From 9704afbe2a9981f4043c0fcf8b2048c64af0a7ac Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 19 Feb 2025 15:35:33 +0000 Subject: [PATCH 1/2] Upgrade to Tomcat 10.1.36 Closes gh-44331 --- gradle.properties | 2 +- .../spring-boot-dependencies/build.gradle | 4 ---- .../tomcat/TomcatReactiveWebServerFactory.java | 4 ++++ .../tomcat/TomcatServletWebServerFactory.java | 12 ++++++++---- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/gradle.properties b/gradle.properties index 9da00685db7..d605044f0cb 100644 --- a/gradle.properties +++ b/gradle.properties @@ -21,6 +21,6 @@ nativeBuildToolsVersion=0.10.5 snakeYamlVersion=2.2 springFrameworkVersion=6.1.17 springFramework60xVersion=6.0.23 -tomcatVersion=10.1.34 +tomcatVersion=10.1.36 kotlin.stdlib.default.dependency=false diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle index c4d22fc3c14..f8525971598 100644 --- a/spring-boot-project/spring-boot-dependencies/build.gradle +++ b/spring-boot-project/spring-boot-dependencies/build.gradle @@ -2433,10 +2433,6 @@ bom { } } library("Tomcat", "${tomcatVersion}") { - prohibit { - versionRange "[10.1.35,10.1.36]" - because "https://bz.apache.org/bugzilla/show_bug.cgi?id=69576 and related problems in 10.1.36" - } group("org.apache.tomcat") { modules = [ "tomcat-annotations-api", diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatReactiveWebServerFactory.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatReactiveWebServerFactory.java index 4461309fa9c..f50f1d4ebf3 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatReactiveWebServerFactory.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatReactiveWebServerFactory.java @@ -36,6 +36,7 @@ import org.apache.catalina.connector.Connector; import org.apache.catalina.core.AprLifecycleListener; import org.apache.catalina.loader.WebappLoader; import org.apache.catalina.startup.Tomcat; +import org.apache.catalina.webresources.StandardRoot; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.coyote.AbstractProtocol; @@ -165,6 +166,9 @@ public class TomcatReactiveWebServerFactory extends AbstractReactiveWebServerFac protected void prepareContext(Host host, TomcatHttpHandlerAdapter servlet) { File docBase = createTempDir("tomcat-docbase"); TomcatEmbeddedContext context = new TomcatEmbeddedContext(); + StandardRoot resourcesRoot = new StandardRoot(); + resourcesRoot.setReadOnly(true); + context.setResources(resourcesRoot); context.setPath(""); context.setDocBase(docBase.getAbsolutePath()); context.addLifecycleListener(new Tomcat.FixContextListener()); diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java index 85687f1c3f4..d7bd8d7fe7e 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java @@ -238,9 +238,10 @@ public class TomcatServletWebServerFactory extends AbstractServletWebServerFacto protected void prepareContext(Host host, ServletContextInitializer[] initializers) { File documentRoot = getValidDocumentRoot(); TomcatEmbeddedContext context = new TomcatEmbeddedContext(); - if (documentRoot != null) { - context.setResources(new LoaderHidingResourceRoot(context)); - } + WebResourceRoot resourceRoot = (documentRoot != null) ? new LoaderHidingResourceRoot(context) + : new StandardRoot(context); + resourceRoot.setReadOnly(true); + context.setResources(resourceRoot); context.setName(getContextPath()); context.setDisplayName(getDisplayName()); context.setPath(getContextPath()); @@ -814,7 +815,7 @@ public class TomcatServletWebServerFactory extends AbstractServletWebServerFacto @Override public void lifecycleEvent(LifecycleEvent event) { - if (event.getType().equals(Lifecycle.CONFIGURE_START_EVENT)) { + if (event.getType().equals(Lifecycle.BEFORE_INIT_EVENT)) { addResourceJars(getUrlsOfJarsWithMetaInfResources()); } } @@ -834,6 +835,9 @@ public class TomcatServletWebServerFactory extends AbstractServletWebServerFacto addResourceSet(url.toString()); } } + for (WebResourceSet resources : this.context.getResources().getJarResources()) { + resources.setReadOnly(true); + } } private void addResourceSet(String resource) { From ce31617038712187313353be718c94eb73401da7 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Wed, 19 Feb 2025 15:35:33 +0000 Subject: [PATCH 2/2] Upgrade to Tomcat 10.1.36 Closes gh-44333 --- gradle.properties | 2 +- .../spring-boot-dependencies/build.gradle | 4 ---- .../tomcat/TomcatReactiveWebServerFactory.java | 4 ++++ .../tomcat/TomcatServletWebServerFactory.java | 12 ++++++++---- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/gradle.properties b/gradle.properties index 568188e1b1c..6bb4715e020 100644 --- a/gradle.properties +++ b/gradle.properties @@ -21,6 +21,6 @@ nativeBuildToolsVersion=0.10.5 snakeYamlVersion=2.3 springFrameworkVersion=6.2.3 springFramework60xVersion=6.0.23 -tomcatVersion=10.1.34 +tomcatVersion=10.1.36 kotlin.stdlib.default.dependency=false diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle index b56bcc5ffeb..7015ea39fa8 100644 --- a/spring-boot-project/spring-boot-dependencies/build.gradle +++ b/spring-boot-project/spring-boot-dependencies/build.gradle @@ -2427,10 +2427,6 @@ bom { } } library("Tomcat", "${tomcatVersion}") { - prohibit { - versionRange "[10.1.35,10.1.36]" - because "https://bz.apache.org/bugzilla/show_bug.cgi?id=69576 and related problems in 10.1.36" - } group("org.apache.tomcat") { modules = [ "tomcat-annotations-api", diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatReactiveWebServerFactory.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatReactiveWebServerFactory.java index 4461309fa9c..f50f1d4ebf3 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatReactiveWebServerFactory.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatReactiveWebServerFactory.java @@ -36,6 +36,7 @@ import org.apache.catalina.connector.Connector; import org.apache.catalina.core.AprLifecycleListener; import org.apache.catalina.loader.WebappLoader; import org.apache.catalina.startup.Tomcat; +import org.apache.catalina.webresources.StandardRoot; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.coyote.AbstractProtocol; @@ -165,6 +166,9 @@ public class TomcatReactiveWebServerFactory extends AbstractReactiveWebServerFac protected void prepareContext(Host host, TomcatHttpHandlerAdapter servlet) { File docBase = createTempDir("tomcat-docbase"); TomcatEmbeddedContext context = new TomcatEmbeddedContext(); + StandardRoot resourcesRoot = new StandardRoot(); + resourcesRoot.setReadOnly(true); + context.setResources(resourcesRoot); context.setPath(""); context.setDocBase(docBase.getAbsolutePath()); context.addLifecycleListener(new Tomcat.FixContextListener()); diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java index 85687f1c3f4..d7bd8d7fe7e 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java @@ -238,9 +238,10 @@ public class TomcatServletWebServerFactory extends AbstractServletWebServerFacto protected void prepareContext(Host host, ServletContextInitializer[] initializers) { File documentRoot = getValidDocumentRoot(); TomcatEmbeddedContext context = new TomcatEmbeddedContext(); - if (documentRoot != null) { - context.setResources(new LoaderHidingResourceRoot(context)); - } + WebResourceRoot resourceRoot = (documentRoot != null) ? new LoaderHidingResourceRoot(context) + : new StandardRoot(context); + resourceRoot.setReadOnly(true); + context.setResources(resourceRoot); context.setName(getContextPath()); context.setDisplayName(getDisplayName()); context.setPath(getContextPath()); @@ -814,7 +815,7 @@ public class TomcatServletWebServerFactory extends AbstractServletWebServerFacto @Override public void lifecycleEvent(LifecycleEvent event) { - if (event.getType().equals(Lifecycle.CONFIGURE_START_EVENT)) { + if (event.getType().equals(Lifecycle.BEFORE_INIT_EVENT)) { addResourceJars(getUrlsOfJarsWithMetaInfResources()); } } @@ -834,6 +835,9 @@ public class TomcatServletWebServerFactory extends AbstractServletWebServerFacto addResourceSet(url.toString()); } } + for (WebResourceSet resources : this.context.getResources().getJarResources()) { + resources.setReadOnly(true); + } } private void addResourceSet(String resource) {