1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
|
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina.util;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.StringTokenizer;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
import org.apache.catalina.Context;
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.res.StringManager;
/**
* Ensures that all extension dependencies are resolved for a WEB application are met. This class builds a list of
* extensions available to an application and then validates those extensions. See
* http://docs.oracle.com/javase/1.4.2/docs/guide/extensions/spec.html for a detailed explanation of the extension
* mechanism in Java.
*/
public final class ExtensionValidator {
private static final Log log = LogFactory.getLog(ExtensionValidator.class);
/**
* The string resources for this package.
*/
private static final StringManager sm = StringManager.getManager("org.apache.catalina.util");
private static volatile List<Extension> containerAvailableExtensions = null;
private static final List<ManifestResource> containerManifestResources = new ArrayList<>();
// ----------------------------------------------------- Static Initializer
/*
* This static initializer loads the container level extensions that are available to all web applications. This
* method scans all extension directories available via the "java.ext.dirs" System property.
*
* The System Class-Path is also scanned for jar files that may contain available extensions.
*/
static {
// check for container level optional packages
String systemClasspath = System.getProperty("java.class.path");
StringTokenizer strTok = new StringTokenizer(systemClasspath, File.pathSeparator);
// build a list of jar files in the classpath
while (strTok.hasMoreTokens()) {
String classpathItem = strTok.nextToken();
if (classpathItem.toLowerCase(Locale.ENGLISH).endsWith(".jar")) {
File item = new File(classpathItem);
if (item.isFile()) {
try {
addSystemResource(item);
} catch (IOException e) {
log.error(sm.getString("extensionValidator.failload", item), e);
}
}
}
}
// add specified folders to the list
addFolderList("java.ext.dirs");
}
// --------------------------------------------------------- Public Methods
/**
* Runtime validation of a Web Application. This method uses JNDI to look up the resources located under a
* <code>DirContext</code>. It locates Web Application MANIFEST.MF file in the /META-INF/ directory of the
* application and all MANIFEST.MF files in each JAR file located in the WEB-INF/lib directory and creates an
* <code>ArrayList</code> of <code>ManifestResource</code> objects. These objects are then passed to the
* validateManifestResources method for validation.
*
* @param resources The resources configured for this Web Application
* @param context The context from which the Logger and path to the application
*
* @return true if all required extensions satisfied
*
* @throws IOException Error reading resources needed for validation
*/
public static synchronized boolean validateApplication(WebResourceRoot resources, Context context)
throws IOException {
String appName = context.getName();
List<ManifestResource> appManifestResources = new ArrayList<>();
// Web application manifest
WebResource resource = resources.getResource("/META-INF/MANIFEST.MF");
if (resource.isFile()) {
try (InputStream inputStream = resource.getInputStream()) {
Manifest manifest = new Manifest(inputStream);
ManifestResource mre = new ManifestResource(sm.getString("extensionValidator.web-application-manifest"),
manifest, ManifestResource.WAR);
appManifestResources.add(mre);
}
}
// Web application library manifests
WebResource[] manifestResources = resources.getClassLoaderResources("/META-INF/MANIFEST.MF");
for (WebResource manifestResource : manifestResources) {
if (manifestResource.isFile()) {
// Primarily used for error reporting
String jarName = manifestResource.getURL().toExternalForm();
Manifest jmanifest = manifestResource.getManifest();
if (jmanifest != null) {
ManifestResource mre = new ManifestResource(jarName, jmanifest, ManifestResource.APPLICATION);
appManifestResources.add(mre);
}
}
}
return validateManifestResources(appName, appManifestResources);
}
/**
* Checks to see if the given system JAR file contains a MANIFEST, and adds it to the container's manifest
* resources.
*
* @param jarFile The system JAR whose manifest to add
*
* @throws IOException Error reading JAR file
*/
public static void addSystemResource(File jarFile) throws IOException {
try (InputStream is = new FileInputStream(jarFile)) {
Manifest manifest = getManifest(is);
if (manifest != null) {
ManifestResource mre =
new ManifestResource(jarFile.getAbsolutePath(), manifest, ManifestResource.SYSTEM);
containerManifestResources.add(mre);
}
}
}
// -------------------------------------------------------- Private Methods
/**
* Validates an <code>ArrayList</code> of <code>ManifestResource</code> objects. This method requires an application
* name (which is the context root of the application at runtime). <code>false</code> is returned if the extension
* dependencies represented by any given <code>ManifestResource</code> objects is not met. This method should also
* provide static validation of a Web Application if provided with the necessary parameters.
*
* @param appName The name of the Application that will appear in the error messages
* @param resources A list of <code>ManifestResource</code> objects to be validated.
*
* @return true if manifest resource file requirements are met
*/
private static boolean validateManifestResources(String appName, List<ManifestResource> resources) {
boolean passes = true;
int failureCount = 0;
List<Extension> availableExtensions = null;
for (ManifestResource mre : resources) {
ArrayList<Extension> requiredList = mre.getRequiredExtensions();
if (requiredList == null) {
continue;
}
// build the list of available extensions if necessary
if (availableExtensions == null) {
availableExtensions = buildAvailableExtensionsList(resources);
}
// load the container level resource map if it has not been built
// yet
if (containerAvailableExtensions == null) {
containerAvailableExtensions = buildAvailableExtensionsList(containerManifestResources);
}
// iterate through the list of required extensions
for (Extension requiredExt : requiredList) {
boolean found = false;
// check the application itself for the extension
if (availableExtensions != null) {
for (Extension targetExt : availableExtensions) {
if (targetExt.isCompatibleWith(requiredExt)) {
requiredExt.setFulfilled(true);
found = true;
break;
}
}
}
// check the container level list for the extension
if (!found && containerAvailableExtensions != null) {
for (Extension targetExt : containerAvailableExtensions) {
if (targetExt.isCompatibleWith(requiredExt)) {
requiredExt.setFulfilled(true);
found = true;
break;
}
}
}
if (!found) {
// Failure
log.info(sm.getString("extensionValidator.extension-not-found-error", appName,
mre.getResourceName(), requiredExt.getExtensionName()));
passes = false;
failureCount++;
}
}
}
if (!passes) {
log.info(sm.getString("extensionValidator.extension-validation-error", appName, failureCount + ""));
}
return passes;
}
/*
* Build this list of available extensions so that we do not have to re-build this list every time we iterate
* through the list of required extensions. All available extensions in all of the <code>ManifestResource</code>
* objects will be added to a <code>HashMap</code> which is returned on the first dependency list processing pass.
*
* The key is the name + implementation version.
*
* NOTE: A list is built only if there is a dependency that needs to be checked (performance optimization).
*
* @param resources A list of <code>ManifestResource</code> objects
*
* @return HashMap Map of available extensions
*/
private static List<Extension> buildAvailableExtensionsList(List<ManifestResource> resources) {
List<Extension> availableList = null;
for (ManifestResource mre : resources) {
ArrayList<Extension> list = mre.getAvailableExtensions();
if (list != null) {
for (Extension ext : list) {
if (availableList == null) {
availableList = new ArrayList<>();
availableList.add(ext);
} else {
availableList.add(ext);
}
}
}
}
return availableList;
}
/**
* Return the Manifest from a jar file or war file
*
* @param inStream Input stream to a WAR or JAR file
*
* @return The WAR's or JAR's manifest
*/
private static Manifest getManifest(InputStream inStream) throws IOException {
Manifest manifest = null;
try (JarInputStream jin = new JarInputStream(inStream)) {
manifest = jin.getManifest();
}
return manifest;
}
/**
* Add the JARs specified to the extension list.
*/
private static void addFolderList(String property) {
// get the files in the extensions directory
String extensionsDir = System.getProperty(property);
if (extensionsDir != null) {
StringTokenizer extensionsTok = new StringTokenizer(extensionsDir, File.pathSeparator);
while (extensionsTok.hasMoreTokens()) {
File targetDir = new File(extensionsTok.nextToken());
if (!targetDir.isDirectory()) {
continue;
}
File[] files = targetDir.listFiles();
if (files == null) {
continue;
}
for (File file : files) {
if (file.getName().toLowerCase(Locale.ENGLISH).endsWith(".jar") && file.isFile()) {
try {
addSystemResource(file);
} catch (IOException e) {
log.error(sm.getString("extensionValidator.failload", file), e);
}
}
}
}
}
}
}
|
