|
|
6f268b |
commit 2aac69f694d42d9219eb27018b3da0ae1bdd73ab
|
|
|
6f268b |
Author: Mark Thomas <markt@apache.org>
|
|
|
6f268b |
Date: Tue Feb 6 12:49:49 2018 +0000
|
|
|
6f268b |
|
|
|
6f268b |
Process all ServletSecurity annotations at web application start rather
|
|
|
6f268b |
than at servlet load time to ensure constraints are applied
|
|
|
6f268b |
consistently.
|
|
|
6f268b |
|
|
|
6f268b |
git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1823322 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
6f268b |
|
|
|
6f268b |
diff -up java/org/apache/catalina/authenticator/AuthenticatorBase.java.orig java/org/apache/catalina/authenticator/AuthenticatorBase.java
|
|
|
6f268b |
--- java/org/apache/catalina/authenticator/AuthenticatorBase.java.orig 2019-02-28 15:41:52.561346049 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/authenticator/AuthenticatorBase.java 2019-02-28 15:44:09.129930251 -0500
|
|
|
6f268b |
@@ -40,7 +40,6 @@ import org.apache.catalina.Manager;
|
|
|
6f268b |
import org.apache.catalina.Realm;
|
|
|
6f268b |
import org.apache.catalina.Session;
|
|
|
6f268b |
import org.apache.catalina.Valve;
|
|
|
6f268b |
-import org.apache.catalina.Wrapper;
|
|
|
6f268b |
import org.apache.catalina.connector.Request;
|
|
|
6f268b |
import org.apache.catalina.connector.Response;
|
|
|
6f268b |
import org.apache.catalina.deploy.LoginConfig;
|
|
|
6f268b |
@@ -488,13 +487,6 @@ public abstract class AuthenticatorBase
|
|
|
6f268b |
}
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
- // The Servlet may specify security constraints through annotations.
|
|
|
6f268b |
- // Ensure that they have been processed before constraints are checked
|
|
|
6f268b |
- Wrapper wrapper = (Wrapper) request.getMappingData().wrapper;
|
|
|
6f268b |
- if (wrapper != null) {
|
|
|
6f268b |
- wrapper.servletSecurityAnnotationScan();
|
|
|
6f268b |
- }
|
|
|
6f268b |
-
|
|
|
6f268b |
Realm realm = this.context.getRealm();
|
|
|
6f268b |
// Is this request URI subject to a security constraint?
|
|
|
6f268b |
SecurityConstraint [] constraints
|
|
|
6f268b |
diff -up java/org/apache/catalina/core/ApplicationContext.java.orig java/org/apache/catalina/core/ApplicationContext.java
|
|
|
6f268b |
--- java/org/apache/catalina/core/ApplicationContext.java.orig 2017-03-09 08:51:39.000000000 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/core/ApplicationContext.java 2019-02-28 15:44:09.130930248 -0500
|
|
|
6f268b |
@@ -53,8 +53,10 @@ import javax.servlet.ServletException;
|
|
|
6f268b |
import javax.servlet.ServletRegistration;
|
|
|
6f268b |
import javax.servlet.ServletRequestAttributeListener;
|
|
|
6f268b |
import javax.servlet.ServletRequestListener;
|
|
|
6f268b |
+import javax.servlet.ServletSecurityElement;
|
|
|
6f268b |
import javax.servlet.SessionCookieConfig;
|
|
|
6f268b |
import javax.servlet.SessionTrackingMode;
|
|
|
6f268b |
+import javax.servlet.annotation.ServletSecurity;
|
|
|
6f268b |
import javax.servlet.descriptor.JspConfigDescriptor;
|
|
|
6f268b |
import javax.servlet.http.HttpSessionAttributeListener;
|
|
|
6f268b |
import javax.servlet.http.HttpSessionListener;
|
|
|
6f268b |
@@ -69,6 +71,7 @@ import org.apache.catalina.Wrapper;
|
|
|
6f268b |
import org.apache.catalina.connector.Connector;
|
|
|
6f268b |
import org.apache.catalina.deploy.FilterDef;
|
|
|
6f268b |
import org.apache.catalina.util.ResourceSet;
|
|
|
6f268b |
+import org.apache.catalina.util.Introspection;
|
|
|
6f268b |
import org.apache.catalina.util.ServerInfo;
|
|
|
6f268b |
import org.apache.catalina.util.URLEncoder;
|
|
|
6f268b |
import org.apache.naming.resources.DirContextURLStreamHandler;
|
|
|
6f268b |
@@ -1186,14 +1189,27 @@ public class ApplicationContext implemen
|
|
|
6f268b |
}
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
+ ServletSecurity annotation = null;
|
|
|
6f268b |
if (servlet == null) {
|
|
|
6f268b |
wrapper.setServletClass(servletClass);
|
|
|
6f268b |
+ Class clazz = Introspection.loadClass(context, servletClass);
|
|
|
6f268b |
+ if (clazz != null) {
|
|
|
6f268b |
+ annotation = clazz.getAnnotation(ServletSecurity.class);
|
|
|
6f268b |
+ }
|
|
|
6f268b |
} else {
|
|
|
6f268b |
wrapper.setServletClass(servlet.getClass().getName());
|
|
|
6f268b |
wrapper.setServlet(servlet);
|
|
|
6f268b |
+ if (context.wasCreatedDynamicServlet(servlet)) {
|
|
|
6f268b |
+ annotation = servlet.getClass().getAnnotation(ServletSecurity.class);
|
|
|
6f268b |
+ }
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
- return context.dynamicServletAdded(wrapper);
|
|
|
6f268b |
+ ServletRegistration.Dynamic registration =
|
|
|
6f268b |
+ new ApplicationServletRegistration(wrapper, context);
|
|
|
6f268b |
+ if (annotation != null) {
|
|
|
6f268b |
+ registration.setServletSecurity(new ServletSecurityElement(annotation));
|
|
|
6f268b |
+ }
|
|
|
6f268b |
+ return registration;
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
|
|
|
6f268b |
diff -up java/org/apache/catalina/core/ApplicationServletRegistration.java.orig java/org/apache/catalina/core/ApplicationServletRegistration.java
|
|
|
6f268b |
--- java/org/apache/catalina/core/ApplicationServletRegistration.java.orig 2019-02-28 15:41:52.568346028 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/core/ApplicationServletRegistration.java 2019-02-28 15:44:09.130930248 -0500
|
|
|
6f268b |
@@ -5,9 +5,9 @@
|
|
|
6f268b |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
|
6f268b |
* (the "License"); you may not use this file except in compliance with
|
|
|
6f268b |
* the License. You may obtain a copy of the License at
|
|
|
6f268b |
- *
|
|
|
6f268b |
+ *
|
|
|
6f268b |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
6f268b |
- *
|
|
|
6f268b |
+ *
|
|
|
6f268b |
* Unless required by applicable law or agreed to in writing, software
|
|
|
6f268b |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
6f268b |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
6f268b |
@@ -41,15 +41,16 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
*/
|
|
|
6f268b |
private static final StringManager sm =
|
|
|
6f268b |
StringManager.getManager(Constants.Package);
|
|
|
6f268b |
-
|
|
|
6f268b |
- private Wrapper wrapper;
|
|
|
6f268b |
- private Context context;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
+ private final Wrapper wrapper;
|
|
|
6f268b |
+ private final Context context;
|
|
|
6f268b |
+ private ServletSecurityElement constraint;
|
|
|
6f268b |
+
|
|
|
6f268b |
public ApplicationServletRegistration(Wrapper wrapper,
|
|
|
6f268b |
Context context) {
|
|
|
6f268b |
this.wrapper = wrapper;
|
|
|
6f268b |
this.context = context;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
@Override
|
|
|
6f268b |
@@ -65,9 +66,9 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
@Override
|
|
|
6f268b |
public Map<String, String> getInitParameters() {
|
|
|
6f268b |
ParameterMap<String,String> result = new ParameterMap<String,String>();
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
String[] parameterNames = wrapper.findInitParameters();
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
for (String parameterName : parameterNames) {
|
|
|
6f268b |
result.put(parameterName, wrapper.findInitParameter(parameterName));
|
|
|
6f268b |
}
|
|
|
6f268b |
@@ -91,7 +92,7 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
if (getInitParameter(name) != null) {
|
|
|
6f268b |
return false;
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
wrapper.addInitParameter(name, value);
|
|
|
6f268b |
|
|
|
6f268b |
return true;
|
|
|
6f268b |
@@ -99,9 +100,9 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
|
|
|
6f268b |
@Override
|
|
|
6f268b |
public Set<String> setInitParameters(Map<String, String> initParameters) {
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
Set<String> conflicts = new HashSet<String>();
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
for (Map.Entry<String, String> entry : initParameters.entrySet()) {
|
|
|
6f268b |
if (entry.getKey() == null || entry.getValue() == null) {
|
|
|
6f268b |
throw new IllegalArgumentException(sm.getString(
|
|
|
6f268b |
@@ -151,13 +152,14 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
"applicationServletRegistration.setServletSecurity.iae",
|
|
|
6f268b |
getName(), context.getName()));
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
|
|
|
6f268b |
throw new IllegalStateException(sm.getString(
|
|
|
6f268b |
"applicationServletRegistration.setServletSecurity.ise",
|
|
|
6f268b |
getName(), context.getName()));
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
+ this.constraint = constraint;
|
|
|
6f268b |
return context.addServletSecurity(this, constraint);
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
@@ -167,9 +169,9 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
if (urlPatterns == null) {
|
|
|
6f268b |
return Collections.emptySet();
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
Set<String> conflicts = new HashSet<String>();
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
for (String urlPattern : urlPatterns) {
|
|
|
6f268b |
String wrapperName = context.findServletMapping(urlPattern);
|
|
|
6f268b |
if (wrapperName != null) {
|
|
|
6f268b |
@@ -187,10 +189,15 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
if (!conflicts.isEmpty()) {
|
|
|
6f268b |
return conflicts;
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
for (String urlPattern : urlPatterns) {
|
|
|
6f268b |
context.addServletMapping(urlPattern, wrapper.getName());
|
|
|
6f268b |
}
|
|
|
6f268b |
+
|
|
|
6f268b |
+ if (constraint != null) {
|
|
|
6f268b |
+ context.addServletSecurity(this, constraint);
|
|
|
6f268b |
+ }
|
|
|
6f268b |
+
|
|
|
6f268b |
return Collections.emptySet();
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
@@ -199,7 +206,7 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
|
|
|
6f268b |
Set<String> result = new HashSet<String>();
|
|
|
6f268b |
String servletName = wrapper.getName();
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
String[] urlPatterns = context.findServletMappings();
|
|
|
6f268b |
for (String urlPattern : urlPatterns) {
|
|
|
6f268b |
String name = context.findServletMapping(urlPattern);
|
|
|
6f268b |
@@ -214,5 +221,5 @@ public class ApplicationServletRegistrat
|
|
|
6f268b |
public String getRunAsRole() {
|
|
|
6f268b |
return wrapper.getRunAs();
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
}
|
|
|
6f268b |
diff -up java/org/apache/catalina/core/StandardContext.java.orig java/org/apache/catalina/core/StandardContext.java
|
|
|
6f268b |
--- java/org/apache/catalina/core/StandardContext.java.orig 2017-03-09 08:51:39.000000000 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/core/StandardContext.java 2019-02-28 15:44:09.132930242 -0500
|
|
|
6f268b |
@@ -4813,27 +4813,36 @@ public class StandardContext extends Con
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
/**
|
|
|
6f268b |
- * hook to register that we need to scan for security annotations.
|
|
|
6f268b |
- * @param wrapper The wrapper for the Servlet that was added
|
|
|
6f268b |
+ * Create a servlet registration.
|
|
|
6f268b |
+ *
|
|
|
6f268b |
+ * @param wrapper The wrapper for which the registration should be created.
|
|
|
6f268b |
+ *
|
|
|
6f268b |
+ * @return An appropriate registration
|
|
|
6f268b |
+ *
|
|
|
6f268b |
+ * @deprecated This will be removed in Tomcat 9. The registration should be
|
|
|
6f268b |
+ * created directly.
|
|
|
6f268b |
*/
|
|
|
6f268b |
+ @Deprecated
|
|
|
6f268b |
public ServletRegistration.Dynamic dynamicServletAdded(Wrapper wrapper) {
|
|
|
6f268b |
- Servlet s = wrapper.getServlet();
|
|
|
6f268b |
- if (s != null && createdServlets.contains(s)) {
|
|
|
6f268b |
- // Mark the wrapper to indicate annotations need to be scanned
|
|
|
6f268b |
- wrapper.setServletSecurityAnnotationScanRequired(true);
|
|
|
6f268b |
- }
|
|
|
6f268b |
return new ApplicationServletRegistration(wrapper, this);
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
/**
|
|
|
6f268b |
- * hook to track which registrations need annotation scanning
|
|
|
6f268b |
- * @param servlet
|
|
|
6f268b |
+ * Hook to track which Servlets were created via
|
|
|
6f268b |
+ * {@link ServletContext#createServlet(Class)}.
|
|
|
6f268b |
+ *
|
|
|
6f268b |
+ * @param servlet the created Servlet
|
|
|
6f268b |
*/
|
|
|
6f268b |
public void dynamicServletCreated(Servlet servlet) {
|
|
|
6f268b |
createdServlets.add(servlet);
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
|
|
|
6f268b |
+ public boolean wasCreatedDynamicServlet(Servlet servlet) {
|
|
|
6f268b |
+ return createdServlets.contains(servlet);
|
|
|
6f268b |
+ }
|
|
|
6f268b |
+
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
* A helper class to manage the filter mappings in a Context.
|
|
|
6f268b |
*/
|
|
|
6f268b |
diff -up java/org/apache/catalina/core/StandardWrapper.java.orig java/org/apache/catalina/core/StandardWrapper.java
|
|
|
6f268b |
--- java/org/apache/catalina/core/StandardWrapper.java.orig 2019-02-28 15:41:52.576346004 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/core/StandardWrapper.java 2019-02-28 15:44:09.133930239 -0500
|
|
|
6f268b |
@@ -5,17 +5,15 @@
|
|
|
6f268b |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
|
6f268b |
* (the "License"); you may not use this file except in compliance with
|
|
|
6f268b |
* the License. You may obtain a copy of the License at
|
|
|
6f268b |
- *
|
|
|
6f268b |
+ *
|
|
|
6f268b |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
6f268b |
- *
|
|
|
6f268b |
+ *
|
|
|
6f268b |
* Unless required by applicable law or agreed to in writing, software
|
|
|
6f268b |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
6f268b |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
6f268b |
* See the License for the specific language governing permissions and
|
|
|
6f268b |
* limitations under the License.
|
|
|
6f268b |
*/
|
|
|
6f268b |
-
|
|
|
6f268b |
-
|
|
|
6f268b |
package org.apache.catalina.core;
|
|
|
6f268b |
|
|
|
6f268b |
import java.io.PrintStream;
|
|
|
6f268b |
@@ -44,11 +42,9 @@ import javax.servlet.ServletContext;
|
|
|
6f268b |
import javax.servlet.ServletException;
|
|
|
6f268b |
import javax.servlet.ServletRequest;
|
|
|
6f268b |
import javax.servlet.ServletResponse;
|
|
|
6f268b |
-import javax.servlet.ServletSecurityElement;
|
|
|
6f268b |
import javax.servlet.SingleThreadModel;
|
|
|
6f268b |
import javax.servlet.UnavailableException;
|
|
|
6f268b |
import javax.servlet.annotation.MultipartConfig;
|
|
|
6f268b |
-import javax.servlet.annotation.ServletSecurity;
|
|
|
6f268b |
|
|
|
6f268b |
import org.apache.catalina.Container;
|
|
|
6f268b |
import org.apache.catalina.ContainerServlet;
|
|
|
6f268b |
@@ -114,12 +110,12 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
* servlet is considered permanent.
|
|
|
6f268b |
*/
|
|
|
6f268b |
protected long available = 0L;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
- * The broadcaster that sends j2ee notifications.
|
|
|
6f268b |
+ * The broadcaster that sends j2ee notifications.
|
|
|
6f268b |
*/
|
|
|
6f268b |
protected NotificationBroadcasterSupport broadcaster = null;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
* The count of allocations that are currently active (even if they
|
|
|
6f268b |
* are for the same instance, as will be true on a non-STM servlet).
|
|
|
6f268b |
@@ -231,12 +227,12 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
*/
|
|
|
6f268b |
protected Stack<Servlet> instancePool = null;
|
|
|
6f268b |
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
* Wait time for servlet unload in ms.
|
|
|
6f268b |
*/
|
|
|
6f268b |
protected long unloadDelay = 2000;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
|
|
|
6f268b |
/**
|
|
|
6f268b |
* True if this StandardWrapper is for the JspServlet
|
|
|
6f268b |
@@ -259,12 +255,12 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
protected StandardWrapperValve swValve;
|
|
|
6f268b |
protected long loadTime=0;
|
|
|
6f268b |
protected int classLoadTime=0;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
* Multipart config
|
|
|
6f268b |
*/
|
|
|
6f268b |
protected MultipartConfigElement multipartConfigElement = null;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
* Async support
|
|
|
6f268b |
*/
|
|
|
6f268b |
@@ -275,26 +271,24 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
*/
|
|
|
6f268b |
protected boolean enabled = true;
|
|
|
6f268b |
|
|
|
6f268b |
- protected volatile boolean servletSecurityAnnotationScanRequired = false;
|
|
|
6f268b |
-
|
|
|
6f268b |
private boolean overridable = false;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
- * Static class array used when the SecurityManager is turned on and
|
|
|
6f268b |
+ * Static class array used when the SecurityManager is turned on and
|
|
|
6f268b |
* Servlet.init is invoked.
|
|
|
6f268b |
*/
|
|
|
6f268b |
protected static Class[] classType = new Class[]{ServletConfig.class};
|
|
|
6f268b |
-
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
- * Static class array used when the SecurityManager is turned on and
|
|
|
6f268b |
+ * Static class array used when the SecurityManager is turned on and
|
|
|
6f268b |
* Servlet.service is invoked.
|
|
|
6f268b |
- */
|
|
|
6f268b |
+ */
|
|
|
6f268b |
@Deprecated
|
|
|
6f268b |
protected static Class[] classTypeUsedInService = new Class[]{
|
|
|
6f268b |
ServletRequest.class,
|
|
|
6f268b |
ServletResponse.class};
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
|
|
|
6f268b |
private final ReentrantReadWriteLock parametersLock =
|
|
|
6f268b |
new ReentrantReadWriteLock();
|
|
|
6f268b |
@@ -625,7 +619,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
public String[] getServletMethods() throws ServletException {
|
|
|
6f268b |
|
|
|
6f268b |
instance = loadServlet();
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
Class servletClazz = instance.getClass();
|
|
|
6f268b |
if (!javax.servlet.http.HttpServlet.class.isAssignableFrom(
|
|
|
6f268b |
servletClazz)) {
|
|
|
6f268b |
@@ -665,8 +659,8 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
public Servlet getServlet() {
|
|
|
6f268b |
return instance;
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
* Set the associated servlet instance.
|
|
|
6f268b |
*/
|
|
|
6f268b |
@@ -675,13 +669,13 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
instance = servlet;
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
* {@inheritDoc}
|
|
|
6f268b |
*/
|
|
|
6f268b |
@Override
|
|
|
6f268b |
public void setServletSecurityAnnotationScanRequired(boolean b) {
|
|
|
6f268b |
- this.servletSecurityAnnotationScanRequired = b;
|
|
|
6f268b |
+ // NO-OP
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
// --------------------------------------------------------- Public Methods
|
|
|
6f268b |
@@ -695,19 +689,19 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
@Override
|
|
|
6f268b |
public void backgroundProcess() {
|
|
|
6f268b |
super.backgroundProcess();
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
if (!getState().isAvailable())
|
|
|
6f268b |
return;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
if (getServlet() != null && (getServlet() instanceof PeriodicEventListener)) {
|
|
|
6f268b |
((PeriodicEventListener) getServlet()).periodicEvent();
|
|
|
6f268b |
}
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
* Extract the root cause from a servlet exception.
|
|
|
6f268b |
- *
|
|
|
6f268b |
+ *
|
|
|
6f268b |
* @param e The servlet exception
|
|
|
6f268b |
*/
|
|
|
6f268b |
public static Throwable getRootCause(ServletException e) {
|
|
|
6f268b |
@@ -836,7 +830,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
boolean newInstance = false;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
// If not SingleThreadedModel, return the same instance every time
|
|
|
6f268b |
if (!singleThreadModel) {
|
|
|
6f268b |
// Load and initialize our instance if necessary
|
|
|
6f268b |
@@ -1070,7 +1064,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
@Override
|
|
|
6f268b |
public synchronized void load() throws ServletException {
|
|
|
6f268b |
instance = loadServlet();
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
if (!instanceInitialized) {
|
|
|
6f268b |
initServlet(instance);
|
|
|
6f268b |
}
|
|
|
6f268b |
@@ -1078,12 +1072,12 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
if (isJspServlet) {
|
|
|
6f268b |
StringBuilder oname =
|
|
|
6f268b |
new StringBuilder(MBeanUtils.getDomain(getParent()));
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
oname.append(":type=JspMonitor,name=");
|
|
|
6f268b |
oname.append(getName());
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
oname.append(getWebModuleKeyProperties());
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
try {
|
|
|
6f268b |
jspMonitorON = new ObjectName(oname.toString());
|
|
|
6f268b |
Registry.getRegistry(null, null)
|
|
|
6f268b |
@@ -1161,8 +1155,6 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
}
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
- processServletSecurityAnnotation(servlet.getClass());
|
|
|
6f268b |
-
|
|
|
6f268b |
// Special handling for ContainerServlet instances
|
|
|
6f268b |
if ((servlet instanceof ContainerServlet) &&
|
|
|
6f268b |
(isContainerProvidedServlet(servletClass) ||
|
|
|
6f268b |
@@ -1205,44 +1197,13 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
*/
|
|
|
6f268b |
@Override
|
|
|
6f268b |
public void servletSecurityAnnotationScan() throws ServletException {
|
|
|
6f268b |
- if (getServlet() == null) {
|
|
|
6f268b |
- Class clazz = null;
|
|
|
6f268b |
- try {
|
|
|
6f268b |
- clazz = getParent().getLoader().getClassLoader().loadClass(
|
|
|
6f268b |
- getServletClass());
|
|
|
6f268b |
- processServletSecurityAnnotation(clazz);
|
|
|
6f268b |
- } catch (ClassNotFoundException e) {
|
|
|
6f268b |
- // Safe to ignore. No class means no annotations to process
|
|
|
6f268b |
- }
|
|
|
6f268b |
- } else {
|
|
|
6f268b |
- if (servletSecurityAnnotationScanRequired) {
|
|
|
6f268b |
- processServletSecurityAnnotation(getServlet().getClass());
|
|
|
6f268b |
- }
|
|
|
6f268b |
- }
|
|
|
6f268b |
+ // NO-OP
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
- private void processServletSecurityAnnotation(Class clazz) {
|
|
|
6f268b |
- // Calling this twice isn't harmful so no syncs
|
|
|
6f268b |
- servletSecurityAnnotationScanRequired = false;
|
|
|
6f268b |
-
|
|
|
6f268b |
- Context ctxt = (Context) getParent();
|
|
|
6f268b |
-
|
|
|
6f268b |
- if (ctxt.getIgnoreAnnotations()) {
|
|
|
6f268b |
- return;
|
|
|
6f268b |
- }
|
|
|
6f268b |
-
|
|
|
6f268b |
- ServletSecurity secAnnotation =
|
|
|
6f268b |
- clazz.getAnnotation(ServletSecurity.class);
|
|
|
6f268b |
- if (secAnnotation != null) {
|
|
|
6f268b |
- ctxt.addServletSecurity(
|
|
|
6f268b |
- new ApplicationServletRegistration(this, ctxt),
|
|
|
6f268b |
- new ServletSecurityElement(secAnnotation));
|
|
|
6f268b |
- }
|
|
|
6f268b |
- }
|
|
|
6f268b |
|
|
|
6f268b |
private synchronized void initServlet(Servlet servlet)
|
|
|
6f268b |
throws ServletException {
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
if (instanceInitialized && !singleThreadModel) return;
|
|
|
6f268b |
|
|
|
6f268b |
// Call the initialization method of this servlet
|
|
|
6f268b |
@@ -1454,12 +1415,12 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
if (swallowOutput) {
|
|
|
6f268b |
SystemLogHandler.startCapture();
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
// Call the servlet destroy() method
|
|
|
6f268b |
try {
|
|
|
6f268b |
instanceSupport.fireInstanceEvent
|
|
|
6f268b |
(InstanceEvent.BEFORE_DESTROY_EVENT, instance);
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
if( Globals.IS_SECURITY_ENABLED) {
|
|
|
6f268b |
try {
|
|
|
6f268b |
SecurityUtil.doAsPrivilege("destroy",
|
|
|
6f268b |
@@ -1470,7 +1431,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
} else {
|
|
|
6f268b |
instance.destroy();
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
instanceSupport.fireInstanceEvent
|
|
|
6f268b |
(InstanceEvent.AFTER_DESTROY_EVENT, instance);
|
|
|
6f268b |
|
|
|
6f268b |
@@ -1701,7 +1662,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
public boolean isAsyncSupported() {
|
|
|
6f268b |
return asyncSupported;
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
@Override
|
|
|
6f268b |
public void setAsyncSupported(boolean asyncSupported) {
|
|
|
6f268b |
this.asyncSupported = asyncSupported;
|
|
|
6f268b |
@@ -1711,7 +1672,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
public boolean isEnabled() {
|
|
|
6f268b |
return enabled;
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
@Override
|
|
|
6f268b |
public void setEnabled(boolean enabled) {
|
|
|
6f268b |
this.enabled = enabled;
|
|
|
6f268b |
@@ -1787,24 +1748,24 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
*/
|
|
|
6f268b |
@Override
|
|
|
6f268b |
protected synchronized void startInternal() throws LifecycleException {
|
|
|
6f268b |
-
|
|
|
6f268b |
- // Send j2ee.state.starting notification
|
|
|
6f268b |
+
|
|
|
6f268b |
+ // Send j2ee.state.starting notification
|
|
|
6f268b |
if (this.getObjectName() != null) {
|
|
|
6f268b |
- Notification notification = new Notification("j2ee.state.starting",
|
|
|
6f268b |
- this.getObjectName(),
|
|
|
6f268b |
+ Notification notification = new Notification("j2ee.state.starting",
|
|
|
6f268b |
+ this.getObjectName(),
|
|
|
6f268b |
sequenceNumber++);
|
|
|
6f268b |
broadcaster.sendNotification(notification);
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
// Start up this component
|
|
|
6f268b |
super.startInternal();
|
|
|
6f268b |
|
|
|
6f268b |
setAvailable(0L);
|
|
|
6f268b |
|
|
|
6f268b |
- // Send j2ee.state.running notification
|
|
|
6f268b |
+ // Send j2ee.state.running notification
|
|
|
6f268b |
if (this.getObjectName() != null) {
|
|
|
6f268b |
- Notification notification =
|
|
|
6f268b |
- new Notification("j2ee.state.running", this.getObjectName(),
|
|
|
6f268b |
+ Notification notification =
|
|
|
6f268b |
+ new Notification("j2ee.state.running", this.getObjectName(),
|
|
|
6f268b |
sequenceNumber++);
|
|
|
6f268b |
broadcaster.sendNotification(notification);
|
|
|
6f268b |
}
|
|
|
6f268b |
@@ -1823,15 +1784,15 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
protected synchronized void stopInternal() throws LifecycleException {
|
|
|
6f268b |
|
|
|
6f268b |
setAvailable(Long.MAX_VALUE);
|
|
|
6f268b |
-
|
|
|
6f268b |
- // Send j2ee.state.stopping notification
|
|
|
6f268b |
+
|
|
|
6f268b |
+ // Send j2ee.state.stopping notification
|
|
|
6f268b |
if (this.getObjectName() != null) {
|
|
|
6f268b |
- Notification notification =
|
|
|
6f268b |
- new Notification("j2ee.state.stopping", this.getObjectName(),
|
|
|
6f268b |
+ Notification notification =
|
|
|
6f268b |
+ new Notification("j2ee.state.stopping", this.getObjectName(),
|
|
|
6f268b |
sequenceNumber++);
|
|
|
6f268b |
broadcaster.sendNotification(notification);
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
// Shut down our servlet instance (if it has been initialized)
|
|
|
6f268b |
try {
|
|
|
6f268b |
unload();
|
|
|
6f268b |
@@ -1843,43 +1804,43 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
// Shut down this component
|
|
|
6f268b |
super.stopInternal();
|
|
|
6f268b |
|
|
|
6f268b |
- // Send j2ee.state.stopped notification
|
|
|
6f268b |
+ // Send j2ee.state.stopped notification
|
|
|
6f268b |
if (this.getObjectName() != null) {
|
|
|
6f268b |
- Notification notification =
|
|
|
6f268b |
- new Notification("j2ee.state.stopped", this.getObjectName(),
|
|
|
6f268b |
+ Notification notification =
|
|
|
6f268b |
+ new Notification("j2ee.state.stopped", this.getObjectName(),
|
|
|
6f268b |
sequenceNumber++);
|
|
|
6f268b |
broadcaster.sendNotification(notification);
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
- // Send j2ee.object.deleted notification
|
|
|
6f268b |
- Notification notification =
|
|
|
6f268b |
- new Notification("j2ee.object.deleted", this.getObjectName(),
|
|
|
6f268b |
+
|
|
|
6f268b |
+ // Send j2ee.object.deleted notification
|
|
|
6f268b |
+ Notification notification =
|
|
|
6f268b |
+ new Notification("j2ee.object.deleted", this.getObjectName(),
|
|
|
6f268b |
sequenceNumber++);
|
|
|
6f268b |
broadcaster.sendNotification(notification);
|
|
|
6f268b |
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
@Override
|
|
|
6f268b |
protected String getObjectNameKeyProperties() {
|
|
|
6f268b |
|
|
|
6f268b |
StringBuilder keyProperties =
|
|
|
6f268b |
new StringBuilder("j2eeType=Servlet,name=");
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
String name = getName();
|
|
|
6f268b |
if (Util.objectNameValueNeedsQuote(name)) {
|
|
|
6f268b |
name = ObjectName.quote(name);
|
|
|
6f268b |
}
|
|
|
6f268b |
keyProperties.append(name);
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
keyProperties.append(getWebModuleKeyProperties());
|
|
|
6f268b |
|
|
|
6f268b |
return keyProperties.toString();
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
|
|
|
6f268b |
private String getWebModuleKeyProperties() {
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
StringBuilder keyProperties = new StringBuilder(",WebModule=//");
|
|
|
6f268b |
String hostName = getParent().getParent().getName();
|
|
|
6f268b |
if (hostName == null) {
|
|
|
6f268b |
@@ -1887,7 +1848,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
} else {
|
|
|
6f268b |
keyProperties.append(hostName);
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
String contextName = ((Context) getParent()).getName();
|
|
|
6f268b |
if (!contextName.startsWith("/")) {
|
|
|
6f268b |
keyProperties.append('/');
|
|
|
6f268b |
@@ -1898,7 +1859,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
if (parent instanceof StandardContext) {
|
|
|
6f268b |
ctx = (StandardContext) getParent();
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
keyProperties.append(",J2EEApplication=");
|
|
|
6f268b |
if (ctx == null) {
|
|
|
6f268b |
keyProperties.append("none");
|
|
|
6f268b |
@@ -1911,10 +1872,10 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
} else {
|
|
|
6f268b |
keyProperties.append(ctx.getJ2EEServer());
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
return keyProperties.toString();
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
|
|
|
6f268b |
/**
|
|
|
6f268b |
* JSR 77. Always return false.
|
|
|
6f268b |
@@ -1922,19 +1883,19 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
public boolean isStateManageable() {
|
|
|
6f268b |
return false;
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
|
|
|
6f268b |
- /* Remove a JMX notificationListener
|
|
|
6f268b |
+
|
|
|
6f268b |
+ /* Remove a JMX notificationListener
|
|
|
6f268b |
* @see javax.management.NotificationEmitter#removeNotificationListener(javax.management.NotificationListener, javax.management.NotificationFilter, java.lang.Object)
|
|
|
6f268b |
*/
|
|
|
6f268b |
@Override
|
|
|
6f268b |
- public void removeNotificationListener(NotificationListener listener,
|
|
|
6f268b |
+ public void removeNotificationListener(NotificationListener listener,
|
|
|
6f268b |
NotificationFilter filter, Object object) throws ListenerNotFoundException {
|
|
|
6f268b |
broadcaster.removeNotificationListener(listener,filter,object);
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
protected MBeanNotificationInfo[] notificationInfo;
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
/* Get JMX Broadcaster Info
|
|
|
6f268b |
* @TODO use StringManager for international support!
|
|
|
6f268b |
* @TODO This two events we not send j2ee.state.failed and j2ee.attribute.changed!
|
|
|
6f268b |
@@ -1949,7 +1910,7 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
"j2ee.object.created"},
|
|
|
6f268b |
Notification.class.getName(),
|
|
|
6f268b |
"servlet is created"
|
|
|
6f268b |
- ),
|
|
|
6f268b |
+ ),
|
|
|
6f268b |
new MBeanNotificationInfo(new String[] {
|
|
|
6f268b |
"j2ee.state.starting"},
|
|
|
6f268b |
Notification.class.getName(),
|
|
|
6f268b |
@@ -1980,37 +1941,37 @@ public class StandardWrapper extends Con
|
|
|
6f268b |
|
|
|
6f268b |
return notificationInfo;
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
+
|
|
|
6f268b |
/* Add a JMX-NotificationListener
|
|
|
6f268b |
* @see javax.management.NotificationBroadcaster#addNotificationListener(javax.management.NotificationListener, javax.management.NotificationFilter, java.lang.Object)
|
|
|
6f268b |
*/
|
|
|
6f268b |
@Override
|
|
|
6f268b |
- public void addNotificationListener(NotificationListener listener,
|
|
|
6f268b |
+ public void addNotificationListener(NotificationListener listener,
|
|
|
6f268b |
NotificationFilter filter, Object object) throws IllegalArgumentException {
|
|
|
6f268b |
broadcaster.addNotificationListener(listener,filter,object);
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
+
|
|
|
6f268b |
/**
|
|
|
6f268b |
- * Remove a JMX-NotificationListener
|
|
|
6f268b |
+ * Remove a JMX-NotificationListener
|
|
|
6f268b |
* @see javax.management.NotificationBroadcaster#removeNotificationListener(javax.management.NotificationListener)
|
|
|
6f268b |
*/
|
|
|
6f268b |
@Override
|
|
|
6f268b |
- public void removeNotificationListener(NotificationListener listener)
|
|
|
6f268b |
+ public void removeNotificationListener(NotificationListener listener)
|
|
|
6f268b |
throws ListenerNotFoundException {
|
|
|
6f268b |
broadcaster.removeNotificationListener(listener);
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
+
|
|
|
6f268b |
// ------------------------------------------------------------- Attributes
|
|
|
6f268b |
-
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
+
|
|
|
6f268b |
@Deprecated
|
|
|
6f268b |
public boolean isEventProvider() {
|
|
|
6f268b |
return false;
|
|
|
6f268b |
}
|
|
|
6f268b |
-
|
|
|
6f268b |
+
|
|
|
6f268b |
@Deprecated
|
|
|
6f268b |
public boolean isStatisticsProvider() {
|
|
|
6f268b |
return false;
|
|
|
6f268b |
diff -up java/org/apache/catalina/startup/ContextConfig.java.orig java/org/apache/catalina/startup/ContextConfig.java
|
|
|
6f268b |
--- java/org/apache/catalina/startup/ContextConfig.java.orig 2019-02-28 15:41:52.580345992 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/startup/ContextConfig.java 2019-02-28 15:44:09.134930236 -0500
|
|
|
6f268b |
@@ -433,15 +433,14 @@ public class ContextConfig implements Li
|
|
|
6f268b |
LoginConfig loginConfig = context.getLoginConfig();
|
|
|
6f268b |
|
|
|
6f268b |
SecurityConstraint constraints[] = context.findConstraints();
|
|
|
6f268b |
- if (context.getIgnoreAnnotations() &&
|
|
|
6f268b |
- (constraints == null || constraints.length ==0) &&
|
|
|
6f268b |
+ if ((constraints == null || constraints.length ==0) &&
|
|
|
6f268b |
!context.getPreemptiveAuthentication()) {
|
|
|
6f268b |
+ // No need for an authenticator
|
|
|
6f268b |
return;
|
|
|
6f268b |
} else {
|
|
|
6f268b |
if (loginConfig == null) {
|
|
|
6f268b |
- // Not metadata-complete or security constraints present, need
|
|
|
6f268b |
- // an authenticator to support @ServletSecurity annotations
|
|
|
6f268b |
- // and/or constraints
|
|
|
6f268b |
+ // Security constraints present. Need an authenticator to
|
|
|
6f268b |
+ // support them.
|
|
|
6f268b |
loginConfig = DUMMY_LOGIN_CONFIG;
|
|
|
6f268b |
context.setLoginConfig(loginConfig);
|
|
|
6f268b |
}
|
|
|
6f268b |
diff -up java/org/apache/catalina/startup/Tomcat.java.orig java/org/apache/catalina/startup/Tomcat.java
|
|
|
6f268b |
--- java/org/apache/catalina/startup/Tomcat.java.orig 2019-02-28 15:44:09.135930233 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/startup/Tomcat.java 2019-02-28 15:47:52.376250650 -0500
|
|
|
6f268b |
@@ -928,6 +928,9 @@ public class Tomcat {
|
|
|
6f268b |
Context context = (Context) event.getLifecycle();
|
|
|
6f268b |
if (event.getType().equals(Lifecycle.CONFIGURE_START_EVENT)) {
|
|
|
6f268b |
context.setConfigured(true);
|
|
|
6f268b |
+
|
|
|
6f268b |
+ // Process annotations
|
|
|
6f268b |
+ WebAnnotationSet.loadApplicationAnnotations(context);
|
|
|
6f268b |
}
|
|
|
6f268b |
// LoginConfig is required to process @ServletSecurity
|
|
|
6f268b |
// annotations
|
|
|
6f268b |
diff -up java/org/apache/catalina/startup/WebAnnotationSet.java.orig java/org/apache/catalina/startup/WebAnnotationSet.java
|
|
|
6f268b |
--- java/org/apache/catalina/startup/WebAnnotationSet.java.orig 2017-03-09 08:51:40.000000000 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/startup/WebAnnotationSet.java 2019-02-28 15:47:07.249388035 -0500
|
|
|
6f268b |
@@ -23,10 +23,13 @@ import javax.annotation.Resource;
|
|
|
6f268b |
import javax.annotation.Resources;
|
|
|
6f268b |
import javax.annotation.security.DeclareRoles;
|
|
|
6f268b |
import javax.annotation.security.RunAs;
|
|
|
6f268b |
+import javax.servlet.ServletSecurityElement;
|
|
|
6f268b |
+import javax.servlet.annotation.ServletSecurity;
|
|
|
6f268b |
|
|
|
6f268b |
import org.apache.catalina.Container;
|
|
|
6f268b |
import org.apache.catalina.Context;
|
|
|
6f268b |
import org.apache.catalina.Wrapper;
|
|
|
6f268b |
+import org.apache.catalina.core.ApplicationServletRegistration;
|
|
|
6f268b |
import org.apache.catalina.deploy.ContextEnvironment;
|
|
|
6f268b |
import org.apache.catalina.deploy.ContextResource;
|
|
|
6f268b |
import org.apache.catalina.deploy.ContextResourceEnvRef;
|
|
|
6f268b |
@@ -143,9 +146,17 @@ public class WebAnnotationSet {
|
|
|
6f268b |
* Ref JSR 250, equivalent to the run-as element in
|
|
|
6f268b |
* the deployment descriptor
|
|
|
6f268b |
*/
|
|
|
6f268b |
- RunAs annotation = classClass.getAnnotation(RunAs.class);
|
|
|
6f268b |
- if (annotation != null) {
|
|
|
6f268b |
- wrapper.setRunAs(annotation.value());
|
|
|
6f268b |
+ RunAs runAs = classClass.getAnnotation(RunAs.class);
|
|
|
6f268b |
+ if (runAs != null) {
|
|
|
6f268b |
+ wrapper.setRunAs(runAs.value());
|
|
|
6f268b |
+ }
|
|
|
6f268b |
+
|
|
|
6f268b |
+ // Process ServletSecurity annotation
|
|
|
6f268b |
+ ServletSecurity servletSecurity = classClass.getAnnotation(ServletSecurity.class);
|
|
|
6f268b |
+ if (servletSecurity != null) {
|
|
|
6f268b |
+ context.addServletSecurity(
|
|
|
6f268b |
+ new ApplicationServletRegistration(wrapper, context),
|
|
|
6f268b |
+ new ServletSecurityElement(servletSecurity));
|
|
|
6f268b |
}
|
|
|
6f268b |
}
|
|
|
6f268b |
}
|
|
|
6f268b |
diff -up java/org/apache/catalina/Wrapper.java.orig java/org/apache/catalina/Wrapper.java
|
|
|
6f268b |
--- java/org/apache/catalina/Wrapper.java.orig 2019-02-28 15:41:52.554346071 -0500
|
|
|
6f268b |
+++ java/org/apache/catalina/Wrapper.java 2019-02-28 15:44:09.129930251 -0500
|
|
|
6f268b |
@@ -370,19 +370,23 @@ public interface Wrapper extends Contain
|
|
|
6f268b |
public void setEnabled(boolean enabled);
|
|
|
6f268b |
|
|
|
6f268b |
/**
|
|
|
6f268b |
- * Set the flag that indicates
|
|
|
6f268b |
- * {@link javax.servlet.annotation.ServletSecurity} annotations must be
|
|
|
6f268b |
- * scanned when the Servlet is first used.
|
|
|
6f268b |
+ * This method is no longer used. All implementations should be NO-OPs.
|
|
|
6f268b |
*
|
|
|
6f268b |
- * @param b The new value of the flag
|
|
|
6f268b |
+ * @param b Unused.
|
|
|
6f268b |
+ *
|
|
|
6f268b |
+ * @deprecated This will be removed in Tomcat 9.
|
|
|
6f268b |
*/
|
|
|
6f268b |
+ @Deprecated
|
|
|
6f268b |
public void setServletSecurityAnnotationScanRequired(boolean b);
|
|
|
6f268b |
|
|
|
6f268b |
/**
|
|
|
6f268b |
- * Scan for (if necessary) and process (if found) the
|
|
|
6f268b |
- * {@link javax.servlet.annotation.ServletSecurity} annotations for the
|
|
|
6f268b |
- * Servlet associated with this wrapper.
|
|
|
6f268b |
+ * This method is no longer used. All implementations should be NO-OPs.
|
|
|
6f268b |
+ *
|
|
|
6f268b |
+ * @throws ServletException Never thrown
|
|
|
6f268b |
+ *
|
|
|
6f268b |
+ * @deprecated This will be removed in Tomcat 9.
|
|
|
6f268b |
*/
|
|
|
6f268b |
+ @Deprecated
|
|
|
6f268b |
public void servletSecurityAnnotationScan() throws ServletException;
|
|
|
6f268b |
|
|
|
6f268b |
/**
|
|
|
6f268b |
diff -up webapps/docs/changelog.xml.orig webapps/docs/changelog.xml
|
|
|
6f268b |
--- webapps/docs/changelog.xml.orig 2019-02-28 15:41:52.591345958 -0500
|
|
|
6f268b |
+++ webapps/docs/changelog.xml 2019-02-28 15:44:09.142930212 -0500
|
|
|
6f268b |
@@ -68,6 +68,11 @@
|
|
|
6f268b |
<bug>62067</bug>: Correctly apply security constraints mapped to the
|
|
|
6f268b |
context root using a URL pattern of "" . (markt)
|
|
|
6f268b |
</fix>
|
|
|
6f268b |
+ <fix>
|
|
|
6f268b |
+ Process all ServletSecurity annotations at web application
|
|
|
6f268b |
+ start rather than at servlet load time to ensure constraints are applied
|
|
|
6f268b |
+ consistently. (markt)
|
|
|
6f268b |
+ </fix>
|
|
|
6f268b |
</changelog>
|
|
|
6f268b |
</subsection>
|
|
|
6f268b |
</section>
|
|
|
6f268b |
commit c63b96d72cd39287e17b2ba698f4eee0ba508073
|
|
|
6f268b |
Author: Mark Thomas <markt@apache.org>
|
|
|
6f268b |
Date: Thu Feb 15 20:21:56 2018 +0000
|
|
|
6f268b |
|
|
|
6f268b |
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62104
|
|
|
6f268b |
Fix programmatic login regression as the NonLoginAuthenticator has to be set for it to work (if no login method is specified).
|
|
|
6f268b |
|
|
|
6f268b |
git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1824360 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
6f268b |
|
|
|
6f268b |
diff --git a/java/org/apache/catalina/startup/ContextConfig.java b/java/org/apache/catalina/startup/ContextConfig.java
|
|
|
6f268b |
index d913b0e489..2d8aae0ff1 100644
|
|
|
6f268b |
--- java/org/apache/catalina/startup/ContextConfig.java
|
|
|
6f268b |
+++ java/org/apache/catalina/startup/ContextConfig.java
|
|
|
6f268b |
@@ -431,19 +431,10 @@ public class ContextConfig implements LifecycleListener {
|
|
|
6f268b |
protected void authenticatorConfig() {
|
|
|
6f268b |
|
|
|
6f268b |
LoginConfig loginConfig = context.getLoginConfig();
|
|
|
6f268b |
-
|
|
|
6f268b |
- SecurityConstraint constraints[] = context.findConstraints();
|
|
|
6f268b |
- if ((constraints == null || constraints.length ==0) &&
|
|
|
6f268b |
- !context.getPreemptiveAuthentication()) {
|
|
|
6f268b |
- // No need for an authenticator
|
|
|
6f268b |
- return;
|
|
|
6f268b |
- } else {
|
|
|
6f268b |
- if (loginConfig == null) {
|
|
|
6f268b |
- // Security constraints present. Need an authenticator to
|
|
|
6f268b |
- // support them.
|
|
|
6f268b |
- loginConfig = DUMMY_LOGIN_CONFIG;
|
|
|
6f268b |
- context.setLoginConfig(loginConfig);
|
|
|
6f268b |
- }
|
|
|
6f268b |
+ if (loginConfig == null) {
|
|
|
6f268b |
+ // Need an authenticator to support HttpServletRequest.login()
|
|
|
6f268b |
+ loginConfig = DUMMY_LOGIN_CONFIG;
|
|
|
6f268b |
+ context.setLoginConfig(loginConfig);
|
|
|
6f268b |
}
|
|
|
6f268b |
|
|
|
6f268b |
// Has an authenticator been configured already?
|
|
|
6f268b |
diff -up webapps/docs/changelog.xml.orig webapps/docs/changelog.xml
|
|
|
6f268b |
--- webapps/docs/changelog.xml.orig 2019-02-28 16:12:24.743968359 -0500
|
|
|
6f268b |
+++ webapps/docs/changelog.xml 2019-02-28 16:12:39.412925943 -0500
|
|
|
6f268b |
@@ -73,6 +73,11 @@
|
|
|
6f268b |
start rather than at servlet load time to ensure constraints are applied
|
|
|
6f268b |
consistently. (markt)
|
|
|
6f268b |
</fix>
|
|
|
6f268b |
+ <fix>
|
|
|
6f268b |
+ <bug>62104</bug>: Fix programmatic login regression as the
|
|
|
6f268b |
+ NonLoginAuthenticator has to be set for it to work (if no login method
|
|
|
6f268b |
+ is specified). (remm)
|
|
|
6f268b |
+ </fix>
|
|
|
6f268b |
</changelog>
|
|
|
6f268b |
</subsection>
|
|
|
6f268b |
</section>
|