Author: markt Date: Fri May 16 18:32:25 2014 New Revision: 1595291 URL: http://svn.apache.org/r1595291 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56536 Ensure that HttpSessionBindingListener.valueUnbound() uses the correct class loader when the <code>SingleSignOn</code> valve is used.
Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1595285 Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java?rev=1595291&r1=1595290&r2=1595291&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java Fri May 16 18:32:25 2014 @@ -864,11 +864,32 @@ public class StandardSession implements // Unbind any objects associated with this session String keys[] = keys(); - for (int i = 0; i < keys.length; i++) - removeAttributeInternal(keys[i], notify); - + if (oldTccl != null) { + if (Globals.IS_SECURITY_ENABLED) { + PrivilegedAction<Void> pa = new PrivilegedSetTccl( + context.getLoader().getClassLoader()); + AccessController.doPrivileged(pa); + } else { + Thread.currentThread().setContextClassLoader( + context.getLoader().getClassLoader()); + } + } + try { + for (int i = 0; i < keys.length; i++) { + removeAttributeInternal(keys[i], notify); + } + } finally { + if (oldTccl != null) { + if (Globals.IS_SECURITY_ENABLED) { + PrivilegedAction<Void> pa = + new PrivilegedSetTccl(oldTccl); + AccessController.doPrivileged(pa); + } else { + Thread.currentThread().setContextClassLoader(oldTccl); + } + } + } } - } Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1595291&r1=1595290&r2=1595291&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri May 16 18:32:25 2014 @@ -187,6 +187,11 @@ associated with failed user logins at debug level rather than error level. (markt) </fix> + <fix> + <bug>56536</bug>: Ensure that + <code>HttpSessionBindingListener.valueUnbound()</code> uses the correct + class loader when the <code>SingleSignOn</code> valve is used. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org