[EMAIL PROTECTED] wrote:
billbarker 2005/08/03 23:07:46
Modified: catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
Fix CNFE when starting in a sandbox.
After the last refactoring, the Jk-Java Connector no longer has need of PAs. If this changes, the method can always be added back.
This reminds me I need to test security more often.
I look in the preload list for HTTP, and I see a few PAs there. One of
them is:
// End the response status line
if (System.getSecurityManager() != null){
AccessController.doPrivileged(
new PrivilegedAction(){
public Object run(){
buf[pos++] = Constants.CR;
buf[pos++] = Constants.LF;
return null;
}
}
);
} else {
buf[pos++] = Constants.CR;
buf[pos++] = Constants.LF;
}
I think this is fairly funny code. The contents of the PA were a bit
different originally, but I don't see why a PA was ever needed.
Similarly, the other PA is needed because the HttpMessages is a bundle
which will need to be loaded, while the loading should be done during
the init of the connector (like HttpMessages.getMessage(200)).
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]