📄 securityconfig.java
字号:
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.catalina.security;
import java.security.Security;
import org.apache.catalina.startup.CatalinaProperties;
/**
* Util class to protect Catalina against package access and insertion.
* The code are been moved from Catalina.java
* @author the Catalina.java authors
* @author Jean-Francois Arcand
*/
public final class SecurityConfig{
private static SecurityConfig singleton = null;
private static org.apache.commons.logging.Log log=
org.apache.commons.logging.LogFactory.getLog( SecurityConfig.class );
private final static String PACKAGE_ACCESS = "sun.,"
+ "org.apache.catalina."
+ ",org.apache.jasper."
+ ",org.apache.coyote."
+ ",org.apache.tomcat.";
private final static String PACKAGE_DEFINITION= "java.,sun."
+ ",org.apache.catalina."
+ ",org.apache.coyote."
+ ",org.apache.tomcat."
+ ",org.apache.jasper.";
/**
* List of protected package from conf/catalina.properties
*/
private String packageDefinition;
/**
* List of protected package from conf/catalina.properties
*/
private String packageAccess;
/**
* Create a single instance of this class.
*/
private SecurityConfig(){
try{
packageDefinition = CatalinaProperties.getProperty("package.definition");
packageAccess = CatalinaProperties.getProperty("package.access");
} catch (java.lang.Exception ex){
if (log.isDebugEnabled()){
log.debug("Unable to load properties using CatalinaProperties", ex);
}
}
}
/**
* Returns the singleton instance of that class.
* @return an instance of that class.
*/
public static SecurityConfig newInstance(){
if (singleton == null){
singleton = new SecurityConfig();
}
return singleton;
}
/**
* Set the security package.access value.
*/
public void setPackageAccess(){
// If catalina.properties is missing, protect all by default.
if (packageAccess == null){
setSecurityProperty("package.access", PACKAGE_ACCESS);
} else {
setSecurityProperty("package.access", packageAccess);
}
}
/**
* Set the security package.definition value.
*/
public void setPackageDefinition(){
// If catalina.properties is missing, protect all by default.
if (packageDefinition == null){
setSecurityProperty("package.definition", PACKAGE_DEFINITION);
} else {
setSecurityProperty("package.definition", packageDefinition);
}
}
/**
* Set the proper security property
* @param properties the package.* property.
*/
private final void setSecurityProperty(String properties, String packageList){
if (System.getSecurityManager() != null){
String definition = Security.getProperty(properties);
if( definition != null && definition.length() > 0 ){
definition += ",";
}
Security.setProperty(properties,
// FIX ME package "javax." was removed to prevent HotSpot
// fatal internal errors
definition + packageList);
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -