[jboss-cvs] JBossAS SVN: r75957 - trunk/tomcat/src/main/org/jboss/web/tomcat/service.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jul 17 09:12:49 EDT 2008
Author: remy.maucherat at jboss.com
Date: 2008-07-17 09:12:49 -0400 (Thu, 17 Jul 2008)
New Revision: 75957
Modified:
trunk/tomcat/src/main/org/jboss/web/tomcat/service/TomcatInjectionContainer.java
Log:
- Add the access restrictions to JBoss' instance manager.
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/TomcatInjectionContainer.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/TomcatInjectionContainer.java 2008-07-17 12:58:14 UTC (rev 75956)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/TomcatInjectionContainer.java 2008-07-17 13:12:49 UTC (rev 75957)
@@ -23,6 +23,8 @@
// $Id: $
+import java.io.IOException;
+import java.io.InputStream;
import java.lang.annotation.Annotation;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Field;
@@ -34,11 +36,14 @@
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
+import java.util.Properties;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
+import javax.servlet.Filter;
+import javax.servlet.Servlet;
import org.apache.InstanceManager;
import org.jboss.deployers.vfs.spi.structure.VFSDeploymentUnit;
@@ -135,7 +140,50 @@
protected JBossWebMetaData webDD;
protected org.apache.catalina.Context catalinaContext;
private PersistenceUnitDependencyResolver persistenceUnitDependencyResolver;
+ private static final Properties restrictedFilters = new Properties();
+ private static final Properties restrictedListeners = new Properties();
+ private static final Properties restrictedServlets = new Properties();
+ static {
+ try {
+ InputStream is =
+ TomcatInjectionContainer.class.getClassLoader().getResourceAsStream
+ ("org/apache/catalina/core/RestrictedServlets.properties");
+ if (is != null) {
+ restrictedServlets.load(is);
+ } else {
+ log.error("Could not load org/apache/catalina/core/RestrictedServlets.properties");
+ }
+ } catch (IOException e) {
+ log.error("Error reading org/apache/catalina/core/RestrictedServlets.properties", e);
+ }
+
+ try {
+ InputStream is =
+ TomcatInjectionContainer.class.getClassLoader().getResourceAsStream
+ ("org/apache/catalina/core/RestrictedListeners.properties");
+ if (is != null) {
+ restrictedListeners.load(is);
+ } else {
+ log.error("Could not load org/apache/catalina/core/RestrictedListeners.properties");
+ }
+ } catch (IOException e) {
+ log.error("Error reading org/apache/catalina/core/RestrictedListeners.properties", e);
+ }
+ try {
+ InputStream is =
+ TomcatInjectionContainer.class.getClassLoader().getResourceAsStream
+ ("org/apache/catalina/core/RestrictedFilters.properties");
+ if (is != null) {
+ restrictedFilters.load(is);
+ } else {
+ log.error("Could not load org/apache/catalina/core/RestrictedFilters.properties");
+ }
+ } catch (IOException e) {
+ log.error("Error reading org/apache/catalina/core/RestrictedFilters.properties", e);
+ }
+ }
+
public TomcatInjectionContainer(WebApplication appInfo, VFSDeploymentUnit unit, org.apache.catalina.Context catalinaContext, PersistenceUnitDependencyResolver resolver)
{
super(new SimpleJavaEEModule(appInfo.getName()));
@@ -151,8 +199,37 @@
assert this.webDD != null : "webDD is null (no JBossWebMetaData attachment in VFSDeploymentUnit)";
this.persistenceUnitDependencyResolver = resolver;
+
}
+ private void checkAccess(Class<?> clazz)
+ {
+ if (catalinaContext.getPrivileged()) return;
+ if (Filter.class.isAssignableFrom(clazz))
+ {
+ checkAccess(clazz, restrictedFilters);
+ }
+ else if (Servlet.class.isAssignableFrom(clazz))
+ {
+ checkAccess(clazz, restrictedServlets);
+ }
+ else
+ {
+ checkAccess(clazz, restrictedListeners);
+ }
+ }
+
+ private void checkAccess(Class<?> clazz, Properties restricted) {
+ while (clazz != null)
+ {
+ if ("restricted".equals(restricted.getProperty(clazz.getName())))
+ {
+ throw new SecurityException("Restricted class: " + clazz.getName());
+ }
+ clazz = clazz.getSuperclass();
+ }
+ }
+
public Environment getEnvironmentRefGroup()
{
return webDD.getJndiEnvironmentRefsGroup();
@@ -164,6 +241,7 @@
{
ClassLoader loader = catalinaContext.getLoader().getClassLoader();
Class<?> clazz = loader.loadClass(className);
+ checkAccess(clazz);
Object instance = clazz.newInstance();
if (!catalinaContext.getIgnoreAnnotations())
{
@@ -175,6 +253,7 @@
public Object newInstance(String className, ClassLoader classLoader) throws IllegalAccessException, InvocationTargetException, NamingException, InstantiationException, ClassNotFoundException {
Class<?> clazz = classLoader.loadClass(className);
+ checkAccess(clazz);
Object instance = clazz.newInstance();
if (!catalinaContext.getIgnoreAnnotations())
{
More information about the jboss-cvs-commits
mailing list