http Base</name>
<artifactId>org.apache.felix.http.base</artifactId>
- <version>5.1.19-SNAPSHOT</version>
+ <version>6.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<scm>
diff --git
a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java
b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java
index d7c3eb6fde..f0b9a3a600 100644
---
a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java
+++
b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/Dispatcher.java
@@ -152,8 +152,7 @@ public final class Dispatcher
requestInfo,
null,
pr.handler.getServletInfo().isAsyncSupported(),
- multipartConfig,
-
pr.handler.getMultipartSecurityContext());
+ multipartConfig);
}
final FilterHandler[] filterHandlers =
handlerRegistry.getFilters(pr, req.getDispatcherType(), pr.requestURI);
diff --git
a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java
b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java
index cf7d4dcb3f..aea77d9cb3 100644
---
a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java
+++
b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/RequestDispatcherImpl.java
@@ -82,8 +82,7 @@ public final class RequestDispatcherImpl implements
RequestDispatcher
this.requestInfo,
DispatcherType.FORWARD,
this.resolution.handler.getServletInfo().isAsyncSupported(),
- multipartConfig,
-
this.resolution.handler.getMultipartSecurityContext());
+ multipartConfig);
}
final String requestURI =
UriUtils.concat(this.requestInfo.servletPath, this.requestInfo.pathInfo);
final FilterHandler[] filterHandlers =
this.resolution.handlerRegistry.getFilterHandlers(this.resolution.handler,
DispatcherType.FORWARD, requestURI);
@@ -129,8 +128,7 @@ public final class RequestDispatcherImpl implements
RequestDispatcher
this.requestInfo,
DispatcherType.INCLUDE,
this.resolution.handler.getServletInfo().isAsyncSupported(),
- multipartConfig,
-
this.resolution.handler.getMultipartSecurityContext());
+ multipartConfig);
}
diff --git
a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestMultipartWrapper.java
b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestMultipartWrapper.java
index 0f009c2cb6..507160d9b0 100644
---
a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestMultipartWrapper.java
+++
b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestMultipartWrapper.java
@@ -19,9 +19,6 @@ package org.apache.felix.http.base.internal.dispatch;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -38,7 +35,6 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.RequestContext;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.felix.http.base.internal.context.ExtServletContext;
-import org.osgi.framework.Bundle;
import jakarta.servlet.DispatcherType;
import jakarta.servlet.ServletException;
@@ -51,27 +47,23 @@ final class ServletRequestMultipartWrapper extends
ServletRequestWrapper
* Constant for HTTP POST method.
*/
private static final String POST_METHOD = "POST";
-
+
private final MultipartConfig multipartConfig;
private Collection<PartImpl> parts;
private Map<String, String[]> partsParameterMap;
- private Bundle bundleForSecurityCheck;
public ServletRequestMultipartWrapper(final HttpServletRequest req,
final ExtServletContext servletContext,
final RequestInfo requestInfo,
final DispatcherType type,
final boolean asyncSupported,
- final MultipartConfig multipartConfig,
- final Bundle bundleForSecurityCheck)
+ final MultipartConfig multipartConfig)
{
super(req, servletContext, requestInfo, type, asyncSupported);
this.multipartConfig = multipartConfig;
- this.bundleForSecurityCheck = bundleForSecurityCheck;
-
}
private RequestContext getMultipartContext() {
@@ -113,26 +105,7 @@ final class ServletRequestMultipartWrapper extends
ServletRequestWrapper
throw new IllegalStateException("Multipart not enabled for
servlet.");
}
- if ( System.getSecurityManager() == null ) {
- handleMultipart(multipartContext);
- } else {
- final AccessControlContext ctx =
bundleForSecurityCheck.adapt(AccessControlContext.class);
- final IOException ioe = AccessController.doPrivileged(new
PrivilegedAction<IOException>() {
-
- @Override
- public IOException run() {
- try {
- handleMultipart(multipartContext);
- } catch ( final IOException ioe) {
- return ioe;
- }
- return null;
- }
- }, ctx);
- if ( ioe != null ) {
- throw ioe;
- }
- }
+ handleMultipart(multipartContext);
} else {
throw new ServletException("Not a multipart request");
diff --git
a/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java
b/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java
index 4254ce6a93..6d678ccde8 100644
---
a/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java
+++
b/http/base/src/main/java/org/apache/felix/http/base/internal/handler/ServletHandler.java
@@ -24,7 +24,6 @@ import
org.apache.felix.http.base.internal.dispatch.MultipartConfig;
import org.apache.felix.http.base.internal.logger.SystemLogger;
import org.apache.felix.http.base.internal.runtime.ServletInfo;
import org.apache.felix.http.jakartawrappers.ServletWrapper;
-import org.osgi.framework.Bundle;
import org.osgi.service.servlet.runtime.dto.DTOConstants;
import jakarta.servlet.Servlet;
@@ -247,9 +246,4 @@ public abstract class ServletHandler implements
Comparable<ServletHandler>
{
return mpConfig;
}
-
- public Bundle getMultipartSecurityContext()
- {
- return null;
- }
}
diff --git
a/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java
b/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java
index c11143d6e9..a9139f9266 100644
---
a/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java
+++
b/http/base/src/main/java/org/apache/felix/http/base/internal/handler/WhiteboardServletHandler.java
@@ -16,14 +16,11 @@
*/
package org.apache.felix.http.base.internal.handler;
-import java.io.FilePermission;
import java.io.IOException;
import org.apache.felix.http.base.internal.context.ExtServletContext;
import org.apache.felix.http.base.internal.runtime.ServletInfo;
-import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
-import org.osgi.service.servlet.runtime.dto.DTOConstants;
import jakarta.servlet.Servlet;
import jakarta.servlet.ServletException;
@@ -37,72 +34,20 @@ public class WhiteboardServletHandler extends ServletHandler
{
private final BundleContext bundleContext;
- private final int multipartErrorCode;
-
- private final Bundle multipartSecurityContext;
-
private volatile WebSocketHandler webSocketHandler;
public WhiteboardServletHandler(final long contextServiceId,
final ExtServletContext context,
final ServletInfo servletInfo,
- final BundleContext contextBundleContext,
- final Bundle registeringBundle,
- final Bundle httpWhiteboardBundle)
+ final BundleContext contextBundleContext)
{
super(contextServiceId, context, servletInfo);
this.bundleContext = contextBundleContext;
- int errorCode = -1;
- // if multipart upload is enabled and a security manager is active
- // we need to check permissions
- if ( this.getMultipartConfig() != null && System.getSecurityManager()
!= null )
- {
- final FilePermission writePerm = new
FilePermission(this.getMultipartConfig().multipartLocation,
"read,write,delete");
- if ( servletInfo.getMultipartConfig().multipartLocation == null )
- {
- // Default location, whiteboard need writePerm, using bundle
read perm
- multipartSecurityContext = httpWhiteboardBundle;
- if ( !httpWhiteboardBundle.hasPermission(writePerm))
- {
- errorCode =
DTOConstants.FAILURE_REASON_WHITEBOARD_WRITE_TO_DEFAULT_DENIED;
- }
- else
- {
- final FilePermission readPerm = new
FilePermission(this.getMultipartConfig().multipartLocation, "read");
- if ( !registeringBundle.hasPermission(readPerm) )
- {
- errorCode =
DTOConstants.FAILURE_REASON_SERVLET_READ_FROM_DEFAULT_DENIED;
- }
- }
- }
- else
- {
- multipartSecurityContext = registeringBundle;
- // Provided location, whiteboard and using bundle need write
perm
- if ( !registeringBundle.hasPermission(writePerm) )
- {
- errorCode =
DTOConstants.FAILURE_REASON_SERVLET_WRITE_TO_LOCATION_DENIED;
- }
- if ( !httpWhiteboardBundle.hasPermission(writePerm) )
- {
- errorCode =
DTOConstants.FAILURE_REASON_WHITEBOARD_WRITE_TO_LOCATION_DENIED;
- }
- }
- }
- else
- {
- multipartSecurityContext = null;
- }
- multipartErrorCode = errorCode;
}
@Override
public int init()
{
- if ( this.multipartErrorCode != -1 )
- {
- return this.multipartErrorCode;
- }
if ( this.useCount > 0 )
{
this.useCount++;
@@ -150,12 +95,6 @@ public class WhiteboardServletHandler extends ServletHandler
return false;
}
- @Override
- public Bundle getMultipartSecurityContext()
- {
- return multipartSecurityContext;
- }
-
@Override
public void handle(ServletRequest req, ServletResponse res) throws
ServletException, IOException {
if ( this.webSocketHandler != null ) {
diff --git
a/http/base/src/main/java/org/apache/felix/http/base/internal/whiteboard/WhiteboardManager.java
b/http/base/src/main/java/org/apache/felix/http/base/internal/whiteboard/WhiteboardManager.java
index e2868cf85b..87d83b4f41 100644
---
a/http/base/src/main/java/org/apache/felix/http/base/internal/whiteboard/WhiteboardManager.java
+++
b/http/base/src/main/java/org/apache/felix/http/base/internal/whiteboard/WhiteboardManager.java
@@ -873,9 +873,7 @@ public final class WhiteboardManager
handler.getContextInfo().getServiceId(),
servletContext,
(ServletInfo) info,
- handler.getBundleContext(),
- info.getServiceReference().getBundle(),
- this.httpBundleContext.getBundle());
+ handler.getBundleContext());
}
/**
diff --git a/http/itest/pom.xml b/http/itest/pom.xml
index 0ac6d515ef..f57c4f4272 100644
--- a/http/itest/pom.xml
+++ b/http/itest/pom.xml
@@ -31,10 +31,10 @@
</scm>
<properties>
- <felix.java.version>11</felix.java.version>
+ <felix.java.version>17</felix.java.version>
<http.servlet.api.version>6.1.0</http.servlet.api.version>
- <http.jetty.version>5.2.3-SNAPSHOT</http.jetty.version>
- <http.jetty.id>org.apache.felix.http.jetty</http.jetty.id>
+ <http.jetty.version>2.0.1-SNAPSHOT</http.jetty.version>
+ <http.jetty.id>org.apache.felix.http.jetty12</http.jetty.id>
<pax.exam.version>4.13.3</pax.exam.version>
<pax.url.aether.version>2.6.14</pax.url.aether.version>
</properties>
@@ -43,10 +43,10 @@
<profile>
<id>jetty12</id>
<properties>
- <felix.java.version>17</felix.java.version>
+ <felix.java.version>11</felix.java.version>
<http.servlet.api.version>6.1.0</http.servlet.api.version>
- <http.jetty.version>1.1.11-SNAPSHOT</http.jetty.version>
- <http.jetty.id>org.apache.felix.http.jetty12</http.jetty.id>
+ <http.jetty.version>5.2.3-SNAPSHOT</http.jetty.version>
+ <http.jetty.id>org.apache.felix.http.jetty</http.jetty.id>
</properties>
</profile>
</profiles>
diff --git a/http/jetty/README b/http/jetty/README
index 8a95f7280b..1272e8b47f 100644
--- a/http/jetty/README
+++ b/http/jetty/README
@@ -1,2 +1,5 @@
-This directory contains the implementation of the Apache Felix Http Service.
+This directory contains the implementation of the Apache Felix Http Service
using Eclipse Jetty 11.
+
+This implementation is deprecated as Jetty 11 is EOL. Use the Jetty 12 based
implementation.
+
diff --git a/http/jetty/pom.xml b/http/jetty/pom.xml
index a823d26779..8cdfc3e927 100644
--- a/http/jetty/pom.xml
+++ b/http/jetty/pom.xml
@@ -492,7 +492,7 @@
<dependency>
<groupId>org.apache.felix</groupId>
<artifactId>org.apache.felix.http.base</artifactId>
- <version>5.1.19-SNAPSHOT</version>
+ <version>5.1.18</version>
</dependency>
<dependency>
<groupId>org.apache.felix</groupId>
diff --git a/http/jetty12/pom.xml b/http/jetty12/pom.xml
index a50a2f2294..6096f20d3c 100644
--- a/http/jetty12/pom.xml
+++ b/http/jetty12/pom.xml
@@ -727,7 +727,7 @@
<dependency>
<groupId>org.apache.felix</groupId>
<artifactId>org.apache.felix.http.base</artifactId>
- <version>5.1.19-SNAPSHOT</version>
+ <version>6.0.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.apache.felix</groupId>
