You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/01/15 00:39:18 UTC

svn commit: r734559 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/catalina/core/ApplicationFilterChain.java webapps/docs/changelog.xml

Author: markt
Date: Wed Jan 14 15:39:18 2009
New Revision: 734559

URL: http://svn.apache.org/viewvc?rev=734559&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46304
Excludes performance issues
Use Principal when calling doFilterEvent()

Modified:
    tomcat/tc6.0.x/trunk/   (props changed)
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jan 14 15:39:18 2009
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,687503,687645,690781,691392,691805,692748,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,718360,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728947,729057,730250,732859
+/tomcat/trunk:601180,606992,612607,630314,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,687503,687645,690781,691392,691805,692748,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,718360,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,730250,732859

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=734559&r1=734558&r2=734559&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Jan 14 15:39:18 2009
@@ -141,13 +141,6 @@
       possibly be exploited by a malicious webapp.
   -1: 
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46304
-  Excludes performance issues
-  Use Principal when calling doFilterEvent()
-  http://svn.apache.org/viewvc?rev=728768&view=rev
-  +1: markt, fhanik, funkman
-  -1: 
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46357
   Correct test for host's parent must be an engine
   http://svn.apache.org/viewvc?rev=729567&view=rev

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java?rev=734559&r1=734558&r2=734559&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java Wed Jan 14 15:39:18 2009
@@ -408,8 +408,8 @@
                         ev.getHttpServletRequest().getUserPrincipal();
 
                     Object[] args = new Object[]{ev, this};
-                    SecurityUtil.doAsPrivilege
-                        ("doFilterEvent", (Filter) filter, cometClassType, args);
+                    SecurityUtil.doAsPrivilege("doFilterEvent", filter,
+                            cometClassType, args, principal);
 
                     args = null;
                 } else {  

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=734559&r1=734558&r2=734559&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Jan 14 15:39:18 2009
@@ -213,6 +213,11 @@
         standard endorsed mechanism. (markt)
       </fix>
       <fix>
+        <bug>46304</bug>: Further fixes to make Principal accessible (if set)
+        via <code>Subject.getSubject(AccessController.getContext())</code> when
+        processing filters. (markt)
+      </fix>
+      <fix>
         <bug>46403</bug>: Provide a workaround for an IE and Safari bug that
         means the Max-Age attribute of a cookie is ignored. (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org