[tomcat] branch main updated: Remove SecurityManager references from the o.a.t.utils package
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 9c0682869d Remove SecurityManager references from the o.a.t.utils package 9c0682869d is described below commit 9c0682869d9bbbd124d8ad9c96b95ab57328ba11 Author: Mark Thomas AuthorDate: Thu Jan 12 19:48:15 2023 + Remove SecurityManager references from the o.a.t.utils package --- .../apache/tomcat/dbcp/dbcp2/BasicDataSource.java | 39 --- java/org/apache/tomcat/dbcp/dbcp2/Utils.java | 12 -- .../apache/tomcat/dbcp/pool2/impl/CallStack.java | 1 - .../tomcat/dbcp/pool2/impl/CallStackUtils.java | 85 -- .../dbcp/pool2/impl/DefaultPooledObject.java | 8 +- .../tomcat/dbcp/pool2/impl/EvictionTimer.java | 8 +- .../dbcp/pool2/impl/SecurityManagerCallStack.java | 122 - .../org/apache/tomcat/util/compat/JrePlatform.java | 10 +- .../apache/tomcat/util/descriptor/Constants.java | 5 +- .../tomcat/util/descriptor/tld/TldParser.java | 26 + java/org/apache/tomcat/util/net/Constants.java | 2 - .../tomcat/util/security/PrivilegedGetTccl.java| 28 - .../PrivilegedSetAccessControlContext.java | 67 --- .../tomcat/util/security/PrivilegedSetTccl.java| 41 --- java/org/apache/tomcat/util/threads/Constants.java | 5 - .../tomcat/util/threads/TaskThreadFactory.java | 26 + .../tomcat/util/threads/ThreadPoolExecutor.java| 44 .../tomcat/websocket/AsyncChannelGroupUtil.java| 46 +--- .../apache/tomcat/jdbc/pool/ConnectionPool.java| 15 +-- 19 files changed, 20 insertions(+), 570 deletions(-) diff --git a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java index a9cf96761c..b3729e025c 100644 --- a/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java +++ b/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java @@ -19,9 +19,6 @@ package org.apache.tomcat.dbcp.dbcp2; import java.io.OutputStreamWriter; import java.io.PrintWriter; import java.nio.charset.StandardCharsets; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.sql.Connection; import java.sql.Driver; import java.sql.DriverManager; @@ -73,30 +70,6 @@ public class BasicDataSource implements DataSource, BasicDataSourceMXBean, MBean static { // Attempt to prevent deadlocks - see DBCP - 272 DriverManager.getDrivers(); -try { -// Load classes now to prevent AccessControlExceptions later -// A number of classes are loaded when getConnection() is called -// but the following classes are not loaded and therefore require -// explicit loading. -if (Utils.isSecurityEnabled()) { -final ClassLoader loader = BasicDataSource.class.getClassLoader(); -final String dbcpPackageName = BasicDataSource.class.getPackage().getName(); -loader.loadClass(dbcpPackageName + ".DelegatingCallableStatement"); -loader.loadClass(dbcpPackageName + ".DelegatingDatabaseMetaData"); -loader.loadClass(dbcpPackageName + ".DelegatingPreparedStatement"); -loader.loadClass(dbcpPackageName + ".DelegatingResultSet"); -loader.loadClass(dbcpPackageName + ".PoolableCallableStatement"); -loader.loadClass(dbcpPackageName + ".PoolablePreparedStatement"); -loader.loadClass(dbcpPackageName + ".PoolingConnection$StatementType"); -loader.loadClass(dbcpPackageName + ".PStmtKey"); - -final String poolPackageName = PooledObject.class.getPackage().getName(); -loader.loadClass(poolPackageName + ".impl.LinkedBlockingDeque$Node"); -loader.loadClass(poolPackageName + ".impl.GenericKeyedObjectPool$ObjectDeque"); -} -} catch (final ClassNotFoundException cnfe) { -throw new IllegalStateException("Unable to pre-load classes", cnfe); -} } /** @@ -695,18 +668,6 @@ public class BasicDataSource implements DataSource, BasicDataSourceMXBean, MBean */ @Override public Connection getConnection() throws SQLException { -if (Utils.isSecurityEnabled()) { -final PrivilegedExceptionAction action = () -> createDataSource().getConnection(); -try { -return AccessController.doPrivileged(action); -} catch (final PrivilegedActionException e) { -final Throwable cause = e.getCause(); -if (cause instanceof SQLException) { -throw (SQLException) cause; -} -throw new
[tomcat] branch main updated: Remove SecurityManager references from o.a.naming
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 3bb830bfd0 Remove SecurityManager references from o.a.naming 3bb830bfd0 is described below commit 3bb830bfd0485dc30722e5574604dc48affa8898 Author: Mark Thomas AuthorDate: Thu Jan 12 19:24:32 2023 + Remove SecurityManager references from o.a.naming --- .../org/apache/naming/ContextAccessController.java | 6 -- .../apache/naming/factory/MailSessionFactory.java | 87 ++ .../apache/naming/factory/ResourceLinkFactory.java | 5 -- .../org/apache/naming/factory/SendMailFactory.java | 64 +++- 4 files changed, 66 insertions(+), 96 deletions(-) diff --git a/java/org/apache/naming/ContextAccessController.java b/java/org/apache/naming/ContextAccessController.java index 0fad089be5..35112df149 100644 --- a/java/org/apache/naming/ContextAccessController.java +++ b/java/org/apache/naming/ContextAccessController.java @@ -49,12 +49,6 @@ public class ContextAccessController { * @param token Security token */ public static void setSecurityToken(Object name, Object token) { -SecurityManager sm = System.getSecurityManager(); -if (sm != null) { -sm.checkPermission(new RuntimePermission( -ContextAccessController.class.getName() -+ ".setSecurityToken")); -} if ((!securityTokens.containsKey(name)) && (token != null)) { securityTokens.put(name, token); } diff --git a/java/org/apache/naming/factory/MailSessionFactory.java b/java/org/apache/naming/factory/MailSessionFactory.java index 29c902fd23..70a8d2f266 100644 --- a/java/org/apache/naming/factory/MailSessionFactory.java +++ b/java/org/apache/naming/factory/MailSessionFactory.java @@ -16,8 +16,6 @@ */ package org.apache.naming.factory; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Enumeration; import java.util.Hashtable; import java.util.Properties; @@ -97,57 +95,48 @@ public class MailSessionFactory implements ObjectFactory { return null; } -// Create a new Session inside a doPrivileged block, so that JavaMail -// can read its default properties without throwing Security -// exceptions. -// -// Bugzilla 31288, 33077: add support for authentication. -return AccessController.doPrivileged((PrivilegedAction) () -> { - -// Create the JavaMail properties we will use -Properties props = new Properties(); -props.put("mail.transport.protocol", "smtp"); -props.put("mail.smtp.host", "localhost"); - -String password = null; - -Enumeration attrs = ref.getAll(); -while (attrs.hasMoreElements()) { -RefAddr attr = attrs.nextElement(); -if ("factory".equals(attr.getType())) { -continue; -} - -if ("password".equals(attr.getType())) { -password = (String) attr.getContent(); -continue; -} - -props.put(attr.getType(), attr.getContent()); +// Create the JavaMail properties we will use +Properties props = new Properties(); +props.put("mail.transport.protocol", "smtp"); +props.put("mail.smtp.host", "localhost"); + +String password = null; + +Enumeration attrs = ref.getAll(); +while (attrs.hasMoreElements()) { +RefAddr attr = attrs.nextElement(); +if ("factory".equals(attr.getType())) { +continue; +} + +if ("password".equals(attr.getType())) { +password = (String) attr.getContent(); +continue; } -Authenticator auth = null; -if (password != null) { -String user = props.getProperty("mail.smtp.user"); -if(user == null) { -user = props.getProperty("mail.user"); -} - -if(user != null) { -final PasswordAuthentication pa = new PasswordAuthentication(user, password); -auth = new Authenticator() { -@Override -protected PasswordAuthentication getPasswordAuthentication() { -return pa; -} -}; -} +props.put(attr.getType(), attr.getContent()); +} + +Authenticator auth = null; +if (password != null) { +String user = props.getProperty("mail.smtp.user"); +if(user == null) { +user =
[tomcat] branch main updated: Remove SecurityManager references from JULI
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 0377504b83 Remove SecurityManager references from JULI 0377504b83 is described below commit 0377504b8394bbed872e50112e4f7c6b920eb282 Author: Mark Thomas AuthorDate: Thu Jan 12 19:21:14 2023 + Remove SecurityManager references from JULI --- java/org/apache/juli/ClassLoaderLogManager.java | 117 ++-- java/org/apache/juli/FileHandler.java | 21 + 2 files changed, 31 insertions(+), 107 deletions(-) diff --git a/java/org/apache/juli/ClassLoaderLogManager.java b/java/org/apache/juli/ClassLoaderLogManager.java index b4ab262601..5fc80f62d1 100644 --- a/java/org/apache/juli/ClassLoaderLogManager.java +++ b/java/org/apache/juli/ClassLoaderLogManager.java @@ -18,15 +18,10 @@ package org.apache.juli; import java.io.File; import java.io.FileInputStream; -import java.io.FilePermission; import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.net.URLClassLoader; -import java.security.AccessControlException; -import java.security.AccessController; -import java.security.Permission; -import java.security.PrivilegedAction; import java.util.Collections; import java.util.Enumeration; import java.util.HashMap; @@ -143,14 +138,7 @@ public class ClassLoaderLogManager extends LogManager { // Apply initial level for new logger final String levelString = getProperty(loggerName + ".level"); if (levelString != null) { -try { -AccessController.doPrivileged((PrivilegedAction) () -> { -logger.setLevel(Level.parse(levelString.trim())); -return null; -}); -} catch (IllegalArgumentException e) { -// Leave level set to null -} +logger.setLevel(Level.parse(levelString.trim())); } // Always instantiate parent loggers so that @@ -168,7 +156,7 @@ public class ClassLoaderLogManager extends LogManager { // Set parent logger Logger parentLogger = node.findParentLogger(); if (parentLogger != null) { -doSetParentLogger(logger, parentLogger); +logger.setParent(parentLogger); } // Tell children we are their new parent @@ -305,24 +293,14 @@ public class ClassLoaderLogManager extends LogManager { } @Override -public void readConfiguration() -throws IOException, SecurityException { - -checkAccess(); - +public void readConfiguration() throws IOException, SecurityException { readConfiguration(getClassLoader()); - } @Override -public void readConfiguration(InputStream is) -throws IOException, SecurityException { - -checkAccess(); +public void readConfiguration(InputStream is) throws IOException, SecurityException { reset(); - readConfiguration(is, getClassLoader()); - } @Override @@ -400,15 +378,11 @@ public class ClassLoaderLogManager extends LogManager { } ClassLoaderLogInfo info = classLoaderLoggers.get(classLoader); if (info == null) { -final ClassLoader classLoaderParam = classLoader; -AccessController.doPrivileged((PrivilegedAction) () -> { -try { -readConfiguration(classLoaderParam); -} catch (IOException e) { -// Ignore -} -return null; -}); +try { +readConfiguration(classLoader); +} catch (IOException e) { +// Ignore +} info = classLoaderLoggers.get(classLoader); } return info; @@ -427,45 +401,27 @@ public class ClassLoaderLogManager extends LogManager { InputStream is = null; // Special case for URL classloaders which are used in containers: // only look in the local repositories to avoid redefining loggers 20 times -try { -if (classLoader instanceof WebappProperties) { -if (((WebappProperties) classLoader).hasLoggingConfig()) { -is = classLoader.getResourceAsStream("logging.properties"); +if (classLoader instanceof WebappProperties) { +if (((WebappProperties) classLoader).hasLoggingConfig()) { +is = classLoader.getResourceAsStream("logging.properties"); +} +} else if (classLoader instanceof URLClassLoader) { +URL logConfig = ((URLClassLoader)classLoader).findResource("logging.properties"); + +if(null != logConfig) { +if(Boolean.getBoolean(DEBUG_PROPERTY)) { +System.err.println(getClass().getName()
[tomcat] branch main updated: Remove SecurityManager references from the o.a.elpackage
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new e950ca41e0 Remove SecurityManager references from the o.a.elpackage e950ca41e0 is described below commit e950ca41e03353a753960230b488e9723c6f5782 Author: Mark Thomas AuthorDate: Thu Jan 12 17:34:04 2023 + Remove SecurityManager references from the o.a.elpackage --- java/org/apache/el/lang/ELSupport.java | 24 ++- java/org/apache/el/lang/ExpressionBuilder.java | 10 +- java/org/apache/el/util/ReflectionUtil.java| 27 ++ java/org/apache/el/util/Validation.java| 20 +-- 4 files changed, 6 insertions(+), 75 deletions(-) diff --git a/java/org/apache/el/lang/ELSupport.java b/java/org/apache/el/lang/ELSupport.java index d07c9d6959..d5737db3c0 100644 --- a/java/org/apache/el/lang/ELSupport.java +++ b/java/org/apache/el/lang/ELSupport.java @@ -24,8 +24,6 @@ import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; import java.math.BigDecimal; import java.math.BigInteger; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Collections; import java.util.Map; import java.util.Set; @@ -47,21 +45,7 @@ public class ELSupport { private static final Long ZERO = Long.valueOf(0L); -protected static final boolean COERCE_TO_ZERO; - -static { -String coerceToZeroStr; -if (System.getSecurityManager() != null) { -coerceToZeroStr = AccessController.doPrivileged( -(PrivilegedAction) () -> System.getProperty( -"org.apache.el.parser.COERCE_TO_ZERO", "false") -); -} else { -coerceToZeroStr = System.getProperty( -"org.apache.el.parser.COERCE_TO_ZERO", "false"); -} -COERCE_TO_ZERO = Boolean.parseBoolean(coerceToZeroStr); -} +protected static final boolean COERCE_TO_ZERO = Boolean.getBoolean("org.apache.el.parser.COERCE_TO_ZERO"); /** @@ -639,11 +623,7 @@ public class ELSupport { }); return result; }; -if (System.getSecurityManager() != null) { -return AccessController.doPrivileged((PrivilegedAction) proxy::get); -} else { -return proxy.get(); -} +return proxy.get(); } diff --git a/java/org/apache/el/lang/ExpressionBuilder.java b/java/org/apache/el/lang/ExpressionBuilder.java index b03b78cbf3..2b7ab404d9 100644 --- a/java/org/apache/el/lang/ExpressionBuilder.java +++ b/java/org/apache/el/lang/ExpressionBuilder.java @@ -18,8 +18,6 @@ package org.apache.el.lang; import java.io.StringReader; import java.lang.reflect.Method; -import java.security.AccessController; -import java.security.PrivilegedAction; import jakarta.el.ELContext; import jakarta.el.ELException; @@ -56,13 +54,7 @@ public final class ExpressionBuilder implements NodeVisitor { "org.apache.el.ExpressionBuilder.CACHE_SIZE"; static { -String cacheSizeStr; -if (System.getSecurityManager() == null) { -cacheSizeStr = System.getProperty(CACHE_SIZE_PROP, "5000"); -} else { -cacheSizeStr = AccessController.doPrivileged( -(PrivilegedAction) () -> System.getProperty(CACHE_SIZE_PROP, "5000")); -} +String cacheSizeStr = System.getProperty(CACHE_SIZE_PROP, "5000"); CACHE_SIZE = Integer.parseInt(cacheSizeStr); } diff --git a/java/org/apache/el/util/ReflectionUtil.java b/java/org/apache/el/util/ReflectionUtil.java index fd6680dd8f..381937b01d 100644 --- a/java/org/apache/el/util/ReflectionUtil.java +++ b/java/org/apache/el/util/ReflectionUtil.java @@ -19,8 +19,6 @@ package org.apache.el.util; import java.lang.reflect.Array; import java.lang.reflect.Method; import java.lang.reflect.Modifier; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -59,10 +57,10 @@ public class ReflectionUtil { if (c == null) { if (name.endsWith("[]")) { String nc = name.substring(0, name.length() - 2); -c = Class.forName(nc, true, getContextClassLoader()); +c = Class.forName(nc, true, Thread.currentThread().getContextClassLoader()); c = Array.newInstance(c, 0).getClass(); } else { -c = Class.forName(name, true, getContextClassLoader()); +c = Class.forName(name, true, Thread.currentThread().getContextClassLoader()); } } return c; @@ -482,27 +480,6 @@ public class ReflectionUtil { } -private static ClassLoader
[tomcat] branch main updated: Remove SecurityManager references
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 7fe4f498e7 Remove SecurityManager references 7fe4f498e7 is described below commit 7fe4f498e7424ae75aef345ec9d247a0ef2a35c8 Author: Mark Thomas AuthorDate: Thu Jan 12 17:29:39 2023 + Remove SecurityManager references --- java/org/apache/coyote/AsyncStateMachine.java | 31 ++ java/org/apache/coyote/Constants.java | 6 java/org/apache/coyote/http2/Stream.java | 46 +-- 3 files changed, 4 insertions(+), 79 deletions(-) diff --git a/java/org/apache/coyote/AsyncStateMachine.java b/java/org/apache/coyote/AsyncStateMachine.java index 472a48b18e..b400788831 100644 --- a/java/org/apache/coyote/AsyncStateMachine.java +++ b/java/org/apache/coyote/AsyncStateMachine.java @@ -16,16 +16,12 @@ */ package org.apache.coyote; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.concurrent.atomic.AtomicLong; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState; import org.apache.tomcat.util.res.StringManager; -import org.apache.tomcat.util.security.PrivilegedGetTccl; -import org.apache.tomcat.util.security.PrivilegedSetTccl; /** * Manages the state transitions for async requests. @@ -449,39 +445,18 @@ class AsyncStateMachine { state == AsyncState.READ_WRITE_OP) { // Execute the runnable using a container thread from the // Connector's thread pool. Use a wrapper to prevent a memory leak -ClassLoader oldCL; -if (Constants.IS_SECURITY_ENABLED) { -PrivilegedAction pa = new PrivilegedGetTccl(); -oldCL = AccessController.doPrivileged(pa); -} else { -oldCL = Thread.currentThread().getContextClassLoader(); -} +ClassLoader oldCL = Thread.currentThread().getContextClassLoader(); try { -if (Constants.IS_SECURITY_ENABLED) { -PrivilegedAction pa = new PrivilegedSetTccl( -this.getClass().getClassLoader()); -AccessController.doPrivileged(pa); -} else { -Thread.currentThread().setContextClassLoader( -this.getClass().getClassLoader()); -} - + Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader()); processor.execute(runnable); } finally { -if (Constants.IS_SECURITY_ENABLED) { -PrivilegedAction pa = new PrivilegedSetTccl( -oldCL); -AccessController.doPrivileged(pa); -} else { -Thread.currentThread().setContextClassLoader(oldCL); -} +Thread.currentThread().setContextClassLoader(oldCL); } } else { throw new IllegalStateException( sm.getString("asyncStateMachine.invalidAsyncState", "asyncRun()", state)); } - } diff --git a/java/org/apache/coyote/Constants.java b/java/org/apache/coyote/Constants.java index a431968064..ac5dede33e 100644 --- a/java/org/apache/coyote/Constants.java +++ b/java/org/apache/coyote/Constants.java @@ -46,12 +46,6 @@ public final class Constants { public static final int DEFAULT_CONNECTION_LINGER = -1; public static final boolean DEFAULT_TCP_NO_DELAY = true; -/** - * Has security been turned on? - */ -public static final boolean IS_SECURITY_ENABLED = (System.getSecurityManager() != null); - - /** * The request attribute that is set to the value of {@code Boolean.TRUE} * if connector processing this request supports use of sendfile. diff --git a/java/org/apache/coyote/http2/Stream.java b/java/org/apache/coyote/http2/Stream.java index 9037d7d849..53850fc384 100644 --- a/java/org/apache/coyote/http2/Stream.java +++ b/java/org/apache/coyote/http2/Stream.java @@ -19,9 +19,6 @@ package org.apache.coyote.http2; import java.io.IOException; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.Collections; import java.util.HashSet; import java.util.Locale; @@ -795,7 +792,7 @@ class Stream extends AbstractNonZeroStream implements HeaderEmitter { request.getMimeHeaders().addValue(":authority").duplicate(request.serverName()); } -push(handler, request, this); +