This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 6b95c3b0fa Remove more SecurityManager and related API references 6b95c3b0fa is described below commit 6b95c3b0fabb1ca290b72ec92ef29f14482a4c8a Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jan 12 14:21:11 2023 +0000 Remove more SecurityManager and related API references --- .../apache/catalina/loader/LocalStrings.properties | 1 - .../catalina/loader/LocalStrings_fr.properties | 1 - .../catalina/loader/LocalStrings_ja.properties | 1 - .../catalina/loader/LocalStrings_ko.properties | 1 - .../catalina/loader/LocalStrings_zh_CN.properties | 1 - .../catalina/loader/WebappClassLoaderBase.java | 228 +-------------------- java/org/apache/catalina/loader/WebappLoader.java | 41 ---- .../org/apache/tomcat/util/IntrospectionUtils.java | 35 +--- .../util/digester/EnvironmentPropertySource.java | 18 +- .../digester/ServiceBindingPropertySource.java | 26 +-- .../tomcat/util/digester/SystemPropertySource.java | 21 +- .../tomcat/util/security/PermissionCheck.java | 43 ---- 12 files changed, 18 insertions(+), 399 deletions(-) diff --git a/java/org/apache/catalina/loader/LocalStrings.properties b/java/org/apache/catalina/loader/LocalStrings.properties index b861f8b797..0b4792b4ba 100644 --- a/java/org/apache/catalina/loader/LocalStrings.properties +++ b/java/org/apache/catalina/loader/LocalStrings.properties @@ -45,7 +45,6 @@ webappClassLoader.readError=Resource read error: Could not load [{0}]. webappClassLoader.removeTransformer=Removed class file transformer [{0}] from web application [{1}]. webappClassLoader.resourceModified=Resource [{0}] has been modified. The last modified time was [{1}] and is now [{2}] webappClassLoader.restrictedPackage=Security violation, attempt to use restricted class [{0}] -webappClassLoader.securityException=Security exception trying to find class [{0}] in findClassInternal [{1}] webappClassLoader.stackTrace=The web application [{0}] appears to have started a thread named [{1}] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:{2} webappClassLoader.stackTraceRequestThread=The web application [{0}] is still processing a request that has yet to finish. This is very likely to create a memory leak. You can control the time allowed for requests to finish by using the unloadDelay attribute of the standard Context implementation. Stack trace of request processing thread:[{2}] webappClassLoader.stopThreadFail=Failed to terminate thread named [{0}] for web application [{1}] diff --git a/java/org/apache/catalina/loader/LocalStrings_fr.properties b/java/org/apache/catalina/loader/LocalStrings_fr.properties index 3a685eee4c..a360385b60 100644 --- a/java/org/apache/catalina/loader/LocalStrings_fr.properties +++ b/java/org/apache/catalina/loader/LocalStrings_fr.properties @@ -45,7 +45,6 @@ webappClassLoader.readError=Erreur lors de la lecture de la resource : impossibl webappClassLoader.removeTransformer=Enlevé le transformateur de fichiers de classe [{0}] de l''application web [{1}] webappClassLoader.resourceModified=La ressource [{0}] a été modifiée, la date de dernière modification était [{1}] et est désormais [{2}] webappClassLoader.restrictedPackage=Violation de sécurité en essayant d''utiliser à une classe à accès restreint [{0}] -webappClassLoader.securityException=Exception de sécurité en essayant de trouver la classe [{0}] dans findClassInternal [{1}] webappClassLoader.stackTrace=L''application web [{0}] semble avoir démarré un thread nommé [{1}] mais ne l''a pas arrêté, ce qui va probablement créer une fuite de mémoire ; la trace du thread est : {2} webappClassLoader.stackTraceRequestThread=Une requête de l''application web [{0}] est toujours en cours, ce qui causera certainement une fuite de mémoire, vous pouvez contrôler le temps alloué en utilisant l''attribut unloadDelay de l''implémentation standard de Context ; trace du fil d’exécution de la requête : [{2}] webappClassLoader.stopThreadFail=Impossible de terminer le thread nommé [{0}] pour l''application [{1}] diff --git a/java/org/apache/catalina/loader/LocalStrings_ja.properties b/java/org/apache/catalina/loader/LocalStrings_ja.properties index 96717e80b7..e64edd1fda 100644 --- a/java/org/apache/catalina/loader/LocalStrings_ja.properties +++ b/java/org/apache/catalina/loader/LocalStrings_ja.properties @@ -45,7 +45,6 @@ webappClassLoader.readError=リソース読み込みエラー: [{0}] が読み webappClassLoader.removeTransformer=クラスファイル変換器 [{0}] を Web アプリケーション [{1}] から削除しました。 webappClassLoader.resourceModified=リソース [{0}] は変更されています。直前の更新日時は [{1}]、最新の更新日時は [{2}] です。 webappClassLoader.restrictedPackage=セキュリティー違反。制限されたクラス [{0}] を使おうとしました。 -webappClassLoader.securityException=indClassInternal [{1}] でクラス [{0}] を検索中のセキュリティ例外です webappClassLoader.stackTrace=Webアプリケーション [{0}] は [{1}] という名前のスレッドを開始したようですが、停止に失敗しました。これはメモリリークを引き起こす可能性が非常に高いです。スレッドのスタックトレース: {2} webappClassLoader.stackTraceRequestThread=Webアプリケーション[{0}]はまだ完了していないリクエストを処理しています。 これはメモリリークを引き起こす可能性が非常に高いです。 リクエストの終了時間は、StandardContext実装のunloadDelay属性を使用して制御できます。 リクエスト処理スレッドのスタックトレース:[{2}] webappClassLoader.stopThreadFail=Web アプリケーション [{1}] のスレッド [{0}] は終了できません。 diff --git a/java/org/apache/catalina/loader/LocalStrings_ko.properties b/java/org/apache/catalina/loader/LocalStrings_ko.properties index 438086bbad..f7830e97d8 100644 --- a/java/org/apache/catalina/loader/LocalStrings_ko.properties +++ b/java/org/apache/catalina/loader/LocalStrings_ko.properties @@ -45,7 +45,6 @@ webappClassLoader.readError=리소스 읽기 오류 : [{0}]을(를) 로드할 webappClassLoader.removeTransformer=웹 애플리케이션 [{1}](으)로부터 클래스 파일 Transformer [{0}]을(를) 제거했습니다. webappClassLoader.resourceModified=리소스 [{0}]이(가) 변경된 적이 있습니다. 최종 변경 시간이 [{1}]이었는데, 이제 [{2}](으)로 바뀌었습니다. webappClassLoader.restrictedPackage=보안 위반 행위: 제한된 클래스 [{0}]을(를) 사용하려 시도했습니다. -webappClassLoader.securityException=findClassInternal에서, 클래스 [{0}]을(를) 찾으려 시도 중 보안 예외 발생: [{1}] webappClassLoader.stackTrace=웹 애플리케이션 [{0}]이(가) [{1}](이)라는 이름의 쓰레드를 시작시킨 것으로 보이지만, 해당 쓰레드를 중지시키지 못했습니다. 이는 메모리 누수를 유발할 가능성이 큽니다. 해당 쓰레드의 스택 트레이스:{2} webappClassLoader.stackTraceRequestThread=웹 애플리케이션 [{0}]이(가) 여전히 완료되지 않은 요청을 처리하고 있습니다. 이는 메모리 누수를 유발할 가능성이 높습니다. 표준 컨텍스트 구현의 unloadDelay 속성을 이용하여, 요청 완료 허용 시간을 통제할 수 있습니다. 요청 처리 쓰레드의 스택 트레이스:[{2}] webappClassLoader.stopThreadFail=웹 애플리케이션 [{1}]을 위한, [{0}](이)라는 이름의 쓰레드를 종료시키지 못했습니다. diff --git a/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties b/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties index 4661de714c..fb316bd2ab 100644 --- a/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties +++ b/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties @@ -45,7 +45,6 @@ webappClassLoader.readError=资源读取错误:不能加载 [{0}]. webappClassLoader.removeTransformer=已从web应用程序[{1}]中删除类文件转换器[{0}]。 webappClassLoader.resourceModified=资源[{0}]已被修改。上次修改时间是[{1}],现在是[{2}] webappClassLoader.restrictedPackage=安全冲突,尝试使用受限类[{0}] -webappClassLoader.securityException=尝试在findClassInternal[{1}]中查找类[{0}]时出现安全异常 webappClassLoader.stackTrace=Web应用程序[{0}]似乎启动了一个名为[{1}]的线程,但未能停止它。这很可能会造成内存泄漏。线程的堆栈跟踪:[{2}] webappClassLoader.stackTraceRequestThread=web应用程序[{0}]仍在处理一个尚未完成的请求。这很可能会造成内存泄漏。您可以使用标准上下文实现的unloadDelay属性来控制请求完成所允许的时间。请求处理线程的堆栈跟踪:[{2}] webappClassLoader.stopThreadFail=为web应用程序[{1}]终止线程[{0}]失败 diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java b/java/org/apache/catalina/loader/WebappClassLoaderBase.java index 6ba682b610..1de7b7ac73 100644 --- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java +++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java @@ -18,8 +18,6 @@ package org.apache.catalina.loader; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FilePermission; import java.io.IOException; import java.io.InputStream; import java.lang.instrument.ClassFileTransformer; @@ -28,16 +26,11 @@ import java.lang.ref.Reference; import java.lang.reflect.Field; import java.lang.reflect.InaccessibleObjectException; import java.lang.reflect.Method; -import java.net.URI; -import java.net.URISyntaxException; import java.net.URL; import java.net.URLClassLoader; -import java.security.AccessControlException; -import java.security.AccessController; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; -import java.security.Policy; import java.security.PrivilegedAction; import java.security.ProtectionDomain; import java.security.cert.Certificate; @@ -62,7 +55,6 @@ import java.util.jar.Attributes.Name; import java.util.jar.Manifest; import org.apache.catalina.Container; -import org.apache.catalina.Globals; import org.apache.catalina.Lifecycle; import org.apache.catalina.LifecycleException; import org.apache.catalina.LifecycleListener; @@ -78,7 +70,6 @@ import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.IntrospectionUtils; import org.apache.tomcat.util.compat.JreCompat; import org.apache.tomcat.util.res.StringManager; -import org.apache.tomcat.util.security.PermissionCheck; import org.apache.tomcat.util.threads.ThreadPoolExecutor; /** @@ -125,7 +116,7 @@ import org.apache.tomcat.util.threads.ThreadPoolExecutor; * @author Craig R. McClanahan */ public abstract class WebappClassLoaderBase extends URLClassLoader - implements Lifecycle, InstrumentableClassLoader, WebappProperties, PermissionCheck { + implements Lifecycle, InstrumentableClassLoader, WebappProperties { private static final Log log = LogFactory.getLog(WebappClassLoaderBase.class); @@ -224,11 +215,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader } } this.javaseClassLoader = j; - - securityManager = System.getSecurityManager(); - if (securityManager != null) { - refreshPolicy(); - } } @@ -259,11 +245,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader } } this.javaseClassLoader = j; - - securityManager = System.getSecurityManager(); - if (securityManager != null) { - refreshPolicy(); - } } @@ -315,12 +296,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader protected final HashMap<String, PermissionCollection> loaderPC = new HashMap<>(); - /** - * Instance of the SecurityManager installed. - */ - protected final SecurityManager securityManager; - - /** * The parent class loader. */ @@ -477,64 +452,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader } - /** - * If there is a Java SecurityManager create a read permission for the - * target of the given URL as appropriate. - * - * @param url URL for a file or directory on local system - */ - void addPermission(URL url) { - if (url == null) { - return; - } - if (securityManager != null) { - String protocol = url.getProtocol(); - if ("file".equalsIgnoreCase(protocol)) { - URI uri; - File f; - String path; - try { - uri = url.toURI(); - f = new File(uri); - path = f.getCanonicalPath(); - } catch (IOException | URISyntaxException e) { - log.warn(sm.getString( - "webappClassLoader.addPermissionNoCanonicalFile", - url.toExternalForm())); - return; - } - if (f.isFile()) { - // Allow the file to be read - addPermission(new FilePermission(path, "read")); - } else if (f.isDirectory()) { - addPermission(new FilePermission(path, "read")); - addPermission(new FilePermission( - path + File.separator + "-", "read")); - } else { - // File does not exist - ignore (shouldn't happen) - } - } else { - // Unsupported URL protocol - log.warn(sm.getString( - "webappClassLoader.addPermissionNoProtocol", - protocol, url.toExternalForm())); - } - } - } - - - /** - * If there is a Java SecurityManager create a Permission. - * - * @param permission The permission - */ - void addPermission(Permission permission) { - if ((securityManager != null) && (permission != null)) { - permissionList.add(permission); - } - } - - public boolean getClearReferencesRmiTargets() { return this.clearReferencesRmiTargets; } @@ -831,24 +748,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader checkStateForClassLoading(name); - // (1) Permission to define this class when using a SecurityManager - if (securityManager != null) { - int i = name.lastIndexOf('.'); - if (i >= 0) { - try { - if (log.isTraceEnabled()) { - log.trace(" securityManager.checkPackageDefinition"); - } - securityManager.checkPackageDefinition(name.substring(0,i)); - } catch (Exception se) { - if (log.isTraceEnabled()) { - log.trace(" -->Exception-->ClassNotFoundException", se); - } - throw new ClassNotFoundException(name, se); - } - } - } - // Ask our superclass to locate this class, if possible // (throws ClassNotFoundException if it is not found) Class<?> clazz = null; @@ -857,17 +756,7 @@ public abstract class WebappClassLoaderBase extends URLClassLoader log.trace(" findClassInternal(" + name + ")"); } try { - if (securityManager != null) { - PrivilegedAction<Class<?>> dp = - new PrivilegedFindClassByName(name); - clazz = AccessController.doPrivileged(dp); - } else { - clazz = findClassInternal(name); - } - } catch(AccessControlException ace) { - log.warn(sm.getString("webappClassLoader.securityException", name, - ace.getMessage()), ace); - throw new ClassNotFoundException(name, ace); + clazz = findClassInternal(name); } catch (RuntimeException e) { if (log.isTraceEnabled()) { log.trace(" -->RuntimeException Rethrown", e); @@ -877,10 +766,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader if ((clazz == null) && hasExternalRepositories) { try { clazz = super.findClass(name); - } catch(AccessControlException ace) { - log.warn(sm.getString("webappClassLoader.securityException", name, - ace.getMessage()), ace); - throw new ClassNotFoundException(name, ace); } catch (RuntimeException e) { if (log.isTraceEnabled()) { log.trace(" -->RuntimeException Rethrown", e); @@ -907,13 +792,7 @@ public abstract class WebappClassLoaderBase extends URLClassLoader } if (log.isTraceEnabled()) { - ClassLoader cl; - if (Globals.IS_SECURITY_ENABLED){ - cl = AccessController.doPrivileged( - new PrivilegedGetClassLoader(clazz)); - } else { - cl = clazz.getClassLoader(); - } + ClassLoader cl = clazz.getClassLoader(); log.debug(" Loaded by " + cl.toString()); } return clazz; @@ -1317,21 +1196,12 @@ public abstract class WebappClassLoaderBase extends URLClassLoader try { // Use getResource as it won't trigger an expensive // ClassNotFoundException if the resource is not available from - // the Java SE class loader. However (see - // https://bz.apache.org/bugzilla/show_bug.cgi?id=58125 for - // details) when running under a security manager in rare cases - // this call may trigger a ClassCircularityError. + // the Java SE class loader. // See https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 for // details of how this may trigger a StackOverflowError - // Given these reported errors, catch Throwable to ensure any - // other edge cases are also caught - URL url; - if (securityManager != null) { - PrivilegedAction<URL> dp = new PrivilegedJavaseGetResource(resourceName); - url = AccessController.doPrivileged(dp); - } else { - url = javaseLoader.getResource(resourceName); - } + // Given these reported errors, catch Throwable to ensure all + // edge cases are also caught + URL url = javaseLoader.getResource(resourceName); tryLoadingFromJavaseLoader = (url != null); } catch (Throwable t) { // Swallow all exceptions apart from those that must be re-thrown @@ -1356,20 +1226,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader } } - // (0.5) Permission to access this class when using a SecurityManager - if (securityManager != null) { - int i = name.lastIndexOf('.'); - if (i >= 0) { - try { - securityManager.checkPackageAccess(name.substring(0,i)); - } catch (SecurityException se) { - String error = sm.getString("webappClassLoader.restrictedPackage", name); - log.info(error, se); - throw new ClassNotFoundException(error, se); - } - } - } - boolean delegateLoad = delegate || filter(name, true); // (1) Delegate to our parent if requested @@ -1485,24 +1341,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader } - @Override - public boolean check(Permission permission) { - if (!Globals.IS_SECURITY_ENABLED) { - return true; - } - Policy currentPolicy = Policy.getPolicy(); - if (currentPolicy != null) { - URL contextRootUrl = resources.getResource("/").getCodeBase(); - CodeSource cs = new CodeSource(contextRootUrl, (Certificate[]) null); - PermissionCollection pc = currentPolicy.getPermissions(cs); - if (pc.implies(permission)) { - return true; - } - } - return false; - } - - /** * {@inheritDoc} * <p> @@ -2468,23 +2306,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader } } - if (securityManager != null) { - // Checking sealing - if (pkg != null) { - boolean sealCheck = true; - if (pkg.isSealed()) { - sealCheck = pkg.isSealed(codeBase); - } else { - sealCheck = (manifest == null) || !isPackageSealed(packageName, manifest); - } - if (!sealCheck) { - throw new SecurityException - ("Sealing violation loading " + name + " : Package " - + packageName + " is sealed."); - } - } - } - try { clazz = defineClass(name, binaryContent, 0, binaryContent.length, new CodeSource(codeBase, certificates)); @@ -2571,25 +2392,6 @@ public abstract class WebappClassLoaderBase extends URLClassLoader } - /** - * Refresh the system policy file, to pick up eventual changes. - */ - protected void refreshPolicy() { - - try { - // The policy file may have been modified to adjust - // permissions, so we're reloading it when loading or - // reloading a Context - Policy policy = Policy.getPolicy(); - policy.refresh(); - } catch (AccessControlException e) { - // Some policy files may restrict this, even for the core, - // so this exception is ignored - } - - } - - /** * Filter classes. * @@ -2741,21 +2543,7 @@ public abstract class WebappClassLoaderBase extends URLClassLoader @Override public boolean hasLoggingConfig() { - if (Globals.IS_SECURITY_ENABLED) { - Boolean result = AccessController.doPrivileged(new PrivilegedHasLoggingConfig()); - return result.booleanValue(); - } else { - return findResource("logging.properties") != null; - } - } - - - private class PrivilegedHasLoggingConfig implements PrivilegedAction<Boolean> { - - @Override - public Boolean run() { - return Boolean.valueOf(findResource("logging.properties") != null); - } + return findResource("logging.properties") != null; } diff --git a/java/org/apache/catalina/loader/WebappLoader.java b/java/org/apache/catalina/loader/WebappLoader.java index ae4f58523d..4e2e46c7d2 100644 --- a/java/org/apache/catalina/loader/WebappLoader.java +++ b/java/org/apache/catalina/loader/WebappLoader.java @@ -19,8 +19,6 @@ package org.apache.catalina.loader; import java.beans.PropertyChangeListener; import java.beans.PropertyChangeSupport; import java.io.File; -import java.io.FilePermission; -import java.io.IOException; import java.lang.reflect.Constructor; import java.net.URL; import java.net.URLClassLoader; @@ -373,8 +371,6 @@ public class WebappLoader extends LifecycleMBeanBase implements Loader{ // Configure our repositories setClassPath(); - setPermissions(); - classLoader.start(); String contextName = context.getName(); @@ -475,43 +471,6 @@ public class WebappLoader extends LifecycleMBeanBase implements Loader{ } - /** - * Configure associated class loader permissions. - */ - private void setPermissions() { - - if (!Globals.IS_SECURITY_ENABLED) { - return; - } - if (context == null) { - return; - } - - // Tell the class loader the root of the context - ServletContext servletContext = context.getServletContext(); - - // Assigning permissions for the work directory - File workDir = - (File) servletContext.getAttribute(ServletContext.TEMPDIR); - if (workDir != null) { - try { - String workDirPath = workDir.getCanonicalPath(); - classLoader.addPermission - (new FilePermission(workDirPath, "read,write")); - classLoader.addPermission - (new FilePermission(workDirPath + File.separator + "-", - "read,write,delete")); - } catch (IOException e) { - // Ignore - } - } - - for (URL url : context.getResources().getBaseUrls()) { - classLoader.addPermission(url); - } - } - - /** * Set the appropriate context attribute for our class path. This * is required only because Jasper depends on it. diff --git a/java/org/apache/tomcat/util/IntrospectionUtils.java b/java/org/apache/tomcat/util/IntrospectionUtils.java index c5da1b5f45..1bfd980bb0 100644 --- a/java/org/apache/tomcat/util/IntrospectionUtils.java +++ b/java/org/apache/tomcat/util/IntrospectionUtils.java @@ -27,7 +27,6 @@ import java.util.concurrent.ConcurrentHashMap; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.res.StringManager; -import org.apache.tomcat.util.security.PermissionCheck; /** * Utils for introspection and reflection @@ -334,14 +333,14 @@ public final class IntrospectionUtils { continue; } String n = value.substring(pos + 2, endName); - String v = getProperty(n, staticProp, dynamicProp, classLoader); + String v = getProperty(n, staticProp, dynamicProp); if (v == null) { // {name:default} int col = n.indexOf(":-"); if (col != -1) { String dV = n.substring(col + 2); n = n.substring(0, col); - v = getProperty(n, staticProp, dynamicProp, classLoader); + v = getProperty(n, staticProp, dynamicProp); if (v == null) { v = dV; } @@ -369,19 +368,14 @@ public final class IntrospectionUtils { return replaceProperties(newval, staticProp, dynamicProp, classLoader, iterationCount+1); } - private static String getProperty(String name, Hashtable<Object, Object> staticProp, - PropertySource[] dynamicProp, ClassLoader classLoader) { + private static String getProperty(String name, Hashtable<Object, Object> staticProp, PropertySource[] dynamicProp) { String v = null; if (staticProp != null) { v = (String) staticProp.get(name); } if (v == null && dynamicProp != null) { for (PropertySource propertySource : dynamicProp) { - if (propertySource instanceof SecurePropertySource) { - v = ((SecurePropertySource) propertySource).getProperty(name, classLoader); - } else { - v = propertySource.getProperty(name); - } + v = propertySource.getProperty(name); if (v != null) { break; } @@ -600,25 +594,4 @@ public final class IntrospectionUtils { public static interface PropertySource { public String getProperty(String key); } - - - public static interface SecurePropertySource extends PropertySource { - - /** - * Obtain a property value, checking that code associated with the - * provided class loader has permission to access the property. If the - * {@code classLoader} is {@code null} or if {@code classLoader} does - * not implement {@link PermissionCheck} then the property value will be - * looked up <b>without</b> a call to - * {@link PermissionCheck#check(java.security.Permission)} - * - * @param key The key of the requested property - * @param classLoader The class loader associated with the code that - * trigger the property lookup - * @return The property value or {@code null} if it could not be found - * or if {@link PermissionCheck#check(java.security.Permission)} - * fails - */ - public String getProperty(String key, ClassLoader classLoader); - } } diff --git a/java/org/apache/tomcat/util/digester/EnvironmentPropertySource.java b/java/org/apache/tomcat/util/digester/EnvironmentPropertySource.java index 6b4138c9eb..f7de712685 100644 --- a/java/org/apache/tomcat/util/digester/EnvironmentPropertySource.java +++ b/java/org/apache/tomcat/util/digester/EnvironmentPropertySource.java @@ -16,13 +16,10 @@ */ package org.apache.tomcat.util.digester; -import java.security.Permission; - import org.apache.tomcat.util.IntrospectionUtils; -import org.apache.tomcat.util.security.PermissionCheck; /** - * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource} + * A {@link org.apache.tomcat.util.IntrospectionUtils.PropertySource} * that uses environment variables to resolve expressions. * * <p><strong>Usage example:</strong></p> @@ -58,21 +55,10 @@ import org.apache.tomcat.util.security.PermissionCheck; * * @see <a href="https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html#Property_replacements">Tomcat Configuration Reference System Properties</a> */ -public class EnvironmentPropertySource implements IntrospectionUtils.SecurePropertySource { +public class EnvironmentPropertySource implements IntrospectionUtils.PropertySource { @Override public String getProperty(String key) { - return null; - } - - @Override - public String getProperty(String key, ClassLoader classLoader) { - if (classLoader instanceof PermissionCheck) { - Permission p = new RuntimePermission("getenv." + key, null); - if (!((PermissionCheck) classLoader).check(p)) { - return null; - } - } return System.getenv(key); } } diff --git a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java index c6b7b6ae12..fb332bd8b2 100644 --- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java +++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java @@ -16,18 +16,15 @@ */ package org.apache.tomcat.util.digester; -import java.io.FilePermission; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.security.Permission; import org.apache.tomcat.util.IntrospectionUtils; -import org.apache.tomcat.util.security.PermissionCheck; /** - * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource} + * A {@link org.apache.tomcat.util.IntrospectionUtils.PropertySource} * that uses Kubernetes service bindings to resolve expressions. * * <p><strong>Usage example:</strong></p> @@ -73,25 +70,12 @@ import org.apache.tomcat.util.security.PermissionCheck; * @see <a href="https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html#Property_replacements">Tomcat * Configuration Reference System Properties</a> */ -public class ServiceBindingPropertySource implements IntrospectionUtils.SecurePropertySource { +public class ServiceBindingPropertySource implements IntrospectionUtils.PropertySource { private static final String SERVICE_BINDING_ROOT_ENV_VAR = "SERVICE_BINDING_ROOT"; @Override public String getProperty(String key) { - return null; - } - - @Override - public String getProperty(String key, ClassLoader classLoader) { - // can we determine the service binding root - if (classLoader instanceof PermissionCheck) { - Permission p = new RuntimePermission("getenv." + SERVICE_BINDING_ROOT_ENV_VAR, null); - if (!((PermissionCheck) classLoader).check(p)) { - return null; - } - } - // get the root to search from String serviceBindingRoot = System.getenv(SERVICE_BINDING_ROOT_ENV_VAR); if (serviceBindingRoot == null) { @@ -106,12 +90,6 @@ public class ServiceBindingPropertySource implements IntrospectionUtils.SecurePr Path path = Paths.get(serviceBindingRoot, parts[0], parts[1]); try { - if (classLoader instanceof PermissionCheck) { - Permission p = new FilePermission(path.toString(), "read"); - if (!((PermissionCheck) classLoader).check(p)) { - return null; - } - } return new String(Files.readAllBytes(path)); } catch (IOException e) { return null; diff --git a/java/org/apache/tomcat/util/digester/SystemPropertySource.java b/java/org/apache/tomcat/util/digester/SystemPropertySource.java index 49fc765f44..fa42a097e5 100644 --- a/java/org/apache/tomcat/util/digester/SystemPropertySource.java +++ b/java/org/apache/tomcat/util/digester/SystemPropertySource.java @@ -16,36 +16,19 @@ */ package org.apache.tomcat.util.digester; -import java.security.Permission; -import java.util.PropertyPermission; - import org.apache.tomcat.util.IntrospectionUtils; -import org.apache.tomcat.util.security.PermissionCheck; /** - * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource} + * A {@link org.apache.tomcat.util.IntrospectionUtils.PropertySource} * that uses system properties to resolve expressions. * This property source is always active by default. * * @see Digester */ -public class SystemPropertySource implements IntrospectionUtils.SecurePropertySource { +public class SystemPropertySource implements IntrospectionUtils.PropertySource { @Override public String getProperty(String key) { - // For backward compatibility - return getProperty(key, null); - } - - @Override - public String getProperty(String key, ClassLoader classLoader) { - if (classLoader instanceof PermissionCheck) { - Permission p = new PropertyPermission(key, "read"); - if (!((PermissionCheck) classLoader).check(p)) { - return null; - } - } return System.getProperty(key); } - } diff --git a/java/org/apache/tomcat/util/security/PermissionCheck.java b/java/org/apache/tomcat/util/security/PermissionCheck.java deleted file mode 100644 index c2a9b86cbd..0000000000 --- a/java/org/apache/tomcat/util/security/PermissionCheck.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.tomcat.util.security; - -import java.security.Permission; - -/** - * This interface is implemented by components to enable privileged code to - * check whether the component has a given permission. - * This is typically used when a privileged component (e.g. the container) is - * performing an action on behalf of an untrusted component (e.g. a web - * application) without the current thread having passed through a code source - * provided by the untrusted component. Because the current thread has not - * passed through a code source provided by the untrusted component the - * SecurityManager assumes the code is trusted so the standard checking - * mechanisms can't be used. - */ -public interface PermissionCheck { - - /** - * Does this component have the given permission? - * - * @param permission The permission to test - * - * @return {@code false} if a SecurityManager is enabled and the component - * does not have the given permission, otherwise {@code true} - */ - boolean check(Permission permission); -} --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org