cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader StandardClassLoader.java

Tue, 24 Apr 2001 20:55:19 -0700 

glenn       01/04/24 21:14:47

  Modified:    catalina/src/share/org/apache/catalina/loader
                        StandardClassLoader.java
  Log:
  Java SecurityManager implementation changes
  -------------------------------------------
  
  Changed the naming convention for JNDI DirContextURL to
  "jndi:/hostname/webappname/" and "jar:jndi:/hostname/webappname/...".
  This works better with java.io.FilePermission.
  
  Modified how permissions are granted to the codeBase for a
  web application so that different permissions can be granted.
  Permissions assigned to the root of a web application apply
  to JSP pages.  Different permissions can be assigned to the
  /WEB-INF/classes/ directory, the /WEB-INF/lib/ directory,
  or even to individual jar files in /WEB-INF/lib/.  This allows
  much finer control of permissions granted within a web
  application.
  
  Fixed Jasper so that it uses the correct codeBase for a
  web application, it had been using the work dir instead
  of the context dir for getting permissions from the
  policy file.
  
  Added more default read FilePermissions for classes
  loaded from within a web application so that getResources()
  works. Added:
  
  "jndi:/hostname/webappname/-"
  "jar:jndi:/hostname/webappname/WEB-INF/lib/-"
  "file:/realcontextpath/-"
  
  Revision  Changes    Path
  1.15      +44 -48    
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java
  
  Index: StandardClassLoader.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- StandardClassLoader.java  2001/04/21 07:02:20     1.14
  +++ StandardClassLoader.java  2001/04/25 04:14:47     1.15
  @@ -1,7 +1,7 @@
   /*
  - * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java,v
 1.14 2001/04/21 07:02:20 remm Exp $
  - * $Revision: 1.14 $
  - * $Date: 2001/04/21 07:02:20 $
  + * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java,v
 1.15 2001/04/25 04:14:47 glenn Exp $
  + * $Revision: 1.15 $
  + * $Date: 2001/04/25 04:14:47 $
    *
    * ====================================================================
    *
  @@ -110,7 +110,7 @@
    *
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.14 $ $Date: 2001/04/21 07:02:20 $
  + * @version $Revision: 1.15 $ $Date: 2001/04/25 04:14:47 $
    */
   
   public class StandardClassLoader
  @@ -296,18 +296,17 @@
   
   
       /**
  -     * The context directory path read FilePermission if this loader
  -     * is for a web application context, and this web application is running
  -     * from an unpacked directory.
  +     * A list of read FilePermission's required if this loader
  +     * is for a web application context.
        */
  -    private FilePermission rootPermission = null;
  +    private ArrayList filePermissionList = new ArrayList();
   
   
       /**
  -     * The context directory URL read FilePermission if this loader
  -     * is for a web application context.
  +     * The PermissionCollection for each CodeSource for a web
  +     * application context.
        */
  -    private FilePermission urlPermission = null;
  +    private HashMap loaderPC = new HashMap();
   
   
       /**
  @@ -317,6 +316,11 @@
   
   
       /**
  +     * Flag that the security policy has been refreshed from file.
  +     */
  +    private boolean policy_refresh = false;
  +
  +    /**
        * The parent class loader.
        */
       private ClassLoader parent = null;
  @@ -382,47 +386,26 @@
   
   
       /**
  -     * If there is a Java SecurityManager, refresh the security
  -     * policies from file and set the context security permisions
  -     * for the specified context root directory path
  +     * If there is a Java SecurityManager create a read FilePermission
  +     * for the file directory path.
        *
  -     * @param path Context directory root directory path
  +     * @param path file directory path
        */
       public void setPermissions(String path) {
        if( securityManager != null ) {
  -            // System.out.println("setPermissionsPath: " + path);
  -         String contextDir = path;
  -         if( contextDir.endsWith(File.separator) )
  -             contextDir = contextDir + "-";
  -         else
  -             contextDir = contextDir + File.separator + "-";
  -         // Refresh the security policies
  -         Policy policy = Policy.getPolicy();
  -         policy.refresh();
  -            rootPermission = new FilePermission(contextDir,"read");
  +            filePermissionList.add(new FilePermission(path + "-","read"));
        }
       }
   
   
       /**
  -     * If there is a Java SecurityManager, refresh the security
  -     * policies from file and set the context security permissions.
  +     * If there is a Java SecurityManager add a read FilePermission
  +     * for URL.
        *
  -     * @param String context directory file url string
  +     * @param url URL for a file or directory on local system
        */
       public void setPermissions(URL url) {
  -     if( securityManager != null ) {
  -            // System.out.println("setPermissionsURL: " + url.toString());
  -         String contextDir = url.toString();
  -         if( contextDir.endsWith(File.separator) )
  -             contextDir = contextDir + "-";
  -         else
  -             contextDir = contextDir + File.separator + "-";
  -         // Refresh the security policies
  -         Policy policy = Policy.getPolicy();
  -         policy.refresh();
  -            urlPermission = new FilePermission(contextDir,"read");
  -     }
  +        setPermissions(url.toString());
       }
   
   
  @@ -1086,21 +1069,34 @@
       /**
        * Get the Permissions for a CodeSource.  If this instance
        * of StandardClassLoader is for a web application context,
  -     * add FilePermissions for the base directory (if unpacked)
  -     * and the context URL.
  +     * add read FilePermissions for the base directory (if unpacked),
  +     * the context URL, and jar file resources.
        *
        * @param CodeSource where the code was loaded from
        * @return PermissionCollection for CodeSource
        */
       protected final PermissionCollection getPermissions(CodeSource codeSource) {
  -     PermissionCollection pc = super.getPermissions(codeSource);
  -        if (pc != null) {
  -            if (rootPermission != null)
  -                pc.add(rootPermission);
  -            if (urlPermission != null)
  -                pc.add(urlPermission);
  +        if (!policy_refresh) {
  +            // Refresh the security policies
  +            Policy policy = Policy.getPolicy();
  +            policy.refresh();
  +            policy_refresh = true;
  +        }
  +        String codeUrl = codeSource.getLocation().toString();
  +        PermissionCollection pc;
  +        if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
  +            pc = super.getPermissions(codeSource);
  +            if (pc != null) {
  +                Iterator perms = filePermissionList.iterator();
  +                while (perms.hasNext()) {
  +                    FilePermission fp = (FilePermission)perms.next();
  +                    pc.add(fp);
  +                }
  +             loaderPC.put(codeUrl,pc);
  +            }
           }
        return (pc);
  +
       }

Reply via email to