subject:"Loss of Subject\/AccessControlContext in JSTL"

Bump: Loss of Subject/AccessControlContext in JSTL

2005-09-13 Thread Michiel Toneman



Hi All,

Is the below issue completely and utterly uninteresting and boring, or 
should I just go ahead and file a bugreport?


Regards,

Michiel





We've been tracking a nasty issue in our web application when using
Tomcat 5.0.28 and JSTL.

If we call a method from JSTL, any code that tries to access the
AccessControlContext behaves differently than it would if called
directly in a JSP using plain java.

e.g.

If we have a utility method in our dataBean that returns the (JAAS)
Subject using
Subject.getSubject(AccessController.getContext()), the syntax:

   %= dataBean.getSubjectFromContext() %

returns the Subject whereas:

   ${dataBean.subjectFromContext}

returns null

This is quite unexpected behaviour and seems to be caused by the call to:


org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:880)


which uses AccessController.doPrivileged(PrivilegedExceptionAction)
rather than AccessController.doPrivileged(PrivilegedExceptionAction,
AccessControlContext) to evaluate the EL syntax.

I think that changing:

   retValue = AccessController.doPrivileged(
   new PrivilegedExceptionAction(){
   .
   }
);

To: retValue = AccessController.doPrivileged(
   new PrivilegedExceptionAction(){
   .
   }, AccessController.getContext()
);

should solve this.

Can someone please have a look at this?

Cheers,

Michiel


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Loss of Subject/AccessControlContext in JSTL

2005-09-06 Thread Michiel Toneman



We've been tracking a nasty issue in our web application when using 
Tomcat 5.0.28 and JSTL.


If we call a method from JSTL, any code that tries to access the 
AccessControlContext behaves differently than it would if called 
directly in a JSP using plain java.


e.g.

If we have a utility method in our dataBean that returns the (JAAS) 
Subject using

Subject.getSubject(AccessController.getContext()), the syntax:

   %= dataBean.getSubjectFromContext() %

returns the Subject whereas:

   ${dataBean.subjectFromContext}

returns null

This is quite unexpected behaviour and seems to be caused by the call to:

   
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:880)


which uses AccessController.doPrivileged(PrivilegedExceptionAction) 
rather than AccessController.doPrivileged(PrivilegedExceptionAction, 
AccessControlContext) to evaluate the EL syntax.


I think that changing:

   retValue = AccessController.doPrivileged(
   new PrivilegedExceptionAction(){
   .
   }
);

To: retValue = AccessController.doPrivileged(
   new PrivilegedExceptionAction(){
   .
   }, AccessController.getContext()
);

should solve this.

Can someone please have a look at this?

Cheers,

Michiel

--
Michiel Toneman  Software Engineer   Bibit Global Payment Services
Regulierenring 10  3981 LB  Bunnik   [EMAIL PROTECTED]
Tel. +31-30-6595168  Fax +31-30-6564464  http://www.bibit.com/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Bump: Loss of Subject/AccessControlContext in JSTL

Loss of Subject/AccessControlContext in JSTL

2 matches

Site Navigation

Mail list logo

Footer information