Author: markt Date: Fri May 16 18:27:25 2014 New Revision: 1595285 URL: http://svn.apache.org/r1595285 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56536 Ensure that HttpSessionBindingListener.valueUnbound() uses the correct class loader when the <code>SingleSignOn</code> valve is used.
Modified: tomcat/trunk/java/org/apache/catalina/session/StandardSession.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/session/StandardSession.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/StandardSession.java?rev=1595285&r1=1595284&r2=1595285&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/session/StandardSession.java (original) +++ tomcat/trunk/java/org/apache/catalina/session/StandardSession.java Fri May 16 18:27:25 2014 @@ -826,10 +826,10 @@ public class StandardSession implements // The call to expire() may not have been triggered by the webapp. // Make sure the webapp's class loader is set when calling the // listeners - ClassLoader oldContextClassLoader = null; - try { - oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null); - if (notify) { + if (notify) { + ClassLoader oldContextClassLoader = null; + try { + oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null); Object listeners[] = context.getApplicationLifecycleListeners(); if (listeners != null && listeners.length > 0) { HttpSessionEvent event = @@ -859,9 +859,9 @@ public class StandardSession implements } } } + } finally { + context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader); } - } finally { - context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader); } if (ACTIVITY_CHECK) { @@ -894,9 +894,15 @@ public class StandardSession implements // Unbind any objects associated with this session String keys[] = keys(); - for (int i = 0; i < keys.length; i++) - removeAttributeInternal(keys[i], notify); - + ClassLoader oldContextClassLoader = null; + try { + oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null); + for (int i = 0; i < keys.length; i++) { + removeAttributeInternal(keys[i], notify); + } + } finally { + context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader); + } } } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1595285&r1=1595284&r2=1595285&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Fri May 16 18:27:25 2014 @@ -45,6 +45,15 @@ issues to not "pop up" wrt. others). --> <section name="Tomcat 8.0.8 (markt)"> + <subsection name="Catalina"> + <changelog> + <fix> + <bug>56536</bug>: Ensure that + <code>HttpSessionBindingListener.valueUnbound()</code> uses the correct + class loader when the <code>SingleSignOn</code> valve is used. (markt) + </fix> + </changelog> + </subsection> <subsection name="Jasper"> <changelog> <fix> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org