glenn 01/06/22 13:13:19 Modified: jasper/src/share/org/apache/jasper/servlet JasperLoader.java Log: Wrap getContextClassLoader with a doPrivileged Revision Changes Path 1.5 +23 -2 jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/servlet/JasperLoader.java Index: JasperLoader.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/servlet/JasperLoader.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- JasperLoader.java 2001/06/02 20:22:19 1.4 +++ JasperLoader.java 2001/06/22 20:13:19 1.5 @@ -62,8 +62,10 @@ import java.io.IOException; import java.net.URL; import java.net.URLClassLoader; +import java.security.AccessController; import java.security.CodeSource; import java.security.PermissionCollection; +import java.security.PrivilegedAction; import java.security.ProtectionDomain; import org.apache.jasper.JasperException; @@ -85,11 +87,24 @@ */ public class JasperLoader extends URLClassLoader { + protected class PrivilegedLoadClass + implements PrivilegedAction { + + PrivilegedLoadClass() { + } + + public Object run() { + return Thread.currentThread().getContextClassLoader(); + } + + } + private PermissionCollection permissionCollection = null; private CodeSource codeSource = null; private String className = null; private ClassLoader parent = null; private SecurityManager securityManager = null; + private PrivilegedLoadClass privLoadClass = null; JasperLoader(URL [] urls, String className, ClassLoader parent, PermissionCollection permissionCollection, @@ -99,6 +114,7 @@ this.codeSource = codeSource; this.className = className; this.parent = parent; + this.privLoadClass = new PrivilegedLoadClass(); this.securityManager = System.getSecurityManager(); } @@ -173,8 +189,13 @@ // Class is in a package, delegate to thread context class loader if( !name.startsWith(Constants.JSP_PACKAGE_NAME) ) { - clazz = Thread.currentThread().getContextClassLoader() - .loadClass(name); + ClassLoader classLoader = null; + if (System.getSecurityManager() != null) { + classLoader = (ClassLoader)AccessController.doPrivileged(privLoadClass); + } else { + classLoader = Thread.currentThread().getContextClassLoader(); + } + clazz = classLoader.loadClass(name); if( resolve ) resolveClass(clazz); return clazz;