This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new d9c1d8e253 Additional SecurityManagter related changes for o.a.el in the unit tests d9c1d8e253 is described below commit d9c1d8e253e995cc78136c3d69fc0fe8dfd1b399 Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jan 12 17:52:25 2023 +0000 Additional SecurityManagter related changes for o.a.el in the unit tests --- java/org/apache/jasper/Constants.java | 6 -- java/org/apache/jasper/EmbeddedServletOptions.java | 4 - java/org/apache/jasper/JspCompilationContext.java | 3 +- .../apache/jasper/compiler/ELFunctionMapper.java | 12 +-- .../apache/jasper/compiler/JspDocumentParser.java | 27 +---- .../apache/jasper/compiler/JspRuntimeContext.java | 115 -------------------- .../apache/jasper/compiler/TagPluginManager.java | 27 +---- java/org/apache/jasper/compiler/Validator.java | 5 +- java/org/apache/jasper/el/ELContextImpl.java | 45 +++----- .../jasper/resources/LocalStrings.properties | 1 - .../jasper/resources/LocalStrings_cs.properties | 1 - .../jasper/resources/LocalStrings_de.properties | 1 - .../jasper/resources/LocalStrings_es.properties | 1 - .../jasper/resources/LocalStrings_fr.properties | 1 - .../jasper/resources/LocalStrings_ja.properties | 1 - .../jasper/resources/LocalStrings_ko.properties | 1 - .../jasper/resources/LocalStrings_pt_BR.properties | 1 - .../jasper/resources/LocalStrings_zh_CN.properties | 1 - .../jasper/runtime/JspApplicationContextImpl.java | 10 +- java/org/apache/jasper/runtime/JspFactoryImpl.java | 117 +++------------------ .../apache/jasper/security/SecurityClassLoad.java | 64 ----------- java/org/apache/jasper/security/SecurityUtil.java | 41 -------- .../apache/jasper/servlet/JasperInitializer.java | 2 - java/org/apache/jasper/servlet/JasperLoader.java | 43 +------- java/org/apache/jasper/servlet/JspServlet.java | 25 +---- test/jakarta/el/TestBeanELResolver.java | 2 +- test/jakarta/el/TestMethodReference.java | 4 +- test/jakarta/el/TestResourceBundleELResolver.java | 2 +- test/org/apache/el/TestELEvaluation.java | 2 +- test/org/apache/el/TestExpressionFactory.java | 2 +- test/org/apache/el/TestMethodExpressionImpl.java | 2 +- test/org/apache/el/TestValueExpressionImpl.java | 18 ++-- test/org/apache/el/parser/TestELParser.java | 10 +- test/org/apache/el/util/TestReflectionUtil.java | 2 +- .../jasper/compiler/TestAttributeParser.java | 2 +- 35 files changed, 66 insertions(+), 535 deletions(-) diff --git a/java/org/apache/jasper/Constants.java b/java/org/apache/jasper/Constants.java index 7a5f736e8c..efed51e648 100644 --- a/java/org/apache/jasper/Constants.java +++ b/java/org/apache/jasper/Constants.java @@ -59,12 +59,6 @@ public class Constants { */ public static final int MAX_POOL_SIZE = 5; - /** - * Has security been turned on? - */ - public static final boolean IS_SECURITY_ENABLED = - (System.getSecurityManager() != null); - /** * Name of the system property containing * the tomcat product installation path diff --git a/java/org/apache/jasper/EmbeddedServletOptions.java b/java/org/apache/jasper/EmbeddedServletOptions.java index a0a88dea46..33156864f2 100644 --- a/java/org/apache/jasper/EmbeddedServletOptions.java +++ b/java/org/apache/jasper/EmbeddedServletOptions.java @@ -727,10 +727,6 @@ public final class EmbeddedServletOptions implements Options { * scratchdir */ String dir = config.getInitParameter("scratchdir"); - if (dir != null && Constants.IS_SECURITY_ENABLED) { - log.info(Localizer.getMessage("jsp.info.ignoreSetting", "scratchdir", dir)); - dir = null; - } if (dir != null) { scratchDir = new File(dir); } else { diff --git a/java/org/apache/jasper/JspCompilationContext.java b/java/org/apache/jasper/JspCompilationContext.java index 9876c56f93..6cedf2814d 100644 --- a/java/org/apache/jasper/JspCompilationContext.java +++ b/java/org/apache/jasper/JspCompilationContext.java @@ -178,8 +178,7 @@ public class JspCompilationContext { public ClassLoader getJspLoader() { if( jspLoader == null ) { - jspLoader = new JasperLoader(new URL[] {baseUrl}, getClassLoader(), - basePackageName, rctxt.getPermissionCollection()); + jspLoader = new JasperLoader(new URL[] {baseUrl}, getClassLoader(), basePackageName); } return jspLoader; } diff --git a/java/org/apache/jasper/compiler/ELFunctionMapper.java b/java/org/apache/jasper/compiler/ELFunctionMapper.java index a4ad003cee..37d25677cc 100644 --- a/java/org/apache/jasper/compiler/ELFunctionMapper.java +++ b/java/org/apache/jasper/compiler/ELFunctionMapper.java @@ -16,8 +16,6 @@ */ package org.apache.jasper.compiler; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -27,9 +25,7 @@ import java.util.Set; import jakarta.servlet.jsp.tagext.FunctionInfo; -import org.apache.jasper.Constants; import org.apache.jasper.JasperException; -import org.apache.tomcat.util.security.PrivilegedGetTccl; /** * This class generates functions mappers for the EL expressions in the page. @@ -303,13 +299,7 @@ public class ELFunctionMapper { private String getCanonicalName(String className) throws JasperException { Class<?> clazz; - ClassLoader tccl; - if (Constants.IS_SECURITY_ENABLED) { - PrivilegedAction<ClassLoader> pa = new PrivilegedGetTccl(); - tccl = AccessController.doPrivileged(pa); - } else { - tccl = Thread.currentThread().getContextClassLoader(); - } + ClassLoader tccl = Thread.currentThread().getContextClassLoader(); try { clazz = Class.forName(className, false, tccl); diff --git a/java/org/apache/jasper/compiler/JspDocumentParser.java b/java/org/apache/jasper/compiler/JspDocumentParser.java index f3ffe9bbbd..9a155e7e7e 100644 --- a/java/org/apache/jasper/compiler/JspDocumentParser.java +++ b/java/org/apache/jasper/compiler/JspDocumentParser.java @@ -19,7 +19,6 @@ package org.apache.jasper.compiler; import java.io.CharArrayWriter; import java.io.FileNotFoundException; import java.io.IOException; -import java.security.AccessController; import java.util.Collection; import javax.xml.parsers.SAXParser; @@ -36,8 +35,6 @@ import org.apache.tomcat.Jar; import org.apache.tomcat.util.descriptor.DigesterFactory; import org.apache.tomcat.util.descriptor.LocalResolver; import org.apache.tomcat.util.descriptor.tld.TldResourcePath; -import org.apache.tomcat.util.security.PrivilegedGetTccl; -import org.apache.tomcat.util.security.PrivilegedSetTccl; import org.xml.sax.Attributes; import org.xml.sax.InputSource; import org.xml.sax.Locator; @@ -1431,22 +1428,9 @@ class JspDocumentParser JspDocumentParser jspDocParser) throws Exception { - ClassLoader original; - if (Constants.IS_SECURITY_ENABLED) { - PrivilegedGetTccl pa = new PrivilegedGetTccl(); - original = AccessController.doPrivileged(pa); - } else { - original = Thread.currentThread().getContextClassLoader(); - } + ClassLoader original = Thread.currentThread().getContextClassLoader(); try { - if (Constants.IS_SECURITY_ENABLED) { - PrivilegedSetTccl pa = - new PrivilegedSetTccl(JspDocumentParser.class.getClassLoader()); - AccessController.doPrivileged(pa); - } else { - Thread.currentThread().setContextClassLoader( - JspDocumentParser.class.getClassLoader()); - } + Thread.currentThread().setContextClassLoader(JspDocumentParser.class.getClassLoader()); SAXParserFactory factory = SAXParserFactory.newInstance(); @@ -1476,12 +1460,7 @@ class JspDocumentParser return saxParser; } finally { - if (Constants.IS_SECURITY_ENABLED) { - PrivilegedSetTccl pa = new PrivilegedSetTccl(original); - AccessController.doPrivileged(pa); - } else { - Thread.currentThread().setContextClassLoader(original); - } + Thread.currentThread().setContextClassLoader(original); } } diff --git a/java/org/apache/jasper/compiler/JspRuntimeContext.java b/java/org/apache/jasper/compiler/JspRuntimeContext.java index 5069bf2a04..ed11a2d9f4 100644 --- a/java/org/apache/jasper/compiler/JspRuntimeContext.java +++ b/java/org/apache/jasper/compiler/JspRuntimeContext.java @@ -18,15 +18,9 @@ package org.apache.jasper.compiler; import java.io.File; import java.io.FileNotFoundException; -import java.io.FilePermission; -import java.io.IOException; import java.net.URISyntaxException; import java.net.URL; import java.net.URLClassLoader; -import java.security.CodeSource; -import java.security.PermissionCollection; -import java.security.Policy; -import java.security.cert.Certificate; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -36,7 +30,6 @@ import java.util.concurrent.atomic.AtomicInteger; import jakarta.servlet.ServletContext; import jakarta.servlet.ServletException; -import org.apache.jasper.Constants; import org.apache.jasper.JspCompilationContext; import org.apache.jasper.Options; import org.apache.jasper.runtime.ExceptionUtils; @@ -110,20 +103,9 @@ public final class JspRuntimeContext { classpath = initClassPath(); if (context instanceof org.apache.jasper.servlet.JspCServletContext) { - codeSource = null; - permissionCollection = null; return; } - if (Constants.IS_SECURITY_ENABLED) { - SecurityHolder holder = initSecurity(); - codeSource = holder.cs; - permissionCollection = holder.pc; - } else { - codeSource = null; - permissionCollection = null; - } - // If this web application context is running from a // directory, start the background compilation thread String appBase = context.getRealPath("/"); @@ -153,8 +135,6 @@ public final class JspRuntimeContext { private final ServletContext context; private final Options options; private final ClassLoader parentClassLoader; - private final PermissionCollection permissionCollection; - private final CodeSource codeSource; private final String classpath; private volatile long lastCompileCheck = -1L; private volatile long lastJspQueueUpdate = System.currentTimeMillis(); @@ -264,16 +244,6 @@ public final class JspRuntimeContext { return jsps.size(); } - /** - * Get the SecurityManager Policy CodeSource for this web - * application context. - * - * @return CodeSource for JSP - */ - public CodeSource getCodeSource() { - return codeSource; - } - /** * Get the parent ClassLoader. * @@ -283,16 +253,6 @@ public final class JspRuntimeContext { return parentClassLoader; } - /** - * Get the SecurityManager PermissionCollection for this - * web application context. - * - * @return PermissionCollection permissions - */ - public PermissionCollection getPermissionCollection() { - return permissionCollection; - } - /** * Process a "destroy" event for this web application context. */ @@ -490,81 +450,6 @@ public final class JspRuntimeContext { return path; } - /** - * Helper class to allow initSecurity() to return two items - */ - private static class SecurityHolder{ - private final CodeSource cs; - private final PermissionCollection pc; - private SecurityHolder(CodeSource cs, PermissionCollection pc){ - this.cs = cs; - this.pc = pc; - } - } - /** - * Method used to initialize SecurityManager data. - */ - private SecurityHolder initSecurity() { - - // Setup the PermissionCollection for this web app context - // based on the permissions configured for the root of the - // web app context directory, then add a file read permission - // for that directory. - Policy policy = Policy.getPolicy(); - CodeSource source = null; - PermissionCollection permissions = null; - if( policy != null ) { - try { - // Get the permissions for the web app context - String docBase = context.getRealPath("/"); - if( docBase == null ) { - docBase = options.getScratchDir().toString(); - } - String codeBase = docBase; - if (!codeBase.endsWith(File.separator)){ - codeBase = codeBase + File.separator; - } - File contextDir = new File(codeBase); - URL url = contextDir.getCanonicalFile().toURI().toURL(); - source = new CodeSource(url,(Certificate[])null); - permissions = policy.getPermissions(source); - - // Create a file read permission for web app context directory - if (!docBase.endsWith(File.separator)){ - permissions.add - (new FilePermission(docBase,"read")); - docBase = docBase + File.separator; - } else { - permissions.add - (new FilePermission - (docBase.substring(0,docBase.length() - 1),"read")); - } - docBase = docBase + "-"; - permissions.add(new FilePermission(docBase,"read")); - - // Spec says apps should have read/write for their temp - // directory. This is fine, as no security sensitive files, at - // least any that the app doesn't have full control of anyway, - // will be written here. - String workDir = options.getScratchDir().toString(); - if (!workDir.endsWith(File.separator)){ - permissions.add - (new FilePermission(workDir,"read,write")); - workDir = workDir + File.separator; - } - workDir = workDir + "-"; - permissions.add(new FilePermission( - workDir,"read,write,delete")); - - // Allow the JSP to access org.apache.jasper.runtime.HttpJspBase - permissions.add( new RuntimePermission( - "accessClassInPackage.org.apache.jasper.runtime") ); - } catch (RuntimeException | IOException e) { - context.log(Localizer.getMessage("jsp.error.security"), e); - } - } - return new SecurityHolder(source, permissions); - } private void unloadJspServletWrapper(JspServletWrapper jsw) { removeWrapper(jsw.getJspUri()); diff --git a/java/org/apache/jasper/compiler/TagPluginManager.java b/java/org/apache/jasper/compiler/TagPluginManager.java index 832f2f7732..a8a282be83 100644 --- a/java/org/apache/jasper/compiler/TagPluginManager.java +++ b/java/org/apache/jasper/compiler/TagPluginManager.java @@ -18,7 +18,6 @@ package org.apache.jasper.compiler; import java.io.IOException; import java.net.URL; -import java.security.AccessController; import java.util.Enumeration; import java.util.HashMap; import java.util.Map; @@ -30,8 +29,6 @@ import org.apache.jasper.JasperException; import org.apache.jasper.compiler.tagplugin.TagPlugin; import org.apache.jasper.compiler.tagplugin.TagPluginContext; import org.apache.tomcat.util.descriptor.tagplugin.TagPluginParser; -import org.apache.tomcat.util.security.PrivilegedGetTccl; -import org.apache.tomcat.util.security.PrivilegedSetTccl; import org.xml.sax.SAXException; /** @@ -76,22 +73,9 @@ public class TagPluginManager { } TagPluginParser parser; - ClassLoader original; - if (Constants.IS_SECURITY_ENABLED) { - PrivilegedGetTccl pa = new PrivilegedGetTccl(); - original = AccessController.doPrivileged(pa); - } else { - original = Thread.currentThread().getContextClassLoader(); - } + ClassLoader original = Thread.currentThread().getContextClassLoader(); try { - if (Constants.IS_SECURITY_ENABLED) { - PrivilegedSetTccl pa = - new PrivilegedSetTccl(TagPluginManager.class.getClassLoader()); - AccessController.doPrivileged(pa); - } else { - Thread.currentThread().setContextClassLoader( - TagPluginManager.class.getClassLoader()); - } + Thread.currentThread().setContextClassLoader(TagPluginManager.class.getClassLoader()); parser = new TagPluginParser(ctxt, blockExternal); @@ -109,12 +93,7 @@ public class TagPluginManager { } catch (IOException | SAXException e) { throw new JasperException(e); } finally { - if (Constants.IS_SECURITY_ENABLED) { - PrivilegedSetTccl pa = new PrivilegedSetTccl(original); - AccessController.doPrivileged(pa); - } else { - Thread.currentThread().setContextClassLoader(original); - } + Thread.currentThread().setContextClassLoader(original); } Map<String, String> plugins = parser.getPlugins(); diff --git a/java/org/apache/jasper/compiler/Validator.java b/java/org/apache/jasper/compiler/Validator.java index 249460d80f..cac77c3c73 100644 --- a/java/org/apache/jasper/compiler/Validator.java +++ b/java/org/apache/jasper/compiler/Validator.java @@ -1376,8 +1376,7 @@ class Validator { value, false, el, dynamic); if (el != null) { - ELContextImpl ctx = - new ELContextImpl(expressionFactory); + ELContextImpl ctx = new ELContextImpl(); ctx.setFunctionMapper(getFunctionMapper(el)); try { @@ -1579,7 +1578,7 @@ class Validator { validateFunctions(el, n); // test it out - ELContextImpl ctx = new ELContextImpl(expressionFactory); + ELContextImpl ctx = new ELContextImpl(); ctx.setFunctionMapper(this.getFunctionMapper(el)); ExpressionFactory ef = this.pageInfo.getExpressionFactory(); try { diff --git a/java/org/apache/jasper/el/ELContextImpl.java b/java/org/apache/jasper/el/ELContextImpl.java index 273c1f161b..7c5fb6c13b 100644 --- a/java/org/apache/jasper/el/ELContextImpl.java +++ b/java/org/apache/jasper/el/ELContextImpl.java @@ -26,7 +26,6 @@ import jakarta.el.CompositeELResolver; import jakarta.el.ELContext; import jakarta.el.ELManager; import jakarta.el.ELResolver; -import jakarta.el.ExpressionFactory; import jakarta.el.FunctionMapper; import jakarta.el.ListELResolver; import jakarta.el.MapELResolver; @@ -35,8 +34,6 @@ import jakarta.el.StaticFieldELResolver; import jakarta.el.ValueExpression; import jakarta.el.VariableMapper; -import org.apache.jasper.Constants; - /** * Implementation of ELContext * @@ -80,19 +77,15 @@ public class ELContextImpl extends ELContext { private static final ELResolver DefaultResolver; static { - if (Constants.IS_SECURITY_ENABLED) { - DefaultResolver = null; - } else { - DefaultResolver = new CompositeELResolver(); - ((CompositeELResolver) DefaultResolver).add( - ELManager.getExpressionFactory().getStreamELResolver()); - ((CompositeELResolver) DefaultResolver).add(new StaticFieldELResolver()); - ((CompositeELResolver) DefaultResolver).add(new MapELResolver()); - ((CompositeELResolver) DefaultResolver).add(new ResourceBundleELResolver()); - ((CompositeELResolver) DefaultResolver).add(new ListELResolver()); - ((CompositeELResolver) DefaultResolver).add(new ArrayELResolver()); - ((CompositeELResolver) DefaultResolver).add(new BeanELResolver()); - } + DefaultResolver = new CompositeELResolver(); + ((CompositeELResolver) DefaultResolver).add( + ELManager.getExpressionFactory().getStreamELResolver()); + ((CompositeELResolver) DefaultResolver).add(new StaticFieldELResolver()); + ((CompositeELResolver) DefaultResolver).add(new MapELResolver()); + ((CompositeELResolver) DefaultResolver).add(new ResourceBundleELResolver()); + ((CompositeELResolver) DefaultResolver).add(new ListELResolver()); + ((CompositeELResolver) DefaultResolver).add(new ArrayELResolver()); + ((CompositeELResolver) DefaultResolver).add(new BeanELResolver()); } private final ELResolver resolver; @@ -101,8 +94,8 @@ public class ELContextImpl extends ELContext { private VariableMapper variableMapper; - public ELContextImpl(ExpressionFactory factory) { - this(getDefaultResolver(factory)); + public ELContextImpl() { + this(getDefaultResolver()); } public ELContextImpl(ELResolver resolver) { @@ -135,19 +128,7 @@ public class ELContextImpl extends ELContext { this.variableMapper = variableMapper; } - public static ELResolver getDefaultResolver(ExpressionFactory factory) { - if (Constants.IS_SECURITY_ENABLED) { - CompositeELResolver defaultResolver = new CompositeELResolver(); - defaultResolver.add(factory.getStreamELResolver()); - defaultResolver.add(new StaticFieldELResolver()); - defaultResolver.add(new MapELResolver()); - defaultResolver.add(new ResourceBundleELResolver()); - defaultResolver.add(new ListELResolver()); - defaultResolver.add(new ArrayELResolver()); - defaultResolver.add(new BeanELResolver()); - return defaultResolver; - } else { - return DefaultResolver; - } + public static ELResolver getDefaultResolver() { + return DefaultResolver; } } diff --git a/java/org/apache/jasper/resources/LocalStrings.properties b/java/org/apache/jasper/resources/LocalStrings.properties index 7ade331ca3..9817f4a341 100644 --- a/java/org/apache/jasper/resources/LocalStrings.properties +++ b/java/org/apache/jasper/resources/LocalStrings.properties @@ -252,7 +252,6 @@ jsp.error.variable.either.name=Either name-given or name-from-attribute attribut jsp.error.xml.badStandardAction=Invalid standard action: [{0}] jsp.error.xml.bad_tag=No tag [{0}] defined in tag library associated with uri [{1}] jsp.exception=An exception occurred processing [{0}] at line [{1}] -jsp.info.ignoreSetting=Ignored setting for [{0}] of [{1}] because a SecurityManager was enabled jsp.message.dont.modify.servlets=IMPORTANT: Do not modify the generated servlets jsp.message.jsp_added=Adding JSP for path [{0}] to queue of context [{1}] jsp.message.jsp_queue_created=Created jsp queue with length [{0}] for context [{1}] diff --git a/java/org/apache/jasper/resources/LocalStrings_cs.properties b/java/org/apache/jasper/resources/LocalStrings_cs.properties index c5224d28d7..cfc53c63d4 100644 --- a/java/org/apache/jasper/resources/LocalStrings_cs.properties +++ b/java/org/apache/jasper/resources/LocalStrings_cs.properties @@ -55,7 +55,6 @@ jsp.error.unbalanced.endtag=Ukončovací tag "</{0}" inení symetrický jsp.error.unknown_attribute_type=Neznámý typ atributu [{1}] pro atribut [{0}]. jsp.error.variable.either.name=Direktiva proměnné musí specifikovat zadané jméno nebo jméno z atributu jsp.exception=Při zpracování se vyskytla výjimka [{0}] na řádku [{1}] -jsp.info.ignoreSetting=Ignorováno nastavení pro [{0}] z [{1}], protože byl aktivní SecurityManager jsp.message.jsp_queue_update=Aktualizuji JSP na cestě [{0}] ve frontě kontextu [{1}] jsp.message.jsp_removed_excess=Odstraňuji přístup JSP na cestě [{0}] pro frontu z kontextu [{1}] jsp.message.jsp_unload_check=Kontroluji JSP pro odebrání z kontextu [{0}], počet JSP: [{1}] délka fronty: [{2}] diff --git a/java/org/apache/jasper/resources/LocalStrings_de.properties b/java/org/apache/jasper/resources/LocalStrings_de.properties index aad46a9393..1d5f23bcf9 100644 --- a/java/org/apache/jasper/resources/LocalStrings_de.properties +++ b/java/org/apache/jasper/resources/LocalStrings_de.properties @@ -68,7 +68,6 @@ jsp.error.unavailable=JSP wurde als nicht verfügbar markiert jsp.error.unknown_attribute_type=Unbekannter Attributstyp [{1}] für Attribut [{0}]. jsp.error.xml.badStandardAction=Ungültige Standard Aktion: [{0}] jsp.exception=Beim Verarbeiten von [{0}] ist in Zeile [{1}] eine Ausnahme erzeugt worden -jsp.info.ignoreSetting=Ignoriere Einstellung für [{0}] von [{1}], da ein SecurityManager eingeschaltet war jsp.message.jsp_queue_update=Passe Queue im Kontext [{1}] für JSP mit Pfad [{0}] an jsp.message.jsp_removed_excess=Lösche überschüssige JSP für Pfad [{0}] aus der Warteschlange für Context [{1}] jsp.tldCache.tldInDir=TLD-Dateien wurden gefunden im Verzeichnis [{0}]. diff --git a/java/org/apache/jasper/resources/LocalStrings_es.properties b/java/org/apache/jasper/resources/LocalStrings_es.properties index 1fac658ba9..0235b22a0d 100644 --- a/java/org/apache/jasper/resources/LocalStrings_es.properties +++ b/java/org/apache/jasper/resources/LocalStrings_es.properties @@ -212,7 +212,6 @@ jsp.error.variable.either.name=O el atributo name-given o name-from-attribute de jsp.error.xml.badStandardAction=Acción estándar incorrecta: [{0}] jsp.error.xml.bad_tag=No se ha definido el tag [{0}] en la biblioteca tag asociada con uri [{1}] jsp.exception=Ha sucedido una excepción al procesar la página JSP [{0}] en línea [{1}] -jsp.info.ignoreSetting=Valor de configuración ignorado para [{0}] de [{1}] debido a que SecurityManager estaba habilitado jsp.message.dont.modify.servlets=IMPORTANTE: No modifique los servlets generados jsp.message.jsp_added=Añadiendo JSP para ruta [{0}] a cola de contexto [{1}] jsp.message.jsp_queue_created=Creada cola jsp con tamaño [{0}] para el contexto [{1}] diff --git a/java/org/apache/jasper/resources/LocalStrings_fr.properties b/java/org/apache/jasper/resources/LocalStrings_fr.properties index 070414d5cd..f92027acc1 100644 --- a/java/org/apache/jasper/resources/LocalStrings_fr.properties +++ b/java/org/apache/jasper/resources/LocalStrings_fr.properties @@ -252,7 +252,6 @@ jsp.error.variable.either.name=Un attribut "name-given" ou "name-from-attribute" jsp.error.xml.badStandardAction=Action standard invalide : [{0}] jsp.error.xml.bad_tag=Aucun tag [{0}] n''est défini dans la bibliothèque de tags associée à l''URI [{1}] jsp.exception=Une exception s''est produite lors du traitement de [{0}] à la ligne [{1}] -jsp.info.ignoreSetting=Le paramètre [{0}] avec valeur [{1}] a été ignoré parce que le gestionnaire de sécurité est activé jsp.message.dont.modify.servlets=IMPORTANT : Ne pas modifier les servlets générées jsp.message.jsp_added=Ajout du JSP au chemin [{0}] à la queue du contexte [{1}] jsp.message.jsp_queue_created=Création d''une queue de jsp avec une longueur de [{0}] pour le contexte [{1}] diff --git a/java/org/apache/jasper/resources/LocalStrings_ja.properties b/java/org/apache/jasper/resources/LocalStrings_ja.properties index ee7e163e36..8d5989c5bb 100644 --- a/java/org/apache/jasper/resources/LocalStrings_ja.properties +++ b/java/org/apache/jasper/resources/LocalStrings_ja.properties @@ -253,7 +253,6 @@ jsp.error.variable.either.name=name-givenまたはname-from-attribute属性の jsp.error.xml.badStandardAction=無効な標準アクションです: [{0}] jsp.error.xml.bad_tag=URI [{1}] に関連付けられたタグライブラリの中にはタグ [{0}] は定義されていません jsp.exception=[{0}] の処理中に行番号 [{1}] で例外が発生しました。 -jsp.info.ignoreSetting=SecurityManager が有効なため [{1}] の設定 [{0}] を無視しました jsp.message.dont.modify.servlets=重要: 生成されたサーブレットを変更してはいけません jsp.message.jsp_added=コンテキスト [{1}] のキューにパス [{0}] のJSPを追加しています jsp.message.jsp_queue_created=コンテキスト [{1}] の長さ [{0}] の作成されたJSPキュー diff --git a/java/org/apache/jasper/resources/LocalStrings_ko.properties b/java/org/apache/jasper/resources/LocalStrings_ko.properties index f4a3f69505..d3bfed46bb 100644 --- a/java/org/apache/jasper/resources/LocalStrings_ko.properties +++ b/java/org/apache/jasper/resources/LocalStrings_ko.properties @@ -250,7 +250,6 @@ jsp.error.variable.either.name=name-given 또는 name-from-attribute 속성 둘 jsp.error.xml.badStandardAction=유효하지 않은 표준 액션: [{0}] jsp.error.xml.bad_tag=URI [{1}]와(과) 연관된 태그 라이브러리 내에, 태그 [{0}]이(가) 정의되지 않았습니다. jsp.exception=행 [{1}]에서 [{0}]을(를) 처리하는 중 예외 발생 -jsp.info.ignoreSetting=SecurityManager가 사용 가능 상태로 설정되었기 때문에, [{1}]의 [{0}]을(를) 위한 설정은 무시됩니다. jsp.message.dont.modify.servlets=중요사항: 코드 생성된 서블릿들을 변경하지 마시오. jsp.message.jsp_added=컨텍스트 [{1}]의 큐에, 경로 [{0}]을(를) 위한 JSP를 추가합니다. jsp.message.jsp_queue_created=컨텍스트 [{1}]을(를) 위해 길이가 [{0}]인 JSP 큐를 생성했습니다. diff --git a/java/org/apache/jasper/resources/LocalStrings_pt_BR.properties b/java/org/apache/jasper/resources/LocalStrings_pt_BR.properties index 58de142979..dc8a2dde3c 100644 --- a/java/org/apache/jasper/resources/LocalStrings_pt_BR.properties +++ b/java/org/apache/jasper/resources/LocalStrings_pt_BR.properties @@ -24,7 +24,6 @@ jsp.error.prolog_pagedir_encoding_mismatch=O encoding de página especificado no jsp.error.taglibDirective.absUriCannotBeResolved=A uri absoluta [{0}] não pode ser resolvida pelo web.xml ou pelos arquivos jar instalados com esta aplicação jsp.error.tld.mandatory.element.missing=Elemento TLD mandatório [{0}] faltando ou vazio no TLD [{1}] jsp.error.unknown_attribute_type=Tipo de atributo [{1}] inválido para atributo [{0}] -jsp.info.ignoreSetting=Ignorada configuraçõ para [{0}] de [{1}] porque um SecurityManager foi habilitado jsp.message.jsp_removed_excess=Removendo excesso de JSP para o caminho [{0}] da fila de contexto [{1}]. jsp.warning.enablePooling=Aviso: valor inválido para o initParam enablePooling. Será usado o valor padrão "true" diff --git a/java/org/apache/jasper/resources/LocalStrings_zh_CN.properties b/java/org/apache/jasper/resources/LocalStrings_zh_CN.properties index 94583da6ec..8190078e18 100644 --- a/java/org/apache/jasper/resources/LocalStrings_zh_CN.properties +++ b/java/org/apache/jasper/resources/LocalStrings_zh_CN.properties @@ -251,7 +251,6 @@ jsp.error.variable.either.name=必须在变量指令中指定 name-given 或 nam jsp.error.xml.badStandardAction=无效、标准的action: [{0}] jsp.error.xml.bad_tag=在与uri[{1}]关联的标记库中未定义标记[{0}] jsp.exception=在 [{1}] 行处理 [{0}] 时发生异常 -jsp.info.ignoreSetting=因为 SecurityManager 被启用,忽略 [{1}] 的 [{0}] 的设置 jsp.message.dont.modify.servlets=重要提示:不要修改生成的servlet jsp.message.jsp_added=增加JSP 为路径[{0}]为上下文[{1}]的队列 jsp.message.jsp_queue_created=用长度[{0}]上下文[{1}]创建了jsp队列 diff --git a/java/org/apache/jasper/runtime/JspApplicationContextImpl.java b/java/org/apache/jasper/runtime/JspApplicationContextImpl.java index 82aa1abe22..ccc443fd74 100644 --- a/java/org/apache/jasper/runtime/JspApplicationContextImpl.java +++ b/java/org/apache/jasper/runtime/JspApplicationContextImpl.java @@ -16,8 +16,6 @@ */ package org.apache.jasper.runtime; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.List; @@ -31,7 +29,6 @@ import jakarta.servlet.ServletContext; import jakarta.servlet.jsp.JspApplicationContext; import jakarta.servlet.jsp.JspContext; -import org.apache.jasper.Constants; import org.apache.jasper.compiler.Localizer; import org.apache.jasper.el.ELContextImpl; import org.apache.jasper.el.JasperELResolver; @@ -88,12 +85,7 @@ public class JspApplicationContextImpl implements JspApplicationContext { // create ELContext for JspContext final ELResolver r = this.createELResolver(); - ELContextImpl ctx; - if (Constants.IS_SECURITY_ENABLED) { - ctx = AccessController.doPrivileged((PrivilegedAction<ELContextImpl>) () -> new ELContextImpl(r)); - } else { - ctx = new ELContextImpl(r); - } + ELContextImpl ctx = new ELContextImpl(r); ctx.putContext(JspContext.class, context); // alert all ELContextListeners diff --git a/java/org/apache/jasper/runtime/JspFactoryImpl.java b/java/org/apache/jasper/runtime/JspFactoryImpl.java index 6e288019de..db15ca1965 100644 --- a/java/org/apache/jasper/runtime/JspFactoryImpl.java +++ b/java/org/apache/jasper/runtime/JspFactoryImpl.java @@ -17,8 +17,6 @@ package org.apache.jasper.runtime; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import jakarta.servlet.Servlet; import jakarta.servlet.ServletContext; @@ -46,50 +44,6 @@ public class JspFactoryImpl extends JspFactory { ServletResponse response, String errorPageURL, boolean needsSession, int bufferSize, boolean autoflush) { - if( Constants.IS_SECURITY_ENABLED ) { - PrivilegedGetPageContext dp = new PrivilegedGetPageContext( - this, servlet, request, response, errorPageURL, - needsSession, bufferSize, autoflush); - return AccessController.doPrivileged(dp); - } else { - return internalGetPageContext(servlet, request, response, - errorPageURL, needsSession, - bufferSize, autoflush); - } - } - - @Override - public void releasePageContext(PageContext pc) { - if( pc == null ) { - return; - } - if( Constants.IS_SECURITY_ENABLED ) { - PrivilegedReleasePageContext dp = new PrivilegedReleasePageContext( - this,pc); - AccessController.doPrivileged(dp); - } else { - internalReleasePageContext(pc); - } - } - - @Override - public JspEngineInfo getEngineInfo() { - return new JspEngineInfo() { - @Override - public String getSpecificationVersion() { - return Constants.SPEC_VERSION; - } - }; - } - - public void setPoolSize(int poolSize) { - this.poolSize = poolSize; - } - - private PageContext internalGetPageContext(Servlet servlet, ServletRequest request, - ServletResponse response, String errorPageURL, boolean needsSession, - int bufferSize, boolean autoflush) { - PageContext pc; if (poolSize > 0) { PageContextPool pool = localPool.get(); @@ -116,62 +70,30 @@ public class JspFactoryImpl extends JspFactory { return pc; } - private void internalReleasePageContext(PageContext pc) { + @Override + public void releasePageContext(PageContext pc) { + if( pc == null ) { + return; + } + pc.release(); if (poolSize > 0 && (pc instanceof PageContextImpl)) { localPool.get().put(pc); } } - private static class PrivilegedGetPageContext - implements PrivilegedAction<PageContext> { - - private JspFactoryImpl factory; - private Servlet servlet; - private ServletRequest request; - private ServletResponse response; - private String errorPageURL; - private boolean needsSession; - private int bufferSize; - private boolean autoflush; - - PrivilegedGetPageContext(JspFactoryImpl factory, Servlet servlet, - ServletRequest request, ServletResponse response, String errorPageURL, - boolean needsSession, int bufferSize, boolean autoflush) { - this.factory = factory; - this.servlet = servlet; - this.request = request; - this.response = response; - this.errorPageURL = errorPageURL; - this.needsSession = needsSession; - this.bufferSize = bufferSize; - this.autoflush = autoflush; - } - - @Override - public PageContext run() { - return factory.internalGetPageContext(servlet, request, response, - errorPageURL, needsSession, bufferSize, autoflush); - } + @Override + public JspEngineInfo getEngineInfo() { + return new JspEngineInfo() { + @Override + public String getSpecificationVersion() { + return Constants.SPEC_VERSION; + } + }; } - private static class PrivilegedReleasePageContext - implements PrivilegedAction<Void> { - - private JspFactoryImpl factory; - private PageContext pageContext; - - PrivilegedReleasePageContext(JspFactoryImpl factory, - PageContext pageContext) { - this.factory = factory; - this.pageContext = pageContext; - } - - @Override - public Void run() { - factory.internalReleasePageContext(pageContext); - return null; - } + public void setPoolSize(int poolSize) { + this.poolSize = poolSize; } private static final class PageContextPool { @@ -205,11 +127,6 @@ public class JspFactoryImpl extends JspFactory { @Override public JspApplicationContext getJspApplicationContext( final ServletContext context) { - if (Constants.IS_SECURITY_ENABLED) { - return AccessController.doPrivileged( - (PrivilegedAction<JspApplicationContext>) () -> JspApplicationContextImpl.getInstance(context)); - } else { - return JspApplicationContextImpl.getInstance(context); - } + return JspApplicationContextImpl.getInstance(context); } } diff --git a/java/org/apache/jasper/security/SecurityClassLoad.java b/java/org/apache/jasper/security/SecurityClassLoad.java deleted file mode 100644 index 3642847fdc..0000000000 --- a/java/org/apache/jasper/security/SecurityClassLoad.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jasper.security; - -import org.apache.jasper.compiler.Localizer; -import org.apache.juli.logging.Log; -import org.apache.juli.logging.LogFactory; - -/** - * Static class used to preload java classes when using the - * Java SecurityManager so that the defineClassInPackage - * RuntimePermission does not trigger an AccessControlException. - */ -public final class SecurityClassLoad { - - public static void securityClassLoad(ClassLoader loader) { - - if (System.getSecurityManager() == null) { - return; - } - - final String basePackage = "org.apache.jasper."; - try { - // Ensure XMLInputFactory is loaded with Tomcat's class loader - loader.loadClass(basePackage + "compiler.EncodingDetector"); - - loader.loadClass(basePackage + "runtime.JspContextWrapper"); - loader.loadClass(basePackage + "runtime.JspFactoryImpl$PrivilegedGetPageContext"); - loader.loadClass(basePackage + "runtime.JspFactoryImpl$PrivilegedReleasePageContext"); - loader.loadClass(basePackage + "runtime.JspFragmentHelper"); - - Class<?> clazz = loader.loadClass(basePackage + "runtime.JspRuntimeLibrary"); - clazz.getConstructor().newInstance(); - - loader.loadClass(basePackage + "runtime.PageContextImpl"); - - loader.loadClass(basePackage + "runtime.ProtectedFunctionMapper"); - loader.loadClass(basePackage + "runtime.ServletResponseWrapperInclude"); - loader.loadClass(basePackage + "runtime.TagHandlerPool"); - - // Trigger loading of class and reading of property - SecurityUtil.isPackageProtectionEnabled(); - - loader.loadClass(basePackage + "servlet.JspServletWrapper"); - } catch (Exception ex) { - Log log = LogFactory.getLog(SecurityClassLoad.class); - log.error(Localizer.getMessage("jsp.error.securityPreload"), ex); - } - } -} diff --git a/java/org/apache/jasper/security/SecurityUtil.java b/java/org/apache/jasper/security/SecurityUtil.java deleted file mode 100644 index 5b6f69de64..0000000000 --- a/java/org/apache/jasper/security/SecurityUtil.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jasper.security; - -import org.apache.jasper.Constants; - -/** - * Util class for Security related operations. - */ - -public final class SecurityUtil{ - - private static final boolean packageDefinitionEnabled = - System.getProperty("package.definition") == null ? false : true; - - /** - * Return the <code>SecurityManager</code> only if Security is enabled AND - * package protection mechanism is enabled. - * @return <code>true</code> if package protection is enabled - */ - public static boolean isPackageProtectionEnabled(){ - if (packageDefinitionEnabled && Constants.IS_SECURITY_ENABLED){ - return true; - } - return false; - } -} diff --git a/java/org/apache/jasper/servlet/JasperInitializer.java b/java/org/apache/jasper/servlet/JasperInitializer.java index f444040ffa..a39f015348 100644 --- a/java/org/apache/jasper/servlet/JasperInitializer.java +++ b/java/org/apache/jasper/servlet/JasperInitializer.java @@ -28,7 +28,6 @@ import org.apache.jasper.Constants; import org.apache.jasper.compiler.Localizer; import org.apache.jasper.compiler.TldCache; import org.apache.jasper.runtime.JspFactoryImpl; -import org.apache.jasper.security.SecurityClassLoad; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.InstanceManager; @@ -49,7 +48,6 @@ public class JasperInitializer implements ServletContainerInitializer { */ static { JspFactoryImpl factory = new JspFactoryImpl(); - SecurityClassLoad.securityClassLoad(factory.getClass().getClassLoader()); if (JspFactory.getDefaultFactory() == null) { JspFactory.setDefaultFactory(factory); } diff --git a/java/org/apache/jasper/servlet/JasperLoader.java b/java/org/apache/jasper/servlet/JasperLoader.java index 2fda7a67b4..939a76004f 100644 --- a/java/org/apache/jasper/servlet/JasperLoader.java +++ b/java/org/apache/jasper/servlet/JasperLoader.java @@ -20,8 +20,6 @@ import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.net.URLClassLoader; -import java.security.CodeSource; -import java.security.PermissionCollection; /** * Class loader for loading servlet class files (corresponding to JSP files) @@ -32,15 +30,10 @@ import java.security.PermissionCollection; */ public class JasperLoader extends URLClassLoader { - private final PermissionCollection permissionCollection; - private final SecurityManager securityManager; private final String packageName; - public JasperLoader(URL[] urls, ClassLoader parent, - String packageName, PermissionCollection permissionCollection) { + public JasperLoader(URL[] urls, ClassLoader parent, String packageName) { super(urls, parent); - this.permissionCollection = permissionCollection; - this.securityManager = System.getSecurityManager(); this.packageName = packageName; } @@ -98,24 +91,6 @@ public class JasperLoader extends URLClassLoader { return clazz; } - // (.5) Permission to access this class when using a SecurityManager - if (securityManager != null) { - int dot = name.lastIndexOf('.'); - if (dot >= 0) { - try { - // Do not call the security manager since by default, we grant that package. - if (!"org.apache.jasper.runtime".equalsIgnoreCase(name.substring(0,dot))){ - securityManager.checkPackageAccess(name.substring(0,dot)); - } - } catch (SecurityException se) { - String error = "Security Violation, attempt to use " + - "Restricted Class: " + name; - se.printStackTrace(); - throw new ClassNotFoundException(error); - } - } - } - if( !name.startsWith(packageName + '.') ) { // Class is not in org.apache.jsp, therefore, have our // parent load it @@ -150,20 +125,4 @@ public class JasperLoader extends URLClassLoader { } return is; } - - - /** - * Get the Permissions for a CodeSource. - * - * Since this ClassLoader is only used for a JSP page in - * a web application context, we just return our preset - * PermissionCollection for the web app context. - * - * @param codeSource Code source where the code was loaded from - * @return PermissionCollection for CodeSource - */ - @Override - public final PermissionCollection getPermissions(CodeSource codeSource) { - return permissionCollection; - } } diff --git a/java/org/apache/jasper/servlet/JspServlet.java b/java/org/apache/jasper/servlet/JspServlet.java index c356082197..cdd6e6a52a 100644 --- a/java/org/apache/jasper/servlet/JspServlet.java +++ b/java/org/apache/jasper/servlet/JspServlet.java @@ -20,9 +20,6 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.lang.reflect.Constructor; import java.net.MalformedURLException; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import jakarta.servlet.RequestDispatcher; import jakarta.servlet.ServletConfig; @@ -32,13 +29,11 @@ import jakarta.servlet.http.HttpServlet; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import org.apache.jasper.Constants; import org.apache.jasper.EmbeddedServletOptions; import org.apache.jasper.Options; import org.apache.jasper.compiler.JspRuntimeContext; import org.apache.jasper.compiler.Localizer; import org.apache.jasper.runtime.ExceptionUtils; -import org.apache.jasper.security.SecurityUtil; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.PeriodicEventListener; @@ -89,11 +84,6 @@ public class JspServlet extends HttpServlet implements PeriodicEventListener { // Initialize the JSP Runtime Context // Check for a custom Options implementation String engineOptionsName = config.getInitParameter("engineOptionsClass"); - if (Constants.IS_SECURITY_ENABLED && engineOptionsName != null) { - log.info(Localizer.getMessage( - "jsp.info.ignoreSetting", "engineOptionsClass", engineOptionsName)); - engineOptionsName = null; - } if (engineOptionsName != null) { // Instantiate the indicated Options implementation try { @@ -126,22 +116,9 @@ public class JspServlet extends HttpServlet implements PeriodicEventListener { throw new ServletException(Localizer.getMessage("jsp.error.no.jsp", jspFile), e); } try { - if (SecurityUtil.isPackageProtectionEnabled()){ - AccessController.doPrivileged((PrivilegedExceptionAction<Object>) () -> { - serviceJspFile(null, null, jspFile, true); - return null; - }); - } else { - serviceJspFile(null, null, jspFile, true); - } + serviceJspFile(null, null, jspFile, true); } catch (IOException e) { throw new ServletException(Localizer.getMessage("jsp.error.precompilation", jspFile), e); - } catch (PrivilegedActionException e) { - Throwable t = e.getCause(); - if (t instanceof ServletException) { - throw (ServletException)t; - } - throw new ServletException(Localizer.getMessage("jsp.error.precompilation", jspFile), e); } } diff --git a/test/jakarta/el/TestBeanELResolver.java b/test/jakarta/el/TestBeanELResolver.java index f4eb5103ee..073ce4798e 100644 --- a/test/jakarta/el/TestBeanELResolver.java +++ b/test/jakarta/el/TestBeanELResolver.java @@ -41,7 +41,7 @@ public class TestBeanELResolver { @Test public void testBug53421() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); Bean bean = new Bean(); diff --git a/test/jakarta/el/TestMethodReference.java b/test/jakarta/el/TestMethodReference.java index c9b524f717..29845e87b4 100644 --- a/test/jakarta/el/TestMethodReference.java +++ b/test/jakarta/el/TestMethodReference.java @@ -29,7 +29,7 @@ public class TestMethodReference { public void testGetAnnotationInfo01() { // None ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBean bean = new TesterBean("myBean"); @@ -49,7 +49,7 @@ public class TestMethodReference { public void testGetAnnotationInfo02() { // @BeanProperty with defaults ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBean bean = new TesterBean("myBean"); diff --git a/test/jakarta/el/TestResourceBundleELResolver.java b/test/jakarta/el/TestResourceBundleELResolver.java index 5d0f9ff020..3732acb751 100644 --- a/test/jakarta/el/TestResourceBundleELResolver.java +++ b/test/jakarta/el/TestResourceBundleELResolver.java @@ -30,7 +30,7 @@ public class TestResourceBundleELResolver { @Test public void bug53001() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); ResourceBundle rb = new TesterResourceBundle(); diff --git a/test/org/apache/el/TestELEvaluation.java b/test/org/apache/el/TestELEvaluation.java index fe9e9d3386..eb036238f0 100644 --- a/test/org/apache/el/TestELEvaluation.java +++ b/test/org/apache/el/TestELEvaluation.java @@ -254,7 +254,7 @@ public class TestELEvaluation { private String evaluateExpression(String expression) { ExpressionFactoryImpl exprFactory = new ExpressionFactoryImpl(); - ELContextImpl ctx = new ELContextImpl(exprFactory); + ELContextImpl ctx = new ELContextImpl(); ctx.setFunctionMapper(new TesterFunctions.FMapper()); ValueExpression ve = exprFactory.createValueExpression(ctx, expression, String.class); diff --git a/test/org/apache/el/TestExpressionFactory.java b/test/org/apache/el/TestExpressionFactory.java index 3f7e2e7f4b..8df864603c 100644 --- a/test/org/apache/el/TestExpressionFactory.java +++ b/test/org/apache/el/TestExpressionFactory.java @@ -40,7 +40,7 @@ public class TestExpressionFactory { ExpressionFactory factory = ExpressionFactory.newInstance(); Assert.assertNotNull(factory); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); Assert.assertNotNull(context); factory.createValueExpression(context, "foo", null); diff --git a/test/org/apache/el/TestMethodExpressionImpl.java b/test/org/apache/el/TestMethodExpressionImpl.java index 2ad619e1ca..4575866012 100644 --- a/test/org/apache/el/TestMethodExpressionImpl.java +++ b/test/org/apache/el/TestMethodExpressionImpl.java @@ -43,7 +43,7 @@ public class TestMethodExpressionImpl { @Before public void setUp() { factory = ExpressionFactory.newInstance(); - context = new ELContextImpl(factory); + context = new ELContextImpl(); TesterBeanA beanA = new TesterBeanA(); beanA.setName("A"); diff --git a/test/org/apache/el/TestValueExpressionImpl.java b/test/org/apache/el/TestValueExpressionImpl.java index db966a08c6..b81ae5e76a 100644 --- a/test/org/apache/el/TestValueExpressionImpl.java +++ b/test/org/apache/el/TestValueExpressionImpl.java @@ -37,7 +37,7 @@ public class TestValueExpressionImpl { @Test public void testGetValueReference() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBeanB beanB = new TesterBeanB(); beanB.setName("Tomcat"); @@ -63,7 +63,7 @@ public class TestValueExpressionImpl { @Test public void testGetValueReferenceVariable() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBeanB beanB = new TesterBeanB(); beanB.setName("Tomcat"); @@ -91,7 +91,7 @@ public class TestValueExpressionImpl { @Test public void testBug49345() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBeanA beanA = new TesterBeanA(); TesterBeanB beanB = new TesterBeanB(); @@ -120,7 +120,7 @@ public class TestValueExpressionImpl { @Test public void testBug50105() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterEnum testEnum = TesterEnum.APPLE; @@ -143,7 +143,7 @@ public class TestValueExpressionImpl { @Test public void testBug51177ObjectMap() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); Object o1 = "String value"; Object o2 = Integer.valueOf(32); @@ -170,7 +170,7 @@ public class TestValueExpressionImpl { @Test public void testBug51177ObjectList() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); Object o1 = "String value"; Object o2 = Integer.valueOf(32); @@ -201,7 +201,7 @@ public class TestValueExpressionImpl { @Test public void testBug51544Bean() throws Exception { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBeanA beanA = new TesterBeanA(); beanA.setValList(Collections.emptyList()); @@ -224,7 +224,7 @@ public class TestValueExpressionImpl { @Test public void testBug51544Direct() throws Exception { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); List<?> list = Collections.emptyList(); @@ -243,7 +243,7 @@ public class TestValueExpressionImpl { @Test public void testBug56522SetNullValue() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBeanB beanB = new TesterBeanB(); beanB.setName("Tomcat"); diff --git a/test/org/apache/el/parser/TestELParser.java b/test/org/apache/el/parser/TestELParser.java index 23a0f964d2..dfbe757e82 100644 --- a/test/org/apache/el/parser/TestELParser.java +++ b/test/org/apache/el/parser/TestELParser.java @@ -64,7 +64,7 @@ public class TestELParser { @Test public void testJavaKeyWordSuffix() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBeanA beanA = new TesterBeanA(); beanA.setInt("five"); @@ -86,7 +86,7 @@ public class TestELParser { @Test public void testJavaKeyWordIdentifier() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBeanA beanA = new TesterBeanA(); beanA.setInt("five"); @@ -177,7 +177,7 @@ public class TestELParser { private void doTestBug56179(int parenthesesCount, String innerExpr) { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); ValueExpression var = factory.createValueExpression(Boolean.TRUE, Boolean.class); @@ -203,7 +203,7 @@ public class TestELParser { @Test public void bug56185() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); TesterBeanC beanC = new TesterBeanC(); ValueExpression var = @@ -222,7 +222,7 @@ public class TestELParser { private void testExpression(String expression, String expected) { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); ValueExpression ve = factory.createValueExpression( context, expression, String.class); diff --git a/test/org/apache/el/util/TestReflectionUtil.java b/test/org/apache/el/util/TestReflectionUtil.java index 4362fc255e..5d81babba7 100644 --- a/test/org/apache/el/util/TestReflectionUtil.java +++ b/test/org/apache/el/util/TestReflectionUtil.java @@ -70,7 +70,7 @@ public class TestReflectionUtil { @Test public void testStaticMethodOnInstance() { ExpressionFactory factory = ExpressionFactory.newInstance(); - ELContext context = new ELContextImpl(factory); + ELContext context = new ELContextImpl(); MethodExpression methodExpression = factory.createMethodExpression(context, "${\"1\".format(2)}", String.class, new Class<?>[] {}); diff --git a/test/org/apache/jasper/compiler/TestAttributeParser.java b/test/org/apache/jasper/compiler/TestAttributeParser.java index 7164628332..7fc0d29813 100644 --- a/test/org/apache/jasper/compiler/TestAttributeParser.java +++ b/test/org/apache/jasper/compiler/TestAttributeParser.java @@ -162,7 +162,7 @@ public class TestAttributeParser { private String evalAttr(String expression, char quote) { ExpressionFactoryImpl exprFactory = new ExpressionFactoryImpl(); - ELContextImpl ctx = new ELContextImpl(exprFactory); + ELContextImpl ctx = new ELContextImpl(); ctx.setFunctionMapper(new TesterFunctions.FMapper()); ValueExpression ve = exprFactory.createValueExpression(ctx, AttributeParser.getUnquoted(expression, quote, false, false, --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org