[tomcat] branch main updated: Remove SecurityManager references from the o.a.t.utils package
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9c0682869d Remove SecurityManager references from the o.a.t.utils
package
9c0682869d is described below
commit 9c0682869d9bbbd124d8ad9c96b95ab57328ba11
Author: Mark Thomas
AuthorDate: Thu Jan 12 19:48:15 2023 +
Remove SecurityManager references from the o.a.t.utils package
---
.../apache/tomcat/dbcp/dbcp2/BasicDataSource.java | 39 ---
java/org/apache/tomcat/dbcp/dbcp2/Utils.java | 12 --
.../apache/tomcat/dbcp/pool2/impl/CallStack.java | 1 -
.../tomcat/dbcp/pool2/impl/CallStackUtils.java | 85 --
.../dbcp/pool2/impl/DefaultPooledObject.java | 8 +-
.../tomcat/dbcp/pool2/impl/EvictionTimer.java | 8 +-
.../dbcp/pool2/impl/SecurityManagerCallStack.java | 122 -
.../org/apache/tomcat/util/compat/JrePlatform.java | 10 +-
.../apache/tomcat/util/descriptor/Constants.java | 5 +-
.../tomcat/util/descriptor/tld/TldParser.java | 26 +
java/org/apache/tomcat/util/net/Constants.java | 2 -
.../tomcat/util/security/PrivilegedGetTccl.java| 28 -
.../PrivilegedSetAccessControlContext.java | 67 ---
.../tomcat/util/security/PrivilegedSetTccl.java| 41 ---
java/org/apache/tomcat/util/threads/Constants.java | 5 -
.../tomcat/util/threads/TaskThreadFactory.java | 26 +
.../tomcat/util/threads/ThreadPoolExecutor.java| 44
.../tomcat/websocket/AsyncChannelGroupUtil.java| 46 +---
.../apache/tomcat/jdbc/pool/ConnectionPool.java| 15 +--
19 files changed, 20 insertions(+), 570 deletions(-)
diff --git a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
index a9cf96761c..b3729e025c 100644
--- a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
+++ b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
@@ -19,9 +19,6 @@ package org.apache.tomcat.dbcp.dbcp2;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.Driver;
import java.sql.DriverManager;
@@ -73,30 +70,6 @@ public class BasicDataSource implements DataSource,
BasicDataSourceMXBean, MBean
static {
// Attempt to prevent deadlocks - see DBCP - 272
DriverManager.getDrivers();
-try {
-// Load classes now to prevent AccessControlExceptions later
-// A number of classes are loaded when getConnection() is called
-// but the following classes are not loaded and therefore require
-// explicit loading.
-if (Utils.isSecurityEnabled()) {
-final ClassLoader loader =
BasicDataSource.class.getClassLoader();
-final String dbcpPackageName =
BasicDataSource.class.getPackage().getName();
-loader.loadClass(dbcpPackageName +
".DelegatingCallableStatement");
-loader.loadClass(dbcpPackageName +
".DelegatingDatabaseMetaData");
-loader.loadClass(dbcpPackageName +
".DelegatingPreparedStatement");
-loader.loadClass(dbcpPackageName + ".DelegatingResultSet");
-loader.loadClass(dbcpPackageName +
".PoolableCallableStatement");
-loader.loadClass(dbcpPackageName +
".PoolablePreparedStatement");
-loader.loadClass(dbcpPackageName +
".PoolingConnection$StatementType");
-loader.loadClass(dbcpPackageName + ".PStmtKey");
-
-final String poolPackageName =
PooledObject.class.getPackage().getName();
-loader.loadClass(poolPackageName +
".impl.LinkedBlockingDeque$Node");
-loader.loadClass(poolPackageName +
".impl.GenericKeyedObjectPool$ObjectDeque");
-}
-} catch (final ClassNotFoundException cnfe) {
-throw new IllegalStateException("Unable to pre-load classes",
cnfe);
-}
}
/**
@@ -695,18 +668,6 @@ public class BasicDataSource implements DataSource,
BasicDataSourceMXBean, MBean
*/
@Override
public Connection getConnection() throws SQLException {
-if (Utils.isSecurityEnabled()) {
-final PrivilegedExceptionAction action = () ->
createDataSource().getConnection();
-try {
-return AccessController.doPrivileged(action);
-} catch (final PrivilegedActionException e) {
-final Throwable cause = e.getCause();
-if (cause instanceof SQLException) {
-throw (SQLException) cause;
-}
-throw new
[tomcat] branch main updated: Remove SecurityManager references from o.a.naming
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3bb830bfd0 Remove SecurityManager references from o.a.naming
3bb830bfd0 is described below
commit 3bb830bfd0485dc30722e5574604dc48affa8898
Author: Mark Thomas
AuthorDate: Thu Jan 12 19:24:32 2023 +
Remove SecurityManager references from o.a.naming
---
.../org/apache/naming/ContextAccessController.java | 6 --
.../apache/naming/factory/MailSessionFactory.java | 87 ++
.../apache/naming/factory/ResourceLinkFactory.java | 5 --
.../org/apache/naming/factory/SendMailFactory.java | 64 +++-
4 files changed, 66 insertions(+), 96 deletions(-)
diff --git a/java/org/apache/naming/ContextAccessController.java
b/java/org/apache/naming/ContextAccessController.java
index 0fad089be5..35112df149 100644
--- a/java/org/apache/naming/ContextAccessController.java
+++ b/java/org/apache/naming/ContextAccessController.java
@@ -49,12 +49,6 @@ public class ContextAccessController {
* @param token Security token
*/
public static void setSecurityToken(Object name, Object token) {
-SecurityManager sm = System.getSecurityManager();
-if (sm != null) {
-sm.checkPermission(new RuntimePermission(
-ContextAccessController.class.getName()
-+ ".setSecurityToken"));
-}
if ((!securityTokens.containsKey(name)) && (token != null)) {
securityTokens.put(name, token);
}
diff --git a/java/org/apache/naming/factory/MailSessionFactory.java
b/java/org/apache/naming/factory/MailSessionFactory.java
index 29c902fd23..70a8d2f266 100644
--- a/java/org/apache/naming/factory/MailSessionFactory.java
+++ b/java/org/apache/naming/factory/MailSessionFactory.java
@@ -16,8 +16,6 @@
*/
package org.apache.naming.factory;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Properties;
@@ -97,57 +95,48 @@ public class MailSessionFactory implements ObjectFactory {
return null;
}
-// Create a new Session inside a doPrivileged block, so that JavaMail
-// can read its default properties without throwing Security
-// exceptions.
-//
-// Bugzilla 31288, 33077: add support for authentication.
-return AccessController.doPrivileged((PrivilegedAction) () ->
{
-
-// Create the JavaMail properties we will use
-Properties props = new Properties();
-props.put("mail.transport.protocol", "smtp");
-props.put("mail.smtp.host", "localhost");
-
-String password = null;
-
-Enumeration attrs = ref.getAll();
-while (attrs.hasMoreElements()) {
-RefAddr attr = attrs.nextElement();
-if ("factory".equals(attr.getType())) {
-continue;
-}
-
-if ("password".equals(attr.getType())) {
-password = (String) attr.getContent();
-continue;
-}
-
-props.put(attr.getType(), attr.getContent());
+// Create the JavaMail properties we will use
+Properties props = new Properties();
+props.put("mail.transport.protocol", "smtp");
+props.put("mail.smtp.host", "localhost");
+
+String password = null;
+
+Enumeration attrs = ref.getAll();
+while (attrs.hasMoreElements()) {
+RefAddr attr = attrs.nextElement();
+if ("factory".equals(attr.getType())) {
+continue;
+}
+
+if ("password".equals(attr.getType())) {
+password = (String) attr.getContent();
+continue;
}
-Authenticator auth = null;
-if (password != null) {
-String user = props.getProperty("mail.smtp.user");
-if(user == null) {
-user = props.getProperty("mail.user");
-}
-
-if(user != null) {
-final PasswordAuthentication pa = new
PasswordAuthentication(user, password);
-auth = new Authenticator() {
-@Override
-protected PasswordAuthentication
getPasswordAuthentication() {
-return pa;
-}
-};
-}
+props.put(attr.getType(), attr.getContent());
+}
+
+Authenticator auth = null;
+if (password != null) {
+String user = props.getProperty("mail.smtp.user");
+if(user == null) {
+user =
[tomcat] branch main updated: Remove SecurityManager references from JULI
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0377504b83 Remove SecurityManager references from JULI
0377504b83 is described below
commit 0377504b8394bbed872e50112e4f7c6b920eb282
Author: Mark Thomas
AuthorDate: Thu Jan 12 19:21:14 2023 +
Remove SecurityManager references from JULI
---
java/org/apache/juli/ClassLoaderLogManager.java | 117 ++--
java/org/apache/juli/FileHandler.java | 21 +
2 files changed, 31 insertions(+), 107 deletions(-)
diff --git a/java/org/apache/juli/ClassLoaderLogManager.java
b/java/org/apache/juli/ClassLoaderLogManager.java
index b4ab262601..5fc80f62d1 100644
--- a/java/org/apache/juli/ClassLoaderLogManager.java
+++ b/java/org/apache/juli/ClassLoaderLogManager.java
@@ -18,15 +18,10 @@ package org.apache.juli;
import java.io.File;
import java.io.FileInputStream;
-import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLClassLoader;
-import java.security.AccessControlException;
-import java.security.AccessController;
-import java.security.Permission;
-import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
@@ -143,14 +138,7 @@ public class ClassLoaderLogManager extends LogManager {
// Apply initial level for new logger
final String levelString = getProperty(loggerName + ".level");
if (levelString != null) {
-try {
-AccessController.doPrivileged((PrivilegedAction) () -> {
-logger.setLevel(Level.parse(levelString.trim()));
-return null;
-});
-} catch (IllegalArgumentException e) {
-// Leave level set to null
-}
+logger.setLevel(Level.parse(levelString.trim()));
}
// Always instantiate parent loggers so that
@@ -168,7 +156,7 @@ public class ClassLoaderLogManager extends LogManager {
// Set parent logger
Logger parentLogger = node.findParentLogger();
if (parentLogger != null) {
-doSetParentLogger(logger, parentLogger);
+logger.setParent(parentLogger);
}
// Tell children we are their new parent
@@ -305,24 +293,14 @@ public class ClassLoaderLogManager extends LogManager {
}
@Override
-public void readConfiguration()
-throws IOException, SecurityException {
-
-checkAccess();
-
+public void readConfiguration() throws IOException, SecurityException {
readConfiguration(getClassLoader());
-
}
@Override
-public void readConfiguration(InputStream is)
-throws IOException, SecurityException {
-
-checkAccess();
+public void readConfiguration(InputStream is) throws IOException,
SecurityException {
reset();
-
readConfiguration(is, getClassLoader());
-
}
@Override
@@ -400,15 +378,11 @@ public class ClassLoaderLogManager extends LogManager {
}
ClassLoaderLogInfo info = classLoaderLoggers.get(classLoader);
if (info == null) {
-final ClassLoader classLoaderParam = classLoader;
-AccessController.doPrivileged((PrivilegedAction) () -> {
-try {
-readConfiguration(classLoaderParam);
-} catch (IOException e) {
-// Ignore
-}
-return null;
-});
+try {
+readConfiguration(classLoader);
+} catch (IOException e) {
+// Ignore
+}
info = classLoaderLoggers.get(classLoader);
}
return info;
@@ -427,45 +401,27 @@ public class ClassLoaderLogManager extends LogManager {
InputStream is = null;
// Special case for URL classloaders which are used in containers:
// only look in the local repositories to avoid redefining loggers 20
times
-try {
-if (classLoader instanceof WebappProperties) {
-if (((WebappProperties) classLoader).hasLoggingConfig()) {
-is = classLoader.getResourceAsStream("logging.properties");
+if (classLoader instanceof WebappProperties) {
+if (((WebappProperties) classLoader).hasLoggingConfig()) {
+is = classLoader.getResourceAsStream("logging.properties");
+}
+} else if (classLoader instanceof URLClassLoader) {
+URL logConfig =
((URLClassLoader)classLoader).findResource("logging.properties");
+
+if(null != logConfig) {
+if(Boolean.getBoolean(DEBUG_PROPERTY)) {
+System.err.println(getClass().getName()
[tomcat] branch main updated: Remove SecurityManager references from the o.a.elpackage
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e950ca41e0 Remove SecurityManager references from the o.a.elpackage
e950ca41e0 is described below
commit e950ca41e03353a753960230b488e9723c6f5782
Author: Mark Thomas
AuthorDate: Thu Jan 12 17:34:04 2023 +
Remove SecurityManager references from the o.a.elpackage
---
java/org/apache/el/lang/ELSupport.java | 24 ++-
java/org/apache/el/lang/ExpressionBuilder.java | 10 +-
java/org/apache/el/util/ReflectionUtil.java| 27 ++
java/org/apache/el/util/Validation.java| 20 +--
4 files changed, 6 insertions(+), 75 deletions(-)
diff --git a/java/org/apache/el/lang/ELSupport.java
b/java/org/apache/el/lang/ELSupport.java
index d07c9d6959..d5737db3c0 100644
--- a/java/org/apache/el/lang/ELSupport.java
+++ b/java/org/apache/el/lang/ELSupport.java
@@ -24,8 +24,6 @@ import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
import java.math.BigDecimal;
import java.math.BigInteger;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
@@ -47,21 +45,7 @@ public class ELSupport {
private static final Long ZERO = Long.valueOf(0L);
-protected static final boolean COERCE_TO_ZERO;
-
-static {
-String coerceToZeroStr;
-if (System.getSecurityManager() != null) {
-coerceToZeroStr = AccessController.doPrivileged(
-(PrivilegedAction) () -> System.getProperty(
-"org.apache.el.parser.COERCE_TO_ZERO", "false")
-);
-} else {
-coerceToZeroStr = System.getProperty(
-"org.apache.el.parser.COERCE_TO_ZERO", "false");
-}
-COERCE_TO_ZERO = Boolean.parseBoolean(coerceToZeroStr);
-}
+protected static final boolean COERCE_TO_ZERO =
Boolean.getBoolean("org.apache.el.parser.COERCE_TO_ZERO");
/**
@@ -639,11 +623,7 @@ public class ELSupport {
});
return result;
};
-if (System.getSecurityManager() != null) {
-return AccessController.doPrivileged((PrivilegedAction)
proxy::get);
-} else {
-return proxy.get();
-}
+return proxy.get();
}
diff --git a/java/org/apache/el/lang/ExpressionBuilder.java
b/java/org/apache/el/lang/ExpressionBuilder.java
index b03b78cbf3..2b7ab404d9 100644
--- a/java/org/apache/el/lang/ExpressionBuilder.java
+++ b/java/org/apache/el/lang/ExpressionBuilder.java
@@ -18,8 +18,6 @@ package org.apache.el.lang;
import java.io.StringReader;
import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import jakarta.el.ELContext;
import jakarta.el.ELException;
@@ -56,13 +54,7 @@ public final class ExpressionBuilder implements NodeVisitor {
"org.apache.el.ExpressionBuilder.CACHE_SIZE";
static {
-String cacheSizeStr;
-if (System.getSecurityManager() == null) {
-cacheSizeStr = System.getProperty(CACHE_SIZE_PROP, "5000");
-} else {
-cacheSizeStr = AccessController.doPrivileged(
-(PrivilegedAction) () ->
System.getProperty(CACHE_SIZE_PROP, "5000"));
-}
+String cacheSizeStr = System.getProperty(CACHE_SIZE_PROP, "5000");
CACHE_SIZE = Integer.parseInt(cacheSizeStr);
}
diff --git a/java/org/apache/el/util/ReflectionUtil.java
b/java/org/apache/el/util/ReflectionUtil.java
index fd6680dd8f..381937b01d 100644
--- a/java/org/apache/el/util/ReflectionUtil.java
+++ b/java/org/apache/el/util/ReflectionUtil.java
@@ -19,8 +19,6 @@ package org.apache.el.util;
import java.lang.reflect.Array;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@@ -59,10 +57,10 @@ public class ReflectionUtil {
if (c == null) {
if (name.endsWith("[]")) {
String nc = name.substring(0, name.length() - 2);
-c = Class.forName(nc, true, getContextClassLoader());
+c = Class.forName(nc, true,
Thread.currentThread().getContextClassLoader());
c = Array.newInstance(c, 0).getClass();
} else {
-c = Class.forName(name, true, getContextClassLoader());
+c = Class.forName(name, true,
Thread.currentThread().getContextClassLoader());
}
}
return c;
@@ -482,27 +480,6 @@ public class ReflectionUtil {
}
-private static ClassLoader
[tomcat] branch main updated: Remove SecurityManager references
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7fe4f498e7 Remove SecurityManager references
7fe4f498e7 is described below
commit 7fe4f498e7424ae75aef345ec9d247a0ef2a35c8
Author: Mark Thomas
AuthorDate: Thu Jan 12 17:29:39 2023 +
Remove SecurityManager references
---
java/org/apache/coyote/AsyncStateMachine.java | 31 ++
java/org/apache/coyote/Constants.java | 6
java/org/apache/coyote/http2/Stream.java | 46 +--
3 files changed, 4 insertions(+), 79 deletions(-)
diff --git a/java/org/apache/coyote/AsyncStateMachine.java
b/java/org/apache/coyote/AsyncStateMachine.java
index 472a48b18e..b400788831 100644
--- a/java/org/apache/coyote/AsyncStateMachine.java
+++ b/java/org/apache/coyote/AsyncStateMachine.java
@@ -16,16 +16,12 @@
*/
package org.apache.coyote;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.res.StringManager;
-import org.apache.tomcat.util.security.PrivilegedGetTccl;
-import org.apache.tomcat.util.security.PrivilegedSetTccl;
/**
* Manages the state transitions for async requests.
@@ -449,39 +445,18 @@ class AsyncStateMachine {
state == AsyncState.READ_WRITE_OP) {
// Execute the runnable using a container thread from the
// Connector's thread pool. Use a wrapper to prevent a memory leak
-ClassLoader oldCL;
-if (Constants.IS_SECURITY_ENABLED) {
-PrivilegedAction pa = new PrivilegedGetTccl();
-oldCL = AccessController.doPrivileged(pa);
-} else {
-oldCL = Thread.currentThread().getContextClassLoader();
-}
+ClassLoader oldCL = Thread.currentThread().getContextClassLoader();
try {
-if (Constants.IS_SECURITY_ENABLED) {
-PrivilegedAction pa = new PrivilegedSetTccl(
-this.getClass().getClassLoader());
-AccessController.doPrivileged(pa);
-} else {
-Thread.currentThread().setContextClassLoader(
-this.getClass().getClassLoader());
-}
-
+
Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
processor.execute(runnable);
} finally {
-if (Constants.IS_SECURITY_ENABLED) {
-PrivilegedAction pa = new PrivilegedSetTccl(
-oldCL);
-AccessController.doPrivileged(pa);
-} else {
-Thread.currentThread().setContextClassLoader(oldCL);
-}
+Thread.currentThread().setContextClassLoader(oldCL);
}
} else {
throw new IllegalStateException(
sm.getString("asyncStateMachine.invalidAsyncState",
"asyncRun()", state));
}
-
}
diff --git a/java/org/apache/coyote/Constants.java
b/java/org/apache/coyote/Constants.java
index a431968064..ac5dede33e 100644
--- a/java/org/apache/coyote/Constants.java
+++ b/java/org/apache/coyote/Constants.java
@@ -46,12 +46,6 @@ public final class Constants {
public static final int DEFAULT_CONNECTION_LINGER = -1;
public static final boolean DEFAULT_TCP_NO_DELAY = true;
-/**
- * Has security been turned on?
- */
-public static final boolean IS_SECURITY_ENABLED =
(System.getSecurityManager() != null);
-
-
/**
* The request attribute that is set to the value of {@code Boolean.TRUE}
* if connector processing this request supports use of sendfile.
diff --git a/java/org/apache/coyote/http2/Stream.java
b/java/org/apache/coyote/http2/Stream.java
index 9037d7d849..53850fc384 100644
--- a/java/org/apache/coyote/http2/Stream.java
+++ b/java/org/apache/coyote/http2/Stream.java
@@ -19,9 +19,6 @@ package org.apache.coyote.http2;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.HashSet;
import java.util.Locale;
@@ -795,7 +792,7 @@ class Stream extends AbstractNonZeroStream implements
HeaderEmitter {
request.getMimeHeaders().addValue(":authority").duplicate(request.serverName());
}
-push(handler, request, this);
+
