Author: kkolinko
Date: Mon Jan 8 10:42:12 2018
New Revision: 1820546
URL: http://svn.apache.org/viewvc?rev=1820546&view=rev
Log:
Use a loop to preload anonymous inner classes, to be safe for future changes in
the code or using a different compiler..
https://bz.apache.org/bugzilla/show_bug.cgi?id=47214
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/tc8.5.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1820546&r1=1820545&r2=1820546&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
Mon Jan 8 10:42:12 2018
@@ -61,9 +61,7 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "AsyncContextImpl$DebugException");
loader.loadClass(basePackage + "AsyncListenerWrapper");
loader.loadClass(basePackage + "ContainerBase$PrivilegedAddChild");
- loader.loadClass(basePackage + "DefaultInstanceManager$1");
- loader.loadClass(basePackage + "DefaultInstanceManager$2");
- loader.loadClass(basePackage + "DefaultInstanceManager$3");
+ loadAnonymousInnerClasses(loader, basePackage +
"DefaultInstanceManager");
loader.loadClass(basePackage +
"DefaultInstanceManager$AnnotationCacheEntry");
loader.loadClass(basePackage +
"DefaultInstanceManager$AnnotationCacheEntryType");
loader.loadClass(basePackage +
"ApplicationHttpRequest$AttributeNamesEnumerator");
@@ -93,7 +91,7 @@ public final class SecurityClassLoad {
private static final void loadSessionPackage(ClassLoader loader) throws
Exception {
final String basePackage = "org.apache.catalina.session.";
loader.loadClass(basePackage + "StandardSession");
- loader.loadClass(basePackage + "StandardSession$1");
+ loadAnonymousInnerClasses(loader, basePackage + "StandardSession");
loader.loadClass(basePackage + "StandardManager$PrivilegedDoUnload");
}
@@ -106,7 +104,7 @@ public final class SecurityClassLoad {
private static final void loadValvesPackage(ClassLoader loader) throws
Exception {
final String basePackage = "org.apache.catalina.valves.";
- loader.loadClass(basePackage + "AbstractAccessLogValve$3");
+ loadAnonymousInnerClasses(loader, basePackage +
"AbstractAccessLogValve");
}
private static final void loadCoyotePackage(ClassLoader loader) throws
Exception {
@@ -139,18 +137,11 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage +
"ResponseFacade$SetContentTypePrivilegedAction");
loader.loadClass(basePackage +
"ResponseFacade$DateHeaderPrivilegedAction");
loader.loadClass(basePackage +
"RequestFacade$GetSessionPrivilegedAction");
- loader.loadClass(basePackage + "ResponseFacade$1");
- loader.loadClass(basePackage + "OutputBuffer$1");
- loader.loadClass(basePackage + "OutputBuffer$2");
- loader.loadClass(basePackage + "CoyoteInputStream$1");
- loader.loadClass(basePackage + "CoyoteInputStream$2");
- loader.loadClass(basePackage + "CoyoteInputStream$3");
- loader.loadClass(basePackage + "CoyoteInputStream$4");
- loader.loadClass(basePackage + "CoyoteInputStream$5");
- loader.loadClass(basePackage + "InputBuffer$1");
- loader.loadClass(basePackage + "Response$1");
- loader.loadClass(basePackage + "Response$2");
- loader.loadClass(basePackage + "Response$3");
+ loadAnonymousInnerClasses(loader, basePackage + "ResponseFacade");
+ loadAnonymousInnerClasses(loader, basePackage + "OutputBuffer");
+ loadAnonymousInnerClasses(loader, basePackage + "CoyoteInputStream");
+ loadAnonymousInnerClasses(loader, basePackage + "InputBuffer");
+ loadAnonymousInnerClasses(loader, basePackage + "Response");
}
private static final void loadTomcatPackage(ClassLoader loader) throws
Exception {
@@ -192,4 +183,14 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "util.security.PrivilegedGetTccl");
loader.loadClass(basePackage + "util.security.PrivilegedSetTccl");
}
+
+ private static final void loadAnonymousInnerClasses(ClassLoader loader,
String enclosingClass) {
+ try {
+ for (int i = 1;; i++) {
+ loader.loadClass(enclosingClass + '$' + i);
+ }
+ } catch (ClassNotFoundException ignored) {
+ //
+ }
+ }
}
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1820546&r1=1820545&r2=1820546&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
Mon Jan 8 10:42:12 2018
@@ -53,18 +53,7 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "runtime.ProtectedFunctionMapper");
loader.loadClass(basePackage + "runtime.PageContextImpl");
- loader.loadClass(basePackage + "runtime.PageContextImpl$1");
- loader.loadClass(basePackage + "runtime.PageContextImpl$2");
- loader.loadClass(basePackage + "runtime.PageContextImpl$3");
- loader.loadClass(basePackage + "runtime.PageContextImpl$4");
- loader.loadClass(basePackage + "runtime.PageContextImpl$5");
- loader.loadClass(basePackage + "runtime.PageContextImpl$6");
- loader.loadClass(basePackage + "runtime.PageContextImpl$7");
- loader.loadClass(basePackage + "runtime.PageContextImpl$8");
- loader.loadClass(basePackage + "runtime.PageContextImpl$9");
- loader.loadClass(basePackage + "runtime.PageContextImpl$10");
- loader.loadClass(basePackage + "runtime.PageContextImpl$11");
- loader.loadClass(basePackage + "runtime.PageContextImpl$12");
+ loadAnonymousInnerClasses(loader, basePackage +
"runtime.PageContextImpl");
loader.loadClass(basePackage + "runtime.JspContextWrapper");
@@ -73,9 +62,19 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "servlet.JspServletWrapper");
- loader.loadClass(basePackage + "runtime.JspWriterImpl$1");
+ loadAnonymousInnerClasses(loader, "runtime.JspWriterImpl");
} catch (ClassNotFoundException ex) {
log.error("SecurityClassLoad", ex);
}
}
+
+ private static final void loadAnonymousInnerClasses(ClassLoader loader,
String enclosingClass) {
+ try {
+ for (int i = 1;; i++) {
+ loader.loadClass(enclosingClass + '$' + i);
+ }
+ } catch (ClassNotFoundException ignored) {
+ //
+ }
+ }
}
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1820546&r1=1820545&r2=1820546&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon Jan 8 10:42:12 2018
@@ -47,6 +47,11 @@
<section name="Tomcat 8.5.25 (markt)" rtext="in development">
<subsection name="Catalina">
<changelog>
+ <fix>
+ <bug>47214</bug>: Use a loop to preload anonymous inner classes
+ when running under a <code>SecurityManager</code>, to be safe for
+ future changes in the code or using a different compiler. (kkolinko)
+ </fix>
<add>
<bug>57619</bug>: Implement a small optimisation to how JAR URLs are
processed to reduce the storage of duplicate String objects in memory.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
