jfarcand 2002/11/07 13:11:40
Modified: jasper2/src/share/org/apache/jasper/runtime
PageContextImpl.java ProtectedFunctionMapper.java
HttpJspBase.java
Log:
Securize the package so it can work under the SecurityManager when the
org.apache.jasper is protected. Fix bugs when the JSP 2.0 examples were executed under
the SecurityManager.
Revision Changes Path
1.33 +33 -16
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java
Index: PageContextImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- PageContextImpl.java 7 Nov 2002 10:51:14 -0000 1.32
+++ PageContextImpl.java 7 Nov 2002 21:11:40 -0000 1.33
@@ -62,7 +62,9 @@
package org.apache.jasper.runtime;
import java.io.*;
-
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
import java.util.EmptyStackException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -645,21 +647,36 @@
* @param defaultPrefix Default prefix for this evaluation
* @return The result of the evaluation
*/
- public static Object proprietaryEvaluate( String expression,
- Class expectedType, PageContext pageContext,
- ProtectedFunctionMapper functionMap, String defaultPrefix )
- throws ELException
+ public static Object proprietaryEvaluate( final String expression,
+ final Class expectedType, final PageContext pageContext,
+ final ProtectedFunctionMapper functionMap, final String defaultPrefix )
+ throws ELException
{
- java.util.HashMap funcMap =
+ final java.util.HashMap funcMap =
(functionMap == null)? null: functionMap.getFnMap();
+
+ if (System.getSecurityManager() != null){
+ try {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction(){
- try {
- return PageContextImpl.proprietaryEvaluator.evaluate( "<unknown>",
- expression, expectedType, null, pageContext,
- funcMap, defaultPrefix );
- }
- catch( JspException e ) {
- throw new ELException( e );
+ public Object run() throws Exception{
+ return PageContextImpl.proprietaryEvaluator.evaluate(
"<unknown>",
+ expression, expectedType, null, pageContext,
+ funcMap, defaultPrefix );
+ }
+ });
+ } catch( PrivilegedActionException ex ) {
+ Exception e = ex.getException();
+ throw new ELException( e );
+ }
+ } else {
+ try{
+ return PageContextImpl.proprietaryEvaluator.evaluate( "<unknown>",
+ expression, expectedType, null, pageContext,
+ funcMap, defaultPrefix );
+ } catch(JspException e){
+ throw new ELException( e );
+ }
}
}
1.2 +25 -10
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/ProtectedFunctionMapper.java
Index: ProtectedFunctionMapper.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/ProtectedFunctionMapper.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ProtectedFunctionMapper.java 6 Nov 2002 18:48:17 -0000 1.1
+++ ProtectedFunctionMapper.java 7 Nov 2002 21:11:40 -0000 1.2
@@ -65,7 +65,8 @@
import java.util.HashMap;
import java.security.AccessController;
import java.security.PrivilegedAction;
-
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
/**
* Maps EL functions to their Java method counterparts. Keeps the
* actual Method objects protected so that JSP pages can't indirectly
@@ -125,14 +126,28 @@
* could be found.
*/
public void mapFunction( String prefix, String fnName,
- Class c, String methodName, Class[] args )
+ final Class c, final String methodName, final Class[] args )
{
java.lang.reflect.Method method;
- try {
- method = c.getDeclaredMethod(methodName, args);
- } catch( NoSuchMethodException e ) {
- throw new RuntimeException(
- "Invalid function mapping - no such method: " + e.getMessage());
+ if (System.getSecurityManager() != null){
+ try{
+ method =
(java.lang.reflect.Method)AccessController.doPrivileged(new
PrivilegedExceptionAction(){
+
+ public Object run() throws Exception{
+ return c.getDeclaredMethod(methodName, args);
+ }
+ });
+ } catch (PrivilegedActionException ex){
+ throw new RuntimeException(
+ "Invalid function mapping - no such method: " +
ex.getException().getMessage());
+ }
+ } else {
+ try {
+ method = c.getDeclaredMethod(methodName, args);
+ } catch( NoSuchMethodException e ) {
+ throw new RuntimeException(
+ "Invalid function mapping - no such method: " + e.getMessage());
+ }
}
this.fnmap.put( prefix + ":" + fnName, method );
1.8 +1 -4
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/HttpJspBase.java
Index: HttpJspBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/HttpJspBase.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- HttpJspBase.java 6 Nov 2002 18:47:14 -0000 1.7
+++ HttpJspBase.java 7 Nov 2002 21:11:40 -0000 1.8
@@ -61,7 +61,6 @@
import java.net.URL;
import java.net.MalformedURLException;
-
import java.util.List;
import javax.servlet.*;
@@ -98,8 +97,6 @@
"runtime.ServletResponseWrapperInclude");
factory.getClass().getClassLoader().loadClass( basePackage +
"servlet.JspServletWrapper");
- factory.getClass().getClassLoader().loadClass( basePackage +
- "runtime.ProtectedFunctionMapper");
} catch (ClassNotFoundException ex) {
System.out.println(
"Jasper JspRuntimeContext preload of class
failed: " +
@@ -135,7 +132,7 @@
public final void service(HttpServletRequest request, HttpServletResponse
response)
throws ServletException, IOException
{
- _jspService(request, response);
+ _jspService(request, response);
}
public void jspInit() {
--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
