jfarcand 2003/03/11 12:51:12
Modified: catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
coyote/src/java/org/apache/coyote/tomcat5
CoyoteRequestFacade.java
Log:
Add a missing doPrivileged block when package protection is enabled.
Revision Changes Path
1.6 +13 -8
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityClassLoad.java
Index: SecurityClassLoad.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityClassLoad.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- SecurityClassLoad.java 4 Mar 2003 01:57:06 -0000 1.5
+++ SecurityClassLoad.java 11 Mar 2003 20:51:12 -0000 1.6
@@ -124,6 +124,9 @@
String basePackage = "org.apache.catalina.";
loader.loadClass
(basePackage + "session.StandardSession");
+ loader.loadClass
+ (basePackage +
+ "session.StandardSession$1");
}
@@ -188,6 +191,9 @@
"CoyoteResponseFacade$SetContentTypePrivilegedAction");
loader.loadClass
(basePackage +
+ "CoyoteRequestFacade$GetSessionPrivilegedAction");
+ loader.loadClass
+ (basePackage +
"CoyoteResponseFacade$1");
loader.loadClass
(basePackage +
@@ -198,16 +204,15 @@
loader.loadClass
(basePackage +
"CoyoteInputStream$2");
- loader.loadClass
+ loader.loadClass
(basePackage +
"CoyoteInputStream$3");
- loader.loadClass
+ loader.loadClass
(basePackage +
"CoyoteInputStream$4");
- loader.loadClass
+ loader.loadClass
(basePackage +
"CoyoteInputStream$5");
-
}
}
1.3 +32 -12
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteRequestFacade.java
Index: CoyoteRequestFacade.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteRequestFacade.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- CoyoteRequestFacade.java 4 Nov 2002 05:14:09 -0000 1.2
+++ CoyoteRequestFacade.java 11 Mar 2003 20:51:12 -0000 1.3
@@ -212,7 +212,22 @@
}
}
-
+ private final class GetSessionPrivilegedAction implements PrivilegedAction{
+ private boolean create;
+
+ public GetSessionPrivilegedAction(boolean create){
+ this.create = create;
+ }
+
+ public Object run() {
+ HttpSession session =
+ request.getSession(create);
+ if (session == null)
+ return null;
+ else
+ return (new StandardSessionFacade(session));
+ }
+ }
// ----------------------------------------------------------- Constructors
@@ -536,14 +551,19 @@
public HttpSession getSession(boolean create) {
- HttpSession session =
- request.getSession(create);
- if (session == null)
- return null;
- else
- return new StandardSessionFacade(session);
- }
+ if (System.getSecurityManager() != null){
+ return (HttpSession)AccessController.
+ doPrivileged(new GetSessionPrivilegedAction(create));
+ } else {
+ HttpSession session =
+ request.getSession(create);
+ if (session == null)
+ return null;
+ else
+ return new StandardSessionFacade(session);
+ }
+ }
public HttpSession getSession() {
return getSession(true);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
