This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 927e89fe23098e29b63f115814f517d4ee7a5c47
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 12 15:31:26 2019 +0100
Additional changes required to enable EnvironmentPropertySource
---
.../org/apache/tomcat/util/IntrospectionUtils.java | 59 +++++++++++++++++++---
java/org/apache/tomcat/util/digester/Digester.java | 32 ++++++++----
webapps/docs/changelog.xml | 4 +-
3 files changed, 76 insertions(+), 19 deletions(-)
diff --git a/java/org/apache/tomcat/util/IntrospectionUtils.java
b/java/org/apache/tomcat/util/IntrospectionUtils.java
index fee02f6..600d3da 100644
--- a/java/org/apache/tomcat/util/IntrospectionUtils.java
+++ b/java/org/apache/tomcat/util/IntrospectionUtils.java
@@ -30,6 +30,8 @@ import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
+import org.apache.tomcat.util.security.PermissionCheck;
+
/**
* Utils for introspection and reflection
*/
@@ -486,10 +488,32 @@ public final class IntrospectionUtils {
}
/**
- * Replace ${NAME} with the property value
+ * Replace ${NAME} with the property value.
+ * @param value The value
+ * @param staticProp Replacement properties
+ * @param dynamicProp Replacement properties
+ * @return the replacement value
+ * @deprecated Use {@link #replaceProperties(String, Hashtable,
PropertySource[], ClassLoader)}
*/
+ @Deprecated
public static String replaceProperties(String value,
Hashtable<Object,Object> staticProp, PropertySource dynamicProp[])
{
+ return replaceProperties(value, staticProp, dynamicProp, null);
+ }
+
+ /**
+ * Replace ${NAME} with the property value.
+ * @param value The value
+ * @param staticProp Replacement properties
+ * @param dynamicProp Replacement properties
+ * @param classLoader Class loader associated with the code requesting the
+ * property
+ * @return the replacement value
+ */
+ public static String replaceProperties(String value,
+ Hashtable<Object,Object> staticProp, PropertySource dynamicProp[],
+ ClassLoader classLoader) {
+
if (value.indexOf('$') < 0) {
return value;
}
@@ -520,8 +544,12 @@ public final class IntrospectionUtils {
v = (String) staticProp.get(n);
}
if (v == null && dynamicProp != null) {
- for (int i = 0; i < dynamicProp.length; i++) {
- v = dynamicProp[i].getProperty(n);
+ for (PropertySource propertySource : dynamicProp) {
+ if (propertySource instanceof SecurePropertySource) {
+ v = ((SecurePropertySource)
propertySource).getProperty(n, classLoader);
+ } else {
+ v = propertySource.getProperty(n);
+ }
if (v != null) {
break;
}
@@ -992,19 +1020,36 @@ public final class IntrospectionUtils {
// This provides a layer of abstraction
public static interface PropertySource {
-
public String getProperty(String key);
+ }
+
+ public static interface SecurePropertySource extends PropertySource {
+
+ /**
+ * Obtain a property value, checking that code associated with the
+ * provided class loader has permission to access the property. If the
+ * {@code classLoader} is {@code null} or if {@code classLoader} does
+ * not implement {@link PermissionCheck} then the property value will
be
+ * looked up <b>without</b> a call to
+ * {@link PermissionCheck#check(java.security.Permission)}
+ *
+ * @param key The key of the requested property
+ * @param classLoader The class loader associated with the code that
+ * trigger the property lookup
+ * @return The property value or {@code null} if it could not be found
+ * or if {@link
PermissionCheck#check(java.security.Permission)}
+ * fails
+ */
+ public String getProperty(String key, ClassLoader classLoader);
}
+
/**
* @deprecated Is used only by deprecated method
*/
@Deprecated
public static interface AttributeHolder {
-
public void setAttribute(String key, Object o);
-
}
-
}
diff --git a/java/org/apache/tomcat/util/digester/Digester.java
b/java/org/apache/tomcat/util/digester/Digester.java
index 22f9cec..614b142 100644
--- a/java/org/apache/tomcat/util/digester/Digester.java
+++ b/java/org/apache/tomcat/util/digester/Digester.java
@@ -154,13 +154,19 @@ public class Digester extends DefaultHandler2 {
// --------------------------------------------------- Instance Variables
- private class SystemPropertySource implements
IntrospectionUtils.PropertySource {
+ private static class SystemPropertySource implements
IntrospectionUtils.SecurePropertySource {
+
@Override
public String getProperty(String key) {
- ClassLoader cl = getClassLoader();
- if (cl instanceof PermissionCheck) {
+ // For backward compatibility
+ return getProperty(key, null);
+ }
+
+ @Override
+ public String getProperty(String key, ClassLoader classLoader) {
+ if (classLoader instanceof PermissionCheck) {
Permission p = new PropertyPermission(key, "read");
- if (!((PermissionCheck) cl).check(p)) {
+ if (!((PermissionCheck) classLoader).check(p)) {
return null;
}
}
@@ -169,13 +175,18 @@ public class Digester extends DefaultHandler2 {
}
- public class EnvironmentPropertySource implements
IntrospectionUtils.PropertySource {
+ public static class EnvironmentPropertySource implements
IntrospectionUtils.SecurePropertySource {
+
@Override
public String getProperty(String key) {
- ClassLoader cl = getClassLoader();
- if (cl instanceof PermissionCheck) {
+ return null;
+ }
+
+ @Override
+ public String getProperty(String key, ClassLoader classLoader) {
+ if (classLoader instanceof PermissionCheck) {
Permission p = new RuntimePermission("getenv." + key, null);
- if (!((PermissionCheck) cl).check(p)) {
+ if (!((PermissionCheck) classLoader).check(p)) {
return null;
}
}
@@ -368,6 +379,7 @@ public class Digester extends DefaultHandler2 {
private HashMap<String,ArrayStack<Object>> stacksByName =
new HashMap<String,ArrayStack<Object>>();
+
// ------------------------------------------------------------- Properties
/**
@@ -2708,7 +2720,7 @@ public class Digester extends DefaultHandler2 {
for (int i = 0; i < nAttributes; ++i) {
String value = newAttrs.getValue(i);
try {
- newAttrs.setValue(i,
IntrospectionUtils.replaceProperties(value, null, source).intern());
+ newAttrs.setValue(i,
IntrospectionUtils.replaceProperties(value, null, source,
getClassLoader()).intern());
} catch (Exception e) {
log.warn("Attribute [" + newAttrs.getLocalName(i) + "] failed
to update and remains [" + value + "].", e);
}
@@ -2727,7 +2739,7 @@ public class Digester extends DefaultHandler2 {
String in = bodyText.toString();
String out;
try {
- out = IntrospectionUtils.replaceProperties(in, null, source);
+ out = IntrospectionUtils.replaceProperties(in, null, source,
getClassLoader());
} catch (Exception e) {
return bodyText; // return unchanged data
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1f8f198..710063c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -106,8 +106,8 @@
<add>
Add a new <code>PropertySource</code> implementation,
<code>EnvironmentPropertySource</code>, that can be used to do property
- replacement in configuration files with environment variables. Pull
- request provided by Thomas Meyer. (markt)
+ replacement in configuration files with environment variables. Based on
+ a pull request provided by Thomas Meyer. (markt)
</add>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
