changelog.xml

markt Fri, 25 Jan 2019 03:07:17 -0800

Author: markt
Date: Fri Jan 25 11:07:05 2019
New Revision: 1852106

URL: http://svn.apache.org/viewvc?rev=1852106&view=rev
Log:
When running under a SecurityManager, ensure that the ServiceLoader look-up for 
the default javax.websocket.server.ServerEndpointConfig.Configurator 
implementation completes correctly rather than silently using the hard-coded 
fall-back.


Modified:
    tomcat/trunk/java/javax/websocket/server/ServerEndpointConfig.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/javax/websocket/server/ServerEndpointConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/websocket/server/ServerEndpointConfig.java?rev=1852106&r1=1852105&r2=1852106&view=diff
==============================================================================
--- tomcat/trunk/java/javax/websocket/server/ServerEndpointConfig.java 
(original)
+++ tomcat/trunk/java/javax/websocket/server/ServerEndpointConfig.java Fri Jan 
25 11:07:05 2019
@@ -16,6 +16,8 @@
  */
 package javax.websocket.server;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
@@ -149,7 +151,12 @@ public interface ServerEndpointConfig ex
             if (defaultImpl == null) {
                 synchronized (defaultImplLock) {
                     if (defaultImpl == null) {
-                        defaultImpl = loadDefault();
+                        if (System.getSecurityManager() == null) {
+                            defaultImpl = loadDefault();
+                        } else {
+                            defaultImpl =
+                                    AccessController.doPrivileged(new 
PrivilegedLoadDefault());
+                        }
                     }
                 }
             }
@@ -184,6 +191,16 @@ public interface ServerEndpointConfig ex
             return result;
         }
 
+
+        private static class PrivilegedLoadDefault implements 
PrivilegedAction<Configurator> {
+
+            @Override
+            public Configurator run() {
+                return Configurator.loadDefault();
+            }
+        }
+
+
         public String getNegotiatedSubprotocol(List<String> supported,
                 List<String> requested) {
             return 
fetchContainerDefaultConfigurator().getNegotiatedSubprotocol(supported, 
requested);

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1852106&r1=1852105&r2=1852106&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jan 25 11:07:05 2019
@@ -175,6 +175,13 @@
         <bug>63019</bug>: Use payload remaining bytes rather than limit when
         writing. Submitted by Benoit Courtilly. (remm)
       </fix>
+      <fix>
+        When running under a <code>SecurityManager</code>, ensure that the
+        <code>ServiceLoader</code> look-up for the default
+        <code>javax.websocket.server.ServerEndpointConfig.Configurator</code>
+        implementation completes correctly rather than silently using the
+        hard-coded fall-back. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1852106 - in /tomcat/trunk: java/javax/websocket/server/ServerEndpointConfig.java webapps/docs/changelog.xml

Reply via email to