You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by jf...@apache.org on 2002/10/18 23:37:09 UTC

cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5 CoyoteRequest.java

jfarcand    2002/10/18 14:37:08

  Modified:    coyote/src/java/org/apache/coyote/tomcat5 CoyoteRequest.java
  Log:
  Security Audit. Remove the doPrivilege block. Delegate the security check to o.a.catalina.Manager instance.
  
  Revision  Changes    Path
  1.6       +5 -31     jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteRequest.java
  
  Index: CoyoteRequest.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteRequest.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- CoyoteRequest.java	10 Oct 2002 09:45:30 -0000	1.5
  +++ CoyoteRequest.java	18 Oct 2002 21:37:08 -0000	1.6
  @@ -72,9 +72,7 @@
   import java.io.UnsupportedEncodingException;
   import java.net.InetAddress;
   import java.net.Socket;
  -import java.security.AccessController;
   import java.security.Principal;
  -import java.security.PrivilegedAction;
   import java.text.ParseException;
   import java.text.SimpleDateFormat;
   import java.util.ArrayList;
  @@ -134,26 +132,6 @@
   public class CoyoteRequest
       implements HttpRequest, HttpServletRequest {
   
  -
  -    // --------------------------------------- PrivilegedGetSession Inner Class
  -
  -
  -    protected class PrivilegedGetSession
  -        implements PrivilegedAction {
  -
  -        private boolean create;
  -
  -        PrivilegedGetSession(boolean create) {
  -            this.create = create;
  -        }
  -
  -        public Object run() {
  -            return doGetSession(create);
  -        }
  -
  -    }
  -
  -
       // ------------------------------------------------------------- Properties
   
   
  @@ -1810,11 +1788,7 @@
        * @param create Create a new session if one does not exist
        */
       public HttpSession getSession(boolean create) {
  -
  -        if (System.getSecurityManager() != null) {
  -            PrivilegedGetSession dp = new PrivilegedGetSession(create);
  -            return (HttpSession) AccessController.doPrivileged(dp);
  -        }
  +        
           return doGetSession(create);
   
       }
  
  
  

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>