This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 4493b73d73 Remove some more SecurityManager references 4493b73d73 is described below commit 4493b73d7318b7dc4c5a91d64b6970990b163673 Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jan 12 15:27:53 2023 +0000 Remove some more SecurityManager references --- conf/catalina.properties | 24 --- .../catalina/security/DeployXmlPermission.java | 38 ---- .../catalina/security/SecurityClassLoad.java | 204 --------------------- .../apache/catalina/security/SecurityConfig.java | 147 --------------- java/org/apache/catalina/startup/Bootstrap.java | 3 - java/org/apache/catalina/startup/Catalina.java | 12 -- java/org/apache/catalina/startup/HostConfig.java | 40 +--- java/org/apache/catalina/startup/Tomcat.java | 2 - 8 files changed, 2 insertions(+), 468 deletions(-) diff --git a/conf/catalina.properties b/conf/catalina.properties index 6c5cb3eae9..9e5cccc3a5 100644 --- a/conf/catalina.properties +++ b/conf/catalina.properties @@ -13,26 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\ -org.apache.jasper.,org.apache.naming.,org.apache.tomcat. - # # # List of comma-separated paths defining the contents of the "common" @@ -209,7 +189,3 @@ tomcat.util.buf.StringCache.byte.enabled=true #tomcat.util.buf.StringCache.char.enabled=true #tomcat.util.buf.StringCache.trainThreshold=500000 #tomcat.util.buf.StringCache.cacheSize=5000 - -# Disable use of some privilege blocks Tomcat doesn't need since calls to the -# code in question are always already inside a privilege block -org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED=false diff --git a/java/org/apache/catalina/security/DeployXmlPermission.java b/java/org/apache/catalina/security/DeployXmlPermission.java deleted file mode 100644 index bf8ca273c5..0000000000 --- a/java/org/apache/catalina/security/DeployXmlPermission.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.catalina.security; - -import java.security.BasicPermission; - -/** - * Grant this permission to a docBase to permit the web application to use any - * <code>META-INF/context.xml</code> that might be present with in the - * application when <code>deployXML</code> has been disabled at the Host level. - * The name of the permission should be the base name for the web application. - */ -public class DeployXmlPermission extends BasicPermission { - - private static final long serialVersionUID = 1L; - - public DeployXmlPermission(String name) { - super(name); - } - - public DeployXmlPermission(String name, String actions) { - super(name, actions); - } -} diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java b/java/org/apache/catalina/security/SecurityClassLoad.java deleted file mode 100644 index 67d5f37a97..0000000000 --- a/java/org/apache/catalina/security/SecurityClassLoad.java +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.catalina.security; - -/** - * Static class used to preload java classes when using the - * Java SecurityManager so that the defineClassInPackage - * RuntimePermission does not trigger an AccessControlException. - * - * @author Glenn L. Nielsen - */ -public final class SecurityClassLoad { - - public static void securityClassLoad(ClassLoader loader) throws Exception { - securityClassLoad(loader, true); - } - - - static void securityClassLoad(ClassLoader loader, boolean requireSecurityManager) throws Exception { - - if (requireSecurityManager && System.getSecurityManager() == null) { - return; - } - - loadCorePackage(loader); - loadCoyotePackage(loader); - loadLoaderPackage(loader); - loadRealmPackage(loader); - loadServletsPackage(loader); - loadSessionPackage(loader); - loadUtilPackage(loader); - loadJakartaPackage(loader); - loadConnectorPackage(loader); - loadTomcatPackage(loader); - } - - - private static final void loadCorePackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.catalina.core."; - loader.loadClass(basePackage + "AccessLogAdapter"); - loader.loadClass(basePackage + "ApplicationContextFacade$PrivilegedExecuteMethod"); - loader.loadClass(basePackage + "ApplicationDispatcher$PrivilegedForward"); - loader.loadClass(basePackage + "ApplicationDispatcher$PrivilegedInclude"); - loader.loadClass(basePackage + "ApplicationPushBuilder"); - loader.loadClass(basePackage + "AsyncContextImpl"); - loader.loadClass(basePackage + "AsyncContextImpl$AsyncRunnable"); - loader.loadClass(basePackage + "AsyncContextImpl$DebugException"); - loader.loadClass(basePackage + "AsyncListenerWrapper"); - loader.loadClass(basePackage + "ContainerBase$PrivilegedAddChild"); - loader.loadClass(basePackage + "DefaultInstanceManager$AnnotationCacheEntry"); - loader.loadClass(basePackage + "DefaultInstanceManager$AnnotationCacheEntryType"); - loader.loadClass(basePackage + "DefaultInstanceManager$PrivilegedGetField"); - loader.loadClass(basePackage + "DefaultInstanceManager$PrivilegedGetMethod"); - loader.loadClass(basePackage + "DefaultInstanceManager$PrivilegedLoadClass"); - loader.loadClass(basePackage + "ApplicationHttpRequest$AttributeNamesEnumerator"); - } - - - private static final void loadLoaderPackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.catalina.loader."; - loader.loadClass(basePackage + "WebappClassLoaderBase$PrivilegedFindClassByName"); - loader.loadClass(basePackage + "WebappClassLoaderBase$PrivilegedHasLoggingConfig"); - } - - - private static final void loadRealmPackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.catalina.realm."; - loader.loadClass(basePackage + "LockOutRealm$LockRecord"); - } - - - private static final void loadServletsPackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.catalina.servlets."; - // Avoid a possible memory leak in the DefaultServlet when running with - // a security manager. The DefaultServlet needs to load an XML parser - // when running under a security manager. We want this to be loaded by - // the container rather than a web application to prevent a memory leak - // via web application class loader. - loader.loadClass(basePackage + "DefaultServlet"); - } - - - private static final void loadSessionPackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.catalina.session."; - loader.loadClass(basePackage + "StandardSession"); - loader.loadClass(basePackage + "StandardSession$PrivilegedNewSessionFacade"); - loader.loadClass(basePackage + "StandardManager$PrivilegedDoUnload"); - } - - - private static final void loadUtilPackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.catalina.util."; - loader.loadClass(basePackage + "ParameterMap"); - loader.loadClass(basePackage + "RequestUtil"); - loader.loadClass(basePackage + "TLSUtil"); - } - - - private static final void loadCoyotePackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.coyote."; - loader.loadClass(basePackage + "http11.Constants"); - // Make sure system property is read at this point - Class<?> clazz = loader.loadClass(basePackage + "Constants"); - clazz.getConstructor().newInstance(); - loader.loadClass(basePackage + "http2.Stream$PrivilegedPush"); - } - - - private static final void loadJakartaPackage(ClassLoader loader) throws Exception { - loader.loadClass("jakarta.servlet.http.Cookie"); - } - - - private static final void loadConnectorPackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.catalina.connector."; - loader.loadClass(basePackage + "RequestFacade$GetAttributePrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetParameterMapPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetRequestDispatcherPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetParameterPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetParameterNamesPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetParameterValuePrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetCharacterEncodingPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetHeadersPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetHeaderNamesPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetCookiesPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetLocalePrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetLocalesPrivilegedAction"); - loader.loadClass(basePackage + "ResponseFacade$SetContentTypePrivilegedAction"); - loader.loadClass(basePackage + "ResponseFacade$DateHeaderPrivilegedAction"); - loader.loadClass(basePackage + "RequestFacade$GetSessionPrivilegedAction"); - loader.loadClass(basePackage + "ResponseFacade$FlushBufferPrivilegedAction"); - loader.loadClass(basePackage + "OutputBuffer$PrivilegedCreateConverter"); - loader.loadClass(basePackage + "CoyoteInputStream$PrivilegedAvailable"); - loader.loadClass(basePackage + "CoyoteInputStream$PrivilegedClose"); - loader.loadClass(basePackage + "CoyoteInputStream$PrivilegedRead"); - loader.loadClass(basePackage + "CoyoteInputStream$PrivilegedReadArray"); - loader.loadClass(basePackage + "CoyoteInputStream$PrivilegedReadBuffer"); - loader.loadClass(basePackage + "CoyoteOutputStream"); - loader.loadClass(basePackage + "InputBuffer$PrivilegedCreateConverter"); - loader.loadClass(basePackage + "Response$PrivilegedDoIsEncodable"); - loader.loadClass(basePackage + "Response$PrivilegedGenerateCookieString"); - loader.loadClass(basePackage + "Response$PrivilegedEncodeUrl"); - } - - - private static final void loadTomcatPackage(ClassLoader loader) throws Exception { - final String basePackage = "org.apache.tomcat."; - // buf - loader.loadClass(basePackage + "util.buf.B2CConverter"); - loader.loadClass(basePackage + "util.buf.ByteBufferUtils"); - loader.loadClass(basePackage + "util.buf.C2BConverter"); - loader.loadClass(basePackage + "util.buf.HexUtils"); - loader.loadClass(basePackage + "util.buf.StringCache"); - loader.loadClass(basePackage + "util.buf.StringCache$ByteEntry"); - loader.loadClass(basePackage + "util.buf.StringCache$CharEntry"); - loader.loadClass(basePackage + "util.buf.UriUtil"); - // collections - loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap"); - loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntryImpl"); - loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntryIterator"); - loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$EntrySet"); - loader.loadClass(basePackage + "util.collections.CaseInsensitiveKeyMap$Key"); - // http - loader.loadClass(basePackage + "util.http.CookieProcessor"); - loader.loadClass(basePackage + "util.http.NamesEnumerator"); - // Make sure system property is read at this point - Class<?> clazz = loader.loadClass(basePackage + "util.http.FastHttpDateFormat"); - clazz.getConstructor().newInstance(); - loader.loadClass(basePackage + "util.http.parser.HttpParser"); - loader.loadClass(basePackage + "util.http.parser.MediaType"); - loader.loadClass(basePackage + "util.http.parser.MediaTypeCache"); - loader.loadClass(basePackage + "util.http.parser.SkipResult"); - // net - loader.loadClass(basePackage + "util.net.Constants"); - loader.loadClass(basePackage + "util.net.DispatchType"); - loader.loadClass(basePackage + "util.net.NioEndpoint$NioSocketWrapper$NioOperationState"); - loader.loadClass(basePackage + "util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState"); - loader.loadClass(basePackage + "util.net.SocketWrapperBase$BlockingMode"); - loader.loadClass(basePackage + "util.net.SocketWrapperBase$CompletionCheck"); - loader.loadClass(basePackage + "util.net.SocketWrapperBase$CompletionHandlerCall"); - loader.loadClass(basePackage + "util.net.SocketWrapperBase$CompletionState"); - loader.loadClass(basePackage + "util.net.SocketWrapperBase$VectoredIOCompletionHandler"); - loader.loadClass(basePackage + "util.net.TLSClientHelloExtractor"); - loader.loadClass(basePackage + "util.net.TLSClientHelloExtractor$ExtractorResult"); - // security - loader.loadClass(basePackage + "util.security.PrivilegedGetTccl"); - loader.loadClass(basePackage + "util.security.PrivilegedSetTccl"); - loader.loadClass(basePackage + "util.security.PrivilegedSetAccessControlContext"); - } -} diff --git a/java/org/apache/catalina/security/SecurityConfig.java b/java/org/apache/catalina/security/SecurityConfig.java deleted file mode 100644 index 85870ab71f..0000000000 --- a/java/org/apache/catalina/security/SecurityConfig.java +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.catalina.security; - -import java.security.Security; - -import org.apache.catalina.startup.CatalinaProperties; -import org.apache.juli.logging.Log; -import org.apache.juli.logging.LogFactory; - -/** - * Util class to protect Catalina against package access and insertion. - * The code are been moved from Catalina.java - * @author the Catalina.java authors - */ -public final class SecurityConfig{ - - private static final Object singletonLock = new Object(); - private static volatile SecurityConfig singleton = null; - - private static final Log log = LogFactory.getLog(SecurityConfig.class); - - - private static final String PACKAGE_ACCESS = "sun.," - + "org.apache.catalina." - + ",org.apache.jasper." - + ",org.apache.coyote." - + ",org.apache.tomcat."; - - // FIX ME package "javax." was removed to prevent HotSpot - // fatal internal errors - private static final String PACKAGE_DEFINITION= "java.,sun." - + ",org.apache.catalina." - + ",org.apache.coyote." - + ",org.apache.tomcat." - + ",org.apache.jasper."; - /** - * List of protected package from conf/catalina.properties - */ - private final String packageDefinition; - - - /** - * List of protected package from conf/catalina.properties - */ - private final String packageAccess; - - - /** - * Create a single instance of this class. - */ - private SecurityConfig() { - String definition = null; - String access = null; - try{ - definition = CatalinaProperties.getProperty("package.definition"); - access = CatalinaProperties.getProperty("package.access"); - } catch (java.lang.Exception ex){ - if (log.isDebugEnabled()){ - log.debug("Unable to load properties using CatalinaProperties", ex); - } - } finally { - packageDefinition = definition; - packageAccess = access; - } - } - - - /** - * Returns the singleton instance of that class. - * @return an instance of that class. - */ - public static SecurityConfig newInstance(){ - if (singleton == null) { - synchronized (singletonLock) { - if (singleton == null) { - singleton = new SecurityConfig(); - } - } - } - return singleton; - } - - - /** - * Set the security package.access value. - */ - public void setPackageAccess(){ - // If catalina.properties is missing, protect all by default. - if (packageAccess == null){ - setSecurityProperty("package.access", PACKAGE_ACCESS); - } else { - setSecurityProperty("package.access", packageAccess); - } - } - - - /** - * Set the security package.definition value. - */ - public void setPackageDefinition(){ - // If catalina.properties is missing, protect all by default. - if (packageDefinition == null){ - setSecurityProperty("package.definition", PACKAGE_DEFINITION); - } else { - setSecurityProperty("package.definition", packageDefinition); - } - } - - - /** - * Set the proper security property - * @param properties the package.* property. - */ - private final void setSecurityProperty(String properties, String packageList){ - if (System.getSecurityManager() != null){ - String definition = Security.getProperty(properties); - if( definition != null && definition.length() > 0 ){ - if (packageList.length() > 0) { - definition = definition + ',' + packageList; - } - } else { - definition = packageList; - } - - Security.setProperty(properties, definition); - } - } - - -} - - diff --git a/java/org/apache/catalina/startup/Bootstrap.java b/java/org/apache/catalina/startup/Bootstrap.java index 461d54b304..b0c52ef1c0 100644 --- a/java/org/apache/catalina/startup/Bootstrap.java +++ b/java/org/apache/catalina/startup/Bootstrap.java @@ -29,7 +29,6 @@ import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; -import org.apache.catalina.security.SecurityClassLoad; import org.apache.catalina.startup.ClassLoaderFactory.Repository; import org.apache.catalina.startup.ClassLoaderFactory.RepositoryType; import org.apache.juli.logging.Log; @@ -255,8 +254,6 @@ public final class Bootstrap { Thread.currentThread().setContextClassLoader(catalinaLoader); - SecurityClassLoad.securityClassLoad(catalinaLoader); - // Load our startup class and call its process() method if (log.isDebugEnabled()) { log.debug("Loading startup class"); diff --git a/java/org/apache/catalina/startup/Catalina.java b/java/org/apache/catalina/startup/Catalina.java index d1e1705434..2d71330314 100644 --- a/java/org/apache/catalina/startup/Catalina.java +++ b/java/org/apache/catalina/startup/Catalina.java @@ -38,7 +38,6 @@ import org.apache.catalina.LifecycleState; import org.apache.catalina.Server; import org.apache.catalina.connector.Connector; import org.apache.catalina.core.StandardContext; -import org.apache.catalina.security.SecurityConfig; import org.apache.juli.ClassLoaderLogManager; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; @@ -173,7 +172,6 @@ public class Catalina { // ----------------------------------------------------------- Constructors public Catalina() { - setSecurityProtection(); ExceptionUtils.preload(); } @@ -936,16 +934,6 @@ public class Catalina { } - /** - * Set the security package access/protection. - */ - protected void setSecurityProtection(){ - SecurityConfig securityConfig = SecurityConfig.newInstance(); - securityConfig.setPackageDefinition(); - securityConfig.setPackageAccess(); - } - - protected void generateLoader() { String loaderClassName = "DigesterGeneratedCodeLoader"; StringBuilder code = new StringBuilder(); diff --git a/java/org/apache/catalina/startup/HostConfig.java b/java/org/apache/catalina/startup/HostConfig.java index 4f079b58a3..937332291b 100644 --- a/java/org/apache/catalina/startup/HostConfig.java +++ b/java/org/apache/catalina/startup/HostConfig.java @@ -22,14 +22,7 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.net.MalformedURLException; -import java.net.URL; import java.nio.file.Files; -import java.security.CodeSource; -import java.security.Permission; -import java.security.PermissionCollection; -import java.security.Policy; -import java.security.cert.Certificate; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -54,7 +47,6 @@ import javax.management.ObjectName; import org.apache.catalina.Container; import org.apache.catalina.Context; import org.apache.catalina.DistributedManager; -import org.apache.catalina.Globals; import org.apache.catalina.Host; import org.apache.catalina.Lifecycle; import org.apache.catalina.LifecycleEvent; @@ -62,7 +54,6 @@ import org.apache.catalina.LifecycleListener; import org.apache.catalina.Manager; import org.apache.catalina.core.StandardContext; import org.apache.catalina.core.StandardHost; -import org.apache.catalina.security.DeployXmlPermission; import org.apache.catalina.util.ContextName; import org.apache.catalina.util.IOTools; import org.apache.juli.logging.Log; @@ -210,33 +201,6 @@ public class HostConfig implements LifecycleListener { } - private boolean isDeployThisXML(File docBase, ContextName cn) { - boolean deployThisXML = isDeployXML(); - if (Globals.IS_SECURITY_ENABLED && !deployThisXML) { - // When running under a SecurityManager, deployXML may be overridden - // on a per Context basis by the granting of a specific permission - Policy currentPolicy = Policy.getPolicy(); - if (currentPolicy != null) { - URL contextRootUrl; - try { - contextRootUrl = docBase.toURI().toURL(); - CodeSource cs = new CodeSource(contextRootUrl, (Certificate[]) null); - PermissionCollection pc = currentPolicy.getPermissions(cs); - Permission p = new DeployXmlPermission(cn.getBaseName()); - if (pc.implies(p)) { - deployThisXML = true; - } - } catch (MalformedURLException e) { - // Should never happen - log.warn(sm.getString("hostConfig.docBaseUrlInvalid"), e); - } - } - } - - return deployThisXML; - } - - /** * @return the copy XML config file flag for this component. */ @@ -863,7 +827,7 @@ public class HostConfig implements LifecycleListener { } Context context = null; - boolean deployThisXML = isDeployThisXML(war, cn); + boolean deployThisXML = this.deployXML; try { if (deployThisXML && useXml && !copyXML) { @@ -1087,7 +1051,7 @@ public class HostConfig implements LifecycleListener { DeployedApplication deployedApp; boolean copyThisXml = isCopyXML(); - boolean deployThisXML = isDeployThisXML(dir, cn); + boolean deployThisXML = this.deployXML; try { if (deployThisXML && xml.exists()) { diff --git a/java/org/apache/catalina/startup/Tomcat.java b/java/org/apache/catalina/startup/Tomcat.java index 39142b6b06..a41f96433a 100644 --- a/java/org/apache/catalina/startup/Tomcat.java +++ b/java/org/apache/catalina/startup/Tomcat.java @@ -66,7 +66,6 @@ import org.apache.catalina.core.StandardService; import org.apache.catalina.core.StandardWrapper; import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.realm.RealmBase; -import org.apache.catalina.security.SecurityClassLoad; import org.apache.catalina.util.ContextName; import org.apache.catalina.util.IOTools; import org.apache.tomcat.util.ExceptionUtils; @@ -1304,7 +1303,6 @@ public class Tomcat { break; } } - SecurityClassLoad.securityClassLoad(Thread.currentThread().getContextClassLoader()); org.apache.catalina.startup.Tomcat tomcat = new org.apache.catalina.startup.Tomcat(); // Create a Catalina instance and let it parse the configuration files // It will also set a shutdown hook to stop the Server when needed --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org