jfarcand 2003/09/19 15:03:07
Modified: catalina/src/share/org/apache/coyote/tomcat5
CoyoteResponse.java
Log:
Add missing doPrivileged block
Revision Changes Path
1.9 +45 -13
jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteResponse.java
Index: CoyoteResponse.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteResponse.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- CoyoteResponse.java 3 Sep 2003 22:10:33 -0000 1.8
+++ CoyoteResponse.java 19 Sep 2003 22:03:07 -0000 1.9
@@ -70,6 +70,7 @@
import java.io.PrintWriter;
import java.net.MalformedURLException;
import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.text.SimpleDateFormat;
@@ -905,7 +906,7 @@
*
* @param cookie Cookie to be added
*/
- public void addCookie(Cookie cookie) {
+ public void addCookie(final Cookie cookie) {
if (isCommitted())
return;
@@ -916,11 +917,25 @@
cookies.add(cookie);
- StringBuffer sb = new StringBuffer();
- ServerCookie.appendCookieValue
- (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
- cookie.getPath(), cookie.getDomain(), cookie.getComment(),
- cookie.getMaxAge(), cookie.getSecure());
+ final StringBuffer sb = new StringBuffer();
+ if (System.getSecurityManager() != null) {
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run(){
+ ServerCookie.appendCookieValue
+ (sb, cookie.getVersion(), cookie.getName(),
+ cookie.getValue(), cookie.getPath(),
+ cookie.getDomain(), cookie.getComment(),
+ cookie.getMaxAge(), cookie.getSecure());
+ return null;
+ }
+ });
+ } else {
+ ServerCookie.appendCookieValue
+ (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
+ cookie.getPath(), cookie.getDomain(), cookie.getComment(),
+ cookie.getMaxAge(), cookie.getSecure());
+ }
+
// the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
// RFC2965 is not supported by browsers and the Servlet spec
// asks for 2109.
@@ -1305,7 +1320,7 @@
*
* @param location Absolute URL to be validated
*/
- protected boolean isEncodeable(String location) {
+ protected boolean isEncodeable(final String location) {
if (location == null)
return (false);
@@ -1315,13 +1330,30 @@
return (false);
// Are we in a valid session that is not using cookies?
- HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
- HttpSession session = hreq.getSession(false);
+ final HttpServletRequest hreq =
+ (HttpServletRequest) request.getRequest();
+ final HttpSession session = hreq.getSession(false);
if (session == null)
return (false);
if (hreq.isRequestedSessionIdFromCookie())
return (false);
+
+ if (System.getSecurityManager() != null) {
+ return ((Boolean)
+ AccessController.doPrivileged(new PrivilegedAction() {
+
+ public Object run(){
+ return new Boolean(doIsEncodeable(hreq, session, location));
+ }
+ })).booleanValue();
+ } else {
+ return doIsEncodeable(hreq, session, location);
+ }
+ }
+ private boolean doIsEncodeable(HttpServletRequest hreq,
+ HttpSession session,
+ String location){
// Is this a valid absolute URL?
URL url = null;
try {
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
