rpms/tomcat
7
0
Fork 0
Code Issues Pull Requests Releases Activity
a10s
tomcat/rhel-168577.patch
pmeloni f9258ed237 Resolves: RHEL-168577 Remove tomcat clustering JAR from RPM builds 
Resolves: CVE-2026-29146
tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor
Resolves: CVE-2026-34486
tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass
Exclude i686 architecture from build
Co-authored-by: @eabdullin1
(cherry picked from commit d35685dd1b35c58b008e8f0164d1e59e91b5ffb4)
2026-06-18 19:06:50 +02:00

236 lines
10 KiB
Diff
Raw Permalink Blame History

diff --git a/java/org/apache/catalina/storeconfig/LocalStrings.properties b/java/org/apache/catalina/storeconfig/LocalStrings.properties
index d3e8585df5..4c2aa53bee 100644
--- a/java/org/apache/catalina/storeconfig/LocalStrings.properties
+++ b/java/org/apache/catalina/storeconfig/LocalStrings.properties
@@ -28,11 +28,8 @@
globalNamingResourcesSF.noFactory=Cannot find NamingResources store factory
globalNamingResourcesSF.wrongElement=Wrong element [{0}]
-registry.interfacesLoaded=Loaded [{0}] interface classes for registry
registry.loadClassFailed=Failed to load class [{0}]
registry.noDescriptor=Can't find descriptor for key [{0}]
-registry.optionalClassLoaded=Loaded optional class [{0}]
-registry.optionalClassNotFound=Optional class [{0}] not found, skipping
standardContextSF.cannotWriteFile=Cannot write file at [{0}]
standardContextSF.canonicalPathError=Failed to obtain the canonical path of the configuration file [{0}]
--- a/java/org/apache/catalina/storeconfig/StandardEngineSF.java
+++ b/java/org/apache/catalina/storeconfig/StandardEngineSF.java
@@ -26,23 +26,13 @@
import org.apache.catalina.Realm;
import org.apache.catalina.Valve;
import org.apache.catalina.core.StandardEngine;
+import org.apache.catalina.ha.ClusterValve;
/**
* Store server.xml Element Engine
*/
public class StandardEngineSF extends StoreFactoryBase {
- private static final Class<?> clusterValveClass;
- static {
- Class<?> clazz = null;
- try {
- clazz = Class.forName("org.apache.catalina.ha.ClusterValve");
- } catch (ClassNotFoundException e) {
- // Expected when clustering JARs are not present
- }
- clusterValveClass = clazz;
- }
-
/**
* Store the specified Engine properties.
* <p>
@@ -74,7 +64,7 @@
if (valves != null && valves.length > 0) {
List<Valve> engineValves = new ArrayList<>();
for (Valve valve : valves) {
- if (clusterValveClass == null || !clusterValveClass.isInstance(valve)) {
+ if (!(valve instanceof ClusterValve)) {
engineValves.add(valve);
}
}
diff --git a/java/org/apache/catalina/storeconfig/StandardHostSF.java b/java/org/apache/catalina/storeconfig/StandardHostSF.java
index 60d473982b..1e8f2d3a58 100644
--- a/java/org/apache/catalina/storeconfig/StandardHostSF.java
+++ b/java/org/apache/catalina/storeconfig/StandardHostSF.java
@@ -26,23 +26,13 @@
import org.apache.catalina.Realm;
import org.apache.catalina.Valve;
import org.apache.catalina.core.StandardHost;
+import org.apache.catalina.ha.ClusterValve;
/**
* Store server.xml Element Host
*/
public class StandardHostSF extends StoreFactoryBase {
- private static final Class<?> clusterValveClass;
- static {
- Class<?> clazz = null;
- try {
- clazz = Class.forName("org.apache.catalina.ha.ClusterValve");
- } catch (ClassNotFoundException e) {
- // Expected when clustering JARs are not present
- }
- clusterValveClass = clazz;
- }
-
/**
* Store the specified Host properties and children (Listener,Alias,Realm,Valve,Cluster, Context)
* <p>
@@ -78,7 +68,7 @@
if (valves != null && valves.length > 0) {
List<Valve> hostValves = new ArrayList<>();
for (Valve valve : valves) {
- if (clusterValveClass == null || !clusterValveClass.isInstance(valve)) {
+ if (!(valve instanceof ClusterValve)) {
hostValves.add(valve);
}
}
diff --git a/java/org/apache/catalina/storeconfig/StoreRegistry.java b/java/org/apache/catalina/storeconfig/StoreRegistry.java
index c17dd3817e..ee803abe36 100644
--- a/java/org/apache/catalina/storeconfig/StoreRegistry.java
+++ b/java/org/apache/catalina/storeconfig/StoreRegistry.java
@@ -16,9 +16,7 @@
*/
package org.apache.catalina.storeconfig;
-import java.util.ArrayList;
import java.util.HashMap;
-import java.util.List;
import java.util.Map;
import javax.naming.directory.DirContext;
@@ -30,6 +28,17 @@
import org.apache.catalina.Valve;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.WebResourceSet;
+import org.apache.catalina.ha.CatalinaCluster;
+import org.apache.catalina.ha.ClusterDeployer;
+import org.apache.catalina.ha.ClusterListener;
+import org.apache.catalina.tribes.Channel;
+import org.apache.catalina.tribes.ChannelInterceptor;
+import org.apache.catalina.tribes.ChannelReceiver;
+import org.apache.catalina.tribes.ChannelSender;
+import org.apache.catalina.tribes.Member;
+import org.apache.catalina.tribes.MembershipService;
+import org.apache.catalina.tribes.MessageListener;
+import org.apache.catalina.tribes.transport.DataSender;
import org.apache.coyote.UpgradeProtocol;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -52,74 +61,11 @@
private String version;
// Access Information
- // Lazily initialized to gracefully handle optional features like clustering
- private static volatile Class<?>[] interfaces = null;
-
- /**
- * Initialize the interfaces array with all available classes.
- * Uses dynamic loading for optional classes (e.g., clustering) to avoid
- * ClassNotFoundException when those JARs are not present. This approach
- * is consistent with how Catalina.addClusterRuleSet() handles clustering.
- */
- private static Class<?>[] getInterfaces() {
- if (interfaces == null) {
- synchronized (StoreRegistry.class) {
- if (interfaces == null) {
- // Required interfaces - always present
- List<Class<?>> list = new ArrayList<>();
- list.add(Realm.class);
- list.add(Manager.class);
- list.add(DirContext.class);
- list.add(LifecycleListener.class);
- list.add(Valve.class);
- list.add(WebResourceRoot.class);
- list.add(WebResourceSet.class);
- list.add(CredentialHandler.class);
- list.add(UpgradeProtocol.class);
- list.add(CookieProcessor.class);
-
- // Optional clustering interfaces - load dynamically to support
- // deployments where clustering JARs may not be present
- tryAddClass(list, "org.apache.catalina.ha.CatalinaCluster");
- tryAddClass(list, "org.apache.catalina.tribes.ChannelSender");
- tryAddClass(list, "org.apache.catalina.tribes.ChannelReceiver");
- tryAddClass(list, "org.apache.catalina.tribes.Channel");
- tryAddClass(list, "org.apache.catalina.tribes.MembershipService");
- tryAddClass(list, "org.apache.catalina.ha.ClusterDeployer");
- tryAddClass(list, "org.apache.catalina.ha.ClusterListener");
- tryAddClass(list, "org.apache.catalina.tribes.MessageListener");
- tryAddClass(list, "org.apache.catalina.tribes.transport.DataSender");
- tryAddClass(list, "org.apache.catalina.tribes.ChannelInterceptor");
- tryAddClass(list, "org.apache.catalina.tribes.Member");
-
- interfaces = list.toArray(new Class<?>[0]);
-
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("registry.interfacesLoaded", Integer.valueOf(interfaces.length)));
- }
- }
- }
- }
- return interfaces;
- }
-
- /**
- * Try to load a class by name and add it to the list if successful.
- * Logs at TRACE level if the class is not available.
- */
- private static void tryAddClass(List<Class<?>> list, String className) {
- try {
- Class<?> clazz = Class.forName(className, false, StoreRegistry.class.getClassLoader());
- list.add(clazz);
- if (log.isTraceEnabled()) {
- log.trace(sm.getString("registry.optionalClassLoaded", className));
- }
- } catch (ClassNotFoundException | NoClassDefFoundError e) {
- if (log.isTraceEnabled()) {
- log.trace(sm.getString("registry.optionalClassNotFound", className));
- }
- }
- }
+ private static final Class<?>[] interfaces = { CatalinaCluster.class, ChannelSender.class, ChannelReceiver.class,
+ Channel.class, MembershipService.class, ClusterDeployer.class, Realm.class, Manager.class, DirContext.class,
+ LifecycleListener.class, Valve.class, ClusterListener.class, MessageListener.class, DataSender.class,
+ ChannelInterceptor.class, Member.class, WebResourceRoot.class, WebResourceSet.class,
+ CredentialHandler.class, UpgradeProtocol.class, CookieProcessor.class };
/**
* @return the name
@@ -170,10 +116,9 @@
}
if (aClass != null) {
desc = descriptors.get(aClass.getName());
- Class<?>[] availableInterfaces = getInterfaces();
- for (int i = 0; desc == null && i < availableInterfaces.length; i++) {
- if (availableInterfaces[i].isAssignableFrom(aClass)) {
- desc = descriptors.get(availableInterfaces[i].getName());
+ for (int i = 0; desc == null && i < interfaces.length; i++) {
+ if (interfaces[i].isAssignableFrom(aClass)) {
+ desc = descriptors.get(interfaces[i].getName());
}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 012b607f18..17f639d669 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -2830,6 +2830,13 @@
The rewrite valve should not do a rewrite if the output is identical
to the input. (remm)
</fix>
+ <fix>
+ Update <code>StoreRegistry</code> to dynamically load optional clustering
+ classes rather than statically referencing them. This matches the pattern
+ used in <code>Catalina.addClusterRuleSet()</code> and prevents
+ <code>NoClassDefFoundError</code> when <code>StoreConfigLifecycleListener</code>
+ is configured but clustering classes are not available. (csutherl)
+ </fix>
<update>
Add a new <code>valveSkip</code> (or <code>VS</code>) rule flag to the
rewrite valve to allow skipping over the next valve in the Catalina
Reference in New Issue View Git Blame Copy Permalink