Author: kkolinko Date: Tue Nov 3 10:17:41 2009 New Revision: 832373 URL: http://svn.apache.org/viewvc?rev=832373&view=rev Log: Apply the first patch for bug 48097 Make WebappClassLoader to do not swallow AccessControlException
Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc6.0.x/trunk/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Nov 3 10:17:41 2009 @@ -1 +1 @@ -/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,772872,77 6921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,815972,817442,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,831774,831850,831860 +/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,772872,77 6921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,815972,817442,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,831774,831828,831850,831860 Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=832373&r1=832372&r2=832373&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Nov 3 10:17:41 2009 @@ -238,13 +238,7 @@ -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48097 - There are two patches to be applied: - 1) Make WebappClassLoader to do not swallow AccessControlException - http://svn.apache.org/viewvc?rev=831828&view=rev - +1: kkolinko, rjung, billbarker - -1: - - 2) Patch for SecurityClassLoad to preload o.a.c.loader.ResourceEntry class + Patch for SecurityClassLoad to preload o.a.c.loader.ResourceEntry class http://svn.apache.org/viewvc?rev=831830&view=rev +1: kkolinko -0: billbarker Exposing ResourceEntry is harmless enough, but WebappClassLoader should Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java?rev=832373&r1=832372&r2=832373&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java Tue Nov 3 10:17:41 2009 @@ -68,7 +68,7 @@ * Specialized web application class loader. * <p> * This class loader is a full reimplementation of the - * <code>URLClassLoader</code> from the JDK. It is desinged to be fully + * <code>URLClassLoader</code> from the JDK. It is designed to be fully * compatible with a normal <code>URLClassLoader</code>, although its internal * behavior may be completely different. * <p> @@ -899,6 +899,8 @@ throw cnfe; } } catch(AccessControlException ace) { + log.warn("WebappClassLoader.findClassInternal(" + name + + ") security exception: " + ace.getMessage(), ace); throw new ClassNotFoundException(name, ace); } catch (RuntimeException e) { if (log.isTraceEnabled()) @@ -911,6 +913,8 @@ clazz = super.findClass(name); } } catch(AccessControlException ace) { + log.warn("WebappClassLoader.findClassInternal(" + name + + ") security exception: " + ace.getMessage(), ace); throw new ClassNotFoundException(name, ace); } catch (RuntimeException e) { if (log.isTraceEnabled()) Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=832373&r1=832372&r2=832373&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue Nov 3 10:17:41 2009 @@ -161,6 +161,10 @@ provided by Qingyang Xu. (kkolinko) </fix> <update> + <bug>48097</bug>: Make WebappClassLoader to do not swallow + AccessControlException. (kkolinko) + </update> + <update> Deprecate the <code>caseSensitive</code> option on the <code>StandardContext</code> which will be removed in Tomcat 7 onwards. (markt) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org