This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new c43ac6a405 Another batch of SecurityManager related clean-up c43ac6a405 is described below commit c43ac6a405af65363c4a80636a980f3615a0ee72 Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jan 12 15:34:30 2023 +0000 Another batch of SecurityManager related clean-up --- .../apache/catalina/servlets/DefaultServlet.java | 27 +--- .../catalina/session/PersistentManagerBase.java | 151 +-------------------- .../apache/catalina/session/StandardManager.java | 93 ------------- .../apache/catalina/session/StandardSession.java | 25 +--- .../catalina/startup/ClassLoaderFactory.java | 28 ++-- 5 files changed, 19 insertions(+), 305 deletions(-) diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java index e859438324..7a647b0804 100644 --- a/java/org/apache/catalina/servlets/DefaultServlet.java +++ b/java/org/apache/catalina/servlets/DefaultServlet.java @@ -35,7 +35,6 @@ import java.io.StringWriter; import java.io.UnsupportedEncodingException; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; -import java.security.AccessController; import java.util.ArrayList; import java.util.Arrays; import java.util.Comparator; @@ -84,8 +83,6 @@ import org.apache.tomcat.util.http.parser.EntityTag; import org.apache.tomcat.util.http.parser.Ranges; import org.apache.tomcat.util.res.StringManager; import org.apache.tomcat.util.security.Escape; -import org.apache.tomcat.util.security.PrivilegedGetTccl; -import org.apache.tomcat.util.security.PrivilegedSetTccl; import org.w3c.dom.Document; import org.xml.sax.InputSource; import org.xml.sax.SAXException; @@ -1713,22 +1710,9 @@ public class DefaultServlet extends HttpServlet { // Prevent possible memory leak. Ensure Transformer and // TransformerFactory are not loaded from the web application. - ClassLoader original; - if (Globals.IS_SECURITY_ENABLED) { - PrivilegedGetTccl pa = new PrivilegedGetTccl(); - original = AccessController.doPrivileged(pa); - } else { - original = Thread.currentThread().getContextClassLoader(); - } + ClassLoader original = Thread.currentThread().getContextClassLoader(); try { - if (Globals.IS_SECURITY_ENABLED) { - PrivilegedSetTccl pa = - new PrivilegedSetTccl(DefaultServlet.class.getClassLoader()); - AccessController.doPrivileged(pa); - } else { - Thread.currentThread().setContextClassLoader( - DefaultServlet.class.getClassLoader()); - } + Thread.currentThread().setContextClassLoader(DefaultServlet.class.getClassLoader()); TransformerFactory tFactory = TransformerFactory.newInstance(); Source xmlSource = new StreamSource(new StringReader(sb.toString())); @@ -1743,12 +1727,7 @@ public class DefaultServlet extends HttpServlet { } catch (TransformerException e) { throw new ServletException(sm.getString("defaultServlet.xslError"), e); } finally { - if (Globals.IS_SECURITY_ENABLED) { - PrivilegedSetTccl pa = new PrivilegedSetTccl(original); - AccessController.doPrivileged(pa); - } else { - Thread.currentThread().setContextClassLoader(original); - } + Thread.currentThread().setContextClassLoader(original); } } diff --git a/java/org/apache/catalina/session/PersistentManagerBase.java b/java/org/apache/catalina/session/PersistentManagerBase.java index 2c5b01deb9..61f753d6f6 100644 --- a/java/org/apache/catalina/session/PersistentManagerBase.java +++ b/java/org/apache/catalina/session/PersistentManagerBase.java @@ -17,9 +17,6 @@ package org.apache.catalina.session; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; @@ -32,7 +29,6 @@ import org.apache.catalina.LifecycleState; import org.apache.catalina.Session; import org.apache.catalina.Store; import org.apache.catalina.StoreManager; -import org.apache.catalina.security.SecurityUtil; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; /** @@ -52,81 +48,6 @@ public abstract class PersistentManagerBase extends ManagerBase private final Log log = LogFactory.getLog(PersistentManagerBase.class); // must not be static - // ---------------------------------------------------- Security Classes - - private class PrivilegedStoreClear - implements PrivilegedExceptionAction<Void> { - - PrivilegedStoreClear() { - // NOOP - } - - @Override - public Void run() throws Exception{ - store.clear(); - return null; - } - } - - private class PrivilegedStoreRemove - implements PrivilegedExceptionAction<Void> { - - private String id; - - PrivilegedStoreRemove(String id) { - this.id = id; - } - - @Override - public Void run() throws Exception{ - store.remove(id); - return null; - } - } - - private class PrivilegedStoreLoad - implements PrivilegedExceptionAction<Session> { - - private String id; - - PrivilegedStoreLoad(String id) { - this.id = id; - } - - @Override - public Session run() throws Exception{ - return store.load(id); - } - } - - private class PrivilegedStoreSave - implements PrivilegedExceptionAction<Void> { - - private Session session; - - PrivilegedStoreSave(Session session) { - this.session = session; - } - - @Override - public Void run() throws Exception{ - store.save(session); - return null; - } - } - - private class PrivilegedStoreKeys - implements PrivilegedExceptionAction<String[]> { - - PrivilegedStoreKeys() { - // NOOP - } - - @Override - public String[] run() throws Exception{ - return store.keys(); - } - } // ----------------------------------------------------- Instance Variables @@ -404,15 +325,7 @@ public abstract class PersistentManagerBase extends ManagerBase } try { - if (SecurityUtil.isPackageProtectionEnabled()) { - try { - AccessController.doPrivileged(new PrivilegedStoreClear()); - } catch (PrivilegedActionException e) { - log.error(sm.getString("persistentManager.storeClearError"), e.getException()); - } - } else { - store.clear(); - } + store.clear(); } catch (IOException e) { log.error(sm.getString("persistentManager.storeClearError"), e); } @@ -536,17 +449,7 @@ public abstract class PersistentManagerBase extends ManagerBase String[] ids = null; try { - if (SecurityUtil.isPackageProtectionEnabled()) { - try { - ids = AccessController.doPrivileged(new PrivilegedStoreKeys()); - } catch (PrivilegedActionException e) { - log.error(sm.getString("persistentManager.storeLoadKeysError"), - e.getException()); - return; - } - } else { - ids = store.keys(); - } + ids = store.keys(); } catch (IOException e) { log.error(sm.getString("persistentManager.storeLoadKeysError"), e); return; @@ -596,15 +499,7 @@ public abstract class PersistentManagerBase extends ManagerBase */ protected void removeSession(String id){ try { - if (SecurityUtil.isPackageProtectionEnabled()) { - try { - AccessController.doPrivileged(new PrivilegedStoreRemove(id)); - } catch (PrivilegedActionException e) { - log.error(sm.getString("persistentManager.removeError"), e.getException()); - } - } else { - store.remove(id); - } + store.remove(id); } catch (IOException e) { log.error(sm.getString("persistentManager.removeError"), e); } @@ -768,11 +663,7 @@ public abstract class PersistentManagerBase extends ManagerBase private Session loadSessionFromStore(String id) throws IOException { try { - if (SecurityUtil.isPackageProtectionEnabled()){ - return securedStoreLoad(id); - } else { - return store.load(id); - } + return store.load(id); } catch (ClassNotFoundException e) { String msg = sm.getString( "persistentManager.deserializeError", id); @@ -782,25 +673,6 @@ public abstract class PersistentManagerBase extends ManagerBase } - private Session securedStoreLoad(String id) throws IOException, ClassNotFoundException { - try { - return AccessController.doPrivileged( - new PrivilegedStoreLoad(id)); - } catch (PrivilegedActionException ex) { - Exception e = ex.getException(); - log.error(sm.getString( - "persistentManager.swapInException", id), - e); - if (e instanceof IOException){ - throw (IOException)e; - } else if (e instanceof ClassNotFoundException) { - throw (ClassNotFoundException)e; - } - } - return null; - } - - /** * Remove the session from the Manager's list of active * sessions and write it out to the Store. If the session @@ -838,20 +710,7 @@ public abstract class PersistentManagerBase extends ManagerBase } try { - if (SecurityUtil.isPackageProtectionEnabled()){ - try{ - AccessController.doPrivileged(new PrivilegedStoreSave(session)); - }catch(PrivilegedActionException ex){ - Exception exception = ex.getException(); - if (exception instanceof IOException) { - throw (IOException) exception; - } - log.error(sm.getString("persistentManager.serializeError", - session.getIdInternal(), exception)); - } - } else { - store.save(session); - } + store.save(session); } catch (IOException e) { log.error(sm.getString("persistentManager.serializeError", session.getIdInternal(), e)); throw e; diff --git a/java/org/apache/catalina/session/StandardManager.java b/java/org/apache/catalina/session/StandardManager.java index ad3273c2dc..0201215305 100644 --- a/java/org/apache/catalina/session/StandardManager.java +++ b/java/org/apache/catalina/session/StandardManager.java @@ -25,9 +25,6 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.List; @@ -38,7 +35,6 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.LifecycleState; import org.apache.catalina.Loader; import org.apache.catalina.Session; -import org.apache.catalina.security.SecurityUtil; import org.apache.catalina.util.CustomObjectInputStream; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; @@ -60,38 +56,6 @@ public class StandardManager extends ManagerBase { private final Log log = LogFactory.getLog(StandardManager.class); // must not be static - // ---------------------------------------------------- Security Classes - - private class PrivilegedDoLoad - implements PrivilegedExceptionAction<Void> { - - PrivilegedDoLoad() { - // NOOP - } - - @Override - public Void run() throws Exception{ - doLoad(); - return null; - } - } - - private class PrivilegedDoUnload - implements PrivilegedExceptionAction<Void> { - - PrivilegedDoUnload() { - // NOOP - } - - @Override - public Void run() throws Exception{ - doUnload(); - return null; - } - - } - - // ----------------------------------------------------- Instance Variables /** @@ -144,36 +108,6 @@ public class StandardManager extends ManagerBase { @Override public void load() throws ClassNotFoundException, IOException { - if (SecurityUtil.isPackageProtectionEnabled()){ - try{ - AccessController.doPrivileged( new PrivilegedDoLoad() ); - } catch (PrivilegedActionException ex){ - Exception exception = ex.getException(); - if (exception instanceof ClassNotFoundException) { - throw (ClassNotFoundException)exception; - } else if (exception instanceof IOException) { - throw (IOException)exception; - } - if (log.isDebugEnabled()) { - log.debug("Unreported exception in load() ", exception); - } - } - } else { - doLoad(); - } - } - - - /** - * Load any currently active sessions that were previously unloaded - * to the appropriate persistence mechanism, if any. If persistence is not - * supported, this method returns without doing anything. - * - * @exception ClassNotFoundException if a serialized class cannot be - * found during the reload - * @exception IOException if an input/output error occurs - */ - protected void doLoad() throws ClassNotFoundException, IOException { if (log.isDebugEnabled()) { log.debug("Start: Loading persisted sessions"); } @@ -252,33 +186,6 @@ public class StandardManager extends ManagerBase { @Override public void unload() throws IOException { - if (SecurityUtil.isPackageProtectionEnabled()) { - try { - AccessController.doPrivileged(new PrivilegedDoUnload()); - } catch (PrivilegedActionException ex){ - Exception exception = ex.getException(); - if (exception instanceof IOException) { - throw (IOException)exception; - } - if (log.isDebugEnabled()) { - log.debug("Unreported exception in unLoad()", exception); - } - } - } else { - doUnload(); - } - } - - - /** - * Save any currently active sessions in the appropriate persistence - * mechanism, if any. If persistence is not supported, this method - * returns without doing anything. - * - * @exception IOException if an input/output error occurs - */ - protected void doUnload() throws IOException { - if (log.isDebugEnabled()) { log.debug(sm.getString("standardManager.unloading.debug")); } diff --git a/java/org/apache/catalina/session/StandardSession.java b/java/org/apache/catalina/session/StandardSession.java index b94a0ed4bd..bb02064506 100644 --- a/java/org/apache/catalina/session/StandardSession.java +++ b/java/org/apache/catalina/session/StandardSession.java @@ -24,9 +24,7 @@ import java.io.ObjectOutputStream; import java.io.ObjectStreamException; import java.io.Serializable; import java.io.WriteAbortedException; -import java.security.AccessController; import java.security.Principal; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; @@ -57,7 +55,6 @@ import org.apache.catalina.SessionEvent; import org.apache.catalina.SessionListener; import org.apache.catalina.TomcatPrincipal; import org.apache.catalina.authenticator.SavedRequest; -import org.apache.catalina.security.SecurityUtil; import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.res.StringManager; @@ -609,11 +606,7 @@ public class StandardSession implements HttpSession, Session, Serializable { @Override public HttpSession getSession() { if (facade == null) { - if (SecurityUtil.isPackageProtectionEnabled()) { - facade = AccessController.doPrivileged(new PrivilegedNewSessionFacade(this)); - } else { - facade = new StandardSessionFacade(this); - } + facade = new StandardSessionFacade(this); } return facade; } @@ -1787,20 +1780,4 @@ public class StandardSession implements HttpSession, Session, Serializable { } } } - - - private static class PrivilegedNewSessionFacade implements - PrivilegedAction<StandardSessionFacade> { - - private final HttpSession session; - - public PrivilegedNewSessionFacade(HttpSession session) { - this.session = session; - } - - @Override - public StandardSessionFacade run(){ - return new StandardSessionFacade(session); - } - } } \ No newline at end of file diff --git a/java/org/apache/catalina/startup/ClassLoaderFactory.java b/java/org/apache/catalina/startup/ClassLoaderFactory.java index 394e8a0606..b005335463 100644 --- a/java/org/apache/catalina/startup/ClassLoaderFactory.java +++ b/java/org/apache/catalina/startup/ClassLoaderFactory.java @@ -23,8 +23,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.net.URLClassLoader; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.LinkedHashSet; import java.util.List; import java.util.Locale; @@ -128,14 +126,11 @@ public final class ClassLoaderFactory { // Construct the class loader itself final URL[] array = set.toArray(new URL[0]); - return AccessController.doPrivileged( - (PrivilegedAction<URLClassLoader>) () -> { - if (parent == null) { - return new URLClassLoader(array); - } else { - return new URLClassLoader(array, parent); - } - }); + if (parent == null) { + return new URLClassLoader(array); + } else { + return new URLClassLoader(array, parent); + } } @@ -236,14 +231,11 @@ public final class ClassLoaderFactory { } } - return AccessController.doPrivileged( - (PrivilegedAction<URLClassLoader>) () -> { - if (parent == null) { - return new URLClassLoader(array); - } else { - return new URLClassLoader(array, parent); - } - }); + if (parent == null) { + return new URLClassLoader(array); + } else { + return new URLClassLoader(array, parent); + } } private static boolean validateFile(File file, --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org