changelog.xml

markt Fri, 16 May 2014 13:10:25 -0700

Author: markt
Date: Fri May 16 18:32:25 2014
New Revision: 1595291

URL: http://svn.apache.org/r1595291
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56536
Ensure that HttpSessionBindingListener.valueUnbound() uses the correct class 
loader when the <code>SingleSignOn</code> valve is used.


Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1595285

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java?rev=1595291&r1=1595290&r2=1595291&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/StandardSession.java 
Fri May 16 18:32:25 2014
@@ -864,11 +864,32 @@ public class StandardSession implements 
 
             // Unbind any objects associated with this session
             String keys[] = keys();
-            for (int i = 0; i < keys.length; i++)
-                removeAttributeInternal(keys[i], notify);
-
+            if (oldTccl != null) {
+                if (Globals.IS_SECURITY_ENABLED) {
+                    PrivilegedAction<Void> pa = new PrivilegedSetTccl(
+                            context.getLoader().getClassLoader());
+                    AccessController.doPrivileged(pa);
+                } else {
+                    Thread.currentThread().setContextClassLoader(
+                            context.getLoader().getClassLoader());
+                }
+            }
+            try {
+                for (int i = 0; i < keys.length; i++) {
+                    removeAttributeInternal(keys[i], notify);
+                }
+            } finally {
+                if (oldTccl != null) {
+                    if (Globals.IS_SECURITY_ENABLED) {
+                        PrivilegedAction<Void> pa =
+                            new PrivilegedSetTccl(oldTccl);
+                        AccessController.doPrivileged(pa);
+                    } else {
+                        Thread.currentThread().setContextClassLoader(oldTccl);
+                    }
+                }
+            }
         }
-
     }
 
 

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1595291&r1=1595290&r2=1595291&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri May 16 18:32:25 2014
@@ -187,6 +187,11 @@
         associated with failed user logins at debug level rather than error
         level. (markt)
       </fix>
+     <fix>
+       <bug>56536</bug>: Ensure that
+       <code>HttpSessionBindingListener.valueUnbound()</code> uses the correct
+       class loader when the <code>SingleSignOn</code> valve is used. (markt) 
+     </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1595291 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/session/StandardSession.java webapps/docs/changelog.xml

Reply via email to