This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9764aa4 Fix Bz 65714 - security manager + TLS + NIO2
9764aa4 is described below
commit 9764aa418a7c827b6686f9bc0e5a942f73bddb4c
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Dec 1 09:27:36 2021 +0000
Fix Bz 65714 - security manager + TLS + NIO2
---
java/org/apache/tomcat/util/net/Constants.java | 2 ++
java/org/apache/tomcat/util/net/SecureNio2Channel.java | 18 ++++++++++++++----
webapps/docs/changelog.xml | 6 ++++++
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Constants.java
b/java/org/apache/tomcat/util/net/Constants.java
index ca5c0e4..9cda5e1 100644
--- a/java/org/apache/tomcat/util/net/Constants.java
+++ b/java/org/apache/tomcat/util/net/Constants.java
@@ -38,4 +38,6 @@ public class Constants {
public static final String SSL_PROTO_SSLv3 = "SSLv3";
public static final String SSL_PROTO_SSLv2 = "SSLv2";
public static final String SSL_PROTO_SSLv2Hello = "SSLv2Hello";
+
+ public static final boolean IS_SECURITY_ENABLED =
(System.getSecurityManager() != null);
}
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index 56a9ebf..5f1037f 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -100,12 +100,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
- endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
false);
+ // When running under a security manager always dispatch so the
+ // processing occurs on a thread with the correct security
+ // context.
+ endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase<Nio2Channel>
attachment) {
- endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+ // When running under a security manager always dispatch so the
+ // processing occurs on a thread with the correct security context.
+ endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
@@ -117,12 +122,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
- endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
false);
+ // When running under a security manager always dispatch so the
+ // processing occurs on a thread with the correct security
+ // context.
+ endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase<Nio2Channel>
attachment) {
- endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+ // When running under a security manager always dispatch so the
+ // processing occurs on a thread with the correct security context.
+ endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index edeef04..aec3b90 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -175,6 +175,11 @@
<code>RST</code> frame sent to the client is the one associated with
the
error that triggered the reset. (markt)
</fix>
+ <fix>
+ <bug>65714</bug>: Fix exceptions when the security manager is enabled
+ and the first request received after starting is an HTTP request to a
+ TLS enabled NIO2 connector. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="WebSocket">
@@ -1211,3 +1216,4 @@
</body>
</document>
+
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
