jfarcand 2004/11/22 08:35:18
Modified: catalina/src/share/org/apache/catalina/connector
CoyoteInputStream.java InputBuffer.java
OutputBuffer.java RequestFacade.java Response.java
ResponseFacade.java
catalina/src/share/org/apache/catalina/core
ApplicationContextFacade.java
ApplicationDispatcher.java
ApplicationFilterChain.java StandardWrapper.java
catalina/src/share/org/apache/catalina/security
SecurityUtil.java
catalina/src/share/org/apache/catalina/session
PersistentManagerBase.java StandardManager.java
StandardSession.java
Log:
Port patch from Tomcat 5.0: When the package protection is not used, do not
create the doPrivileged objects .
Revision Changes Path
1.2 +6 -5
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/CoyoteInputStream.java
Index: CoyoteInputStream.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/CoyoteInputStream.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- CoyoteInputStream.java 23 Jun 2004 08:24:57 -0000 1.1
+++ CoyoteInputStream.java 22 Nov 2004 16:35:17 -0000 1.2
@@ -24,6 +24,7 @@
import javax.servlet.ServletInputStream;
+import org.apache.catalina.security.SecurityUtil;
/**
* This class handles reading bytes.
@@ -65,7 +66,7 @@
public int read()
throws IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
Integer result =
@@ -94,7 +95,7 @@
public int available() throws IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
Integer result =
(Integer)AccessController.doPrivileged(
@@ -122,7 +123,7 @@
public int read(final byte[] b) throws IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
Integer result =
(Integer)AccessController.doPrivileged(
@@ -153,7 +154,7 @@
public int read(final byte[] b, final int off, final int len)
throws IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
Integer result =
(Integer)AccessController.doPrivileged(
@@ -193,7 +194,7 @@
*/
public void close() throws IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged(
new PrivilegedExceptionAction(){
1.4 +2 -1
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/InputBuffer.java
Index: InputBuffer.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/InputBuffer.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- InputBuffer.java 29 Aug 2004 16:46:09 -0000 1.3
+++ InputBuffer.java 22 Nov 2004 16:35:17 -0000 1.4
@@ -23,6 +23,7 @@
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
+import org.apache.catalina.security.SecurityUtil;
import org.apache.coyote.Request;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.ByteChunk;
@@ -465,7 +466,7 @@
enc = DEFAULT_ENCODING;
conv = (B2CConverter) encoders.get(enc);
if (conv == null) {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
conv = (B2CConverter)AccessController.doPrivileged(
new PrivilegedExceptionAction(){
1.4 +2 -1
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/OutputBuffer.java
Index: OutputBuffer.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/OutputBuffer.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- OutputBuffer.java 25 Jun 2004 23:56:25 -0000 1.3
+++ OutputBuffer.java 22 Nov 2004 16:35:18 -0000 1.4
@@ -24,6 +24,7 @@
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
+import org.apache.catalina.security.SecurityUtil;
import org.apache.coyote.ActionCode;
import org.apache.coyote.Response;
import org.apache.tomcat.util.buf.ByteChunk;
@@ -558,7 +559,7 @@
conv = (C2BConverter) encoders.get(enc);
if (conv == null) {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
conv = (C2BConverter)AccessController.doPrivileged(
new PrivilegedExceptionAction(){
1.8 +6 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/RequestFacade.java
Index: RequestFacade.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/RequestFacade.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- RequestFacade.java 1 Nov 2004 22:38:44 -0000 1.7
+++ RequestFacade.java 22 Nov 2004 16:35:18 -0000 1.8
@@ -34,6 +34,8 @@
import org.apache.catalina.util.StringManager;
+import org.apache.catalina.security.SecurityUtil;
+
/**
* Facade class that wraps a Coyote request object.
* All methods are delegated to the wrapped request.
@@ -372,7 +374,7 @@
* Clone the returned array only if there is a security manager
* in place, so that performance won't suffer in the nonsecure case
*/
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
ret = (String[]) AccessController.doPrivileged(
new GetParameterValuePrivilegedAction(name));
if (ret != null) {
@@ -595,7 +597,7 @@
* Clone the returned array only if there is a security manager
* in place, so that performance won't suffer in the nonsecure case
*/
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
ret = (Cookie[])AccessController.doPrivileged(
new GetCookiesPrivilegedAction());
if (ret != null) {
@@ -813,7 +815,7 @@
sm.getString("requestFacade.nullRequest"));
}
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return (HttpSession)AccessController.
doPrivileged(new GetSessionPrivilegedAction(create));
} else {
1.10 +5 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Response.java
Index: Response.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Response.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- Response.java 16 Sep 2004 15:28:29 -0000 1.9
+++ Response.java 22 Nov 2004 16:35:18 -0000 1.10
@@ -44,6 +44,7 @@
import org.apache.catalina.util.CharsetMapper;
import org.apache.catalina.util.DateTool;
import org.apache.catalina.util.StringManager;
+import org.apache.catalina.security.SecurityUtil;
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.UEncoder;
import org.apache.tomcat.util.http.FastHttpDateFormat;
@@ -930,7 +931,7 @@
cookies.add(cookie);
final StringBuffer sb = new StringBuffer();
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
AccessController.doPrivileged(new PrivilegedAction() {
public Object run(){
ServerCookie.appendCookieValue
@@ -1349,7 +1350,7 @@
if (hreq.isRequestedSessionIdFromCookie())
return (false);
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return ((Boolean)
AccessController.doPrivileged(new PrivilegedAction() {
@@ -1452,7 +1453,7 @@
String encodedURI = null;
final String frelativePath = relativePath;
- if (System.getSecurityManager() != null ){
+ if (SecurityUtil.isPackageProtectionEnabled() ){
try{
encodedURI =
(String)AccessController.doPrivileged(
new PrivilegedExceptionAction(){
1.9 +4 -3
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/ResponseFacade.java
Index: ResponseFacade.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/ResponseFacade.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ResponseFacade.java 1 Nov 2004 23:34:04 -0000 1.8
+++ ResponseFacade.java 22 Nov 2004 16:35:18 -0000 1.9
@@ -30,6 +30,7 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.util.StringManager;
+import org.apache.catalina.security.SecurityUtil;
/**
* Facade class that wraps a Coyote response object.
@@ -205,7 +206,7 @@
if (isCommitted())
return;
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
AccessController.doPrivileged(new
SetContentTypePrivilegedAction(type));
} else {
response.setContentType(type);
@@ -243,7 +244,7 @@
// (/*sm.getString("responseFacade.finished")*/);
return;
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged(new
PrivilegedExceptionAction(){
1.13 +32 -25
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContextFacade.java
Index: ApplicationContextFacade.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContextFacade.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- ApplicationContextFacade.java 1 Oct 2004 01:18:12 -0000 1.12
+++ ApplicationContextFacade.java 22 Nov 2004 16:35:18 -0000 1.13
@@ -35,6 +35,8 @@
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+import org.apache.catalina.security.SecurityUtil;
+
/**
* Facade object which masks the internal <code>ApplicationContext</code>
@@ -118,7 +120,7 @@
public ServletContext getContext(String uripath) {
ServletContext theContext = null;
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
theContext = (ServletContext)
doPrivileged("getContext", new Object[]{uripath});
} else {
@@ -143,7 +145,7 @@
public String getMimeType(String file) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (String)doPrivileged("getMimeType", new Object[]{file});
} else {
return context.getMimeType(file);
@@ -152,7 +154,7 @@
public Set getResourcePaths(String path) {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return (Set)doPrivileged("getResourcePaths", new Object[]{path});
} else {
return context.getResourcePaths(path);
@@ -179,7 +181,7 @@
public InputStream getResourceAsStream(String path) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (InputStream) doPrivileged("getResourceAsStream",
new Object[]{path});
} else {
@@ -189,7 +191,7 @@
public RequestDispatcher getRequestDispatcher(final String path) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (RequestDispatcher) doPrivileged("getRequestDispatcher",
new Object[]{path});
} else {
@@ -199,7 +201,7 @@
public RequestDispatcher getNamedDispatcher(String name) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (RequestDispatcher) doPrivileged("getNamedDispatcher",
new Object[]{name});
} else {
@@ -210,7 +212,7 @@
public Servlet getServlet(String name)
throws ServletException {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
try {
return (Servlet) invokeMethod(context, "getServlet",
new Object[]{name});
@@ -227,7 +229,7 @@
public Enumeration getServlets() {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (Enumeration) doPrivileged("getServlets", null);
} else {
return context.getServlets();
@@ -236,7 +238,7 @@
public Enumeration getServletNames() {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (Enumeration) doPrivileged("getServletNames", null);
} else {
return context.getServletNames();
@@ -245,7 +247,7 @@
public void log(String msg) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
doPrivileged("log", new Object[]{msg} );
} else {
context.log(msg);
@@ -254,7 +256,7 @@
public void log(Exception exception, String msg) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
doPrivileged("log", new Class[]{Exception.class, String.class},
new Object[]{exception,msg});
} else {
@@ -264,7 +266,7 @@
public void log(String message, Throwable throwable) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
doPrivileged("log", new Class[]{String.class, Throwable.class},
new Object[]{message, throwable});
} else {
@@ -274,7 +276,7 @@
public String getRealPath(String path) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (String) doPrivileged("getRealPath", new Object[]{path});
} else {
return context.getRealPath(path);
@@ -283,7 +285,7 @@
public String getServerInfo() {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (String) doPrivileged("getServerInfo", null);
} else {
return context.getServerInfo();
@@ -292,7 +294,7 @@
public String getInitParameter(String name) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (String) doPrivileged("getInitParameter",
new Object[]{name});
} else {
@@ -302,7 +304,7 @@
public Enumeration getInitParameterNames() {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (Enumeration) doPrivileged("getInitParameterNames", null);
} else {
return context.getInitParameterNames();
@@ -311,7 +313,7 @@
public Object getAttribute(String name) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return doPrivileged("getAttribute", new Object[]{name});
} else {
return context.getAttribute(name);
@@ -320,7 +322,7 @@
public Enumeration getAttributeNames() {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (Enumeration) doPrivileged("getAttributeNames", null);
} else {
return context.getAttributeNames();
@@ -329,7 +331,7 @@
public void setAttribute(String name, Object object) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
doPrivileged("setAttribute", new Object[]{name,object});
} else {
context.setAttribute(name, object);
@@ -338,7 +340,7 @@
public void removeAttribute(String name) {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
doPrivileged("removeAttribute", new Object[]{name});
} else {
context.removeAttribute(name);
@@ -347,7 +349,7 @@
public String getServletContextName() {
- if (System.getSecurityManager() != null) {
+ if (SecurityUtil.isPackageProtectionEnabled()) {
return (String) doPrivileged("getServletContextName", null);
} else {
return context.getServletContextName();
@@ -401,7 +403,7 @@
*/
private Object invokeMethod(ApplicationContext appContext,
final String methodName,
- final Object[] params)
+ Object[] params)
throws Throwable{
try{
@@ -416,6 +418,8 @@
} catch (Exception ex){
handleException(ex, methodName);
return null;
+ } finally {
+ params = null;
}
}
@@ -428,7 +432,7 @@
*/
private Object doPrivileged(final String methodName,
final Class[] clazz,
- final Object[] params){
+ Object[] params){
try{
Method method = context.getClass()
@@ -441,6 +445,8 @@
throw new RuntimeException(t.getMessage());
}
return null;
+ } finally {
+ params = null;
}
}
@@ -459,7 +465,7 @@
IllegalAccessException,
InvocationTargetException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
return AccessController.doPrivileged(new
PrivilegedExceptionAction(){
public Object run() throws IllegalAccessException,
InvocationTargetException{
return method.invoke(context, params);
@@ -472,6 +478,7 @@
/**
+ *
* Throw the real exception.
* @param ex The current exception
*/
1.41 +2 -2
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java
Index: ApplicationDispatcher.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- ApplicationDispatcher.java 28 Sep 2004 13:32:27 -0000 1.40
+++ ApplicationDispatcher.java 22 Nov 2004 16:35:18 -0000 1.41
@@ -50,7 +50,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.IntrospectionUtils;
-
+import org.apache.catalina.security.SecurityUtil;
/**
* Standard implementation of <code>RequestDispatcher</code> that allows a
* request to be forwarded to a different resource to create the ultimate
1.13 +23 -8
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationFilterChain.java
Index: ApplicationFilterChain.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationFilterChain.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- ApplicationFilterChain.java 1 Oct 2004 01:18:12 -0000 1.12
+++ ApplicationFilterChain.java 22 Nov 2004 16:35:18 -0000 1.13
@@ -111,6 +111,22 @@
*/
private InstanceSupport support = null;
+
+ /**
+ * Static class array used when the SecurityManager is turned on and
+ * <code>doFilter</code is invoked.
+ */
+ private static Class[] classType = new Class[]{ServletRequest.class,
+ ServletResponse.class,
+ FilterChain.class};
+
+ /**
+ * Static class array used when the SecurityManager is turned on and
+ * <code>service</code is invoked.
+ */
+ private static Class[] classTypeUsedInService = new Class[]{
+
ServletRequest.class,
+
ServletResponse.class};
// ---------------------------------------------------- FilterChain
Methods
@@ -176,12 +192,12 @@
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
- Class[] classType = new Class[]{ServletRequest.class,
- ServletResponse.class,
- FilterChain.class};
+
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege
("doFilter", filter, classType, args);
+
+ args = null;
} else {
filter.doFilter(request, response, this);
}
@@ -225,14 +241,13 @@
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
- Class[] classType = new Class[]{ServletRequest.class,
- ServletResponse.class};
Object[] args = new Object[]{req, res};
SecurityUtil.doAsPrivilege("service",
servlet,
- classType,
+ classTypeUsedInService,
args,
- principal);
+ principal);
+ args = null;
} else {
servlet.service((HttpServletRequest) request,
(HttpServletResponse) response);
1.56 +21 -7
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapper.java
Index: StandardWrapper.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapper.java,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- StandardWrapper.java 28 Oct 2004 16:42:37 -0000 1.55
+++ StandardWrapper.java 22 Nov 2004 16:35:18 -0000 1.56
@@ -243,7 +243,21 @@
private StandardWrapperValve swValve;
private long loadTime=0;
private int classLoadTime=0;
-
+
+ /**
+ * Static class array used when the SecurityManager is turned on and
+ * <code>Servlet.init</code> is invoked.
+ */
+ private static Class[] classType = new Class[]{ServletConfig.class};
+
+
+ /**
+ * Static class array used when the SecurityManager is turned on and
+ * <code>Servlet.service</code> is invoked.
+ */
+ private static Class[] classTypeUsedInService = new Class[]{
+
ServletRequest.class,
+
ServletResponse.class};
// -------------------------------------------------------------
Properties
@@ -960,7 +974,7 @@
// Load the specified servlet class from the appropriate class
loader
Class classClass = null;
try {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
final ClassLoader fclassLoader = classLoader;
final String factualClass = actualClass;
try{
@@ -1043,12 +1057,13 @@
servlet);
if( System.getSecurityManager() != null) {
- Class[] classType = new Class[]{ServletConfig.class};
+
Object[] args = new Object[]{((ServletConfig)facade)};
SecurityUtil.doAsPrivilege("init",
servlet,
classType,
args);
+ args = null;
} else {
servlet.init(facade);
}
@@ -1062,13 +1077,12 @@
DummyResponse res = new DummyResponse();
if( System.getSecurityManager() != null) {
- Class[] classType = new Class[]{ServletRequest.class,
-
ServletResponse.class};
Object[] args = new Object[]{req, res};
SecurityUtil.doAsPrivilege("service",
servlet,
- classType,
+ classTypeUsedInService,
args);
+ args = null;
} else {
servlet.service(req, res);
}
1.15 +18 -0
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
Index: SecurityUtil.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- SecurityUtil.java 26 Oct 2004 02:02:37 -0000 1.14
+++ SecurityUtil.java 22 Nov 2004 16:35:18 -0000 1.15
@@ -68,6 +68,10 @@
private static String PACKAGE = "org.apache.catalina.security";
+ private static boolean packageDefinitionEnabled =
+ (System.getProperty("package.definition") == null &&
+ System.getProperty("package.access") == null) ? false : true;
+
/**
* The string resources for this package.
*/
@@ -363,4 +367,18 @@
public static void remove(Object cachedObject){
objectCache.remove(cachedObject);
}
+
+
+ /**
+ * Return the <code>SecurityManager</code> only if Security is enabled
AND
+ * package protection mechanism is enabled.
+ */
+ public static boolean isPackageProtectionEnabled(){
+ if (packageDefinitionEnabled && System.getSecurityManager() !=
null){
+ return true;
+ }
+ return false;
+ }
+
+
}
1.25 +11 -9
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/PersistentManagerBase.java
Index: PersistentManagerBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/PersistentManagerBase.java,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- PersistentManagerBase.java 22 Nov 2004 14:50:23 -0000 1.24
+++ PersistentManagerBase.java 22 Nov 2004 16:35:18 -0000 1.25
@@ -34,7 +34,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-
+import org.apache.catalina.security.SecurityUtil;
/**
* Extends the <b>ManagerBase</b> class to implement most of the
* functionality required by a Manager which supports any kind of
@@ -512,7 +512,7 @@
return;
try {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged(new
PrivilegedStoreClear());
}catch(PrivilegedActionException ex){
@@ -628,9 +628,10 @@
String[] ids = null;
try {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
- ids = (String[])AccessController.doPrivileged(new
PrivilegedStoreKeys());
+ ids = (String[])
+ AccessController.doPrivileged(new
PrivilegedStoreKeys());
}catch(PrivilegedActionException ex){
Exception exception = ex.getException();
log.error("Exception in the Store during load: "
@@ -686,7 +687,7 @@
*/
protected void removeSession(String id){
try {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged(new
PrivilegedStoreRemove(id));
}catch(PrivilegedActionException ex){
@@ -754,9 +755,10 @@
Session session = null;
try {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
- session = (Session) AccessController.doPrivileged(new
PrivilegedStoreLoad(id));
+ session = (Session)
+ AccessController.doPrivileged(new
PrivilegedStoreLoad(id));
}catch(PrivilegedActionException ex){
Exception exception = ex.getException();
log.error("Exception in the Store during swapIn: "
@@ -835,7 +837,7 @@
}
try {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged(new
PrivilegedStoreSave(session));
}catch(PrivilegedActionException ex){
1.27 +4 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardManager.java
Index: StandardManager.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardManager.java,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- StandardManager.java 22 Nov 2004 14:50:23 -0000 1.26
+++ StandardManager.java 22 Nov 2004 16:35:18 -0000 1.27
@@ -45,7 +45,7 @@
import org.apache.catalina.util.CustomObjectInputStream;
import org.apache.catalina.util.LifecycleSupport;
-
+import org.apache.catalina.security.SecurityUtil;
/**
* Standard implementation of the <b>Manager</b> interface that provides
* simple session persistence across restarts of this component (such as
@@ -302,7 +302,7 @@
* @exception IOException if an input/output error occurs
*/
public void load() throws ClassNotFoundException, IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged( new PrivilegedDoLoad() );
} catch (PrivilegedActionException ex){
@@ -446,7 +446,7 @@
* @exception IOException if an input/output error occurs
*/
public void unload() throws IOException {
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
try{
AccessController.doPrivileged( new PrivilegedDoUnload() );
} catch (PrivilegedActionException ex){
1.49 +3 -3
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java
Index: StandardSession.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- StandardSession.java 7 Sep 2004 20:57:02 -0000 1.48
+++ StandardSession.java 22 Nov 2004 16:35:18 -0000 1.49
@@ -52,7 +52,7 @@
import org.apache.catalina.util.Enumerator;
import org.apache.catalina.util.StringManager;
-
+import org.apache.catalina.security.SecurityUtil;
/**
* Standard implementation of the <b>Session</b> interface. This object is
* serializable, so that it can be stored in persistent storage or
transferred
@@ -518,7 +518,7 @@
public HttpSession getSession() {
if (facade == null){
- if (System.getSecurityManager() != null){
+ if (SecurityUtil.isPackageProtectionEnabled()){
final StandardSession fsession = this;
facade =
(StandardSessionFacade)AccessController.doPrivileged(new PrivilegedAction(){
public Object run(){
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
