You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by cr...@locus.apache.org on 2000/07/12 06:42:01 UTC
cvs commit: jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/loader FileClassLoader.java
craigmcc 00/07/11 21:42:01
Modified: proposals/catalina/src/share/org/apache/tomcat/loader
FileClassLoader.java
Log:
Allow access to org.apache.tomcat.session.StandardSession through this
class loader so that persisted sessions can be reloaded through it.
Revision Changes Path
1.8 +11 -4 jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/loader/FileClassLoader.java
Index: FileClassLoader.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/loader/FileClassLoader.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- FileClassLoader.java 2000/05/15 22:35:28 1.7
+++ FileClassLoader.java 2000/07/12 04:42:01 1.8
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/loader/FileClassLoader.java,v 1.7 2000/05/15 22:35:28 craigmcc Exp $
- * $Revision: 1.7 $
- * $Date: 2000/05/15 22:35:28 $
+ * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/loader/FileClassLoader.java,v 1.8 2000/07/12 04:42:01 craigmcc Exp $
+ * $Revision: 1.8 $
+ * $Date: 2000/07/12 04:42:01 $
*
* ====================================================================
*
@@ -94,7 +94,7 @@
* modified at runtime.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.7 $ $Date: 2000/05/15 22:35:28 $
+ * @version $Revision: 1.8 $ $Date: 2000/07/12 04:42:01 $
*/
public final class FileClassLoader
@@ -933,6 +933,13 @@
* @param name Name of the class to be checked
*/
private boolean restricted(String name) {
+
+ // This is an ugly hack, but currently necessary for sessions
+ // to be deserialized using this classloader. The underlying
+ // StandardSession class is not public, so an application client
+ // still cannot do any mischief with it, but sheesh ...
+ if (name.equals("org.apache.tomcat.session.StandardSession"))
+ return (false);
return (name.startsWith("org.apache.tomcat."));