On Tue, Nov 8, 2022 at 2:16 PM <ma...@apache.org> wrote: > > This is an automated email from the ASF dual-hosted git repository. > > markt pushed a commit to branch main > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > The following commit(s) were added to refs/heads/main by this push: > new 28ea2b9b2e Fix BZ 66294. Make use of privileged block optional. > Performance hotspot > 28ea2b9b2e is described below > > commit 28ea2b9b2e781d20e0651cb5e0b65bacd464150c > Author: Mark Thomas <ma...@apache.org> > AuthorDate: Tue Nov 8 13:16:32 2022 +0000 > > Fix BZ 66294. Make use of privileged block optional. Performance hotspot > > https://bz.apache.org/bugzilla/show_bug.cgi?id=66294
That was the best option IMO. Too bad, another system property though ;) Rémy > --- > java/jakarta/el/Util.java | 5 ++++- > webapps/docs/changelog.xml | 7 +++++++ > webapps/docs/config/systemprops.xml | 9 +++++++++ > 3 files changed, 20 insertions(+), 1 deletion(-) > > diff --git a/java/jakarta/el/Util.java b/java/jakarta/el/Util.java > index b0a995c59b..71527d2429 100644 > --- a/java/jakarta/el/Util.java > +++ b/java/jakarta/el/Util.java > @@ -43,6 +43,9 @@ class Util { > private static final Class<?>[] EMPTY_CLASS_ARRAY = new Class<?>[0]; > private static final Object[] EMPTY_OBJECT_ARRAY = new Object[0]; > > + private static final boolean GET_CLASSLOADER_USE_PRIVILEGED = > + > Boolean.getBoolean("org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED"); > + > /** > * Checks whether the supplied Throwable is one that needs to be > * rethrown and swallows all others. > @@ -655,7 +658,7 @@ class Util { > > static ClassLoader getContextClassLoader() { > ClassLoader tccl; > - if (System.getSecurityManager() != null) { > + if (System.getSecurityManager() != null && > GET_CLASSLOADER_USE_PRIVILEGED) { > PrivilegedAction<ClassLoader> pa = new PrivilegedGetTccl(); > tccl = AccessController.doPrivileged(pa); > } else { > diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml > index 22c06cb070..33800616d7 100644 > --- a/webapps/docs/changelog.xml > +++ b/webapps/docs/changelog.xml > @@ -167,6 +167,13 @@ > </subsection> > <subsection name="Jasper"> > <changelog> > + <fix> > + <bug>66294</bug>: Make the use of a privileged block to obtain the > + thread context class loader added to address <bug>62080</bug> > optional > + and disabled by default. This is now controlled by the > + <code>org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED</code> system > + property. (markt) > + </fix> > <fix> > <bug>66317</bug>: Fix for Lambda coercion security manager missing > privileges. Based on pull request #557 by Isaac Rivera Rivas (lihan) > diff --git a/webapps/docs/config/systemprops.xml > b/webapps/docs/config/systemprops.xml > index 4225fd2bec..0def5feb97 100644 > --- a/webapps/docs/config/systemprops.xml > +++ b/webapps/docs/config/systemprops.xml > @@ -74,6 +74,15 @@ > <section name="Expression Language"> > <properties> > > + <property name="org.apache.el. GET_CLASSLOADER_USE_PRIVILEGED"> > + <p>Controls whether the EL API classes make use of a privileged block > to > + obtain the thread context class loader. When using the EL API within > + Apache Tomcat this does not need to be set as all calls are already > + wrapped in a privileged block further up the stack. It may be required > if > + using the EL API under a SecurityManager outside of Apache Tomcat.</p> > + <p>If not specified, the default of <code>false</code> will be > used.</p> > + </property> > + > <property name="org.apache.el.BeanELResolver. CACHE_SIZE"> > <p>The number of jakarta.el.BeanELResolver.BeanProperties objects that > will > be cached by the EL Parser.</p> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org