SecurityConfigpublic final class SecurityConfig extends Object Util class to protect Catalina against package access and insertion.
The code are been moved from Catalina.java |
Fields Summary |
---|
private static SecurityConfig | singleton | private static org.apache.juli.logging.Log | log | private static final String | PACKAGE_ACCESS | private static final String | PACKAGE_DEFINITION | private String | packageDefinitionList of protected package from conf/catalina.properties | private String | packageAccessList of protected package from conf/catalina.properties |
Constructors Summary |
---|
private SecurityConfig()Create a single instance of this class.
try{
packageDefinition = CatalinaProperties.getProperty("package.definition");
packageAccess = CatalinaProperties.getProperty("package.access");
} catch (java.lang.Exception ex){
if (log.isDebugEnabled()){
log.debug("Unable to load properties using CatalinaProperties", ex);
}
}
|
Methods Summary |
---|
public static org.apache.catalina.security.SecurityConfig | newInstance()Returns the singleton instance of that class.
if (singleton == null){
singleton = new SecurityConfig();
}
return singleton;
| public void | setPackageAccess()Set the security package.access value.
// If catalina.properties is missing, protect all by default.
if (packageAccess == null){
setSecurityProperty("package.access", PACKAGE_ACCESS);
} else {
setSecurityProperty("package.access", packageAccess);
}
| public void | setPackageDefinition()Set the security package.definition value.
// If catalina.properties is missing, protect all by default.
if (packageDefinition == null){
setSecurityProperty("package.definition", PACKAGE_DEFINITION);
} else {
setSecurityProperty("package.definition", packageDefinition);
}
| private final void | setSecurityProperty(java.lang.String properties, java.lang.String packageList)Set the proper security property
if (System.getSecurityManager() != null){
String definition = Security.getProperty(properties);
if( definition != null && definition.length() > 0 ){
definition += ",";
}
Security.setProperty(properties,
// FIX ME package "javax." was removed to prevent HotSpot
// fatal internal errors
definition + packageList);
}
|
|