Author: markt Date: Wed May 9 15:11:41 2018 New Revision: 1831256 URL: http://svn.apache.org/viewvc?rev=1831256&view=rev Log: Ensure that JNDI names used for <lookup-name> entries in web.xml and for lookup elements of @Resource annotations specify a name with an explicit java: namespace.
Modified: tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties?rev=1831256&r1=1831255&r2=1831256&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/LocalStrings.properties Wed May 9 15:11:41 2018 @@ -15,6 +15,7 @@ filterDef.invalidFilterName=Invalid <filter-name> [{0}] in filter definition. +resourceBase.lookupNotJava=Lookup-name values must explicitly reference the java: namespace but [{0}] does not securityConstraint.uncoveredHttpMethod=For security constraints with URL pattern [{0}] only the HTTP methods [{1}] are covered. All other methods are uncovered. securityConstraint.uncoveredHttpMethodFix=Adding security constraints with URL pattern [{0}] to deny access with the uncovered HTTP methods that are not one of the following [{1}] securityConstraint.uncoveredHttpOmittedMethod=For security constraints with URL pattern [{0}] the HTTP methods [{1}] are uncovered. Modified: tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java?rev=1831256&r1=1831255&r2=1831256&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/ResourceBase.java Wed May 9 15:11:41 2018 @@ -23,6 +23,8 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import org.apache.tomcat.util.res.StringManager; + /** * Representation of an Context element @@ -33,9 +35,11 @@ public class ResourceBase implements Ser private static final long serialVersionUID = 1L; - // ------------------------------------------------------------- Properties + private static final StringManager sm = StringManager.getManager(ResourceBase.class); + // ------------------------------------------------------------- Properties + /** * The description of this resource. */ @@ -87,6 +91,15 @@ public class ResourceBase implements Ser } public void setLookupName(String lookupName) { + // EE.5.3.3: Must explicitly use java: namespace + if (lookupName == null || lookupName.length() == 0) { + this.lookupName = null; + return; + } + if (!lookupName.startsWith("java:")) { + throw new IllegalArgumentException( + sm.getString("resourceBase.lookupNotJava", lookupName)); + } this.lookupName = lookupName; } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1831256&r1=1831255&r2=1831256&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed May 9 15:11:41 2018 @@ -71,6 +71,12 @@ JNDI resources that are defined with injection targets but no value are now treated as if the resource is not defined. (markt) </fix> + <fix> + Ensure that JNDI names used for <code><lookup-name></code> entries + in web.xml and for <code>lookup</code> elements of + <code>@Resource</code> annotations specify a name with an explicit + <code>java:</code> namespace. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org