[tomcat] branch main updated: More SecurityManager clean-up
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new ea94837028 More SecurityManager clean-up ea94837028 is described below commit ea94837028bba83137160b90f255be4aa29f7c70 Author: Mark Thomas AuthorDate: Thu Jan 19 17:27:37 2023 + More SecurityManager clean-up --- webapps/docs/config/cluster-manager.xml | 14 -- webapps/docs/config/manager.xml | 26 ++ webapps/docs/security-howto.xml | 13 + 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/webapps/docs/config/cluster-manager.xml b/webapps/docs/config/cluster-manager.xml index 7d742cbe5f..99bc181985 100644 --- a/webapps/docs/config/cluster-manager.xml +++ b/webapps/docs/config/cluster-manager.xml @@ -180,9 +180,7 @@ length or null, all attributes are eligible for replication. The pattern is anchored so the fully qualified class name must fully match the pattern. If not specified, the default value of -null will be used unless a SecurityManager is -enabled in which case the default will be -java\\.lang\\.(?:Boolean|Integer|Long|Number|String). +null will be used. When this node sends a GET_ALL_SESSIONS message to other @@ -201,8 +199,7 @@ attribute, should this be logged at WARN level? If WARN level logging is disabled then it will be logged at DEBUG. The default value of this attribute is -false unless a SecurityManager is enabled in -which case the default will be true. +false. @@ -245,9 +242,7 @@ length or null, all attributes are eligible for replication. The pattern is anchored so the fully qualified class name must fully match the pattern. If not specified, the default value of -null will be used unless a SecurityManager is -enabled in which case the default will be -java\\.lang\\.(?:Boolean|Integer|Long|Number|String). +null will be used. Set to true if you wish to terminate replication map when replication @@ -262,8 +257,7 @@ attribute, should this be logged at WARN level? If WARN level logging is disabled then it will be logged at DEBUG. The default value of this attribute is -false unless a SecurityManager is enabled in -which case the default will be true. +false. The timeout for a ping message. If a remote map does not respond within diff --git a/webapps/docs/config/manager.xml b/webapps/docs/config/manager.xml index 93489f8f9c..1b7e0b9169 100644 --- a/webapps/docs/config/manager.xml +++ b/webapps/docs/config/manager.xml @@ -154,9 +154,9 @@ Please note that the session's Principal class as well as its descendant classes are all subject to the sessionAttributeValueClassNameFilter. If such a filter -is specified or a SecurityManager is enabled, the names of -the Principal class and descendant classes must match that -filter pattern in order to be restored. +is specified the names of the Principal class and +descendant classes must match that filter pattern in order to be +restored. @@ -213,9 +213,7 @@ length or null, all attributes are eligible for distribution. The pattern is anchored so the fully qualified class name must fully match the pattern. If not specified, the default value of -null will be used unless a SecurityManager is -enabled in which case the default will be - java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;. +null will be used. @@ -224,8 +222,7 @@ attribute, should this be logged at WARN level? If WARN level logging is disabled then it will be logged at DEBUG. The default value of this attribute is -false unless a SecurityManager is enabled in -which case the default will be true. +false. @@ -296,9 +293,9 @@ Please note that the session's Principal class as well as its descendant classes are all subject to the sessionAttributeValueClassNameFilter. If such a filter -is specified or a SecurityManager is enabled, the names of -the Principal class and descendant classes must match that -filter pattern in order to be restored. +is specified the names of the Principal class and +descendant classes must match that filter pattern in order to be +restored. @@ -351,9 +348,7 @@ length or null, all attributes are eligible
[tomcat] branch main updated: More SecurityManager clean-up
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 8613da855d More SecurityManager clean-up
8613da855d is described below
commit 8613da855d3639c7feb2c27b547a173193ae4602
Author: Mark Thomas
AuthorDate: Thu Jan 12 16:18:32 2023 +
More SecurityManager clean-up
---
.../catalina/core/DefaultInstanceManager.java | 4 +--
.../catalina/deploy/NamingResourcesImpl.java | 4 +--
.../apache/catalina/startup/WebAnnotationSet.java | 4 +--
.../membership/cloud/CloudMembershipProvider.java | 4 +--
.../catalina/tribes/transport/ReceiverBase.java| 3 +-
.../catalina/tribes/util/TcclThreadFactory.java| 21 ++--
java/org/apache/catalina/util/Introspection.java | 38 --
7 files changed, 10 insertions(+), 68 deletions(-)
diff --git a/java/org/apache/catalina/core/DefaultInstanceManager.java
b/java/org/apache/catalina/core/DefaultInstanceManager.java
index 7c196970b2..859043ae9c 100644
--- a/java/org/apache/catalina/core/DefaultInstanceManager.java
+++ b/java/org/apache/catalina/core/DefaultInstanceManager.java
@@ -304,7 +304,7 @@ public class DefaultInstanceManager implements
InstanceManager {
}
// Initialize methods annotations
-Method[] methods = Introspection.getDeclaredMethods(clazz);
+Method[] methods = clazz.getDeclaredMethods();
Method postConstruct = null;
String postConstructFromXml =
postConstructMethods.get(clazz.getName());
Method preDestroy = null;
@@ -395,7 +395,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (context != null) {
// Initialize fields annotations for resource injection if
// JNDI is enabled
-Field[] fields = Introspection.getDeclaredFields(clazz);
+Field[] fields = clazz.getDeclaredFields();
for (Field field : fields) {
Resource resourceAnnotation;
Annotation ejbAnnotation;
diff --git a/java/org/apache/catalina/deploy/NamingResourcesImpl.java
b/java/org/apache/catalina/deploy/NamingResourcesImpl.java
index 1000fc5846..37f90217e2 100644
--- a/java/org/apache/catalina/deploy/NamingResourcesImpl.java
+++ b/java/org/apache/catalina/deploy/NamingResourcesImpl.java
@@ -1238,7 +1238,7 @@ public class NamingResourcesImpl extends
LifecycleMBeanBase
}
private Class getSetterType(Class clazz, String name) {
-Method[] methods = Introspection.getDeclaredMethods(clazz);
+Method[] methods = clazz.getDeclaredMethods();
if (methods != null && methods.length > 0) {
for (Method method : methods) {
if (Introspection.isValidSetter(method) &&
@@ -1251,7 +1251,7 @@ public class NamingResourcesImpl extends
LifecycleMBeanBase
}
private Class getFieldType(Class clazz, String name) {
-Field[] fields = Introspection.getDeclaredFields(clazz);
+Field[] fields = clazz.getDeclaredFields();
if (fields != null && fields.length > 0) {
for (Field field : fields) {
if (field.getName().equals(name)) {
diff --git a/java/org/apache/catalina/startup/WebAnnotationSet.java
b/java/org/apache/catalina/startup/WebAnnotationSet.java
index 99e67143b4..e6459094c0 100644
--- a/java/org/apache/catalina/startup/WebAnnotationSet.java
+++ b/java/org/apache/catalina/startup/WebAnnotationSet.java
@@ -269,7 +269,7 @@ public class WebAnnotationSet {
protected static void loadFieldsAnnotation(Context context, Class
clazz) {
// Initialize the annotations
-Field[] fields = Introspection.getDeclaredFields(clazz);
+Field[] fields = clazz.getDeclaredFields();
if (fields != null && fields.length > 0) {
for (Field field : fields) {
Resource annotation = field.getAnnotation(Resource.class);
@@ -285,7 +285,7 @@ public class WebAnnotationSet {
protected static void loadMethodsAnnotation(Context context, Class
clazz) {
// Initialize the annotations
-Method[] methods = Introspection.getDeclaredMethods(clazz);
+Method[] methods = clazz.getDeclaredMethods();
if (methods != null && methods.length > 0) {
for (Method method : methods) {
Resource annotation = method.getAnnotation(Resource.class);
diff --git
a/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipProvider.java
b/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipProvider.java
index 8bab726f87..6b8fdf9cdf 100644
---
a/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipProvider.java
+++
