This is an automated email from the ASF dual-hosted git repository. lihan pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 34a48511a5 Fix for Lambda coercion security manager missing privileges. 34a48511a5 is described below commit 34a48511a5b9c52b508daa347438a4a1e2b4ccfb Author: lihan <li...@apache.org> AuthorDate: Thu Oct 20 21:40:04 2022 +0800 Fix for Lambda coercion security manager missing privileges. Based on pull request #557 by Isaac Rivera Rivas --- java/org/apache/el/lang/ELSupport.java | 28 ++++++++++++++++++---------- webapps/docs/changelog.xml | 8 ++++++++ 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/java/org/apache/el/lang/ELSupport.java b/java/org/apache/el/lang/ELSupport.java index bc1b67a648..d07c9d6959 100644 --- a/java/org/apache/el/lang/ELSupport.java +++ b/java/org/apache/el/lang/ELSupport.java @@ -29,6 +29,7 @@ import java.security.PrivilegedAction; import java.util.Collections; import java.util.Map; import java.util.Set; +import java.util.function.Supplier; import jakarta.el.ELContext; import jakarta.el.ELException; @@ -625,17 +626,24 @@ public class ELSupport { private static <T> T coerceToFunctionalInterface(final ELContext ctx, final LambdaExpression lambdaExpression, final Class<T> type) { - // Create a dynamic proxy for the functional interface - @SuppressWarnings("unchecked") - T result = (T) Proxy.newProxyInstance(type.getClassLoader(), new Class[] { type }, + Supplier<T> proxy = () -> { + // Create a dynamic proxy for the functional interface + @SuppressWarnings("unchecked") + T result = (T) Proxy.newProxyInstance(type.getClassLoader(), new Class[]{type}, (Object obj, Method method, Object[] args) -> { - // Functional interfaces have a single, abstract method - if (!Modifier.isAbstract(method.getModifiers())) { - throw new ELException(MessageFactory.get("elSupport.coerce.nonAbstract", type, method)); - } - return lambdaExpression.invoke(ctx, args); - }); - return result; + // Functional interfaces have a single, abstract method + if (!Modifier.isAbstract(method.getModifiers())) { + throw new ELException(MessageFactory.get("elSupport.coerce.nonAbstract", type, method)); + } + return lambdaExpression.invoke(ctx, args); + }); + return result; + }; + if (System.getSecurityManager() != null) { + return AccessController.doPrivileged((PrivilegedAction<T>) proxy::get); + } else { + return proxy.get(); + } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 1b73b65c60..4e169d7f85 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -122,6 +122,14 @@ </fix> </changelog> </subsection> + <subsection name="Jasper"> + <changelog> + <fix> + <bug>66317</bug>: Fix for Lambda coercion security manager missing + privileges. Based on pull request #557 by Isaac Rivera Rivas (lihan) + </fix> + </changelog> + </subsection> <subsection name="Other"> <changelog> <update> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org