All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.tomcat.util.digester.ServiceBindingPropertySource Maven / Gradle / Ivy

Go to download

Common code shared by Catalina and Jasper for scanning JARS and processing XML descriptors

There is a newer version: 11.0.2
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.tomcat.util.digester;

import java.io.FilePermission;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Permission;

import org.apache.tomcat.util.IntrospectionUtils;
import org.apache.tomcat.util.security.PermissionCheck;

/**
 * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource}
 * that uses Kubernetes service bindings to resolve expressions.
 *
 * 

Usage example:

* * Configure the certificate with a service binding. * * When the service binding is constructed as follows: * *
 *    $SERVICE_BINDING_ROOT/
 *                         /custom-certificate/
 *                                            /keyFile
 *                                            /file
 *                                            /chainFile
 *                                            /keyPassword
 * 
*
 *   {@code
 *     
 *           
 *      }
 * 
* *

* The optional chomp: prefix will cause the ServiceBindingPropertySource * to trim a single newline (\r\n, \r, or \n) * from the end of the file, if it exists. This is a convenience for hand-edited * files/values where removing a trailing newline is difficult, and trailing * whitespace changes the meaning of the value. *

* * How to configure: *
 * {@code
 *   echo "org.apache.tomcat.util.digester.PROPERTY_SOURCE=org.apache.tomcat.util.digester.ServiceBindingPropertySource" >> conf/catalina.properties}
 * 
* or add this to {@code CATALINA_OPTS} * *
 * {@code
 *   -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=org.apache.tomcat.util.digester.ServiceBindingPropertySource}
 * 
* * NOTE: When configured the PropertySource for resolving expressions * from system properties is still active. * * @see Digester * * @see Tomcat * Configuration Reference System Properties */ public class ServiceBindingPropertySource implements IntrospectionUtils.SecurePropertySource { private static final String SERVICE_BINDING_ROOT_ENV_VAR = "SERVICE_BINDING_ROOT"; @Override public String getProperty(String key) { return null; } @Override public String getProperty(String key, ClassLoader classLoader) { // can we determine the service binding root if (classLoader instanceof PermissionCheck) { Permission p = new RuntimePermission("getenv." + SERVICE_BINDING_ROOT_ENV_VAR, null); if (!((PermissionCheck) classLoader).check(p)) { return null; } } // get the root to search from String serviceBindingRoot = System.getenv(SERVICE_BINDING_ROOT_ENV_VAR); if (serviceBindingRoot == null) { return null; } boolean chomp = false; if (key.startsWith("chomp:")) { chomp = true; key = key.substring(6); // Remove the "chomp:" prefix } // we expect the keys to be in the format $SERVICE_BINDING_ROOT// String[] parts = key.split("\\."); if (parts.length != 2) { return null; } Path path = Paths.get(serviceBindingRoot, parts[0], parts[1]); if (!path.toFile().exists()) { return null; } try { if (classLoader instanceof PermissionCheck) { Permission p = new FilePermission(path.toString(), "read"); if (!((PermissionCheck) classLoader).check(p)) { return null; } } byte[] bytes = Files.readAllBytes(path); int length = bytes.length; if (chomp) { if(length > 1 && bytes[length - 2] == '\r' && bytes[length - 1] == '\n') { length -= 2; } else if (length > 0) { byte c = bytes[length - 1]; if (c == '\r' || c == '\n') { length -= 1; } } } return new String(bytes, 0, length); } catch (IOException e) { return null; } } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy