Search in sources :

Example 1 with DeployXmlPermission

use of org.apache.catalina.security.DeployXmlPermission in project tomcat70 by apache.

the class HostConfig method isDeployThisXML.

private boolean isDeployThisXML(File docBase, ContextName cn) {
    boolean deployThisXML = isDeployXML();
    if (Globals.IS_SECURITY_ENABLED && !deployThisXML) {
        // When running under a SecurityManager, deployXML may be overridden
        // on a per Context basis by the granting of a specific permission
        Policy currentPolicy = Policy.getPolicy();
        if (currentPolicy != null) {
            URL contextRootUrl;
            try {
                contextRootUrl = docBase.toURI().toURL();
                CodeSource cs = new CodeSource(contextRootUrl, (Certificate[]) null);
                PermissionCollection pc = currentPolicy.getPermissions(cs);
                Permission p = new DeployXmlPermission(cn.getBaseName());
                if (pc.implies(p)) {
                    deployThisXML = true;
                }
            } catch (MalformedURLException e) {
                // Should never happen
                log.warn("hostConfig.docBaseUrlInvalid", e);
            }
        }
    }
    return deployThisXML;
}
Also used : Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) MalformedURLException(java.net.MalformedURLException) Permission(java.security.Permission) DeployXmlPermission(org.apache.catalina.security.DeployXmlPermission) CodeSource(java.security.CodeSource) DeployXmlPermission(org.apache.catalina.security.DeployXmlPermission) URL(java.net.URL) Certificate(java.security.cert.Certificate)

Example 2 with DeployXmlPermission

use of org.apache.catalina.security.DeployXmlPermission in project tomcat by apache.

the class HostConfig method isDeployThisXML.

private boolean isDeployThisXML(File docBase, ContextName cn) {
    boolean deployThisXML = isDeployXML();
    if (Globals.IS_SECURITY_ENABLED && !deployThisXML) {
        // When running under a SecurityManager, deployXML may be overridden
        // on a per Context basis by the granting of a specific permission
        Policy currentPolicy = Policy.getPolicy();
        if (currentPolicy != null) {
            URL contextRootUrl;
            try {
                contextRootUrl = docBase.toURI().toURL();
                CodeSource cs = new CodeSource(contextRootUrl, (Certificate[]) null);
                PermissionCollection pc = currentPolicy.getPermissions(cs);
                Permission p = new DeployXmlPermission(cn.getBaseName());
                if (pc.implies(p)) {
                    deployThisXML = true;
                }
            } catch (MalformedURLException e) {
                // Should never happen
                log.warn(sm.getString("hostConfig.docBaseUrlInvalid"), e);
            }
        }
    }
    return deployThisXML;
}
Also used : Policy(java.security.Policy) PermissionCollection(java.security.PermissionCollection) MalformedURLException(java.net.MalformedURLException) Permission(java.security.Permission) DeployXmlPermission(org.apache.catalina.security.DeployXmlPermission) CodeSource(java.security.CodeSource) DeployXmlPermission(org.apache.catalina.security.DeployXmlPermission) URL(java.net.URL) Certificate(java.security.cert.Certificate)

Aggregations

MalformedURLException (java.net.MalformedURLException)2 URL (java.net.URL)2 CodeSource (java.security.CodeSource)2 Permission (java.security.Permission)2 PermissionCollection (java.security.PermissionCollection)2 Policy (java.security.Policy)2 Certificate (java.security.cert.Certificate)2 DeployXmlPermission (org.apache.catalina.security.DeployXmlPermission)2