On Tue, Nov 8, 2022 at 2:16 PM <ma...@apache.org> wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
> new 28ea2b9b2e Fix BZ 66294. Make use of privileged block optional.
> Performance hotspot
> 28ea2b9b2e is described below
>
> commit 28ea2b9b2e781d20e0651cb5e0b65bacd464150c
> Author: Mark Thomas <ma...@apache.org>
> AuthorDate: Tue Nov 8 13:16:32 2022 +0000
>
> Fix BZ 66294. Make use of privileged block optional. Performance hotspot
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=66294
That was the best option IMO. Too bad, another system property though ;)
Rémy
> ---
> java/jakarta/el/Util.java | 5 ++++-
> webapps/docs/changelog.xml | 7 +++++++
> webapps/docs/config/systemprops.xml | 9 +++++++++
> 3 files changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/java/jakarta/el/Util.java b/java/jakarta/el/Util.java
> index b0a995c59b..71527d2429 100644
> --- a/java/jakarta/el/Util.java
> +++ b/java/jakarta/el/Util.java
> @@ -43,6 +43,9 @@ class Util {
> private static final Class<?>[] EMPTY_CLASS_ARRAY = new Class<?>[0];
> private static final Object[] EMPTY_OBJECT_ARRAY = new Object[0];
>
> + private static final boolean GET_CLASSLOADER_USE_PRIVILEGED =
> +
> Boolean.getBoolean("org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED");
> +
> /**
> * Checks whether the supplied Throwable is one that needs to be
> * rethrown and swallows all others.
> @@ -655,7 +658,7 @@ class Util {
>
> static ClassLoader getContextClassLoader() {
> ClassLoader tccl;
> - if (System.getSecurityManager() != null) {
> + if (System.getSecurityManager() != null &&
> GET_CLASSLOADER_USE_PRIVILEGED) {
> PrivilegedAction<ClassLoader> pa = new PrivilegedGetTccl();
> tccl = AccessController.doPrivileged(pa);
> } else {
> diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
> index 22c06cb070..33800616d7 100644
> --- a/webapps/docs/changelog.xml
> +++ b/webapps/docs/changelog.xml
> @@ -167,6 +167,13 @@
> </subsection>
> <subsection name="Jasper">
> <changelog>
> + <fix>
> + <bug>66294</bug>: Make the use of a privileged block to obtain the
> + thread context class loader added to address <bug>62080</bug>
> optional
> + and disabled by default. This is now controlled by the
> + <code>org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED</code> system
> + property. (markt)
> + </fix>
> <fix>
> <bug>66317</bug>: Fix for Lambda coercion security manager missing
> privileges. Based on pull request #557 by Isaac Rivera Rivas (lihan)
> diff --git a/webapps/docs/config/systemprops.xml
> b/webapps/docs/config/systemprops.xml
> index 4225fd2bec..0def5feb97 100644
> --- a/webapps/docs/config/systemprops.xml
> +++ b/webapps/docs/config/systemprops.xml
> @@ -74,6 +74,15 @@
> <section name="Expression Language">
> <properties>
>
> + <property name="org.apache.el. GET_CLASSLOADER_USE_PRIVILEGED">
> + <p>Controls whether the EL API classes make use of a privileged block
> to
> + obtain the thread context class loader. When using the EL API within
> + Apache Tomcat this does not need to be set as all calls are already
> + wrapped in a privileged block further up the stack. It may be required
> if
> + using the EL API under a SecurityManager outside of Apache Tomcat.</p>
> + <p>If not specified, the default of <code>false</code> will be
> used.</p>
> + </property>
> +
> <property name="org.apache.el.BeanELResolver. CACHE_SIZE">
> <p>The number of jakarta.el.BeanELResolver.BeanProperties objects that
> will
> be cached by the EL Parser.</p>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
