This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit cec322c87dae9b8fd67d36e76d506c1722f4338b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 19 13:41:00 2023 +0000
More clean-up after removing support for using a SecurityManager
---
TOMCAT-NEXT.txt | 6 ++----
conf/web.xml | 4 ----
java/jakarta/servlet/ServletContext.java | 3 ---
java/org/apache/catalina/core/StandardWrapper.java | 6 ------
java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java | 6 +++---
webapps/docs/cgi-howto.xml | 3 +--
webapps/docs/config/systemprops.xml | 9 ---------
webapps/docs/jasper-howto.xml | 4 ++--
webapps/docs/ssi-howto.xml | 4 +---
9 files changed, 9 insertions(+), 36 deletions(-)
diff --git a/TOMCAT-NEXT.txt b/TOMCAT-NEXT.txt
index 2968daa1bf..018f1f4634 100644
--- a/TOMCAT-NEXT.txt
+++ b/TOMCAT-NEXT.txt
@@ -26,9 +26,7 @@ Notes of things to consider for the next major Tomcat release
(11.x)
3. Add QUIC support using OpenSSL and Panama.
- 4. Remove SecurityManager.
+ 4. Update minimum Java version to 21.
- 5. Update minimum Java version to 21 (or maybe 17).
-
- 6. Implement an optional Loom module that provides
+ 5. Implement an optional Loom module that provides
o.a.c.http11.Http11BioLoomProtocol
diff --git a/conf/web.xml b/conf/web.xml
index df7927df58..68583546e6 100644
--- a/conf/web.xml
+++ b/conf/web.xml
@@ -180,8 +180,6 @@
<!-- engineOptionsClass Allows specifying the Options class used to -->
<!-- configure Jasper. If not present, the default -->
<!-- EmbeddedServletOptions will be used. -->
- <!-- This option is ignored when running under a -->
- <!-- SecurityManager. -->
<!-- -->
<!-- errorOnUseBeanInvalidClassAttribute -->
<!-- Should Jasper issue an error when the value of -->
@@ -239,8 +237,6 @@
<!-- scratchdir What scratch directory should we use when -->
<!-- compiling JSP pages? [default work directory -->
<!-- for the current web application] -->
- <!-- This option is ignored when running under a -->
- <!-- SecurityManager. -->
<!-- -->
<!-- suppressSmap Should the generation of SMAP info for JSR45 -->
<!-- debugging be suppressed? [false] -->
diff --git a/java/jakarta/servlet/ServletContext.java
b/java/jakarta/servlet/ServletContext.java
index 96d4a1dc52..cf5696f466 100644
--- a/java/jakarta/servlet/ServletContext.java
+++ b/java/jakarta/servlet/ServletContext.java
@@ -874,9 +874,6 @@ public interface ServletContext {
*
* @return The associated web application class loader
*
- * @throws SecurityException if access to the class loader is prevented by
a
- * SecurityManager
- *
* @since Servlet 3.0
*/
public ClassLoader getClassLoader();
diff --git a/java/org/apache/catalina/core/StandardWrapper.java
b/java/org/apache/catalina/core/StandardWrapper.java
index 540bf0ce3a..af12983b7c 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -226,12 +226,6 @@ public class StandardWrapper extends ContainerBase
private boolean overridable = false;
- /**
- * Static class array used when the SecurityManager is turned on and
- * <code>Servlet.init</code> is invoked.
- */
- protected static Class<?>[] classType = new Class[]{ServletConfig.class};
-
private final ReentrantReadWriteLock parametersLock =
new ReentrantReadWriteLock();
diff --git a/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java
b/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java
index 6f187559e5..5c9f89a71b 100644
--- a/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java
+++ b/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java
@@ -21,9 +21,9 @@ import java.text.DateFormat;
import java.text.SimpleDateFormat;
/**
- * CallStack strategy that uses the stack trace from a {@link Throwable}. This
strategy, while slower than the
- * SecurityManager implementation, provides call stack method names and other
metadata in addition to the call stack
- * of classes.
+ * CallStack strategy that uses the stack trace from a {@link Throwable}. This
+ * strategy provides call stack method names and other metadata in addition to
+ * the call stack of classes.
*
* @see Throwable#fillInStackTrace()
* @since 2.4.3
diff --git a/webapps/docs/cgi-howto.xml b/webapps/docs/cgi-howto.xml
index e00faf0a19..d1f3e0d0c9 100644
--- a/webapps/docs/cgi-howto.xml
+++ b/webapps/docs/cgi-howto.xml
@@ -57,8 +57,7 @@ this servlet is mapped to the URL pattern "/cgi-bin/*".</p>
<section name="Installation">
<p><strong>CAUTION</strong> - CGI scripts are used to execute programs
-external to the Tomcat JVM. If you are using the Java SecurityManager this
-will bypass your security policy configuration in
<code>catalina.policy.</code></p>
+external to the Tomcat JVM.</p>
<p>To enable CGI support:</p>
diff --git a/webapps/docs/config/systemprops.xml
b/webapps/docs/config/systemprops.xml
index 0def5feb97..4225fd2bec 100644
--- a/webapps/docs/config/systemprops.xml
+++ b/webapps/docs/config/systemprops.xml
@@ -74,15 +74,6 @@
<section name="Expression Language">
<properties>
- <property name="org.apache.el. GET_CLASSLOADER_USE_PRIVILEGED">
- <p>Controls whether the EL API classes make use of a privileged block to
- obtain the thread context class loader. When using the EL API within
- Apache Tomcat this does not need to be set as all calls are already
- wrapped in a privileged block further up the stack. It may be required if
- using the EL API under a SecurityManager outside of Apache Tomcat.</p>
- <p>If not specified, the default of <code>false</code> will be used.</p>
- </property>
-
<property name="org.apache.el.BeanELResolver. CACHE_SIZE">
<p>The number of jakarta.el.BeanELResolver.BeanProperties objects that
will
be cached by the EL Parser.</p>
diff --git a/webapps/docs/jasper-howto.xml b/webapps/docs/jasper-howto.xml
index d027ffb51e..516a89275f 100644
--- a/webapps/docs/jasper-howto.xml
+++ b/webapps/docs/jasper-howto.xml
@@ -132,7 +132,7 @@ default <code>true</code>.
<li><strong>engineOptionsClass</strong> - Allows specifying the Options class
used to configure Jasper. If not present, the default EmbeddedServletOptions
-will be used. This option is ignored if running under a SecurityManager.
+will be used.
</li>
<li><strong>errorOnUseBeanInvalidClassAttribute</strong> - Should Jasper issue
@@ -181,7 +181,7 @@ may be expensive and could lead to excessive resource
usage.</li>
<li><strong>scratchdir</strong> - What scratch directory should we use when
compiling JSP pages? Default is the work directory for the current web
-application. This option is ignored if running under a SecurityManager.</li>
+application.</li>
<li><strong>suppressSmap</strong> - Should the generation of SMAP info for
JSR45
debugging be suppressed? <code>true</code> or <code>false</code>, default
diff --git a/webapps/docs/ssi-howto.xml b/webapps/docs/ssi-howto.xml
index 234ae2cf5e..10d3c3472f 100644
--- a/webapps/docs/ssi-howto.xml
+++ b/webapps/docs/ssi-howto.xml
@@ -68,9 +68,7 @@ JavaScript, or any other content you wish.</p>
<section name="Installation">
<p><strong>CAUTION</strong> - SSI directives can be used to execute programs
-external to the Tomcat JVM. If you are using the Java SecurityManager this
-will bypass your security policy configuration in <code>catalina.policy.</code>
-</p>
+external to the Tomcat JVM.</p>
<p>To use the SSI servlet, remove the XML comments from around the SSI servlet
and servlet-mapping configuration in
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
