View | Details | Raw Unified | Return to bug 53830
Collapse All | Expand All

(-)java/org/apache/catalina/session/ManagerBase.java (-45 / +54 lines)
Lines 75-82 Link Here
75
75
76
    // ----------------------------------------------------- Instance Variables
76
    // ----------------------------------------------------- Instance Variables
77
77
78
    private static final String devRandomSourceDefault;
79
    static {
80
        // - Use the default value only if it is a Unix-like system
81
        // - Check that it exists 
82
        File f = new File("/dev/urandom");
83
        if (f.isAbsolute() && f.exists()) {
84
            devRandomSourceDefault = f.getPath();
85
        } else {
86
            devRandomSourceDefault = null;
87
        }
88
    }
89
78
    protected DataInputStream randomIS=null;
90
    protected DataInputStream randomIS=null;
79
    protected String devRandomSource="/dev/urandom";
91
    protected String devRandomSource = devRandomSourceDefault;
80
92
81
    /**
93
    /**
82
     * The default message digest algorithm to use if we cannot use
94
     * The default message digest algorithm to use if we cannot use
Lines 238-271 Link Here
238
250
239
251
240
    private class PrivilegedSetRandomFile
252
    private class PrivilegedSetRandomFile
241
            implements PrivilegedAction<DataInputStream>{
253
            implements PrivilegedAction<Void>{
242
        
254
255
        private final String s;
256
243
        public PrivilegedSetRandomFile(String s) {
257
        public PrivilegedSetRandomFile(String s) {
244
            devRandomSource = s;
258
            this.s = s;
245
        }
259
        }
246
        
260
247
        public DataInputStream run(){
261
        public Void run(){
248
            try {
262
            doSetRandomFile(s);
249
                File f=new File( devRandomSource );
263
            return null;
250
                if( ! f.exists() ) return null;
251
                randomIS= new DataInputStream( new FileInputStream(f));
252
                randomIS.readLong();
253
                if( log.isDebugEnabled() )
254
                    log.debug( "Opening " + devRandomSource );
255
                return randomIS;
256
            } catch (IOException ex){
257
                log.warn("Error reading " + devRandomSource, ex);
258
                if (randomIS != null) {
259
                    try {
260
                        randomIS.close();
261
                    } catch (Exception e) {
262
                        log.warn("Failed to close randomIS.");
263
                    }
264
                }
265
                devRandomSource = null;
266
                randomIS=null;
267
                return null;
268
            }
269
        }
264
        }
270
    }
265
    }
271
266
Lines 544-570 Link Here
544
        // as a hack, you can use a static file - and generate the same
539
        // as a hack, you can use a static file - and generate the same
545
        // session ids ( good for strange debugging )
540
        // session ids ( good for strange debugging )
546
        if (Globals.IS_SECURITY_ENABLED){
541
        if (Globals.IS_SECURITY_ENABLED){
547
            randomIS = AccessController.doPrivileged(new PrivilegedSetRandomFile(s));
542
            AccessController.doPrivileged(new PrivilegedSetRandomFile(s));
548
        } else {
543
        } else {
549
            try{
544
            doSetRandomFile(s);
550
                devRandomSource=s;
545
        }
551
                File f=new File( devRandomSource );
546
    }
552
                if( ! f.exists() ) return;
547
553
                randomIS= new DataInputStream( new FileInputStream(f));
548
    private void doSetRandomFile(String s) {
554
                randomIS.readLong();
549
        if (s == null || s.length() == 0) {
555
                if( log.isDebugEnabled() )
550
            return;
556
                    log.debug( "Opening " + devRandomSource );
551
        }
557
            } catch( IOException ex ) {
552
        DataInputStream is = null;
558
                log.warn("Error reading " + devRandomSource, ex);
553
        try{
559
                if (randomIS != null) {
554
            File f = new File(s);
560
                    try {
555
            if( ! f.exists() ) return;
561
                        randomIS.close();
556
            if( log.isDebugEnabled() ) {
562
                    } catch (Exception e) {
557
                log.debug( "Opening " + s );
563
                        log.warn("Failed to close randomIS.");
558
            }
564
                    }
559
            is = new DataInputStream( new FileInputStream(f));
560
            is.readLong();
561
        } catch( IOException ex ) {
562
            log.warn("Error reading " + s, ex);
563
            if (is != null) {
564
                try {
565
                    is.close();
566
                } catch (Exception e) {
567
                    log.warn("Failed to close " + s);
565
                }
568
                }
569
                is = null;
570
            }
571
        } finally {
572
            if (is != null) {
573
                randomIS = is;
574
                devRandomSource = s;
575
            } else {
566
                devRandomSource = null;
576
                devRandomSource = null;
567
                randomIS=null;
568
            }
577
            }
569
        }
578
        }
570
    }
579
    }
(-)webapps/docs/config/manager.xml (+7 lines)
Lines 157-162 Link Here
157
        <code>java.security.SecureRandom</code>.</p>
157
        <code>java.security.SecureRandom</code>.</p>
158
      </attribute>
158
      </attribute>
159
159
160
      <attribute name="randomFile" required="false">
161
        <p>Name of a file that provides random data that are used to generate
162
        session ids. If not specified, the default value is
163
        <code>/dev/urandom</code> on Unix-like systems (those where such
164
        file path is absolute) and empty on others.</p>
165
      </attribute>
166
160
      <attribute name="sessionIdLength" required="false">
167
      <attribute name="sessionIdLength" required="false">
161
       <p>The length of session ids created by this Manager, measured in bytes,
168
       <p>The length of session ids created by this Manager, measured in bytes,
162
        excluding subsequent conversion to a hexadecimal string and
169
        excluding subsequent conversion to a hexadecimal string and

Return to bug 53830