core ContainerBase.java

glenn Sun, 25 Nov 2001 13:21:11 -0800

glenn       01/11/25 13:06:06

  Modified:    catalina/src/share/org/apache/catalina/core
                        ContainerBase.java
  Log:
  Tomcat 4 Java SecurityManager updates:
  
  Removed granting AllPermission to privileged webapps within Tomcat
  and moved back out into catalina.policy.
  
  Wrapped ContainerBase.addChild() with a doPrivileged to keep instances
  of Tomcat which use a very strict security policy happy.
  
  Revision  Changes    Path
  1.17      +39 -4     
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ContainerBase.java
  
  Index: ContainerBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ContainerBase.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- ContainerBase.java        2001/11/09 19:41:45     1.16
  +++ ContainerBase.java        2001/11/25 21:06:06     1.17
  @@ -1,7 +1,7 @@
   /*
  - * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ContainerBase.java,v
 1.16 2001/11/09 19:41:45 remm Exp $
  - * $Revision: 1.16 $
  - * $Date: 2001/11/09 19:41:45 $
  + * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ContainerBase.java,v
 1.17 2001/11/25 21:06:06 glenn Exp $
  + * $Revision: 1.17 $
  + * $Date: 2001/11/25 21:06:06 $
    *
    * ====================================================================
    *
  @@ -68,6 +68,8 @@
   import java.beans.PropertyChangeListener;
   import java.beans.PropertyChangeSupport;
   import java.io.IOException;
  +import java.security.AccessController;
  +import java.security.PrivilegedAction;
   import java.util.ArrayList;
   import java.util.HashMap;
   import java.util.Hashtable;
  @@ -154,13 +156,36 @@
    * class comments of the implementation class.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.16 $ $Date: 2001/11/09 19:41:45 $
  + * @version $Revision: 1.17 $ $Date: 2001/11/25 21:06:06 $
    */
   
   public abstract class ContainerBase
       implements Container, Lifecycle, Pipeline {
   
   
  +    /**
  +     * Perform addChild with the permissions of this class.
  +     * addChild can be called with the XML parser on the stack,
  +     * this allows the XML parser to have fewer privileges than
  +     * Tomcat.
  +     */
  +    protected class PrivilegedAddChild
  +        implements PrivilegedAction {
  +
  +        private Container child;
  +
  +        PrivilegedAddChild(Container child) {
  +            this.child = child;
  +        }
  +
  +        public Object run() {
  +            addChildInternal(child);
  +            return null;
  +        }
  +
  +    }
  +
  +
       // ----------------------------------------------------- Instance Variables
   
   
  @@ -774,6 +799,16 @@
        *  child Containers
        */
       public void addChild(Container child) {
  +        if (System.getSecurityManager() != null) {
  +            PrivilegedAction dp =
  +                new PrivilegedAddChild(child);
  +            AccessController.doPrivileged(dp);
  +        } else {
  +            addChildInternal(child);
  +        }
  +    }
  +
  +    private void addChildInternal(Container child) {
   
           synchronized(children) {
               if (children.get(child.getName()) != null)


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core ContainerBase.java

Reply via email to