This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 2f09af1291 Remove SecurityManager and related API references in the core package 2f09af1291 is described below commit 2f09af12913e0c1a2369b5d6579730eae443a471 Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jan 12 11:46:30 2023 +0000 Remove SecurityManager and related API references in the core package --- .../apache/catalina/core/ApplicationContext.java | 18 +-- .../catalina/core/ApplicationContextFacade.java | 48 +------- .../catalina/core/ApplicationDispatcher.java | 126 +-------------------- .../catalina/core/ApplicationFilterChain.java | 86 +------------- java/org/apache/catalina/core/ContainerBase.java | 37 ------ .../catalina/core/DefaultInstanceManager.java | 112 ++---------------- .../apache/catalina/core/LocalStrings.properties | 1 - .../catalina/core/LocalStrings_fr.properties | 1 - .../catalina/core/LocalStrings_ja.properties | 1 - .../catalina/core/LocalStrings_ko.properties | 1 - .../catalina/core/LocalStrings_zh_CN.properties | 1 - java/org/apache/catalina/core/StandardContext.java | 25 +--- java/org/apache/catalina/core/StandardServer.java | 4 - 13 files changed, 22 insertions(+), 439 deletions(-) diff --git a/java/org/apache/catalina/core/ApplicationContext.java b/java/org/apache/catalina/core/ApplicationContext.java index 5cd5ad23a1..e43d7c6343 100644 --- a/java/org/apache/catalina/core/ApplicationContext.java +++ b/java/org/apache/catalina/core/ApplicationContext.java @@ -1172,23 +1172,7 @@ public class ApplicationContext implements ServletContext { @Override public ClassLoader getClassLoader() { - ClassLoader result = context.getLoader().getClassLoader(); - if (Globals.IS_SECURITY_ENABLED) { - ClassLoader tccl = Thread.currentThread().getContextClassLoader(); - ClassLoader parent = result; - while (parent != null) { - if (parent == tccl) { - break; - } - parent = parent.getParent(); - } - if (parent == null) { - System.getSecurityManager().checkPermission( - new RuntimePermission("getClassLoader")); - } - } - - return result; + return context.getLoader().getClassLoader(); } diff --git a/java/org/apache/catalina/core/ApplicationContextFacade.java b/java/org/apache/catalina/core/ApplicationContextFacade.java index f61be51cb1..9f26890677 100644 --- a/java/org/apache/catalina/core/ApplicationContextFacade.java +++ b/java/org/apache/catalina/core/ApplicationContextFacade.java @@ -22,9 +22,7 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.net.MalformedURLException; import java.net.URL; -import java.security.AccessController; import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.Enumeration; import java.util.EventListener; import java.util.HashMap; @@ -811,7 +809,7 @@ public class ApplicationContextFacade implements ServletContext { objectCache.put(methodName, method); } - return executeMethod(method,appContext,params); + return method.invoke(context, params); } catch (Exception ex){ handleException(ex); return null; @@ -833,7 +831,7 @@ public class ApplicationContextFacade implements ServletContext { try{ Method method = context.getClass().getMethod(methodName, clazz); - return executeMethod(method,context,params); + return method.invoke(context, params); } catch (Exception ex){ try { handleException(ex); @@ -848,29 +846,6 @@ public class ApplicationContextFacade implements ServletContext { } - /** - * Executes the method of the specified <code>ApplicationContext</code> - * @param method The method object to be invoked. - * @param context The ApplicationContext object on which the method - * will be invoked - * @param params The arguments passed to the called method. - */ - private Object executeMethod(final Method method, - final ApplicationContext context, - final Object[] params) - throws PrivilegedActionException, - IllegalAccessException, - InvocationTargetException { - - if (SecurityUtil.isPackageProtectionEnabled()){ - return AccessController.doPrivileged( - new PrivilegedExecuteMethod(method, context, params)); - } else { - return method.invoke(context, params); - } - } - - /** * * Throw the real exception. @@ -896,23 +871,4 @@ public class ApplicationContextFacade implements ServletContext { throw realException; } - - - private static class PrivilegedExecuteMethod implements PrivilegedExceptionAction<Object> { - - private final Method method; - private final ApplicationContext context; - private final Object[] params; - - public PrivilegedExecuteMethod(Method method, ApplicationContext context, Object[] params) { - this.method = method; - this.context = context; - this.params = params; - } - - @Override - public Object run() throws Exception { - return method.invoke(context, params); - } - } } diff --git a/java/org/apache/catalina/core/ApplicationDispatcher.java b/java/org/apache/catalina/core/ApplicationDispatcher.java index 99516c51a2..03568af66d 100644 --- a/java/org/apache/catalina/core/ApplicationDispatcher.java +++ b/java/org/apache/catalina/core/ApplicationDispatcher.java @@ -18,9 +18,6 @@ package org.apache.catalina.core; import java.io.IOException; import java.io.PrintWriter; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import jakarta.servlet.AsyncContext; import jakarta.servlet.DispatcherType; @@ -63,58 +60,6 @@ import org.apache.tomcat.util.res.StringManager; */ final class ApplicationDispatcher implements AsyncDispatcher, RequestDispatcher { - protected class PrivilegedForward - implements PrivilegedExceptionAction<Void> { - private final ServletRequest request; - private final ServletResponse response; - - PrivilegedForward(ServletRequest request, ServletResponse response) { - this.request = request; - this.response = response; - } - - @Override - public Void run() throws java.lang.Exception { - doForward(request,response); - return null; - } - } - - protected class PrivilegedInclude implements - PrivilegedExceptionAction<Void> { - private final ServletRequest request; - private final ServletResponse response; - - PrivilegedInclude(ServletRequest request, ServletResponse response) { - this.request = request; - this.response = response; - } - - @Override - public Void run() throws ServletException, IOException { - doInclude(request, response); - return null; - } - } - - protected class PrivilegedDispatch implements - PrivilegedExceptionAction<Void> { - private final ServletRequest request; - private final ServletResponse response; - - PrivilegedDispatch(ServletRequest request, ServletResponse response) { - this.request = request; - this.response = response; - } - - @Override - public Void run() throws ServletException, IOException { - doDispatch(request, response); - return null; - } - } - - /** * Used to pass state when the request dispatcher is used. Using instance * variables causes threading issues and state is too complex to pass and @@ -277,29 +222,7 @@ final class ApplicationDispatcher implements AsyncDispatcher, RequestDispatcher * @exception ServletException if a servlet exception occurs */ @Override - public void forward(ServletRequest request, ServletResponse response) - throws ServletException, IOException - { - if (Globals.IS_SECURITY_ENABLED) { - try { - PrivilegedForward dp = new PrivilegedForward(request,response); - AccessController.doPrivileged(dp); - } catch (PrivilegedActionException pe) { - Exception e = pe.getException(); - if (e instanceof ServletException) { - throw (ServletException) e; - } - throw (IOException) e; - } - } else { - doForward(request,response); - } - } - - private void doForward(ServletRequest request, ServletResponse response) - throws ServletException, IOException - { - + public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException { // Reset any output that has been buffered, but keep headers/cookies if (response.isCommitted()) { throw new IllegalStateException @@ -480,29 +403,7 @@ final class ApplicationDispatcher implements AsyncDispatcher, RequestDispatcher * @exception ServletException if a servlet exception occurs */ @Override - public void include(ServletRequest request, ServletResponse response) - throws ServletException, IOException - { - if (Globals.IS_SECURITY_ENABLED) { - try { - PrivilegedInclude dp = new PrivilegedInclude(request,response); - AccessController.doPrivileged(dp); - } catch (PrivilegedActionException pe) { - Exception e = pe.getException(); - - if (e instanceof ServletException) { - throw (ServletException) e; - } - throw (IOException) e; - } - } else { - doInclude(request, response); - } - } - - private void doInclude(ServletRequest request, ServletResponse response) - throws ServletException, IOException { - + public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException { // Set up to handle the specified request and response State state = new State(request, response, true); @@ -564,28 +465,7 @@ final class ApplicationDispatcher implements AsyncDispatcher, RequestDispatcher @Override - public void dispatch(ServletRequest request, ServletResponse response) - throws ServletException, IOException { - if (Globals.IS_SECURITY_ENABLED) { - try { - PrivilegedDispatch dp = new PrivilegedDispatch(request,response); - AccessController.doPrivileged(dp); - } catch (PrivilegedActionException pe) { - Exception e = pe.getException(); - - if (e instanceof ServletException) { - throw (ServletException) e; - } - throw (IOException) e; - } - } else { - doDispatch(request, response); - } - } - - private void doDispatch(ServletRequest request, ServletResponse response) - throws ServletException, IOException { - + public void dispatch(ServletRequest request, ServletResponse response) throws ServletException, IOException { // Set up to handle the specified request and response State state = new State(request, response, false); diff --git a/java/org/apache/catalina/core/ApplicationFilterChain.java b/java/org/apache/catalina/core/ApplicationFilterChain.java index 9d4265cee1..6bc507f1ce 100644 --- a/java/org/apache/catalina/core/ApplicationFilterChain.java +++ b/java/org/apache/catalina/core/ApplicationFilterChain.java @@ -17,8 +17,6 @@ package org.apache.catalina.core; import java.io.IOException; -import java.security.Principal; -import java.security.PrivilegedActionException; import java.util.Set; import jakarta.servlet.Filter; @@ -27,11 +25,8 @@ import jakarta.servlet.Servlet; import jakarta.servlet.ServletException; import jakarta.servlet.ServletRequest; import jakarta.servlet.ServletResponse; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; import org.apache.catalina.Globals; -import org.apache.catalina.security.SecurityUtil; import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.res.StringManager; @@ -100,21 +95,6 @@ public final class ApplicationFilterChain implements FilterChain { private static final StringManager sm = StringManager.getManager(ApplicationFilterChain.class); - /** - * Static class array used when the SecurityManager is turned on and - * <code>doFilter</code> is invoked. - */ - private static final Class<?>[] classType = new Class[]{ - ServletRequest.class, ServletResponse.class, FilterChain.class}; - - /** - * Static class array used when the SecurityManager is turned on and - * <code>service</code> is invoked. - */ - private static final Class<?>[] classTypeUsedInService = new Class[]{ - ServletRequest.class, ServletResponse.class}; - - // ---------------------------------------------------- FilterChain Methods /** @@ -129,40 +109,7 @@ public final class ApplicationFilterChain implements FilterChain { * @exception ServletException if a servlet exception occurs */ @Override - public void doFilter(ServletRequest request, ServletResponse response) - throws IOException, ServletException { - - if( Globals.IS_SECURITY_ENABLED ) { - final ServletRequest req = request; - final ServletResponse res = response; - try { - java.security.AccessController.doPrivileged( - (java.security.PrivilegedExceptionAction<Void>) () -> { - internalDoFilter(req,res); - return null; - } - ); - } catch( PrivilegedActionException pe) { - Exception e = pe.getException(); - if (e instanceof ServletException) { - throw (ServletException) e; - } else if (e instanceof IOException) { - throw (IOException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; - } else { - throw new ServletException(e.getMessage(), e); - } - } - } else { - internalDoFilter(request,response); - } - } - - private void internalDoFilter(ServletRequest request, - ServletResponse response) - throws IOException, ServletException { - + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { // Call the next filter if there is one if (pos < n) { ApplicationFilterConfig filterConfig = filters[pos++]; @@ -173,21 +120,10 @@ public final class ApplicationFilterChain implements FilterChain { filterConfig.getFilterDef().getAsyncSupported())) { request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE); } - if( Globals.IS_SECURITY_ENABLED ) { - final ServletRequest req = request; - final ServletResponse res = response; - Principal principal = - ((HttpServletRequest) req).getUserPrincipal(); - - Object[] args = new Object[]{req, res, this}; - SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args, principal); - } else { - filter.doFilter(request, response, this); - } + filter.doFilter(request, response, this); } catch (IOException | ServletException | RuntimeException e) { throw e; } catch (Throwable e) { - e = ExceptionUtils.unwrapInvocationTargetException(e); ExceptionUtils.handleThrowable(e); throw new ServletException(sm.getString("filterChain.filter"), e); } @@ -206,26 +142,10 @@ public final class ApplicationFilterChain implements FilterChain { Boolean.FALSE); } // Use potentially wrapped request from this point - if ((request instanceof HttpServletRequest) && - (response instanceof HttpServletResponse) && - Globals.IS_SECURITY_ENABLED ) { - final ServletRequest req = request; - final ServletResponse res = response; - Principal principal = - ((HttpServletRequest) req).getUserPrincipal(); - Object[] args = new Object[]{req, res}; - SecurityUtil.doAsPrivilege("service", - servlet, - classTypeUsedInService, - args, - principal); - } else { - servlet.service(request, response); - } + servlet.service(request, response); } catch (IOException | ServletException | RuntimeException e) { throw e; } catch (Throwable e) { - e = ExceptionUtils.unwrapInvocationTargetException(e); ExceptionUtils.handleThrowable(e); throw new ServletException(sm.getString("filterChain.servlet"), e); } finally { diff --git a/java/org/apache/catalina/core/ContainerBase.java b/java/org/apache/catalina/core/ContainerBase.java index f09038f5a3..c3167f9055 100644 --- a/java/org/apache/catalina/core/ContainerBase.java +++ b/java/org/apache/catalina/core/ContainerBase.java @@ -19,8 +19,6 @@ package org.apache.catalina.core; import java.beans.PropertyChangeListener; import java.beans.PropertyChangeSupport; import java.io.File; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -44,7 +42,6 @@ import org.apache.catalina.ContainerEvent; import org.apache.catalina.ContainerListener; import org.apache.catalina.Context; import org.apache.catalina.Engine; -import org.apache.catalina.Globals; import org.apache.catalina.Host; import org.apache.catalina.Lifecycle; import org.apache.catalina.LifecycleException; @@ -130,32 +127,9 @@ public abstract class ContainerBase extends LifecycleMBeanBase implements Contai private static final Log log = LogFactory.getLog(ContainerBase.class); - /** - * Perform addChild with the permissions of this class. - * addChild can be called with the XML parser on the stack, - * this allows the XML parser to have fewer privileges than - * Tomcat. - */ - protected class PrivilegedAddChild implements PrivilegedAction<Void> { - - private final Container child; - - PrivilegedAddChild(Container child) { - this.child = child; - } - - @Override - public Void run() { - addChildInternal(child); - return null; - } - - } - // ----------------------------------------------------- Instance Variables - /** * The child Containers belonging to this Container, keyed by name. */ @@ -690,17 +664,6 @@ public abstract class ContainerBase extends LifecycleMBeanBase implements Contai */ @Override public void addChild(Container child) { - if (Globals.IS_SECURITY_ENABLED) { - PrivilegedAction<Void> dp = - new PrivilegedAddChild(child); - AccessController.doPrivileged(dp); - } else { - addChildInternal(child); - } - } - - private void addChildInternal(Container child) { - if (log.isDebugEnabled()) { log.debug("Add child " + child + " " + this); } diff --git a/java/org/apache/catalina/core/DefaultInstanceManager.java b/java/org/apache/catalina/core/DefaultInstanceManager.java index 79b120b7c4..7c196970b2 100644 --- a/java/org/apache/catalina/core/DefaultInstanceManager.java +++ b/java/org/apache/catalina/core/DefaultInstanceManager.java @@ -22,10 +22,6 @@ import java.lang.annotation.Annotation; import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -47,8 +43,6 @@ import jakarta.persistence.PersistenceUnit; import jakarta.xml.ws.WebServiceRef; import org.apache.catalina.ContainerServlet; -import org.apache.catalina.Globals; -import org.apache.catalina.security.SecurityUtil; import org.apache.catalina.util.Introspection; import org.apache.juli.logging.Log; import org.apache.tomcat.InstanceManager; @@ -508,21 +502,7 @@ public class DefaultInstanceManager implements InstanceManager { protected Class<?> loadClassMaybePrivileged(final String className, final ClassLoader classLoader) throws ClassNotFoundException { - Class<?> clazz; - if (SecurityUtil.isPackageProtectionEnabled()) { - try { - clazz = AccessController.doPrivileged( - new PrivilegedLoadClass(className, classLoader)); - } catch (PrivilegedActionException e) { - Throwable t = e.getCause(); - if (t instanceof ClassNotFoundException) { - throw (ClassNotFoundException) t; - } - throw new RuntimeException(t); - } - } else { - clazz = loadClass(className, classLoader); - } + Class<?> clazz = loadClass(className, classLoader); checkAccess(clazz); return clazz; } @@ -670,15 +650,11 @@ public class DefaultInstanceManager implements InstanceManager { private static Method getMethod(final Class<?> clazz, final AnnotationCacheEntry entry) { Method result = null; - if (Globals.IS_SECURITY_ENABLED) { - result = AccessController.doPrivileged(new PrivilegedGetMethod(clazz, entry)); - } else { - try { - result = clazz.getDeclaredMethod( - entry.getAccessibleObjectName(), entry.getParamTypes()); - } catch (NoSuchMethodException e) { - // Should never happen. On that basis don't log it. - } + try { + result = clazz.getDeclaredMethod( + entry.getAccessibleObjectName(), entry.getParamTypes()); + } catch (NoSuchMethodException e) { + // Should never happen. On that basis don't log it. } return result; } @@ -686,14 +662,10 @@ public class DefaultInstanceManager implements InstanceManager { private static Field getField(final Class<?> clazz, final AnnotationCacheEntry entry) { Field result = null; - if (Globals.IS_SECURITY_ENABLED) { - result = AccessController.doPrivileged(new PrivilegedGetField(clazz, entry)); - } else { - try { - result = clazz.getDeclaredField(entry.getAccessibleObjectName()); - } catch (NoSuchFieldException e) { - // Should never happen. On that basis don't log it. - } + try { + result = clazz.getDeclaredField(entry.getAccessibleObjectName()); + } catch (NoSuchFieldException e) { + // Should never happen. On that basis don't log it. } return result; } @@ -770,68 +742,4 @@ public class DefaultInstanceManager implements InstanceManager { private enum AnnotationCacheEntryType { FIELD, SETTER, POST_CONSTRUCT, PRE_DESTROY } - - - private static class PrivilegedGetField implements PrivilegedAction<Field> { - - private final Class<?> clazz; - private final AnnotationCacheEntry entry; - - public PrivilegedGetField(Class<?> clazz, AnnotationCacheEntry entry) { - this.clazz = clazz; - this.entry = entry; - } - - @Override - public Field run() { - Field result = null; - try { - result = clazz.getDeclaredField(entry.getAccessibleObjectName()); - } catch (NoSuchFieldException e) { - // Should never happen. On that basis don't log it. - } - return result; - } - } - - - private static class PrivilegedGetMethod implements PrivilegedAction<Method> { - - private final Class<?> clazz; - private final AnnotationCacheEntry entry; - - public PrivilegedGetMethod(Class<?> clazz, AnnotationCacheEntry entry) { - this.clazz = clazz; - this.entry = entry; - } - - @Override - public Method run() { - Method result = null; - try { - result = clazz.getDeclaredMethod( - entry.getAccessibleObjectName(), entry.getParamTypes()); - } catch (NoSuchMethodException e) { - // Should never happen. On that basis don't log it. - } - return result; - } - } - - - private class PrivilegedLoadClass implements PrivilegedExceptionAction<Class<?>> { - - private final String className; - private final ClassLoader classLoader; - - public PrivilegedLoadClass(String className, ClassLoader classLoader) { - this.className = className; - this.classLoader = classLoader; - } - - @Override - public Class<?> run() throws Exception { - return loadClass(className, classLoader); - } - } } diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties index 242259f157..e4438c7556 100644 --- a/java/org/apache/catalina/core/LocalStrings.properties +++ b/java/org/apache/catalina/core/LocalStrings.properties @@ -258,7 +258,6 @@ standardPipeline.valve.stop=Error stopping Valve standardServer.accept.error=An IO exception occurred trying to accept on the socket listening for the shutdown command standardServer.accept.readError=An IO exception occurred trying to read the shutdown command -standardServer.accept.security=A security error occurred trying to accept on the socket listening for the shutdown command standardServer.accept.timeout=The socket listening for the shutdown command experienced an unexpected timeout [{0}] milliseconds after the call to accept(). Is this an instance of bug 56684? standardServer.awaitSocket.fail=Failed to create server shutdown socket on address [{0}] and port [{1}] (base port [{2}] and offset [{3}]) standardServer.invalidShutdownCommand=Invalid shutdown command [{0}] received diff --git a/java/org/apache/catalina/core/LocalStrings_fr.properties b/java/org/apache/catalina/core/LocalStrings_fr.properties index 4c11ec358c..9a3e862711 100644 --- a/java/org/apache/catalina/core/LocalStrings_fr.properties +++ b/java/org/apache/catalina/core/LocalStrings_fr.properties @@ -258,7 +258,6 @@ standardPipeline.valve.stop=Erreur lors de l'arrêt de la valve standardServer.accept.error=Une erreur d'IO s'est produite en essayant d'accepter sur le socket qui attend la commande d'arrêt standardServer.accept.readError=Une erreur d'IO s'est produite lors de la lecture de la commande d'arrêt -standardServer.accept.security=Une erreur de sécurité s'est produite en essayant d'accepter sur le socket qui attend la commande d'arrêt standardServer.accept.timeout=Le socket qui écoute en attendant la commande d''arrêt a rencontré un délai d''attente dépassé inattendu [{0}] millisecondes après l''appel à accept() standardServer.awaitSocket.fail=Impossible de créer le sokcet d''arrêt du serveur à l''adresse [{0}] et au port [{1}] (port de base [{2}] et offset [{3}]) standardServer.invalidShutdownCommand=Une commande d''arrêt invalide [{0}] a été reçue diff --git a/java/org/apache/catalina/core/LocalStrings_ja.properties b/java/org/apache/catalina/core/LocalStrings_ja.properties index 3768af8617..1a608cc02e 100644 --- a/java/org/apache/catalina/core/LocalStrings_ja.properties +++ b/java/org/apache/catalina/core/LocalStrings_ja.properties @@ -258,7 +258,6 @@ standardPipeline.valve.stop=Valve を停止できません。 standardServer.accept.error=シャットダウンコマンドを受信するソケットの accept で入出力例外が発生しました。 standardServer.accept.readError=シャットダウンコマンドの読み取り時に入出力例外が発生しました。 -standardServer.accept.security=シャットダウンコマンドを受信するソケットの accept でセキュリティエラーを発生しました。 standardServer.accept.timeout=シャットダウンコマンドをリスンするソケットは、accept()の呼び出し後に予期しないタイムアウト [{0}] ミリ秒を経験しました。 これはバグ56684の一例ですか? standardServer.awaitSocket.fail=アドレス [{0}] のポート番号 [{1}] にサーバー停止ソケットを作成できませんでした (基本ポート番号は [{2}]、オフセットは [{3}] です) standardServer.invalidShutdownCommand=不正なシャットダウンコマンド [{0}] を受信しました。 diff --git a/java/org/apache/catalina/core/LocalStrings_ko.properties b/java/org/apache/catalina/core/LocalStrings_ko.properties index 945b68861c..322d1852a2 100644 --- a/java/org/apache/catalina/core/LocalStrings_ko.properties +++ b/java/org/apache/catalina/core/LocalStrings_ko.properties @@ -255,7 +255,6 @@ standardPipeline.valve.stop=Valve를 중지시키는 중 오류 발생 standardServer.accept.error=셧다운 명령을 위해 listen하고 있는 소켓에서, accept를 시도하는 중, IOException이 발생했습니다. standardServer.accept.readError=셧다운 명령을 읽으려 시도하는 중 IOException이 발생했습니다. -standardServer.accept.security=셧다운 명령을 위해 listen하고 있는 소켓에서, accept를 시도하는 중, 보안 오류가 발생했습니다. standardServer.accept.timeout=셧다운 명령을 위해 listen하고 있는 소켓이, accept()를 호출 한 후, 예기치 않은 제한 시간 초과([{0}] 밀리초)를 발생시켰습니다. 버그 56684가 발생한 경우일까요? standardServer.awaitSocket.fail=주소 [{0}]와(과) 포트 [{1}]에, 서버 셧다운 소켓을 생성하지 못했습니다. (base 포트 [{2}], offset [{3}]) standardServer.invalidShutdownCommand=유효하지 않은 셧다운 명령 [{0}]을(를) 받았습니다. diff --git a/java/org/apache/catalina/core/LocalStrings_zh_CN.properties b/java/org/apache/catalina/core/LocalStrings_zh_CN.properties index 469d3696dd..3e0554e3a6 100644 --- a/java/org/apache/catalina/core/LocalStrings_zh_CN.properties +++ b/java/org/apache/catalina/core/LocalStrings_zh_CN.properties @@ -259,7 +259,6 @@ standardPipeline.valve.stop=错误截止阀 standardServer.accept.error=尝试在侦听shutdown命令的套接字上接受IO异常 standardServer.accept.readError=尝试读取关机命令时发生IO异常 -standardServer.accept.security=试图在侦听shutdown命令的套接字上接受时发生安全错误 standardServer.accept.timeout=在调用accept()方法之后,侦听shutdown命令的套接字经历了意外的超时[{0}]毫秒。 这是bug 56684的一个例子? standardServer.awaitSocket.fail=无法在地址[{0}]和端口[{1}]上创建服务器关闭套接字(基本端口[{2}]和偏移量[{3}]) standardServer.invalidShutdownCommand=收到无效的关闭命令[{0}] diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java index 752778ce03..ef4ec81e39 100644 --- a/java/org/apache/catalina/core/StandardContext.java +++ b/java/org/apache/catalina/core/StandardContext.java @@ -22,8 +22,6 @@ import java.io.InputStream; import java.net.MalformedURLException; import java.net.URL; import java.nio.charset.StandardCharsets; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayDeque; import java.util.ArrayList; import java.util.Arrays; @@ -132,8 +130,6 @@ import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.apache.tomcat.util.http.CookieProcessor; import org.apache.tomcat.util.http.Rfc6265CookieProcessor; import org.apache.tomcat.util.scan.StandardJarScanner; -import org.apache.tomcat.util.security.PrivilegedGetTccl; -import org.apache.tomcat.util.security.PrivilegedSetTccl; /** * Standard implementation of the <b>Context</b> interface. Each @@ -5772,12 +5768,7 @@ public class StandardContext extends ContainerBase } if (originalClassLoader == null) { - if (usePrivilegedAction) { - PrivilegedAction<ClassLoader> pa = new PrivilegedGetTccl(); - originalClassLoader = AccessController.doPrivileged(pa); - } else { - originalClassLoader = Thread.currentThread().getContextClassLoader(); - } + originalClassLoader = Thread.currentThread().getContextClassLoader(); } if (webApplicationClassLoader == null || @@ -5789,12 +5780,7 @@ public class StandardContext extends ContainerBase ThreadBindingListener threadBindingListener = getThreadBindingListener(); - if (usePrivilegedAction) { - PrivilegedAction<Void> pa = new PrivilegedSetTccl(webApplicationClassLoader); - AccessController.doPrivileged(pa); - } else { - Thread.currentThread().setContextClassLoader(webApplicationClassLoader); - } + Thread.currentThread().setContextClassLoader(webApplicationClassLoader); if (threadBindingListener != null) { try { threadBindingListener.bind(); @@ -5825,12 +5811,7 @@ public class StandardContext extends ContainerBase } } - if (usePrivilegedAction) { - PrivilegedAction<Void> pa = new PrivilegedSetTccl(originalClassLoader); - AccessController.doPrivileged(pa); - } else { - Thread.currentThread().setContextClassLoader(originalClassLoader); - } + Thread.currentThread().setContextClassLoader(originalClassLoader); } diff --git a/java/org/apache/catalina/core/StandardServer.java b/java/org/apache/catalina/core/StandardServer.java index c0c472f613..e7d12b9d05 100644 --- a/java/org/apache/catalina/core/StandardServer.java +++ b/java/org/apache/catalina/core/StandardServer.java @@ -25,7 +25,6 @@ import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; import java.net.SocketTimeoutException; -import java.security.AccessControlException; import java.util.Random; import java.util.concurrent.ExecutionException; import java.util.concurrent.ScheduledExecutorService; @@ -607,9 +606,6 @@ public final class StandardServer extends LifecycleMBeanBase implements Server { log.warn(sm.getString("standardServer.accept.timeout", Long.valueOf(System.currentTimeMillis() - acceptStartTime)), ste); continue; - } catch (AccessControlException ace) { - log.warn(sm.getString("standardServer.accept.security"), ace); - continue; } catch (IOException e) { if (stopAwait) { // Wait was aborted with socket.close() --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org