Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Kaegi2010-11-04 14:42:26 +0000
committerSimon Kaegi2010-11-04 14:42:26 +0000
commit4c9c81fade619c8011b336dc59c396aaed2583d1 (patch)
tree16a6626b779f955d999b86ac4a477de5f1ec6fdb
parent49df617118d9f1d01c6cfca3bdd14909bbf359f6 (diff)
downloadrt.equinox.bundles-4c9c81fade619c8011b336dc59c396aaed2583d1.tar.gz
rt.equinox.bundles-4c9c81fade619c8011b336dc59c396aaed2583d1.tar.xz
rt.equinox.bundles-4c9c81fade619c8011b336dc59c396aaed2583d1.zip
[Bug 329204] OSGi app binaries do not inherit Java 2 security
-rw-r--r--bundles/org.eclipse.equinox.jsp.jasper/META-INF/MANIFEST.MF2
-rw-r--r--bundles/org.eclipse.equinox.jsp.jasper/src/org/eclipse/equinox/jsp/jasper/JspServlet.java43
2 files changed, 43 insertions, 2 deletions
diff --git a/bundles/org.eclipse.equinox.jsp.jasper/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.jsp.jasper/META-INF/MANIFEST.MF
index 76412f1cd..30a51788d 100644
--- a/bundles/org.eclipse.equinox.jsp.jasper/META-INF/MANIFEST.MF
+++ b/bundles/org.eclipse.equinox.jsp.jasper/META-INF/MANIFEST.MF
@@ -4,7 +4,7 @@ Bundle-Name: %bundleName
Bundle-Vendor: %providerName
Bundle-Localization: plugin
Bundle-SymbolicName: org.eclipse.equinox.jsp.jasper
-Bundle-Version: 1.0.101.qualifier
+Bundle-Version: 1.0.102.qualifier
Bundle-Activator: org.eclipse.equinox.internal.jsp.jasper.Activator
Import-Package: javax.servlet;version="2.4",
javax.servlet.http;version="2.4",
diff --git a/bundles/org.eclipse.equinox.jsp.jasper/src/org/eclipse/equinox/jsp/jasper/JspServlet.java b/bundles/org.eclipse.equinox.jsp.jasper/src/org/eclipse/equinox/jsp/jasper/JspServlet.java
index f5f6d3ba1..42aaa403e 100644
--- a/bundles/org.eclipse.equinox.jsp.jasper/src/org/eclipse/equinox/jsp/jasper/JspServlet.java
+++ b/bundles/org.eclipse.equinox.jsp.jasper/src/org/eclipse/equinox/jsp/jasper/JspServlet.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2006-2007 Cognos Incorporated, IBM Corporation and others
+ * Copyright (c) 2006-2010 Cognos Incorporated, IBM Corporation and others
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
@@ -13,10 +13,14 @@ package org.eclipse.equinox.jsp.jasper;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
@@ -61,6 +65,29 @@ import org.osgi.framework.Bundle;
*/
public class JspServlet extends HttpServlet {
+
+ private static class BundlePermissionCollection extends PermissionCollection {
+ private static final long serialVersionUID = -6365478608043900677L;
+ private Bundle bundle;
+
+ public BundlePermissionCollection(Bundle bundle) {
+ this.bundle = bundle;
+ super.setReadOnly();
+ }
+
+ public void add(Permission permission) {
+ throw new SecurityException();
+ }
+
+ public boolean implies(Permission permission) {
+ return bundle.hasPermission(permission);
+ }
+
+ public Enumeration elements() {
+ return Collections.enumeration(Collections.EMPTY_LIST);
+ }
+ }
+
private static final long serialVersionUID = -4110476909131707652L;
private Servlet jspServlet = new org.apache.jasper.servlet.JspServlet();
Bundle bundle;
@@ -84,6 +111,20 @@ public class JspServlet extends HttpServlet {
try {
Thread.currentThread().setContextClassLoader(jspLoader);
jspServlet.init(new ServletConfigAdaptor(config));
+
+ // If a SecurityManager is set we need to override the permissions collection set in Jasper's JSPRuntimeContext
+ if (System.getSecurityManager() != null) {
+ try {
+ Field jspRuntimeContextField = jspServlet.getClass().getDeclaredField("rctxt"); //$NON-NLS-1$
+ jspRuntimeContextField.setAccessible(true);
+ Object jspRuntimeContext = jspRuntimeContextField.get(jspServlet);
+ Field permissionCollectionField = jspRuntimeContext.getClass().getDeclaredField("permissionCollection"); //$NON-NLS-1$
+ permissionCollectionField.setAccessible(true);
+ permissionCollectionField.set(jspRuntimeContext, new BundlePermissionCollection(bundle));
+ } catch (Exception e) {
+ throw new ServletException("Cannot initialize JSPServlet. Failed to set JSPRuntimeContext permission collection."); //$NON-NLS-1$
+ }
+ }
} finally {
Thread.currentThread().setContextClassLoader(original);
}

Back to the top