cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security SecurityClassLoad.java
jfarcand2003/10/30 17:30:01
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
http11/src/java/org/apache/coyote/http11
Http11Processor.java InternalOutputBuffer.java
jasper2/src/share/org/apache/jasper/runtime
JspWriterImpl.java PageContextImpl.java
jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Fix for bug 24270: NoClassDefFoundError when running in security mode
Next time I will update my tcks before syaing they all passes ;-)
Revision ChangesPath
1.11 +14 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityClassLoad.java
Index: SecurityClassLoad.java
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityClassLoad.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- SecurityClassLoad.java19 Sep 2003 22:03:35 - 1.10
+++ SecurityClassLoad.java31 Oct 2003 01:30:01 - 1.11
@@ -89,6 +89,7 @@
loadUtilPackage(loader);
loadJavaxPackage(loader);
loadCoyotePackage(loader);
+loadHttp11Package(loader);
}
@@ -148,6 +149,15 @@
private final static void loadJavaxPackage(ClassLoader loader)
throws Exception {
loader.loadClass("javax.servlet.http.Cookie");
+}
+
+
+private final static void loadHttp11Package(ClassLoader loader)
+throws Exception {
+String basePackage = "org.apache.coyote.http11.";
+loader.loadClass(basePackage + "Http11Processor$1");
+loader.loadClass(basePackage + "InternalOutputBuffer$1");
+loader.loadClass(basePackage + "InternalOutputBuffer$2");
}
1.85 +19 -3
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
Index: Http11Processor.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- Http11Processor.java 17 Oct 2003 18:45:40 - 1.84
+++ Http11Processor.java 31 Oct 2003 01:30:01 - 1.85
@@ -66,6 +66,8 @@
import java.net.InetAddress;
import java.net.Socket;
import java.util.StringTokenizer;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.coyote.ActionCode;
import org.apache.coyote.ActionHook;
@@ -1434,9 +1436,23 @@
}
// Add date header
-if (! response.containsHeader("Date"))
- response.addHeader("Date", FastHttpDateFormat.getCurrentDate());
-
+if (! response.containsHeader("Date")){
+
+ String date = null;
+ if (System.getSecurityManager() != null){
+date = (String)AccessController.doPrivileged(
+new PrivilegedAction() {
+public Object run(){
+return FastHttpDateFormat.getCurrentDate();
+}
+}
+);
+ } else {
+date = FastHttpDateFormat.getCurrentDate();
+ }
+ response.addHeader("Date", date);
+}
+
// Add server header
response.addHeader("Server", Constants.SERVER);
1.20 +28 -2
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java
Index: InternalOutputBuffer.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- InternalOutputBuffer.java 12 Sep 2003 13:15:36 - 1.19
+++ InternalOutputBuffer.java 31 Oct 2003 01:30:01 - 1.20
@@ -61,6 +61,8 @@
import java.io.IOException;
import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
@@ -489,16 +491,40 @@
// Write message
String message = response.getMessage();
if (message == null) {
-write(HttpMessages.getMessage(status));
+write(getMessage(status));
} else {
write(message);
}
// End the response status line
-write(Constants.
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security SecurityClassLoad.java
jfarcand2003/09/19 14:24:48
Modified:jasper2/src/share/org/apache/jasper/runtime
PageContextImpl.java
jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Package protect the class properly.
Revision ChangesPath
1.54 +425 -249
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java
Index: PageContextImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- PageContextImpl.java 19 Sep 2003 19:29:15 - 1.53
+++ PageContextImpl.java 19 Sep 2003 21:24:47 - 1.54
@@ -254,150 +254,228 @@
attributes.clear();
}
-public Object getAttribute(String name) {
+public Object getAttribute(final String name) {
+
+if (name == null) {
+throw new NullPointerException(
+Localizer.getMessage("jsp.error.attribute.null_name"));
+}
+
+if (System.getSecurityManager() != null){
+return AccessController.doPrivileged(new PrivilegedAction(){
+public Object run(){
+return doGetAttribute(name);
+}
+});
+} else {
+return doGetAttribute(name);
+}
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage("jsp.error.attribute.null_name"));
- }
- return attributes.get(name);
}
-public Object getAttribute(String name, int scope) {
+private Object doGetAttribute(String name){
+return attributes.get(name);
+}
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage("jsp.error.attribute.null_name"));
- }
+public Object getAttribute(final String name, final int scope) {
- switch (scope) {
- case PAGE_SCOPE:
- return attributes.get(name);
-
- case REQUEST_SCOPE:
- return request.getAttribute(name);
-
- case SESSION_SCOPE:
- if (session == null) {
- throw new IllegalStateException(
- Localizer.getMessage("jsp.error.page.noSession"));
- }
- return session.getAttribute(name);
+if (name == null) {
+throw new NullPointerException(
+Localizer.getMessage("jsp.error.attribute.null_name"));
+}
- case APPLICATION_SCOPE:
- return context.getAttribute(name);
+if (System.getSecurityManager() != null){
+return AccessController.doPrivileged(new PrivilegedAction(){
+public Object run(){
+return doGetAttribute(name, scope);
+}
+});
+} else {
+return doGetAttribute(name, scope);
+}
- default:
- throw new IllegalArgumentException("Invalid scope");
- }
}
-public void setAttribute(String name, Object attribute) {
+private Object doGetAttribute(String name, int scope){
+switch (scope) {
+case PAGE_SCOPE:
+return attributes.get(name);
+
+case REQUEST_SCOPE:
+return request.getAttribute(name);
+
+case SESSION_SCOPE:
+if (session == null) {
+throw new IllegalStateException(
+Localizer.getMessage("jsp.error.page.noSession"));
+}
+return session.getAttribute(name);
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage("jsp.error.attribute.null_name"));
- }
+case APPLICATION_SCOPE:
+return context.getAttribute(name);
- if (attribute != null) {
- attributes.put(name, attribute);
- } else {
- removeAttribute(name, PAGE_SCOPE);
- }
+default:
+throw new IllegalArgumentException("Invalid scope");
+}
}
-public void setAttribute(String name, Object o, int scope) {
+public void setAttribute(final String name, final Object attribute) {
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage("jsp.error.attribute.null_name"));
- }
+if (name == null) {
+throw new NullPointerException(
+Localizer.getMessage("jsp.error.attribute.null_name"));
+}
- if (o != null) {
- switch (sco
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security SecurityClassLoad.java
jfarcand2003/06/23 12:35:59
Modified:jasper2 build.xml
jasper2/src/share/org/apache/jasper/compiler
JspRuntimeContext.java
Added: jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Refactorize the way inner classes are loaded when the security manager is turned on.
Add a security folder and start moving all security related code into that folder
(same design as org.apache.catalina). Add inner classes required to be loaded at
startup.
Revision ChangesPath
1.23 +1 -0 jakarta-tomcat-jasper/jasper2/build.xml
Index: build.xml
===
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/build.xml,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- build.xml 12 Mar 2003 20:28:23 - 1.22
+++ build.xml 23 Jun 2003 19:35:59 - 1.23
@@ -157,6 +157,7 @@
+
1.15 +6 -41
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java
Index: JspRuntimeContext.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- JspRuntimeContext.java29 May 2003 16:34:37 - 1.14
+++ JspRuntimeContext.java23 Jun 2003 19:35:59 - 1.15
@@ -85,6 +85,7 @@
import org.apache.jasper.JspCompilationContext;
import org.apache.jasper.Options;
import org.apache.jasper.runtime.JspFactoryImpl;
+import org.apache.jasper.security.SecurityClassLoad;
import org.apache.jasper.servlet.JspServletWrapper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -113,43 +114,7 @@
*/
static {
JspFactoryImpl factory = new JspFactoryImpl();
-if( System.getSecurityManager() != null ) {
-String basePackage = "org.apache.jasper.";
-try {
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.JspFactoryImpl$PrivilegedGetPageContext");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.JspFactoryImpl$PrivilegedReleasePageContext");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.JspRuntimeLibrary");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.ServletResponseWrapperInclude");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.TagHandlerPool");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"servlet.JspServletWrapper");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.JspFragmentHelper");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.ProtectedFunctionMapper");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.ProtectedFunctionMapper$1");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.ProtectedFunctionMapper$2");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.PageContextImpl");
- factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.PageContextImpl$1");
-factory.getClass().getClassLoader().loadClass( basePackage +
-"runtime.JspContextWrapper");
-} catch (ClassNotFoundException ex) {
-System.out.println(
-"Jasper JspRuntimeContext preload of class failed: " +
-ex.getMessage());
-}
-}
+SecurityClassLoad.securityClassLoad(factory.getClass().getClassLoader());
JspFactory.setDefaultFactory(factory);
}
1.1
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security/SecurityClassLoad.java
Index: SecurityClassLoad.java
===
/*
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999
