JBossWeb SVN: r2559 - branches/7.4.x/src/main/java/org/apache/tomcat/util/net.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-11-27 09:31:36 -0500 (Thu, 27 Nov 2014)
New Revision: 2559
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/NioEndpoint.java
Log:
BZ1119147: Patch submitted by Dominik Pospisil.
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/NioEndpoint.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/NioEndpoint.java 2014-11-26 10:17:43 UTC (…
[View More]rev 2558)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/NioEndpoint.java 2014-11-27 14:31:36 UTC (rev 2559)
@@ -28,6 +28,9 @@
import java.nio.channels.CompletionHandler;
import java.nio.channels.WritePendingException;
import java.nio.file.StandardOpenOption;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.ExecutorService;
@@ -42,6 +45,7 @@
import org.apache.tomcat.util.net.NioEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.jsse.NioJSSESocketChannelFactory;
import org.jboss.web.CoyoteLogger;
+import sun.security.util.SecurityConstants;
/**
* {@code NioEndpoint} NIO2 endpoint, providing the following services:
@@ -1190,6 +1194,9 @@
private final String namePrefix;
private final int threadPriority;
+ private final AccessControlContext acc;
+ private final ClassLoader ccl;
+
/**
* Create a new instance of {@code DefaultThreadFactory}
*
@@ -1201,7 +1208,20 @@
group = (s != null) ? s.getThreadGroup() : Thread.currentThread().getThreadGroup();
this.namePrefix = namePrefix;
this.threadPriority = threadPriority;
+
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ // Calls to getContextClassLoader from this class
+ // never trigger a security check, but we check
+ // whether our callers have this permission anyways.
+ sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
+
+ // Fail fast
+ sm.checkPermission(new RuntimePermission("setContextClassLoader"));
}
+ this.acc = AccessController.getContext();
+ this.ccl = Thread.currentThread().getContextClassLoader();
+ }
/**
*
@@ -1216,16 +1236,32 @@
/**
* Create and return a new thread
*/
- public Thread newThread(Runnable r) {
- Thread thread = new Thread(group, r, namePrefix + threadNumber.getAndIncrement(), 0);
- if (thread.isDaemon())
+ public Thread newThread(final Runnable r) {
+ return AccessController.doPrivileged(new PrivilegedAction<Thread>() {
+
+ @Override
+ public Thread run() {
+ Thread thread = new Thread(group, new Runnable() {
+
+ @Override
+ public void run() {
+ Thread.currentThread().setContextClassLoader(ccl);
+ r.run();
+ }
+ }, namePrefix + threadNumber.getAndIncrement(), 0);
+ if (thread.isDaemon()) {
thread.setDaemon(false);
+ }
- if (thread.getPriority() != this.threadPriority)
- thread.setPriority(this.threadPriority);
+ if (thread.getPriority() != threadPriority) {
+ thread.setPriority(threadPriority);
+ }
return thread;
}
+ }, acc);
+
}
+ }
/**
* SendfileData class.
[View Less]