From 2a1aa271db15df8036e6bcff278ee93a83d5389e Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Sat, 21 Feb 2009 00:44:33 +0000
Subject: [PATCH] Address Bill's security concerns in previous patch to get TCK
 to pass under a security manager. TCK passes after this patch with and
 without security manager.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@746425 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/jasper/el/ELContextImpl.java       | 15 +++++++++--
 java/org/apache/jasper/el/ELResolverImpl.java      | 29 ++++++++++++++++------
 .../apache/jasper/el/ExpressionEvaluatorImpl.java  |  3 ++-
 3 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/jasper/el/ELContextImpl.java b/java/org/apache/jasper/el/ELContextImpl.java
index 34e550c89..1421c7a49 100644
--- a/java/org/apache/jasper/el/ELContextImpl.java
+++ b/java/org/apache/jasper/el/ELContextImpl.java
@@ -26,6 +26,8 @@ import javax.el.FunctionMapper;
 import javax.el.ValueExpression;
 import javax.el.VariableMapper;
 
+import org.apache.catalina.Globals;
+
 /**
  * Implementation of ELContext
  * 
@@ -61,12 +63,21 @@ public final class ELContextImpl extends ELContext {
 
     private final ELResolver resolver;
 
-    private FunctionMapper functionMapper = NullFunctionMapper; // immutable
+    private FunctionMapper functionMapper;
 
     private VariableMapper variableMapper;
 
     public ELContextImpl() {
-        this(ELResolverImpl.DefaultResolver);
+        this(ELResolverImpl.getDefaultResolver());
+        if (Globals.IS_SECURITY_ENABLED) {
+            functionMapper = new FunctionMapper() {
+                public Method resolveFunction(String prefix, String localName) {
+                    return null;
+                }
+            };
+        } else {
+            functionMapper = NullFunctionMapper;
+        }
     }
 
     public ELContextImpl(ELResolver resolver) {
diff --git a/java/org/apache/jasper/el/ELResolverImpl.java b/java/org/apache/jasper/el/ELResolverImpl.java
index 0c1309502..ba35e27ad 100644
--- a/java/org/apache/jasper/el/ELResolverImpl.java
+++ b/java/org/apache/jasper/el/ELResolverImpl.java
@@ -32,8 +32,10 @@ import javax.el.PropertyNotWritableException;
 import javax.el.ResourceBundleELResolver;
 import javax.servlet.jsp.el.VariableResolver;
 
+import org.apache.catalina.Globals;
+
 public final class ELResolverImpl extends ELResolver {
-	
+	/** @deprecated - Use getDefaultResolver(). Needs to be made private */
 	public final static ELResolver DefaultResolver = new CompositeELResolver();
 
 	static {
@@ -69,7 +71,7 @@ public final class ELResolverImpl extends ELResolver {
 		}
 
 		if (!context.isPropertyResolved()) {
-			return DefaultResolver.getValue(context, base, property);
+			return getDefaultResolver().getValue(context, base, property);
 		}
 		return null;
 	}
@@ -94,7 +96,7 @@ public final class ELResolverImpl extends ELResolver {
 		}
 
 		if (!context.isPropertyResolved()) {
-			return DefaultResolver.getType(context, base, property);
+			return getDefaultResolver().getType(context, base, property);
 		}
 		return null;
 	}
@@ -114,7 +116,7 @@ public final class ELResolverImpl extends ELResolver {
 		}
 
 		if (!context.isPropertyResolved()) {
-			DefaultResolver.setValue(context, base, property, value);
+			getDefaultResolver().setValue(context, base, property, value);
 		}
 	}
 
@@ -129,18 +131,31 @@ public final class ELResolverImpl extends ELResolver {
 			return true;
 		}
 
-		return DefaultResolver.isReadOnly(context, base, property);
+		return getDefaultResolver().isReadOnly(context, base, property);
 	}
 
 	public Iterator<java.beans.FeatureDescriptor> getFeatureDescriptors(ELContext context, Object base) {
-		return DefaultResolver.getFeatureDescriptors(context, base);
+		return getDefaultResolver().getFeatureDescriptors(context, base);
 	}
 
 	public Class<?> getCommonPropertyType(ELContext context, Object base) {
 		if (base == null) {
 			return String.class;
 		}
-		return DefaultResolver.getCommonPropertyType(context, base);
+		return getDefaultResolver().getCommonPropertyType(context, base);
 	}
 
+	public static ELResolver getDefaultResolver() {
+	    if (Globals.IS_SECURITY_ENABLED) {
+	        ELResolver defaultResolver = new CompositeELResolver();
+	        ((CompositeELResolver) defaultResolver).add(new MapELResolver());
+	        ((CompositeELResolver) defaultResolver).add(new ResourceBundleELResolver());
+	        ((CompositeELResolver) defaultResolver).add(new ListELResolver());
+	        ((CompositeELResolver) defaultResolver).add(new ArrayELResolver());
+	        ((CompositeELResolver) defaultResolver).add(new BeanELResolver());
+	        return defaultResolver;
+	    } else {
+	        return DefaultResolver;
+	    }
+	}
 }
diff --git a/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java b/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java
index 56c099d4a..f08704fe3 100644
--- a/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java
+++ b/java/org/apache/jasper/el/ExpressionEvaluatorImpl.java
@@ -37,7 +37,8 @@ public final class ExpressionEvaluatorImpl extends ExpressionEvaluator {
 	public Expression parseExpression(String expression, Class expectedType,
 			FunctionMapper fMapper) throws ELException {
 		try {
-			ELContextImpl ctx = new ELContextImpl(ELResolverImpl.DefaultResolver);
+			ELContextImpl ctx =
+			    new ELContextImpl(ELResolverImpl.getDefaultResolver());
             if (fMapper != null) {
                 ctx.setFunctionMapper(new FunctionMapperImpl(fMapper));
             }
-- 
2.11.0