From: rjung Date: Sun, 11 Apr 2010 17:47:00 +0000 (+0000) Subject: Allow JioEndpoint to switch context class loader X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=2d24d1c1d3973bdc5348b4e12c87b947e3b8526d;p=tomcat7.0 Allow JioEndpoint to switch context class loader under security manager. Code copied from standard session. Add two more classes to class pre-loading to improve security manager interoperability. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@932953 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java b/java/org/apache/catalina/security/SecurityClassLoad.java index 7e8006cfc..ed1f9756b 100644 --- a/java/org/apache/catalina/security/SecurityClassLoad.java +++ b/java/org/apache/catalina/security/SecurityClassLoad.java @@ -131,6 +131,7 @@ public final class SecurityClassLoad { throws Exception { String basePackage = "org.apache.catalina."; loader.loadClass(basePackage + "util.Enumerator"); + loader.loadClass(basePackage + "util.ParameterMap"); } @@ -234,6 +235,8 @@ public final class SecurityClassLoad { throws Exception { String basePackage = "org.apache.tomcat."; loader.loadClass(basePackage + "util.net.SSLSupport$CipherData"); + loader.loadClass + (basePackage + "util.net.JIoEndpoint$PrivilegedSetTccl"); } } diff --git a/java/org/apache/tomcat/util/net/JIoEndpoint.java b/java/org/apache/tomcat/util/net/JIoEndpoint.java index a4b6c023c..ca09f7af5 100644 --- a/java/org/apache/tomcat/util/net/JIoEndpoint.java +++ b/java/org/apache/tomcat/util/net/JIoEndpoint.java @@ -22,10 +22,13 @@ import java.net.BindException; import java.net.ServerSocket; import java.net.Socket; import java.net.SocketException; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Iterator; import java.util.concurrent.ConcurrentLinkedQueue; import java.util.concurrent.RejectedExecutionException; +import org.apache.catalina.Globals; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.IntrospectionUtils; @@ -507,10 +510,22 @@ public class JIoEndpoint extends AbstractEndpoint { ClassLoader loader = Thread.currentThread().getContextClassLoader(); try { //threads should not be created by the webapp classloader - Thread.currentThread().setContextClassLoader(getClass().getClassLoader()); + if (Globals.IS_SECURITY_ENABLED) { + PrivilegedAction pa = new PrivilegedSetTccl( + getClass().getClassLoader()); + AccessController.doPrivileged(pa); + } else { + Thread.currentThread().setContextClassLoader( + getClass().getClassLoader()); + } getExecutor().execute(proc); }finally { - Thread.currentThread().setContextClassLoader(loader); + if (Globals.IS_SECURITY_ENABLED) { + PrivilegedAction pa = new PrivilegedSetTccl(loader); + AccessController.doPrivileged(pa); + } else { + Thread.currentThread().setContextClassLoader(loader); + } } } } @@ -524,5 +539,20 @@ public class JIoEndpoint extends AbstractEndpoint { } protected ConcurrentLinkedQueue waitingRequests = new ConcurrentLinkedQueue(); + + private static class PrivilegedSetTccl + implements PrivilegedAction { + + private ClassLoader cl; + + PrivilegedSetTccl(ClassLoader cl) { + this.cl = cl; + } + + public Void run() { + Thread.currentThread().setContextClassLoader(cl); + return null; + } + } }