util SessionUtil.java

glenn Thu, 28 Dec 2000 14:03:21 -0800
glenn       00/12/28 14:15:30

  Modified:    src/share/org/apache/tomcat/util Tag: tomcat_32
                        SessionUtil.java
  Log:
  Fix generateSessionId() so it works with a SecurityManager
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.5.2.3   +26 -5     
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java
  
  Index: SessionUtil.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v
  retrieving revision 1.5.2.2
  retrieving revision 1.5.2.3
  diff -u -r1.5.2.2 -r1.5.2.3
  --- SessionUtil.java  2000/11/18 01:34:00     1.5.2.2
  +++ SessionUtil.java  2000/12/28 22:15:29     1.5.2.3
  @@ -1,7 +1,7 @@
   /*
  - * $Header: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 
1.5.2.2 2000/11/18 01:34:00 craigmcc Exp $
  - * $Revision: 1.5.2.2 $
  - * $Date: 2000/11/18 01:34:00 $
  + * $Header: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 
1.5.2.3 2000/12/28 22:15:29 glenn Exp $
  + * $Revision: 1.5.2.3 $
  + * $Date: 2000/12/28 22:15:29 $
    *
    * ====================================================================
    *
  @@ -68,6 +68,7 @@
   import javax.servlet.http.Cookie;
   import org.apache.tomcat.core.*;
   
  +import java.security.*;
   
   /**
    * General purpose utilities useful to <code>Manager</code> and
  @@ -75,7 +76,7 @@
    *
    * @author Craig R. McClanahan
    * @author Shai Fultheim [[EMAIL PROTECTED]]
  - * @version $Revision: 1.5.2.2 $ $Date: 2000/11/18 01:34:00 $
  + * @version $Revision: 1.5.2.3 $ $Date: 2000/12/28 22:15:29 $
    */
   
   public final class SessionUtil {
  @@ -177,7 +178,27 @@
        * Generate and return a new session identifier.
        */
       public static String generateSessionId(String jsIdent) {
  -        return SessionIdGenerator.generateId(jsIdent);
  +        /**
  +         * When using a SecurityManager and a JSP page or servlet triggers
  +         * creation of a new session id it must be performed with the 
  +         * Permissions of this class using doPriviledged because the parent
  +         * JSP or servlet may not have sufficient Permissions.
  +         */
  +        if( System.getSecurityManager() != null ) {
  +            class doInit implements PrivilegedAction {
  +                private String jsIdent;
  +                public doInit(String ident) {
  +                    jsIdent = ident;
  +                }           
  +                public Object run() {
  +                    return SessionIdGenerator.generateId(jsIdent);
  +                }           
  +            }    
  +            doInit di = new doInit(jsIdent);
  +            return (String)AccessController.doPrivileged(di);
  +        } else {            
  +            return SessionIdGenerator.generateId(jsIdent);
  +     }
       }
   
       /**
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util SessionUtil.java

Reply via email to
