FileDocCategorySizeDatePackage
SecurityConfig.javaAPI DocGlassfish v2 API5763Fri May 04 22:32:18 BST 2007org.apache.catalina.security

SecurityConfig

public final class SecurityConfig extends Object
Util class to protect Catalina against package access and insertion. The code are been moved from Catalina.java
author
the Catalina.java authors
author
Jean-Francois Arcand

Fields Summary
private static SecurityConfig
singleton
private static com.sun.org.apache.commons.logging.Log
log
private static final String
PACKAGE_ACCESS
private static final String
PACKAGE_DEFINITION
private String
packageDefinition
List of protected package from conf/catalina.properties
private String
packageAccess
List of protected package from conf/catalina.properties
Constructors Summary
private SecurityConfig()
Create a single instance of this class.

 
    
    
                
       
        try{
            packageDefinition = CatalinaProperties.getProperty("package.definition");
            packageAccess = CatalinaProperties.getProperty("package.access");
        } catch (java.lang.Exception ex){
            if (log.isDebugEnabled()){
                log.debug("Unable to load properties using CatalinaProperties", ex); 
            }            
        }
Methods Summary
public static org.apache.catalina.security.SecurityConfignewInstance()
Returns the singleton instance of that class.

return
an instance of that class.

        if (singleton == null){
            singleton = new SecurityConfig();
        }
        return singleton;
public voidsetPackageAccess()
Set the security package.access value.

        // If catalina.properties is missing, protect all by default.
        if (packageAccess == null){
            setSecurityProperty("package.access", PACKAGE_ACCESS);   
        } else {
            setSecurityProperty("package.access", packageAccess);   
        }
public voidsetPackageDefinition()
Set the security package.definition value.

        // If catalina.properties is missing, protect all by default.
         if (packageDefinition == null){
            setSecurityProperty("package.definition", PACKAGE_DEFINITION);
         } else {
            setSecurityProperty("package.definition", packageDefinition);
         }
private final voidsetSecurityProperty(java.lang.String properties, java.lang.String packageList)
Set the proper security property

param
properties the package.* property.

        if (System.getSecurityManager() != null){
            String definition = Security.getProperty(properties);
            if( definition != null && definition.length() > 0 ){
                definition += ",";
            }

            Security.setProperty(properties,
                // FIX ME package "javax." was removed to prevent HotSpot
                // fatal internal errors
                definition + packageList);      
        }