Allow JioEndpoint to switch context class loader

under security manager. Code copied from standard session.

Add two more classes to class pre-loading to improve
security manager interoperability.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@932953 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java b/java/org/apache/catalina/security/SecurityClassLoad.java
index 7e8006c..ed1f975 100644 (file)
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -131,6 +131,7 @@ public final class SecurityClassLoad {
         throws Exception {
         String basePackage = "org.apache.catalina.";
         loader.loadClass(basePackage + "util.Enumerator");
+        loader.loadClass(basePackage + "util.ParameterMap");
     }
     
     
@@ -234,6 +235,8 @@ public final class SecurityClassLoad {
         throws Exception {
         String basePackage = "org.apache.tomcat.";
         loader.loadClass(basePackage + "util.net.SSLSupport$CipherData");
+        loader.loadClass
+            (basePackage + "util.net.JIoEndpoint$PrivilegedSetTccl");
     }
 }
 

diff --git a/java/org/apache/tomcat/util/net/JIoEndpoint.java b/java/org/apache/tomcat/util/net/JIoEndpoint.java
index a4b6c02..ca09f7a 100644 (file)
--- a/java/org/apache/tomcat/util/net/JIoEndpoint.java
+++ b/java/org/apache/tomcat/util/net/JIoEndpoint.java
@@ -22,10 +22,13 @@ import java.net.BindException;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Iterator;
 import java.util.concurrent.ConcurrentLinkedQueue;
 import java.util.concurrent.RejectedExecutionException;
 
+import org.apache.catalina.Globals;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.IntrospectionUtils;
@@ -507,10 +510,22 @@ public class JIoEndpoint extends AbstractEndpoint {
                     ClassLoader loader = Thread.currentThread().getContextClassLoader();
                     try {
                         //threads should not be created by the webapp classloader
-                        Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
+                        if (Globals.IS_SECURITY_ENABLED) {
+                            PrivilegedAction<Void> pa = new PrivilegedSetTccl(
+                                    getClass().getClassLoader());
+                            AccessController.doPrivileged(pa);
+                        } else {
+                            Thread.currentThread().setContextClassLoader(
+                                    getClass().getClassLoader());
+                        }
                         getExecutor().execute(proc);
                     }finally {
-                        Thread.currentThread().setContextClassLoader(loader);
+                        if (Globals.IS_SECURITY_ENABLED) {
+                            PrivilegedAction<Void> pa = new PrivilegedSetTccl(loader);
+                            AccessController.doPrivileged(pa);
+                        } else {
+                            Thread.currentThread().setContextClassLoader(loader);
+                        }
                     }
                 }
             }
@@ -524,5 +539,20 @@ public class JIoEndpoint extends AbstractEndpoint {
     }
 
     protected ConcurrentLinkedQueue<SocketWrapper> waitingRequests = new ConcurrentLinkedQueue<SocketWrapper>();
+
+    private static class PrivilegedSetTccl
+    implements PrivilegedAction<Void> {
+
+        private ClassLoader cl;
+
+        PrivilegedSetTccl(ClassLoader cl) {
+            this.cl = cl;
+        }
+
+        public Void run() {
+            Thread.currentThread().setContextClassLoader(cl);
+            return null;
+        }
+    }
     
 }