You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2002/10/18 23:37:09 UTC
cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5 CoyoteRequest.java
jfarcand 2002/10/18 14:37:08
Modified: coyote/src/java/org/apache/coyote/tomcat5 CoyoteRequest.java
Log:
Security Audit. Remove the doPrivilege block. Delegate the security check to o.a.catalina.Manager instance.
Revision Changes Path
1.6 +5 -31 jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteRequest.java
Index: CoyoteRequest.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteRequest.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- CoyoteRequest.java 10 Oct 2002 09:45:30 -0000 1.5
+++ CoyoteRequest.java 18 Oct 2002 21:37:08 -0000 1.6
@@ -72,9 +72,7 @@
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.Socket;
-import java.security.AccessController;
import java.security.Principal;
-import java.security.PrivilegedAction;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
@@ -134,26 +132,6 @@
public class CoyoteRequest
implements HttpRequest, HttpServletRequest {
-
- // --------------------------------------- PrivilegedGetSession Inner Class
-
-
- protected class PrivilegedGetSession
- implements PrivilegedAction {
-
- private boolean create;
-
- PrivilegedGetSession(boolean create) {
- this.create = create;
- }
-
- public Object run() {
- return doGetSession(create);
- }
-
- }
-
-
// ------------------------------------------------------------- Properties
@@ -1810,11 +1788,7 @@
* @param create Create a new session if one does not exist
*/
public HttpSession getSession(boolean create) {
-
- if (System.getSecurityManager() != null) {
- PrivilegedGetSession dp = new PrivilegedGetSession(create);
- return (HttpSession) AccessController.doPrivileged(dp);
- }
+
return doGetSession(create);
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>