[
https://issues.apache.org/jira/browse/GERONIMO-6534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
xiezhi updated GERONIMO-6534:
-----------------------------
Affects Version/s: (was: 3.0-beta-1)
(was: 3.0-M1)
(was: 3.0.0)
> A potential coding flaw makes scan jar fail without any error or exception
> --------------------------------------------------------------------------
>
> Key: GERONIMO-6534
> URL: https://issues.apache.org/jira/browse/GERONIMO-6534
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.1.8, 2.2.1
> Reporter: xiezhi
> Priority: Minor
>
> The method ScanJar and ScanJars are from GeronimoTldLocationsCache.java. I
> think it has not been well thought out. The error or exception which raised
> in scanning entry files should not be past. I actually met a problem when
> failed to get uri from a tld file because of some validation reason. There is
> no exception or any other error message. It took a lot of time to find the
> root cause in debug model.
> I think it is not a good practice to ignore the exceptions here.
> /**
> * Scans the given JarURLConnection for TLD files located in META-INF
> * (or a subdirectory of it), adding an implicit map entry to the taglib
> * map for any TLD that has a <uri> element.
> *
> * @param conn The JarURLConnection to the JAR file to scan
> * @param ignore true if any exceptions raised when processing the given
> * JAR should be ignored, false otherwise
> */
> private void scanJar(JarURLConnection conn, boolean ignore)
> throws JasperException {
> JarFile jarFile = null;
> String resourcePath = conn.getJarFileURL().toString();
> try {
> if (redeployMode) {
> conn.setUseCaches(false);
> }
> jarFile = conn.getJarFile();
> Enumeration entries = jarFile.entries();
> while (entries.hasMoreElements()) {
> JarEntry entry = (JarEntry) entries.nextElement();
> String name = entry.getName();
> if (!name.startsWith("META-INF/")) continue;
> if (!name.endsWith(".tld")) continue;
> InputStream stream = jarFile.getInputStream(entry);
> try {
> String uri = getUriFromTld(resourcePath, stream);
> // Add implicit map entry only if its uri is not already
> // present in the map
> if (uri != null && mappings.get(uri) == null) {
> mappings.put(uri, new String[]{ resourcePath, name });
> }
> } finally {
> if (stream != null) {
> try {
> stream.close();
> } catch (Throwable t) {
> // do nothing
> }
> }
> }
> }
> } catch (Exception ex) {
> if (!redeployMode) {
> // if not in redeploy mode, close the jar in case of an error
> if (jarFile != null) {
> try {
> jarFile.close();
> } catch (Throwable t) {
> // ignore
> }
> }
> }
> if (!ignore) {
> throw new JasperException(ex);
> }
> } finally {
> if (redeployMode) {
> // if in redeploy mode, always close the jar
> if (jarFile != null) {
> try {
> jarFile.close();
> } catch (Throwable t) {
> // ignore
> }
> }
> }
> }
> }
>
> ------------------------------------------------------------------------------------------
>
> /*
> * Scans all JARs accessible to the webapp's classloader and its
> * parent classloaders for TLDs.
> *
> * The list of JARs always includes the JARs under WEB-INF/lib, as well as
> * all shared JARs in the classloader delegation chain of the webapp's
> * classloader.
> *
> * Considering JARs in the classloader delegation chain constitutes a
> * Tomcat-specific extension to the TLD search
> * order defined in the JSP spec. It allows tag libraries packaged as JAR
> * files to be shared by web applications by simply dropping them in a
> * location that all web applications have access to (e.g.,
> * <CATALINA_HOME>/common/lib).
> *
> * The set of shared JARs to be scanned for TLDs is narrowed down by
> * the <tt>noTldJars</tt> class variable, which contains the names of JARs
> * that are known not to contain any TLDs.
> */
> private void scanJars() throws Exception {
> ClassLoader webappLoader
> = Thread.currentThread().getContextClassLoader();
> ClassLoader loader = webappLoader;
> while (loader != null) {
> if (loader instanceof URLClassLoader) {
> URL[] urls = ((URLClassLoader) loader).getURLs();
> for (int i=0; i<urls.length; i++) {
> URLConnection conn = urls[i].openConnection();
> if (conn instanceof JarURLConnection) {
> if (needScanJar(loader, webappLoader,
> ((JarURLConnection)
> conn).getJarFile().getName())) {
> scanJar((JarURLConnection) conn, true);
> }
> } else {
> String urlStr = urls[i].toString();
> if (urlStr.startsWith(FILE_PROTOCOL)
> && urlStr.endsWith(JAR_FILE_SUFFIX)
> && needScanJar(loader, webappLoader, urlStr))
> {
> URL jarURL = new URL("jar:" + urlStr + "!/");
> scanJar((JarURLConnection)
> jarURL.openConnection(),
> true);
> }
> }
> }
> }
> loader = loader.getParent();
> }
> }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
