Hi,
2017-03-26 21:27 GMT+03:00 Martin Grigorov <[email protected]>:
>
> Hi Violeta,
>
> On Sun, Mar 26, 2017 at 6:21 PM, <[email protected]> wrote:
>
> > Author: violetagg
> > Date: Sun Mar 26 16:21:03 2017
> > New Revision: 1788741
> >
> > URL: http://svn.apache.org/viewvc?rev=1788741&view=rev
> > Log:
> > Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60911
> > Ensure NPE will not be thrown when looking for SSL session ID. Based on
a
> > pacth by Didier Gutacker.
> >
> > Modified:
> > tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
> > tomcat/trunk/webapps/docs/changelog.xml
> >
> > Modified: tomcat/trunk/java/org/apache/catalina/connector/
> > CoyoteAdapter.java
> > URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/
> > catalina/connector/CoyoteAdapter.java?rev=1788741&r1=1788740&r2=1788741&
> > view=diff
> > ============================================================
> > ==================
> > --- tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
> > (original)
> > +++ tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
> > Sun Mar 26 16:21:03 2017
> > @@ -980,9 +980,11 @@ public class CoyoteAdapter implements Ad
> > SSL_ONLY.equals(request.getServletContext()
> > .getEffectiveSessionTrackingModes()) &&
> > request.connector.secure) {
> > - request.setRequestedSessionId(
> > - request.getAttribute(SSLSupport.SESSION_ID_KEY).
> > toString());
> > - request.setRequestedSessionSSL(true);
> > + String sessionId = (String) request.getAttribute(
> > SSLSupport.SESSION_ID_KEY);
> >
>
> Either this cast will lead to ClassCastException...
Nice catch. The attribute is String so ClassCastException is not expected.
>
> > + if (sessionId != null) {
> > + request.setRequestedSessionId(sessionId.toString());
> >
>
> ... or this this call to #toString() is not needed.
I'll remove this toString()
Thanks for the review,
Violeta
>
> > + request.setRequestedSessionSSL(true);
> > + }
> > }
> > }
> >
> >
> > Modified: tomcat/trunk/webapps/docs/changelog.xml
> > URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/
> > changelog.xml?rev=1788741&r1=1788740&r2=1788741&view=diff
> > ============================================================
> > ==================
> > --- tomcat/trunk/webapps/docs/changelog.xml (original)
> > +++ tomcat/trunk/webapps/docs/changelog.xml Sun Mar 26 16:21:03 2017
> > @@ -93,6 +93,10 @@
> > single utility class and update the code to use the new utility
> > class.
> > (markt)
> > </scode>
> > + <fix>
> > + <bug>60911</bug>: Ensure NPE will not be thrown when looking
for
> > SSL
> > + session ID. Based on a pacth by Didier Gutacker. (violetagg)
> > + </fix>
> > </changelog>
> > </subsection>
> > <subsection name="Coyote">
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
