org.apache.catalina.security.SecurityUtil Java Examples

The following examples show how to use org.apache.catalina.security.SecurityUtil. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public <T extends Servlet> T createServlet(Class<T> c)
throws ServletException {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        try {
            return (T) invokeMethod(context, "createServlet", 
                                          new Object[]{c});
        } catch (Throwable t) {
            ExceptionUtils.handleThrowable(t);
            if (t instanceof ServletException) {
                throw (ServletException) t;
            }
            return null;
        }
    } else {
        return context.createServlet(c);
    }
}
 
Example #2
Source File: StandardManager.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
/**
 * Load any currently active sessions that were previously unloaded
 * to the appropriate persistence mechanism, if any.  If persistence is not
 * supported, this method returns without doing anything.
 *
 * @exception ClassNotFoundException if a serialized class cannot be
 *  found during the reload
 * @exception IOException if an input/output error occurs
 */
@Override
public void load() throws ClassNotFoundException, IOException {
    if (SecurityUtil.isPackageProtectionEnabled()){
        try{
            AccessController.doPrivileged( new PrivilegedDoLoad() );
        } catch (PrivilegedActionException ex){
            Exception exception = ex.getException();
            if (exception instanceof ClassNotFoundException){
                throw (ClassNotFoundException)exception;
            } else if (exception instanceof IOException){
                throw (IOException)exception;
            }
            if (log.isDebugEnabled())
                log.debug("Unreported exception in load() "
                    + exception);
        }
    } else {
        doLoad();
    }
}
 
Example #3
Source File: DefaultInstanceManager.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
protected Class<?> loadClassMaybePrivileged(final String className,
        final ClassLoader classLoader) throws ClassNotFoundException {
    Class<?> clazz;
    if (SecurityUtil.isPackageProtectionEnabled()) {
        try {
            clazz = AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() {

                @Override
                public Class<?> run() throws Exception {
                    return loadClass(className, classLoader);
                }
            });
        } catch (PrivilegedActionException e) {
            Throwable t = e.getCause();
            if (t instanceof ClassNotFoundException) {
                throw (ClassNotFoundException) t;
            }
            throw new RuntimeException(t);
        }
    } else {
        clazz = loadClass(className, classLoader);
    }
    checkAccess(clazz);
    return clazz;
}
 
Example #4
Source File: InputBuffer.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
private static B2CConverter createConverter(final Charset charset) throws IOException {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        try {
            return AccessController.doPrivileged(new PrivilegedExceptionAction<B2CConverter>() {

                @Override
                public B2CConverter run() throws IOException {
                    return new B2CConverter(charset);
                }
            });
        } catch (PrivilegedActionException ex) {
            Exception e = ex.getException();
            if (e instanceof IOException) {
                throw (IOException) e;
            } else {
                throw new IOException(e);
            }
        }
    } else {
        return new B2CConverter(charset);
    }

}
 
Example #5
Source File: PersistentManagerBase.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * Clear all sessions from the Store.
 */
public void clearStore() {

    if (store == null)
        return;

    try {
        if (SecurityUtil.isPackageProtectionEnabled()){
            try{
                AccessController.doPrivileged(new PrivilegedStoreClear());
            }catch(PrivilegedActionException ex){
                Exception exception = ex.getException();
                log.error("Exception clearing the Store: " + exception,
                        exception);
            }
        } else {
            store.clear();
        }
    } catch (IOException e) {
        log.error("Exception clearing the Store: " + e, e);
    }

}
 
Example #6
Source File: DefaultInstanceManager.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
protected Class<?> loadClassMaybePrivileged(final String className, final ClassLoader classLoader) throws ClassNotFoundException {
    Class<?> clazz;
    if (SecurityUtil.isPackageProtectionEnabled()) {
        try {
            clazz = AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() {

                @Override
                public Class<?> run() throws Exception {
                    return loadClass(className, classLoader);
                }
            });
        } catch (PrivilegedActionException e) {
            Throwable t = e.getCause();
            if (t instanceof ClassNotFoundException) {
                throw (ClassNotFoundException) t;
            }
            throw new RuntimeException(t);
        }
    } else {
        clazz = loadClass(className, classLoader);
    }
    checkAccess(clazz);
    return clazz;
}
 
Example #7
Source File: RequestFacade.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
@Override
public Cookie[] getCookies() {

    if (request == null) {
        throw new IllegalStateException(
                        sm.getString("requestFacade.nullRequest"));
    }

    Cookie[] ret = null;

    /*
     * Clone the returned array only if there is a security manager
     * in place, so that performance won't suffer in the non-secure case
     */
    if (SecurityUtil.isPackageProtectionEnabled()){
        ret = AccessController.doPrivileged(
            new GetCookiesPrivilegedAction());
        if (ret != null) {
            ret = ret.clone();
        }
    } else {
        ret = request.getCookies();
    }

    return ret;
}
 
Example #8
Source File: RequestFacade.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
@Override
public Cookie[] getCookies() {

    if (request == null) {
        throw new IllegalStateException(
                        sm.getString("requestFacade.nullRequest"));
    }

    Cookie[] ret = null;

    /*
     * Clone the returned array only if there is a security manager
     * in place, so that performance won't suffer in the non-secure case
     */
    if (SecurityUtil.isPackageProtectionEnabled()){
        ret = AccessController.doPrivileged(
            new GetCookiesPrivilegedAction());
        if (ret != null) {
            ret = ret.clone();
        }
    } else {
        ret = request.getCookies();
    }

    return ret;
}
 
Example #9
Source File: Response.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
public StringBuffer generateCookieString(final Cookie cookie) {
    final StringBuffer sb = new StringBuffer();
    //web application code can receive a IllegalArgumentException
    //from the appendCookieValue invocation
    if (SecurityUtil.isPackageProtectionEnabled()) {
        AccessController.doPrivileged(new PrivilegedAction<Void>() {
            @Override
            public Void run(){
                ServerCookie.appendCookieValue
                    (sb, cookie.getVersion(), cookie.getName(),
                     cookie.getValue(), cookie.getPath(),
                     cookie.getDomain(), cookie.getComment(),
                     cookie.getMaxAge(), cookie.getSecure(),
                     cookie.isHttpOnly());
                return null;
            }
        });
    } else {
        ServerCookie.appendCookieValue
            (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
                 cookie.getPath(), cookie.getDomain(), cookie.getComment(),
                 cookie.getMaxAge(), cookie.getSecure(),
                 cookie.isHttpOnly());
    }
    return sb;
}
 
Example #10
Source File: PersistentManagerBase.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
/**
 * Remove this Session from the active Sessions for this Manager,
 * and from the Store.
 *
 * @param id Session's id to be removed
 */    
protected void removeSession(String id){
    try {
        if (SecurityUtil.isPackageProtectionEnabled()){
            try{
                AccessController.doPrivileged(new PrivilegedStoreRemove(id));
            }catch(PrivilegedActionException ex){
                Exception exception = ex.getException();
                log.error("Exception in the Store during removeSession: "
                          + exception, exception);
            }
        } else {
             store.remove(id);
        }               
    } catch (IOException e) {
        log.error("Exception removing session  " + e.getMessage(), e);
    }        
}
 
Example #11
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * @deprecated As of Java Servlet API 2.1, with no direct replacement.
 */
@Override
@Deprecated
public Servlet getServlet(String name)
    throws ServletException {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        try {
            return (Servlet) invokeMethod(context, "getServlet",
                                          new Object[]{name});
        } catch (Throwable t) {
            ExceptionUtils.handleThrowable(t);
            if (t instanceof ServletException) {
                throw (ServletException) t;
            }
            return null;
        }
    } else {
        return context.getServlet(name);
    }
}
 
Example #12
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public <T extends Servlet> T createServlet(Class<T> c)
throws ServletException {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        try {
            return (T) invokeMethod(context, "createServlet",
                                          new Object[]{c});
        } catch (Throwable t) {
            ExceptionUtils.handleThrowable(t);
            if (t instanceof ServletException) {
                throw (ServletException) t;
            }
            return null;
        }
    } else {
        return context.createServlet(c);
    }
}
 
Example #13
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public <T extends Filter> T createFilter(Class<T> c)
throws ServletException {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        try {
            return (T) invokeMethod(context, "createFilter",
                                          new Object[]{c});
        } catch (Throwable t) {
            ExceptionUtils.handleThrowable(t);
            if (t instanceof ServletException) {
                throw (ServletException) t;
            }
            return null;
        }
    } else {
        return context.createFilter(c);
    }
}
 
Example #14
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public <T extends Filter> T createFilter(Class<T> c)
throws ServletException {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        try {
            return (T) invokeMethod(context, "createFilter", 
                                          new Object[]{c});
        } catch (Throwable t) {
            ExceptionUtils.handleThrowable(t);
            if (t instanceof ServletException) {
                throw (ServletException) t;
            }
            return null;
        }
    } else {
        return context.createFilter(c);
    }
}
 
Example #15
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public void log(String message, Throwable throwable) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        doPrivileged("log", new Class[]{String.class, Throwable.class}, 
                     new Object[]{message, throwable});
    } else {
        context.log(message, throwable);
    }
}
 
Example #16
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public int getEffectiveMinorVersion() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return ((Integer) doPrivileged("getEffectiveMinorVersion",
                null)).intValue();
    } else  {
        return context.getEffectiveMinorVersion();
    }
}
 
Example #17
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
/**
  * @deprecated As of Java Servlet API 2.1, with no direct replacement.
  */
 @Override
 @SuppressWarnings("unchecked") // doPrivileged() returns the correct type
 @Deprecated
 public Enumeration<String> getServletNames() {
     if (SecurityUtil.isPackageProtectionEnabled()) {
         return (Enumeration<String>) doPrivileged("getServletNames", null);
     } else {
         return context.getServletNames();
     }
}
 
Example #18
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void setSessionTrackingModes(
        Set<SessionTrackingMode> sessionTrackingModes) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        doPrivileged("setSessionTrackingModes",
                new Object[]{sessionTrackingModes});
    } else {
        context.setSessionTrackingModes(sessionTrackingModes);
    }
}
 
Example #19
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (SessionCookieConfig)
            doPrivileged("getSessionCookieConfig", null);
    } else {
        return context.getSessionCookieConfig();
    }
}
 
Example #20
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getEffectiveSessionTrackingModes", null);
    } else {
        return context.getEffectiveSessionTrackingModes();
    }
}
 
Example #21
Source File: CoyoteInputStream.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public int read(final byte[] b) throws IOException {

    if (SecurityUtil.isPackageProtectionEnabled()){
        try{
            Integer result =
                AccessController.doPrivileged(
                    new PrivilegedExceptionAction<Integer>(){

                        @Override
                        public Integer run() throws IOException{
                            Integer integer =
                                Integer.valueOf(ib.read(b, 0, b.length));
                            return integer;
                        }

            });
            return result.intValue();
        } catch(PrivilegedActionException pae){
            Exception e = pae.getException();
            if (e instanceof IOException){
                throw (IOException)e;
            } else {
                throw new RuntimeException(e.getMessage() ,e);
            }
        }
    } else {
        return ib.read(b, 0, b.length);
     }
}
 
Example #22
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public ServletRegistration getServletRegistration(String servletName) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (ServletRegistration) doPrivileged(
                "getServletRegistration", new Object[]{servletName});
    } else {
        return context.getServletRegistration(servletName);
    }
}
 
Example #23
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public Dynamic addJspFile(String jspName, String jspFile) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (ServletRegistration.Dynamic) doPrivileged("addJspFile",
                new Object[]{jspName, jspFile});
    } else {
        return context.addJspFile(jspName, jspFile);
    }
}
 
Example #24
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (SessionCookieConfig)
            doPrivileged("getSessionCookieConfig", null);
    } else {
        return context.getSessionCookieConfig();
    }
}
 
Example #25
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public ServletRegistration.Dynamic addServlet(String servletName,
        Servlet servlet) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (ServletRegistration.Dynamic) doPrivileged("addServlet",
                new Class[]{String.class, Servlet.class},
                new Object[]{servletName, servlet});
    } else {
        return context.addServlet(servletName, servlet);
    }
}
 
Example #26
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getEffectiveSessionTrackingModes", null);
    } else {
        return context.getEffectiveSessionTrackingModes();
    }
}
 
Example #27
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public FilterRegistration getFilterRegistration(String filterName) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (FilterRegistration) doPrivileged(
                "getFilterRegistration", new Object[]{filterName});
    } else {
        return context.getFilterRegistration(filterName);
    }
}
 
Example #28
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public void setSessionTrackingModes(
        Set<SessionTrackingMode> sessionTrackingModes) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        doPrivileged("setSessionTrackingModes",
                new Object[]{sessionTrackingModes});
    } else {
        context.setSessionTrackingModes(sessionTrackingModes);
    }
}
 
Example #29
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public String getRequestCharacterEncoding() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (String) doPrivileged("getRequestCharacterEncoding", null);
    } else  {
        return context.getRequestCharacterEncoding();
    }
}
 
Example #30
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
/**
 * @deprecated As of Java Servlet API 2.1, use
 *  <code>log(String, Throwable)</code> instead
 */
@Override
@Deprecated
public void log(Exception exception, String msg) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        doPrivileged("log", new Class[]{Exception.class, String.class}, 
                     new Object[]{exception,msg});
    } else {
        context.log(exception, msg);
    }
}