use of org.apache.tomcat.util.security.PrivilegedSetTccl in project tomcat by apache.
the class TagPluginManager method init.
private void init(ErrorDispatcher err) throws JasperException {
if (initialized)
return;
String blockExternalString = ctxt.getInitParameter(Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
TagPluginParser parser;
ClassLoader original;
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedGetTccl pa = new PrivilegedGetTccl();
original = AccessController.doPrivileged(pa);
} else {
original = Thread.currentThread().getContextClassLoader();
}
try {
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(TagPluginManager.class.getClassLoader());
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(TagPluginManager.class.getClassLoader());
}
parser = new TagPluginParser(ctxt, blockExternal);
Enumeration<URL> urls = ctxt.getClassLoader().getResources(META_INF_JASPER_TAG_PLUGINS_XML);
while (urls.hasMoreElements()) {
URL url = urls.nextElement();
parser.parse(url);
}
URL url = ctxt.getResource(TAG_PLUGINS_XML);
if (url != null) {
parser.parse(url);
}
} catch (IOException | SAXException e) {
throw new JasperException(e);
} finally {
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(original);
}
}
Map<String, String> plugins = parser.getPlugins();
tagPlugins = new HashMap<>(plugins.size());
for (Map.Entry<String, String> entry : plugins.entrySet()) {
try {
String tagClass = entry.getKey();
String pluginName = entry.getValue();
Class<?> pluginClass = ctxt.getClassLoader().loadClass(pluginName);
TagPlugin plugin = (TagPlugin) pluginClass.newInstance();
tagPlugins.put(tagClass, plugin);
} catch (Exception e) {
err.jspError(e);
}
}
initialized = true;
}
use of org.apache.tomcat.util.security.PrivilegedSetTccl in project tomcat by apache.
the class TldParser method parse.
public TaglibXml parse(TldResourcePath path) throws IOException, SAXException {
ClassLoader original;
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedGetTccl pa = new PrivilegedGetTccl();
original = AccessController.doPrivileged(pa);
} else {
original = Thread.currentThread().getContextClassLoader();
}
try (InputStream is = path.openStream()) {
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(TldParser.class.getClassLoader());
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(TldParser.class.getClassLoader());
}
XmlErrorHandler handler = new XmlErrorHandler();
digester.setErrorHandler(handler);
TaglibXml taglibXml = new TaglibXml();
digester.push(taglibXml);
InputSource source = new InputSource(path.toExternalForm());
source.setByteStream(is);
digester.parse(source);
if (!handler.getWarnings().isEmpty() || !handler.getErrors().isEmpty()) {
handler.logFindings(log, source.getSystemId());
if (!handler.getErrors().isEmpty()) {
// throw the first to indicate there was a error during processing
throw handler.getErrors().iterator().next();
}
}
return taglibXml;
} finally {
digester.reset();
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(original);
}
}
}
use of org.apache.tomcat.util.security.PrivilegedSetTccl in project tomcat by apache.
the class DefaultServlet method renderXml.
/**
* Return an InputStream to an XML representation of the contents this
* directory.
*
* @param contextPath Context path to which our internal paths are relative
* @param resource The associated resource
* @param xsltSource The XSL stylesheet
* @param encoding The encoding to use to process the readme (if any)
*
* @return the XML data
*
* @throws IOException an IO error occurred
* @throws ServletException rendering error
*/
protected InputStream renderXml(String contextPath, WebResource resource, Source xsltSource, String encoding) throws IOException, ServletException {
StringBuilder sb = new StringBuilder();
sb.append("<?xml version=\"1.0\"?>");
sb.append("<listing ");
sb.append(" contextPath='");
sb.append(contextPath);
sb.append("'");
sb.append(" directory='");
sb.append(resource.getName());
sb.append("' ");
sb.append(" hasParent='").append(!resource.getName().equals("/"));
sb.append("'>");
sb.append("<entries>");
String[] entries = resources.list(resource.getWebappPath());
// rewriteUrl(contextPath) is expensive. cache result for later reuse
String rewrittenContextPath = rewriteUrl(contextPath);
String directoryWebappPath = resource.getWebappPath();
for (String entry : entries) {
if (entry.equalsIgnoreCase("WEB-INF") || entry.equalsIgnoreCase("META-INF") || entry.equalsIgnoreCase(localXsltFile))
continue;
if ((directoryWebappPath + entry).equals(contextXsltFile))
continue;
WebResource childResource = resources.getResource(directoryWebappPath + entry);
if (!childResource.exists()) {
continue;
}
sb.append("<entry");
sb.append(" type='").append(childResource.isDirectory() ? "dir" : "file").append("'");
sb.append(" urlPath='").append(rewrittenContextPath).append(rewriteUrl(directoryWebappPath + entry)).append(childResource.isDirectory() ? "/" : "").append("'");
if (childResource.isFile()) {
sb.append(" size='").append(renderSize(childResource.getContentLength())).append("'");
}
sb.append(" date='").append(childResource.getLastModifiedHttp()).append("'");
sb.append(">");
sb.append(RequestUtil.filter(entry));
if (childResource.isDirectory())
sb.append("/");
sb.append("</entry>");
}
sb.append("</entries>");
String readme = getReadme(resource, encoding);
if (readme != null) {
sb.append("<readme><![CDATA[");
sb.append(readme);
sb.append("]]></readme>");
}
sb.append("</listing>");
// Prevent possible memory leak. Ensure Transformer and
// TransformerFactory are not loaded from the web application.
ClassLoader original;
if (Globals.IS_SECURITY_ENABLED) {
PrivilegedGetTccl pa = new PrivilegedGetTccl();
original = AccessController.doPrivileged(pa);
} else {
original = Thread.currentThread().getContextClassLoader();
}
try {
if (Globals.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(DefaultServlet.class.getClassLoader());
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(DefaultServlet.class.getClassLoader());
}
TransformerFactory tFactory = TransformerFactory.newInstance();
Source xmlSource = new StreamSource(new StringReader(sb.toString()));
Transformer transformer = tFactory.newTransformer(xsltSource);
ByteArrayOutputStream stream = new ByteArrayOutputStream();
OutputStreamWriter osWriter = new OutputStreamWriter(stream, "UTF8");
StreamResult out = new StreamResult(osWriter);
transformer.transform(xmlSource, out);
osWriter.flush();
return (new ByteArrayInputStream(stream.toByteArray()));
} catch (TransformerException e) {
throw new ServletException("XSL transformer error", e);
} finally {
if (Globals.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(original);
}
}
}
use of org.apache.tomcat.util.security.PrivilegedSetTccl in project tomcat by apache.
the class StandardContext method bind.
@Override
public ClassLoader bind(boolean usePrivilegedAction, ClassLoader originalClassLoader) {
Loader loader = getLoader();
ClassLoader webApplicationClassLoader = null;
if (loader != null) {
webApplicationClassLoader = loader.getClassLoader();
}
if (originalClassLoader == null) {
if (usePrivilegedAction) {
PrivilegedAction<ClassLoader> pa = new PrivilegedGetTccl();
originalClassLoader = AccessController.doPrivileged(pa);
} else {
originalClassLoader = Thread.currentThread().getContextClassLoader();
}
}
if (webApplicationClassLoader == null || webApplicationClassLoader == originalClassLoader) {
// null to indicate this.
return null;
}
ThreadBindingListener threadBindingListener = getThreadBindingListener();
if (usePrivilegedAction) {
PrivilegedAction<Void> pa = new PrivilegedSetTccl(webApplicationClassLoader);
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(webApplicationClassLoader);
}
if (threadBindingListener != null) {
try {
threadBindingListener.bind();
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
log.error(sm.getString("standardContext.threadBindingListenerError", getName()), t);
}
}
return originalClassLoader;
}
use of org.apache.tomcat.util.security.PrivilegedSetTccl in project tomcat by apache.
the class JspDocumentParser method getSAXParser.
/*
* Gets SAXParser.
*
* @param validating Indicates whether the requested SAXParser should
* be validating
* @param jspDocParser The JSP document parser
*
* @return The SAXParser
*/
private static SAXParser getSAXParser(boolean validating, JspDocumentParser jspDocParser) throws Exception {
ClassLoader original;
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedGetTccl pa = new PrivilegedGetTccl();
original = AccessController.doPrivileged(pa);
} else {
original = Thread.currentThread().getContextClassLoader();
}
try {
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(JspDocumentParser.class.getClassLoader());
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(JspDocumentParser.class.getClassLoader());
}
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setNamespaceAware(true);
// Preserve xmlns attributes
factory.setFeature("http://xml.org/sax/features/namespace-prefixes", true);
factory.setValidating(validating);
if (validating) {
// Enable DTD validation
factory.setFeature("http://xml.org/sax/features/validation", true);
// Enable schema validation
factory.setFeature("http://apache.org/xml/features/validation/schema", true);
}
// Configure the parser
SAXParser saxParser = factory.newSAXParser();
XMLReader xmlReader = saxParser.getXMLReader();
xmlReader.setProperty(LEXICAL_HANDLER_PROPERTY, jspDocParser);
xmlReader.setErrorHandler(jspDocParser);
return saxParser;
} finally {
if (Constants.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(original);
}
}
}
Aggregations