glenn 00/12/28 14:15:30 Modified: src/share/org/apache/tomcat/util Tag: tomcat_32 SessionUtil.java Log: Fix generateSessionId() so it works with a SecurityManager Revision Changes Path No revision No revision 1.5.2.3 +26 -5 jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java Index: SessionUtil.java =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v retrieving revision 1.5.2.2 retrieving revision 1.5.2.3 diff -u -r1.5.2.2 -r1.5.2.3 --- SessionUtil.java 2000/11/18 01:34:00 1.5.2.2 +++ SessionUtil.java 2000/12/28 22:15:29 1.5.2.3 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 1.5.2.2 2000/11/18 01:34:00 craigmcc Exp $ - * $Revision: 1.5.2.2 $ - * $Date: 2000/11/18 01:34:00 $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 1.5.2.3 2000/12/28 22:15:29 glenn Exp $ + * $Revision: 1.5.2.3 $ + * $Date: 2000/12/28 22:15:29 $ * * ==================================================================== * @@ -68,6 +68,7 @@ import javax.servlet.http.Cookie; import org.apache.tomcat.core.*; +import java.security.*; /** * General purpose utilities useful to <code>Manager</code> and @@ -75,7 +76,7 @@ * * @author Craig R. McClanahan * @author Shai Fultheim [[EMAIL PROTECTED]] - * @version $Revision: 1.5.2.2 $ $Date: 2000/11/18 01:34:00 $ + * @version $Revision: 1.5.2.3 $ $Date: 2000/12/28 22:15:29 $ */ public final class SessionUtil { @@ -177,7 +178,27 @@ * Generate and return a new session identifier. */ public static String generateSessionId(String jsIdent) { - return SessionIdGenerator.generateId(jsIdent); + /** + * When using a SecurityManager and a JSP page or servlet triggers + * creation of a new session id it must be performed with the + * Permissions of this class using doPriviledged because the parent + * JSP or servlet may not have sufficient Permissions. + */ + if( System.getSecurityManager() != null ) { + class doInit implements PrivilegedAction { + private String jsIdent; + public doInit(String ident) { + jsIdent = ident; + } + public Object run() { + return SessionIdGenerator.generateId(jsIdent); + } + } + doInit di = new doInit(jsIdent); + return (String)AccessController.doPrivileged(di); + } else { + return SessionIdGenerator.generateId(jsIdent); + } } /**