luehe 2005/03/29 10:33:21 Modified: jasper2/src/share/org/apache/jasper/servlet JasperLoader.java Log: Simplified the loading of class resources in JasperLoader. There is no reason for it to use "different" classloaders depending on whether security is on (classloader returned by Thread.currentThread().getContextClassLoader()) or off ("parent" classloader). I think we have been using "different" classloaders for historical reasons, because JspC.java didn't use to set thread context classloader until the fix for Bugzilla 20155 required it to do so. Instead, we should use "parent" classloader consistently, which always corresponds to the URLClassLoader with access to WEB-INF/lib[classes]: 1. In JspC.java, we construct URLClassLoader and set it as the parent of JasperLoader. 2. When invoked from JspServlet, we acquire the context classloader (which corresponds to WebappClassLoader) inside the constructor of JspRuntimeContext (no need for doing this inside a privileged block there) and set it as the parent of JasperLoader. Ran all TCKs and jsp-examples with and without security enabled. Let me know if you see anything wrong. Revision Changes Path 1.18 +3 -31 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java Index: JasperLoader.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- JasperLoader.java 17 Dec 2004 14:55:30 -0000 1.17 +++ JasperLoader.java 29 Mar 2005 18:33:21 -0000 1.18 @@ -44,7 +44,6 @@ private String className; private ClassLoader parent; private SecurityManager securityManager; - private PrivilegedLoadClass privLoadClass; public JasperLoader(URL[] urls, ClassLoader parent, PermissionCollection permissionCollection, @@ -53,7 +52,6 @@ this.permissionCollection = permissionCollection; this.codeSource = codeSource; this.parent = parent; - this.privLoadClass = new PrivilegedLoadClass(); this.securityManager = System.getSecurityManager(); } @@ -127,29 +125,10 @@ } } - // Class is in a package, delegate to thread context class loader if( !name.startsWith(Constants.JSP_PACKAGE_NAME) ) { - if (securityManager != null) { - final ClassLoader classLoader = (ClassLoader)AccessController.doPrivileged(privLoadClass); - try{ - clazz = (Class)AccessController.doPrivileged(new PrivilegedExceptionAction(){ - public Object run() throws Exception{ - return classLoader.loadClass(name); - } - }); - } catch(PrivilegedActionException ex){ - Exception rootCause = ex.getException(); - if (rootCause instanceof ClassNotFoundException) { - throw (ClassNotFoundException) rootCause; - } else { - throw new ClassNotFoundException("JasperLoader", - rootCause); - } - } - } else { - clazz = parent.loadClass(name); - } - + // Class is not in org.apache.jsp, therefore, have our + // parent load it + clazz = parent.loadClass(name); if( resolve ) resolveClass(clazz); return clazz; @@ -193,11 +172,4 @@ public final PermissionCollection getPermissions(CodeSource codeSource) { return permissionCollection; } - - private class PrivilegedLoadClass implements PrivilegedAction { - - public Object run() { - return Thread.currentThread().getContextClassLoader(); - } - } }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]