costin 2002/10/11 09:46:55
Modified: src/facade22/org/apache/tomcat/facade WebXmlReader.java
Log:
The reading of web.xml should happen with the webapp privs.
That means entity refs and all other processing done by the
parser must be done withing the sandbox, with the rights of the
webapp and not the rights of container.
In addition, the context class loader is disabled - the
parser that is used must be the container class loader. The
webapp can still use whatever parser it wants for its internal
processings, but web.xml should use our parser ( that's another
way user code could run with container privs ).
Revision Changes Path
1.17 +44 -1
jakarta-tomcat/src/facade22/org/apache/tomcat/facade/WebXmlReader.java
Index: WebXmlReader.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/facade22/org/apache/tomcat/facade/WebXmlReader.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- WebXmlReader.java 29 Nov 2001 03:23:26 -0000 1.16
+++ WebXmlReader.java 11 Oct 2002 16:46:55 -0000 1.17
@@ -15,6 +15,7 @@
import org.xml.sax.*;
import org.xml.sax.helpers.*;
import org.w3c.dom.*;
+import org.apache.tomcat.util.compat.*;
// XXX XXX Specific to servlet 2.2
@@ -30,6 +31,8 @@
private static StringManager sm
=StringManager.getManager("org.apache.tomcat.resources");
boolean validate=true;
+ static Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
+
public WebXmlReader() {
}
@@ -235,7 +238,27 @@
addSecurity( xh );
- Object ctx1=xh.readXml(f, ctx);
+ Object ctx1=null;
+
+ xh.useLocalLoader( false ); // we'll use our own parser for web.xml
+
+ // Perform the reading with the context privs
+ Object pd=ctx.getAttribute( Context.ATTRIB_PROTECTION_DOMAIN);
+ // System.out.println("Protection domain " + pd);
+
+ if( pd!=null ) {
+ // Do the action in a sandbox, with context privs
+ PriviledgedAction di = new PriviledgedAction(xh, f, ctx);
+ try {
+ ctx1=jdk11Compat.doPrivileged(di, pd);
+ } catch( TomcatException ex1 ) {
+ throw ex1;
+ } catch( Exception ex ) {
+ throw new TomcatException( ex );
+ }
+ } else {
+ ctx1=xh.readXml(f, ctx);
+ }
if( validate && xeh != null && xeh.isOk() ) {
// don't create the validation mark if an error was detected
@@ -258,6 +281,26 @@
}
}
+
+ // Sandbox support
+ static class PriviledgedAction extends Action {
+ XmlMapper xh;
+ File f;
+ Context ctx;
+
+ public PriviledgedAction(XmlMapper xh, File f, Context ctx ) {
+ this.xh=xh;
+ this.ctx=ctx;
+ this.f=f;
+ }
+ public Object run() throws Exception {
+ return xh.readXml(f, ctx);
+ }
+ }
+
+
+
+
// Add security rules - complex code
void addSecurity( XmlMapper xh ) {
xh.addRule("web-app/security-constraint",
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
