jfarcand 2004/11/22 08:35:52
Modified: jasper2/src/share/org/apache/jasper/runtime
JspWriterImpl.java PageContextImpl.java
ProtectedFunctionMapper.java
jasper2/src/share/org/apache/jasper/servlet
JasperLoader.java
Added: jasper2/src/share/org/apache/jasper/security
SecurityUtil.java
Log:
Port patch from Tomcat 5.0: When the package protection is not used, do not
create the doPrivileged objects .
Revision Changes Path
1.14 +2 -1
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspWriterImpl.java
Index: JspWriterImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspWriterImpl.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- JspWriterImpl.java 5 Oct 2004 16:07:18 -0000 1.13
+++ JspWriterImpl.java 22 Nov 2004 16:35:52 -0000 1.14
@@ -26,6 +26,7 @@
import org.apache.jasper.Constants;
import org.apache.jasper.compiler.Localizer;
+import org.apache.jasper.security.SecurityUtil;
/**
* Write text to a character-output stream, buffering characters so as
@@ -125,7 +126,7 @@
}
private String getLocalizeMessage(final String message){
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return (String)AccessController.doPrivileged(new
PrivilegedAction(){
public Object run(){
return Localizer.getMessage(message);
1.62 +14 -13
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java
Index: PageContextImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- PageContextImpl.java 20 Sep 2004 17:58:26 -0000 1.61
+++ PageContextImpl.java 22 Nov 2004 16:35:52 -0000 1.62
@@ -49,6 +49,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.jasper.Constants;
import org.apache.jasper.compiler.Localizer;
+import org.apache.jasper.security.SecurityUtil;
/**
* Implementation of the PageContext class from the JSP spec.
@@ -216,7 +217,7 @@
Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
return doGetAttribute(name);
@@ -239,7 +240,7 @@
Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
return doGetAttribute(name, scope);
@@ -281,7 +282,7 @@
Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
doSetAttribute(name, attribute);
@@ -308,7 +309,7 @@
Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
doSetAttribute(name, o, scope);
@@ -358,7 +359,7 @@
throw new NullPointerException(
Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
doRemoveAttribute(name, scope);
@@ -404,7 +405,7 @@
Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return ((Integer)AccessController.doPrivileged(new
PrivilegedAction(){
public Object run(){
return new Integer(doGetAttributeScope(name));
@@ -434,7 +435,7 @@
}
public Object findAttribute(final String name) {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
if (name == null) {
@@ -476,7 +477,7 @@
public Enumeration getAttributeNamesInScope(final int scope) {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return (Enumeration)
AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
@@ -518,7 +519,7 @@
Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
doRemoveAttribute(name);
@@ -604,7 +605,7 @@
public void include(final String relativeUrlPath, final boolean flush)
throws ServletException, IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged(new
PrivilegedExceptionAction(){
public Object run() throws Exception{
@@ -637,7 +638,7 @@
public void forward(final String relativeUrlPath)
throws ServletException, IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged(new
PrivilegedExceptionAction(){
public Object run() throws Exception{
@@ -758,7 +759,7 @@
if (t == null)
throw new NullPointerException("null Throwable");
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged(new
PrivilegedExceptionAction(){
public Object run() throws Exception{
@@ -895,7 +896,7 @@
throws ELException
{
Object retValue;
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try {
retValue = AccessController.doPrivileged(
new PrivilegedExceptionAction(){
1.8 +5 -3
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/ProtectedFunctionMapper.java
Index: ProtectedFunctionMapper.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/ProtectedFunctionMapper.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- ProtectedFunctionMapper.java 17 Mar 2004 19:23:04 -0000 1.7
+++ ProtectedFunctionMapper.java 22 Nov 2004 16:35:52 -0000 1.8
@@ -24,6 +24,8 @@
import java.lang.reflect.Method;
import javax.servlet.jsp.el.FunctionMapper;
+import org.apache.jasper.security.SecurityUtil;
+
/**
* Maps EL functions to their Java method counterparts. Keeps the
* actual Method objects protected so that JSP pages can't indirectly
@@ -60,7 +62,7 @@
*/
public static ProtectedFunctionMapper getInstance() {
ProtectedFunctionMapper funcMapper;
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
funcMapper = (ProtectedFunctionMapper)AccessController.doPrivileged(
new PrivilegedAction() {
public Object run() {
@@ -89,7 +91,7 @@
final String methodName, final Class[] args )
{
java.lang.reflect.Method method;
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
method =
(java.lang.reflect.Method)AccessController.doPrivileged(new
PrivilegedExceptionAction(){
@@ -133,7 +135,7 @@
{
java.lang.reflect.Method method;
ProtectedFunctionMapper funcMapper;
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
funcMapper =
(ProtectedFunctionMapper)AccessController.doPrivileged(
new PrivilegedAction(){
public Object run() {
1.2 +41 -0
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security/SecurityUtil.java
1.16 +2 -0
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java
Index: JasperLoader.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- JasperLoader.java 17 Mar 2004 19:23:05 -0000 1.15
+++ JasperLoader.java 22 Nov 2004 16:35:52 -0000 1.16
@@ -27,6 +27,8 @@
import org.apache.jasper.Constants;
+import org.apache.jasper.security.SecurityUtil;
+
/**
* Class loader for loading servlet class files (corresponding to JSP files)
* and tag handler class files (corresponding to tag files).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
