remm 02/05/15 18:06:29 Modified: catalina/src/share/org/apache/catalina/loader WebappClassLoader.java Log: - Slightly experimental change. - Slightly modify the class filters: now, the filtered classes will be delegated to the parent CL. If the parent doesn't load them, the webapp CL will try to load them. - Add filter for all javax.*, Xerces and Xalan. This should put an end to whatever problems still existed with the XML parsers and XSL processors. Revision Changes Path 1.38 +41 -25 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java Index: WebappClassLoader.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- WebappClassLoader.java 29 Apr 2002 12:46:54 -0000 1.37 +++ WebappClassLoader.java 16 May 2002 01:06:29 -0000 1.38 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v 1.37 2002/04/29 12:46:54 remm Exp $ - * $Revision: 1.37 $ - * $Date: 2002/04/29 12:46:54 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v 1.38 2002/05/16 01:06:29 remm Exp $ + * $Revision: 1.38 $ + * $Date: 2002/05/16 01:06:29 $ * * ==================================================================== * @@ -145,7 +145,7 @@ * * @author Remy Maucherat * @author Craig R. McClanahan - * @version $Revision: 1.37 $ $Date: 2002/04/29 12:46:54 $ + * @version $Revision: 1.38 $ $Date: 2002/05/16 01:06:29 $ */ public class WebappClassLoader extends URLClassLoader @@ -187,16 +187,14 @@ /** * Set of package names which are not allowed to be loaded from a webapp - * class loader. + * class loader without delegating first. */ private static final String[] packageTriggers = { - "javax.naming", // JNDI - "javax.naming.directory", // JNDI - "javax.xml.parsers", // JAXP + "javax", // Java extensions "org.xml.sax", // SAX 1 & 2 - "org.xml.sax.ext", // SAX 1 & 2 - "org.xml.sax.helpers", // SAX 1 & 2 - "org.w3c.dom" // DOM 1 & 2 + "org.w3c.dom", // DOM 1 & 2 + "org.apache.xerces", // Xerces 1 & 2 + "org.apache.xalan" // Xalan }; @@ -1344,8 +1342,10 @@ } } + boolean delegateLoad = delegate || filter(name); + // (1) Delegate to our parent if requested - if (delegate) { + if (delegateLoad) { if (debug >= 3) log(" Delegating to parent classloader"); ClassLoader loader = parent; @@ -1382,7 +1382,7 @@ } // (3) Delegate to parent unconditionally - if (!delegate) { + if (!delegateLoad) { if (debug >= 3) log(" Delegating to parent classloader"); ClassLoader loader = parent; @@ -1907,21 +1907,15 @@ /** - * Validate a classname. As per SRV.9.7.2, we must restict loading of - * classes from J2SE (java.*) and classes of the servlet API - * (javax.servlet.*). That should enhance robustness and prevent a number - * of user error (where an older version of servlet.jar would be present - * in /WEB-INF/lib). + * Filter classes. * * @param name class name - * @return true if the name is valid + * @return true if the class should be filtered */ - protected boolean validate(String name) { + protected boolean filter(String name) { if (name == null) return false; - if (name.startsWith("java.")) - return false; // Looking up the package String packageName = null; @@ -1929,12 +1923,34 @@ if (pos != -1) packageName = name.substring(0, pos); else - return true; + return false; for (int i = 0; i < packageTriggers.length; i++) { - if (packageName.equals(packageTriggers[i])) - return false; + if (packageName.startsWith(packageTriggers[i])) + return true; } + + return false; + + } + + + /** + * Validate a classname. As per SRV.9.7.2, we must restict loading of + * classes from J2SE (java.*) and classes of the servlet API + * (javax.servlet.*). That should enhance robustness and prevent a number + * of user error (where an older version of servlet.jar would be present + * in /WEB-INF/lib). + * + * @param name class name + * @return true if the name is valid + */ + protected boolean validate(String name) { + + if (name == null) + return false; + if (name.startsWith("java.")) + return false; return true;
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>