cvs commit: jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/servlet JasperLoader.java

Fri, 22 Jun 2001 12:50:07 -0700 

glenn       01/06/22 13:13:19

  Modified:    jasper/src/share/org/apache/jasper/servlet JasperLoader.java
  Log:
  Wrap getContextClassLoader with a doPrivileged
  
  Revision  Changes    Path
  1.5       +23 -2     
jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/servlet/JasperLoader.java
  
  Index: JasperLoader.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/servlet/JasperLoader.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- JasperLoader.java 2001/06/02 20:22:19     1.4
  +++ JasperLoader.java 2001/06/22 20:13:19     1.5
  @@ -62,8 +62,10 @@
   import java.io.IOException;
   import java.net.URL;
   import java.net.URLClassLoader;
  +import java.security.AccessController;
   import java.security.CodeSource;
   import java.security.PermissionCollection;
  +import java.security.PrivilegedAction;
   import java.security.ProtectionDomain;
   
   import org.apache.jasper.JasperException;
  @@ -85,11 +87,24 @@
    */
   public class JasperLoader extends URLClassLoader {
   
  +    protected class PrivilegedLoadClass
  +        implements PrivilegedAction {
  +
  +        PrivilegedLoadClass() {
  +        }
  +         
  +        public Object run() {
  +            return Thread.currentThread().getContextClassLoader();
  +        }
  +
  +    }
  +
       private PermissionCollection permissionCollection = null;
       private CodeSource codeSource = null;
       private String className = null;
       private ClassLoader parent = null;
       private SecurityManager securityManager = null;
  +    private PrivilegedLoadClass privLoadClass = null;
   
       JasperLoader(URL [] urls, String className, ClassLoader parent,
                 PermissionCollection permissionCollection,
  @@ -99,6 +114,7 @@
        this.codeSource = codeSource;
        this.className = className;
        this.parent = parent;
  +        this.privLoadClass = new PrivilegedLoadClass();
        this.securityManager = System.getSecurityManager();
       }
   
  @@ -173,8 +189,13 @@
   
        // Class is in a package, delegate to thread context class loader
        if( !name.startsWith(Constants.JSP_PACKAGE_NAME) ) {
  -         clazz = Thread.currentThread().getContextClassLoader()
  -                .loadClass(name);
  +            ClassLoader classLoader = null;
  +         if (System.getSecurityManager() != null) {
  +                 classLoader = 
(ClassLoader)AccessController.doPrivileged(privLoadClass);
  +            } else {
  +             classLoader = Thread.currentThread().getContextClassLoader();
  +            }
  +            clazz = classLoader.loadClass(name);
            if( resolve )
                resolveClass(clazz);
            return clazz;

Reply via email to