remm 01/10/31 15:17:37
Modified: catalina/src/share/org/apache/catalina/loader
WebappClassLoader.java WebappLoader.java
Log:
- If webapp is privileged, give it AllPermissions. This allows the relocated manager
and admin webapp to work under a security manager (Jasper was causing
some trouble).
- Rename setPermissions methods to addPermission (that seems closer to what
they actually do).
- Most of the classloader setters now will do an explicit check for AllPermission.
Revision Changes Path
1.24 +52 -9
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
Index: WebappClassLoader.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- WebappClassLoader.java 2001/10/31 19:00:43 1.23
+++ WebappClassLoader.java 2001/10/31 23:17:37 1.24
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
1.23 2001/10/31 19:00:43 remm Exp $
- * $Revision: 1.23 $
- * $Date: 2001/10/31 19:00:43 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
1.24 2001/10/31 23:17:37 remm Exp $
+ * $Revision: 1.24 $
+ * $Date: 2001/10/31 23:17:37 $
*
* ====================================================================
*
@@ -124,7 +124,7 @@
*
* @author Remy Maucherat
* @author Craig R. McClanahan
- * @version $Revision: 1.23 $ $Date: 2001/10/31 19:00:43 $
+ * @version $Revision: 1.24 $ $Date: 2001/10/31 23:17:37 $
*/
public class WebappClassLoader
extends URLClassLoader
@@ -347,6 +347,12 @@
protected boolean hasExternalRepositories = false;
+ /**
+ * All permission.
+ */
+ private Permission allPermission = new java.security.AllPermission();
+
+
// ------------------------------------------------------------- Properties
@@ -367,6 +373,9 @@
*/
public void setDebug(int debug) {
+ if (securityManager != null)
+ securityManager.checkPermission(allPermission);
+
this.debug = debug;
}
@@ -389,6 +398,9 @@
*/
public void setDelegate(boolean delegate) {
+ if (securityManager != null)
+ securityManager.checkPermission(allPermission);
+
this.delegate = delegate;
}
@@ -400,15 +412,15 @@
*
* @param path file directory path
*/
- public void setPermissions(String path) {
- if( securityManager != null ) {
+ public void addPermission(String path) {
+ if (securityManager != null) {
Permission permission = null;
if( path.startsWith("jndi:") || path.startsWith("jar:jndi:") ) {
permission = new JndiPermission(path + "*");
} else {
permission = new FilePermission(path + "-","read");
}
- permissionList.add(permission);
+ addPermission(permission);
}
}
@@ -419,12 +431,25 @@
*
* @param url URL for a file or directory on local system
*/
- public void setPermissions(URL url) {
- setPermissions(url.toString());
+ public void addPermission(URL url) {
+ addPermission(url.toString());
}
/**
+ * If there is a Java SecurityManager create a Permission.
+ *
+ * @param url URL for a file or directory on local system
+ */
+ public void addPermission(Permission permission) {
+ if ((securityManager != null) && (permission != null)) {
+ securityManager.checkPermission(allPermission);
+ permissionList.add(permission);
+ }
+ }
+
+
+ /**
* Return the JAR path.
*/
public String getJarPath() {
@@ -439,6 +464,9 @@
*/
public void setJarPath(String jarPath) {
+ if (securityManager != null)
+ securityManager.checkPermission(allPermission);
+
this.jarPath = jarPath;
}
@@ -459,6 +487,9 @@
*/
public void addRepository(String repository) {
+ if (securityManager != null)
+ securityManager.checkPermission(allPermission);
+
// Ignore any of the standard repositories, as they are set up using
// either addJar or addRepository
if (repository.startsWith("/WEB-INF/lib")
@@ -489,6 +520,9 @@
*/
synchronized void addRepository(String repository, File file) {
+ if (securityManager != null)
+ securityManager.checkPermission(allPermission);
+
// Note : There should be only one (of course), but I think we should
// keep this a bit generic
@@ -522,6 +556,9 @@
synchronized void addJar(String jar, JarFile jarFile, File file)
throws IOException {
+ if (securityManager != null)
+ securityManager.checkPermission(allPermission);
+
if (jar == null)
return;
if (jarFile == null)
@@ -1426,6 +1463,9 @@
*/
public void start() throws LifecycleException {
+ if (securityManager != null)
+ securityManager.checkPermission(allPermission);
+
started = true;
}
@@ -1437,6 +1477,9 @@
* @exception LifecycleException if a lifecycle error occurs
*/
public void stop() throws LifecycleException {
+
+ if (securityManager != null)
+ securityManager.checkPermission(allPermission);
started = false;
1.17 +16 -11
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappLoader.java
Index: WebappLoader.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappLoader.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- WebappLoader.java 2001/10/31 19:00:43 1.16
+++ WebappLoader.java 2001/10/31 23:17:37 1.17
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappLoader.java,v
1.16 2001/10/31 19:00:43 remm Exp $
- * $Revision: 1.16 $
- * $Date: 2001/10/31 19:00:43 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappLoader.java,v
1.17 2001/10/31 23:17:37 remm Exp $
+ * $Revision: 1.17 $
+ * $Date: 2001/10/31 23:17:37 $
*
* ====================================================================
*
@@ -119,7 +119,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.16 $ $Date: 2001/10/31 19:00:43 $
+ * @version $Revision: 1.17 $ $Date: 2001/10/31 23:17:37 $
*/
public class WebappLoader
@@ -798,6 +798,11 @@
if (!(container instanceof Context))
return;
+ if (((Context) container).getPrivileged()) {
+ classLoader.addPermission(new java.security.AllPermission());
+ return;
+ }
+
// Tell the class loader the root of the context
ServletContext servletContext =
((Context) container).getServletContext();
@@ -805,7 +810,7 @@
try {
URL rootURL = servletContext.getResource("/");
- classLoader.setPermissions(rootURL);
+ classLoader.addPermission(rootURL);
String contextRoot = servletContext.getRealPath("/");
if (contextRoot != null) {
@@ -813,7 +818,7 @@
contextRoot =
(new File(contextRoot)).getCanonicalPath()
+ File.separator;
- classLoader.setPermissions(contextRoot);
+ classLoader.addPermission(contextRoot);
} catch (IOException e) {
// Ignore
}
@@ -822,11 +827,11 @@
URL classesURL =
servletContext.getResource("/WEB-INF/classes/");
if (classesURL != null)
- classLoader.setPermissions(classesURL);
+ classLoader.addPermission(classesURL);
URL libURL = servletContext.getResource("/WEB-INF/lib/");
if (libURL != null) {
- classLoader.setPermissions(libURL);
+ classLoader.addPermission(libURL);
}
if (contextRoot != null) {
@@ -840,7 +845,7 @@
} catch (IOException e) {
}
if (path != null)
- classLoader.setPermissions(path);
+ classLoader.addPermission(path);
}
} else {
@@ -856,7 +861,7 @@
path = libDir.getCanonicalPath() + File.separator;
} catch (IOException e) {
}
- classLoader.setPermissions(path);
+ classLoader.addPermission(path);
}
if (classesURL != null) {
File classesDir =
@@ -867,7 +872,7 @@
+ File.separator;
} catch (IOException e) {
}
- classLoader.setPermissions(path);
+ classLoader.addPermission(path);
}
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
