Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Licensed to the Apache Software Foundation (ASF) under one or more
   * contributor license agreements.  See the NOTICE file distributed with
   * this work for additional information regarding copyright ownership.
   * The ASF licenses this file to You under the Apache License, Version 2.0
   * (the "License"); you may not use this file except in compliance with
   * the License.  You may obtain a copy of the License at
   * 
   *      http://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.catalina.security;
 
Util class to protect Catalina against package access and insertion. The code are been moved from Catalina.java

Author(s):
the Catalina.java authors
Jean-Francois Arcand
 
 public final class SecurityConfig{
     private static SecurityConfig singleton = null;
 
     private static org.jboss.logging.Logger log=
         org.jboss.logging.Logger.getLoggerSecurityConfig.class );
 
     
     private final static String PACKAGE_ACCESS =  "sun.,"
                                                 + "org.apache.catalina." 
                                                 + ",org.apache.jasper."
                                                 + ",org.apache.coyote."
                                                 + ",org.apache.tomcat.";
     
     private final static String PACKAGE_DEFINITION"java.,sun."
                                                 + ",org.apache.catalina." 
                                                 + ",org.apache.coyote."
                                                 + ",org.apache.tomcat."
                                                 + ",org.apache.jasper.";
    
List of protected package from conf/catalina.properties
 
     private String packageDefinition;
    
    
    
List of protected package from conf/catalina.properties
 
     private String packageAccess
    
    
    
Create a single instance of this class.
 
     private SecurityConfig(){  
          = System.getProperty("package.definition");
          = System.getProperty("package.access");
     }
    
    
    
Returns the singleton instance of that class.

Returns:
an instance of that class.
 
     public static SecurityConfig newInstance(){
         if ( == null){
              = new SecurityConfig();
         }
         return ;
     }
    
    
    
Set the security package.access value.
 
     public void setPackageAccess(){
         // If catalina.properties is missing, protect all by default.
         if ( == null){
             setSecurityProperty("package.access");   
         } else {
             setSecurityProperty("package.access");   
         }
     }
    
    
    
Set the security package.definition value.
 
      public void setPackageDefinition(){
         // If catalina.properties is missing, protect all by default.
          if ( == null){
             setSecurityProperty("package.definition");
          } else {
             setSecurityProperty("package.definition");
         }
    }
     
     
    
Set the proper security property

Parameters:
properties the package.* property.
    private final void setSecurityProperty(String propertiesString packageList){
        if (System.getSecurityManager() != null){
            String definition = Security.getProperty(properties);
            ifdefinition != null && definition.length() > 0 ){
                definition += ",";
            }
            Security.setProperty(properties,
                // FIX ME package "javax." was removed to prevent HotSpot
                // fatal internal errors
                definition + packageList);      
        }
    }
    
    
New to GrepCode? Check out our FAQ X