jfarcand 2004/11/22 08:35:52 Modified: jasper2/src/share/org/apache/jasper/runtime JspWriterImpl.java PageContextImpl.java ProtectedFunctionMapper.java jasper2/src/share/org/apache/jasper/servlet JasperLoader.java Added: jasper2/src/share/org/apache/jasper/security SecurityUtil.java Log: Port patch from Tomcat 5.0: When the package protection is not used, do not create the doPrivileged objects . Revision Changes Path 1.14 +2 -1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspWriterImpl.java Index: JspWriterImpl.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspWriterImpl.java,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- JspWriterImpl.java 5 Oct 2004 16:07:18 -0000 1.13 +++ JspWriterImpl.java 22 Nov 2004 16:35:52 -0000 1.14 @@ -26,6 +26,7 @@ import org.apache.jasper.Constants; import org.apache.jasper.compiler.Localizer; +import org.apache.jasper.security.SecurityUtil; /** * Write text to a character-output stream, buffering characters so as @@ -125,7 +126,7 @@ } private String getLocalizeMessage(final String message){ - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ return (String)AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ return Localizer.getMessage(message); 1.62 +14 -13 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java Index: PageContextImpl.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v retrieving revision 1.61 retrieving revision 1.62 diff -u -r1.61 -r1.62 --- PageContextImpl.java 20 Sep 2004 17:58:26 -0000 1.61 +++ PageContextImpl.java 22 Nov 2004 16:35:52 -0000 1.62 @@ -49,6 +49,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.jasper.Constants; import org.apache.jasper.compiler.Localizer; +import org.apache.jasper.security.SecurityUtil; /** * Implementation of the PageContext class from the JSP spec. @@ -216,7 +217,7 @@ Localizer.getMessage("jsp.error.attribute.null_name")); } - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ return AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ return doGetAttribute(name); @@ -239,7 +240,7 @@ Localizer.getMessage("jsp.error.attribute.null_name")); } - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ return AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ return doGetAttribute(name, scope); @@ -281,7 +282,7 @@ Localizer.getMessage("jsp.error.attribute.null_name")); } - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ doSetAttribute(name, attribute); @@ -308,7 +309,7 @@ Localizer.getMessage("jsp.error.attribute.null_name")); } - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ doSetAttribute(name, o, scope); @@ -358,7 +359,7 @@ throw new NullPointerException( Localizer.getMessage("jsp.error.attribute.null_name")); } - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ doRemoveAttribute(name, scope); @@ -404,7 +405,7 @@ Localizer.getMessage("jsp.error.attribute.null_name")); } - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ return ((Integer)AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ return new Integer(doGetAttributeScope(name)); @@ -434,7 +435,7 @@ } public Object findAttribute(final String name) { - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ return AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ if (name == null) { @@ -476,7 +477,7 @@ public Enumeration getAttributeNamesInScope(final int scope) { - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ return (Enumeration) AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ @@ -518,7 +519,7 @@ Localizer.getMessage("jsp.error.attribute.null_name")); } - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ AccessController.doPrivileged(new PrivilegedAction(){ public Object run(){ doRemoveAttribute(name); @@ -604,7 +605,7 @@ public void include(final String relativeUrlPath, final boolean flush) throws ServletException, IOException { - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ try{ AccessController.doPrivileged(new PrivilegedExceptionAction(){ public Object run() throws Exception{ @@ -637,7 +638,7 @@ public void forward(final String relativeUrlPath) throws ServletException, IOException { - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ try{ AccessController.doPrivileged(new PrivilegedExceptionAction(){ public Object run() throws Exception{ @@ -758,7 +759,7 @@ if (t == null) throw new NullPointerException("null Throwable"); - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ try{ AccessController.doPrivileged(new PrivilegedExceptionAction(){ public Object run() throws Exception{ @@ -895,7 +896,7 @@ throws ELException { Object retValue; - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ try { retValue = AccessController.doPrivileged( new PrivilegedExceptionAction(){ 1.8 +5 -3 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/ProtectedFunctionMapper.java Index: ProtectedFunctionMapper.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/ProtectedFunctionMapper.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- ProtectedFunctionMapper.java 17 Mar 2004 19:23:04 -0000 1.7 +++ ProtectedFunctionMapper.java 22 Nov 2004 16:35:52 -0000 1.8 @@ -24,6 +24,8 @@ import java.lang.reflect.Method; import javax.servlet.jsp.el.FunctionMapper; +import org.apache.jasper.security.SecurityUtil; + /** * Maps EL functions to their Java method counterparts. Keeps the * actual Method objects protected so that JSP pages can't indirectly @@ -60,7 +62,7 @@ */ public static ProtectedFunctionMapper getInstance() { ProtectedFunctionMapper funcMapper; - if (System.getSecurityManager() != null) { + if (SecurityUtil.isPackageProtectionEnabled()) { funcMapper = (ProtectedFunctionMapper)AccessController.doPrivileged( new PrivilegedAction() { public Object run() { @@ -89,7 +91,7 @@ final String methodName, final Class[] args ) { java.lang.reflect.Method method; - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ try{ method = (java.lang.reflect.Method)AccessController.doPrivileged(new PrivilegedExceptionAction(){ @@ -133,7 +135,7 @@ { java.lang.reflect.Method method; ProtectedFunctionMapper funcMapper; - if (System.getSecurityManager() != null){ + if (SecurityUtil.isPackageProtectionEnabled()){ funcMapper = (ProtectedFunctionMapper)AccessController.doPrivileged( new PrivilegedAction(){ public Object run() { 1.2 +41 -0 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security/SecurityUtil.java 1.16 +2 -0 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java Index: JasperLoader.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- JasperLoader.java 17 Mar 2004 19:23:05 -0000 1.15 +++ JasperLoader.java 22 Nov 2004 16:35:52 -0000 1.16 @@ -27,6 +27,8 @@ import org.apache.jasper.Constants; +import org.apache.jasper.security.SecurityUtil; + /** * Class loader for loading servlet class files (corresponding to JSP files) * and tag handler class files (corresponding to tag files).
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]