svn commit: r1589980 - /tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java

Fri, 25 Apr 2014 03:29:15 -0700 

Author: markt
Date: Fri Apr 25 10:28:18 2014
New Revision: 1589980

URL: http://svn.apache.org/r1589980
Log:
More defensive coding around some XML activities that are triggered by web 
applications and are therefore at potential risk of a memory leak.

Modified:
    tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java

Modified: tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java?rev=1589980&r1=1589979&r2=1589980&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java 
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java Fri Apr 
25 10:28:18 2014
@@ -18,6 +18,7 @@ package org.apache.jasper.compiler;
 
 import java.io.IOException;
 import java.net.URL;
+import java.security.AccessController;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Map;
@@ -29,6 +30,8 @@ import org.apache.jasper.JasperException
 import org.apache.jasper.compiler.tagplugin.TagPlugin;
 import org.apache.jasper.compiler.tagplugin.TagPluginContext;
 import org.apache.tomcat.util.descriptor.tagplugin.TagPluginParser;
+import org.apache.tomcat.util.security.PrivilegedGetTccl;
+import org.apache.tomcat.util.security.PrivilegedSetTccl;
 import org.xml.sax.SAXException;
 
 /**
@@ -71,7 +74,34 @@ public class TagPluginManager {
             blockExternal = Boolean.parseBoolean(blockExternalString);
         }
 
-        TagPluginParser parser = new TagPluginParser(ctxt, blockExternal);
+        TagPluginParser parser;
+        ClassLoader original;
+        if (Constants.IS_SECURITY_ENABLED) {
+            PrivilegedGetTccl pa = new PrivilegedGetTccl();
+            original = AccessController.doPrivileged(pa);
+            } else {
+                original = Thread.currentThread().getContextClassLoader();
+            }
+        try {
+            if (Constants.IS_SECURITY_ENABLED) {
+                PrivilegedSetTccl pa =
+                        new 
PrivilegedSetTccl(JspDocumentParser.class.getClassLoader());
+                AccessController.doPrivileged(pa);
+            } else {
+                Thread.currentThread().setContextClassLoader(
+                        JspDocumentParser.class.getClassLoader());
+            }
+
+            parser = new TagPluginParser(ctxt, blockExternal);
+
+        } finally {
+            if (Constants.IS_SECURITY_ENABLED) {
+                PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
+                AccessController.doPrivileged(pa);
+            } else {
+                Thread.currentThread().setContextClassLoader(original);
+            }
+        }
 
         try {
             Enumeration<URL> urls =



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to