Author: kkolinko
Date: Tue Dec 12 10:15:59 2017
New Revision: 1817901
URL: http://svn.apache.org/viewvc?rev=1817901&view=rev
Log:
Fix bug 47214 and as a followup to bug 61886 fix: Use a loop to preload
anonymous inner classes.
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1817901&r1=1817900&r2=1817901&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
Tue Dec 12 10:15:59 2017
@@ -52,51 +52,21 @@ public final class SecurityClassLoad {
private static final void loadCorePackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.core.";
- loader.loadClass
- (basePackage +
- "AccessLogAdapter");
- loader.loadClass
- (basePackage +
- "ApplicationContextFacade$1");
- loader.loadClass
- (basePackage +
- "ApplicationDispatcher$PrivilegedForward");
- loader.loadClass
- (basePackage +
- "ApplicationDispatcher$PrivilegedInclude");
- loader.loadClass
- (basePackage +
- "AsyncContextImpl");
- loader.loadClass
- (basePackage +
- "AsyncContextImpl$DebugException");
- loader.loadClass
- (basePackage +
- "AsyncContextImpl$1");
- loader.loadClass
- (basePackage +
- "AsyncListenerWrapper");
- loader.loadClass
- (basePackage +
- "ContainerBase$PrivilegedAddChild");
- loader.loadClass
- (basePackage +
- "DefaultInstanceManager$1");
- loader.loadClass
- (basePackage +
- "DefaultInstanceManager$2");
- loader.loadClass
- (basePackage +
- "DefaultInstanceManager$3");
- loader.loadClass
- (basePackage +
- "DefaultInstanceManager$AnnotationCacheEntry");
- loader.loadClass
- (basePackage +
- "DefaultInstanceManager$AnnotationCacheEntryType");
- loader.loadClass
- (basePackage +
- "ApplicationHttpRequest$AttributeNamesEnumerator");
+ loader.loadClass(basePackage + "AccessLogAdapter");
+ loadAnonymousInnerClasses(loader, basePackage +
"ApplicationContextFacade");
+ loader.loadClass(basePackage +
"ApplicationDispatcher$PrivilegedForward");
+ loader.loadClass(basePackage +
"ApplicationDispatcher$PrivilegedInclude");
+ loader.loadClass(basePackage + "AsyncContextImpl");
+ loader.loadClass(basePackage + "AsyncContextImpl$DebugException");
+ loadAnonymousInnerClasses(loader, basePackage + "AsyncContextImpl");
+ loader.loadClass(basePackage + "AsyncListenerWrapper");
+ loader.loadClass(basePackage + "ContainerBase$PrivilegedAddChild");
+ loadAnonymousInnerClasses(loader, basePackage +
"DefaultInstanceManager");
+ loader.loadClass(basePackage + "DefaultInstanceManager$2");
+ loader.loadClass(basePackage + "DefaultInstanceManager$3");
+ loader.loadClass(basePackage +
"DefaultInstanceManager$AnnotationCacheEntry");
+ loader.loadClass(basePackage +
"DefaultInstanceManager$AnnotationCacheEntryType");
+ loader.loadClass(basePackage +
"ApplicationHttpRequest$AttributeNamesEnumerator");
}
@@ -135,12 +105,9 @@ public final class SecurityClassLoad {
private static final void loadSessionPackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.session.";
- loader.loadClass
- (basePackage + "StandardSession");
- loader.loadClass
- (basePackage + "StandardSession$1");
- loader.loadClass
- (basePackage + "StandardManager$PrivilegedDoUnload");
+ loader.loadClass(basePackage + "StandardSession");
+ loadAnonymousInnerClasses(loader, basePackage + "StandardSession");
+ loader.loadClass(basePackage + "StandardManager$PrivilegedDoUnload");
}
@@ -163,11 +130,12 @@ public final class SecurityClassLoad {
private static final void loadCoyotePackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.coyote.";
- // Classes created by the Java 6 compiler because we use switch with
an enum
- loader.loadClass(basePackage + "http11.Http11Processor$1");
- loader.loadClass(basePackage + "http11.Http11NioProcessor$1");
- loader.loadClass(basePackage + "http11.Http11AprProcessor$1");
- loader.loadClass(basePackage + "http11.AbstractOutputBuffer$1");
+ // Java 6 compiler creates helper *$1 classes because we use switch
with an enum
+ loadAnonymousInnerClasses(loader, basePackage +
"http11.AbstractHttp11Processor");
+ loadAnonymousInnerClasses(loader, basePackage +
"http11.Http11Processor");
+ loadAnonymousInnerClasses(loader, basePackage +
"http11.Http11NioProcessor");
+ loadAnonymousInnerClasses(loader, basePackage +
"http11.Http11AprProcessor");
+ loadAnonymousInnerClasses(loader, basePackage +
"http11.AbstractOutputBuffer");
loader.loadClass(basePackage + "http11.Constants");
// Make sure system property is read at this point
Class<?> clazz = loader.loadClass(basePackage + "Constants");
@@ -184,84 +152,26 @@ public final class SecurityClassLoad {
private static final void loadConnectorPackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.connector.";
- loader.loadClass
- (basePackage +
- "RequestFacade$GetAttributePrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetParameterMapPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetRequestDispatcherPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetParameterPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetParameterNamesPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetParameterValuePrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetCharacterEncodingPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetHeadersPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetHeaderNamesPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetCookiesPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetLocalePrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetLocalesPrivilegedAction");
- loader.loadClass
- (basePackage +
- "ResponseFacade$SetContentTypePrivilegedAction");
- loader.loadClass
- (basePackage +
- "ResponseFacade$DateHeaderPrivilegedAction");
- loader.loadClass
- (basePackage +
- "RequestFacade$GetSessionPrivilegedAction");
- loader.loadClass
- (basePackage +
- "ResponseFacade$1");
- loader.loadClass
- (basePackage +
- "OutputBuffer$1");
- loader.loadClass
- (basePackage +
- "CoyoteInputStream$1");
- loader.loadClass
- (basePackage +
- "CoyoteInputStream$2");
- loader.loadClass
- (basePackage +
- "CoyoteInputStream$3");
- loader.loadClass
- (basePackage +
- "CoyoteInputStream$4");
- loader.loadClass
- (basePackage +
- "CoyoteInputStream$5");
- loader.loadClass
- (basePackage +
- "InputBuffer$1");
- loader.loadClass
- (basePackage +
- "Response$1");
- loader.loadClass
- (basePackage +
- "Response$2");
- loader.loadClass
- (basePackage +
- "Response$3");
+ loader.loadClass(basePackage +
"RequestFacade$GetAttributePrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetParameterMapPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetRequestDispatcherPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetParameterPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetParameterNamesPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetParameterValuePrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetCharacterEncodingPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetHeadersPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetHeaderNamesPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetCookiesPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetLocalePrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetLocalesPrivilegedAction");
+ loader.loadClass(basePackage +
"ResponseFacade$SetContentTypePrivilegedAction");
+ loader.loadClass(basePackage +
"ResponseFacade$DateHeaderPrivilegedAction");
+ loader.loadClass(basePackage +
"RequestFacade$GetSessionPrivilegedAction");
+ loadAnonymousInnerClasses(loader, basePackage + "ResponseFacade");
+ loadAnonymousInnerClasses(loader, basePackage + "OutputBuffer");
+ loadAnonymousInnerClasses(loader, basePackage + "CoyoteInputStream");
+ loadAnonymousInnerClasses(loader, basePackage + "InputBuffer");
+ loadAnonymousInnerClasses(loader, basePackage + "Response");
}
private static final void loadTomcatPackage(ClassLoader loader)
@@ -290,17 +200,22 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "jni.Status");
// net
loader.loadClass(basePackage + "util.net.Constants");
- loader.loadClass(basePackage +
- "util.net.NioBlockingSelector$BlockPoller$1");
- loader.loadClass(basePackage +
- "util.net.NioBlockingSelector$BlockPoller$2");
- loader.loadClass(basePackage +
- "util.net.NioBlockingSelector$BlockPoller$3");
+ loadAnonymousInnerClasses(loader, basePackage +
"util.net.NioBlockingSelector$BlockPoller");
loader.loadClass(basePackage + "util.net.SendfileState");
loader.loadClass(basePackage + "util.net.SSLSupport$CipherData");
// security
loader.loadClass(basePackage + "util.security.PrivilegedGetTccl");
loader.loadClass(basePackage + "util.security.PrivilegedSetTccl");
}
+
+ private static final void loadAnonymousInnerClasses(ClassLoader loader,
String enclosingClass) {
+ try {
+ for (int i = 1;; i++) {
+ loader.loadClass(enclosingClass + '$' + i);
+ }
+ } catch (ClassNotFoundException ignored) {
+ //
+ }
+ }
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1817901&r1=1817900&r2=1817901&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
Tue Dec 12 10:15:59 2017
@@ -57,32 +57,8 @@ public final class SecurityClassLoad {
loader.loadClass( basePackage +
"runtime.ProtectedFunctionMapper");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$1");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$2");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$3");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$4");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$5");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$6");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$7");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$8");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$9");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$10");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$11");
- loader.loadClass( basePackage +
- "runtime.PageContextImpl$12");
+ loader.loadClass( basePackage + "runtime.PageContextImpl");
+ loadAnonymousInnerClasses(loader, basePackage +
"runtime.PageContextImpl");
loader.loadClass( basePackage +
"runtime.JspContextWrapper");
@@ -93,10 +69,19 @@ public final class SecurityClassLoad {
loader.loadClass( basePackage +
"servlet.JspServletWrapper");
- loader.loadClass( basePackage +
- "runtime.JspWriterImpl$1");
+ loadAnonymousInnerClasses(loader, "runtime.JspWriterImpl");
} catch (ClassNotFoundException ex) {
log.error("SecurityClassLoad", ex);
}
}
+
+ private static final void loadAnonymousInnerClasses(ClassLoader loader,
String enclosingClass) {
+ try {
+ for (int i = 1;; i++) {
+ loader.loadClass(enclosingClass + '$' + i);
+ }
+ } catch (ClassNotFoundException ignored) {
+ //
+ }
+ }
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1817901&r1=1817900&r2=1817901&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Dec 12 10:15:59 2017
@@ -61,6 +61,11 @@
<subsection name="Catalina">
<changelog>
<fix>
+ <bug>47214</bug>: Use a loop to preload anonymous inner classes
+ when running under a <code>SecurityManager</code>, to be safe for
+ future changes in the code or using a different compiler. (kkolinko)
+ </fix>
+ <fix>
<bug>61886</bug>: Pre-load additional classes to prevent
<code>SecurityException</code>s if the first request received when
running under a <code>SecurityManager</code> is an asynchronous
Servlet.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
