This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push: new 06eb5b1 Refactor system property source to be more flexible 06eb5b1 is described below commit 06eb5b10d1c7852dac3d4022e45c3d28721dfd9a Author: remm <r...@apache.org> AuthorDate: Wed Apr 28 14:43:55 2021 +0200 Refactor system property source to be more flexible Allows explicit use if desired. --- java/org/apache/tomcat/util/digester/Digester.java | 43 ++++++------------ .../tomcat/util/digester/SystemPropertySource.java | 51 ++++++++++++++++++++++ webapps/docs/changelog.xml | 5 +++ webapps/docs/config/systemprops.xml | 3 ++ 4 files changed, 72 insertions(+), 30 deletions(-) diff --git a/java/org/apache/tomcat/util/digester/Digester.java b/java/org/apache/tomcat/util/digester/Digester.java index 0b76684..12a72e4 100644 --- a/java/org/apache/tomcat/util/digester/Digester.java +++ b/java/org/apache/tomcat/util/digester/Digester.java @@ -24,16 +24,13 @@ import java.io.UnsupportedEncodingException; import java.lang.reflect.InvocationTargetException; import java.net.URI; import java.net.URISyntaxException; -import java.security.Permission; import java.util.ArrayList; -import java.util.Arrays; import java.util.EmptyStackException; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Properties; -import java.util.PropertyPermission; import java.util.Set; import java.util.StringTokenizer; @@ -48,7 +45,6 @@ import org.apache.tomcat.util.IntrospectionUtils; import org.apache.tomcat.util.IntrospectionUtils.PropertySource; import org.apache.tomcat.util.buf.B2CConverter; import org.apache.tomcat.util.res.StringManager; -import org.apache.tomcat.util.security.PermissionCheck; import org.xml.sax.Attributes; import org.xml.sax.EntityResolver; import org.xml.sax.ErrorHandler; @@ -175,26 +171,6 @@ public class Digester extends DefaultHandler2 { // --------------------------------------------------- Instance Variables - private static class SystemPropertySource implements IntrospectionUtils.SecurePropertySource { - - @Override - public String getProperty(String key) { - // For backward compatibility - return getProperty(key, null); - } - - @Override - public String getProperty(String key, ClassLoader classLoader) { - if (classLoader instanceof PermissionCheck) { - Permission p = new PropertyPermission(key, "read"); - if (!((PermissionCheck) classLoader).check(p)) { - return null; - } - } - return System.getProperty(key); - } - } - /** * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource} * that uses environment variables to resolve expressions. Still available @@ -208,8 +184,7 @@ public class Digester extends DefaultHandler2 { } - protected IntrospectionUtils.PropertySource[] source = new IntrospectionUtils.PropertySource[] { - new SystemPropertySource() }; + protected IntrospectionUtils.PropertySource[] source; /** @@ -393,12 +368,20 @@ public class Digester extends DefaultHandler2 { public Digester() { propertySourcesSet = true; + ArrayList<IntrospectionUtils.PropertySource> sourcesList = new ArrayList<>(); + boolean systemPropertySourceFound = false; if (propertySources != null) { - ArrayList<IntrospectionUtils.PropertySource> sourcesList = new ArrayList<>(); - sourcesList.addAll(Arrays.asList(propertySources)); - sourcesList.add(source[0]); - source = sourcesList.toArray(new IntrospectionUtils.PropertySource[0]); + for (IntrospectionUtils.PropertySource source : propertySources) { + if (source instanceof SystemPropertySource) { + systemPropertySourceFound = true; + } + sourcesList.add(source); + } + } + if (!systemPropertySourceFound) { + sourcesList.add(new SystemPropertySource()); } + source = sourcesList.toArray(new IntrospectionUtils.PropertySource[0]); } diff --git a/java/org/apache/tomcat/util/digester/SystemPropertySource.java b/java/org/apache/tomcat/util/digester/SystemPropertySource.java new file mode 100644 index 0000000..49fc765 --- /dev/null +++ b/java/org/apache/tomcat/util/digester/SystemPropertySource.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomcat.util.digester; + +import java.security.Permission; +import java.util.PropertyPermission; + +import org.apache.tomcat.util.IntrospectionUtils; +import org.apache.tomcat.util.security.PermissionCheck; + +/** + * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource} + * that uses system properties to resolve expressions. + * This property source is always active by default. + * + * @see Digester + */ +public class SystemPropertySource implements IntrospectionUtils.SecurePropertySource { + + @Override + public String getProperty(String key) { + // For backward compatibility + return getProperty(key, null); + } + + @Override + public String getProperty(String key, ClassLoader classLoader) { + if (classLoader instanceof PermissionCheck) { + Permission p = new PropertyPermission(key, "read"); + if (!((PermissionCheck) classLoader).check(p)) { + return null; + } + } + return System.getProperty(key); + } + +} diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index ae0f7ad..053ea70 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -182,6 +182,11 @@ <update> Update the CXF module to Apache CXF 3.4.3. (remm) </update> + <fix> + Move <code>SystemPropertySource</code> to be a regular class to allow + more precise configuration if needed. The system property source will + still always be enabled. (remm) + </fix> </changelog> </subsection> </section> diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml index 106a8db..c286703 100644 --- a/webapps/docs/config/systemprops.xml +++ b/webapps/docs/config/systemprops.xml @@ -55,6 +55,9 @@ can be used to replace parameters from the process' environment variables, e.g. injected ConfigMaps or Secret objects in container based systems like OpenShift or Kubernetes.</p> + <p><code>org.apache.tomcat.util.digester.SystemPropertySource</code> + does replacement with system properties. It is always enabled, + but can also be spefied as part of the property value.</p> </property> <property name="org.apache.tomcat.util.digester. REPLACE_SYSTEM_PROPERTIES"> <p>Set this boolean system property to <code>true</code> to cause --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org