You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by la...@apache.org on 2002/01/31 04:49:55 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/config PolicyInterceptor.java
larryi 02/01/30 19:49:55
Modified: src/share/org/apache/tomcat/modules/config
PolicyInterceptor.java
Log:
Fix for Bug 4923.
FilePermission("<some dir>/-","read") appears to give access to the
directory's contents and subdirectories, but doesn't grant direct access
to the directory. For example, exists() on the directory isn't granted. Adding
additionall FilePermissions to allow exists() on the web app's base and work
directories.
Revision Changes Path
1.13 +11 -0 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyInterceptor.java
Index: PolicyInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyInterceptor.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- PolicyInterceptor.java 22 Aug 2001 03:02:46 -0000 1.12
+++ PolicyInterceptor.java 31 Jan 2002 03:49:55 -0000 1.13
@@ -174,12 +174,23 @@
// Add default write "-" FilePermission for docBase
fp = new FilePermission(base + File.separator + "-", "write");
p.add(fp);
+
+ // Add read permission for the directory itself, needed to use
+ // exists() on the directory
+ fp = new FilePermission(base,"read");
+ p.add(fp);
+
fp = new FilePermission(context.getWorkDir() + File.separator + "-",
"read");
p.add(fp);
fp = new FilePermission(context.getWorkDir() + File.separator + "-",
"write");
p.add(fp);
+
+ // Add read permission for the work directory itself, needed to use
+ // exists() on the directory
+ fp = new FilePermission(context.getWorkDir().toString(),"read");
+ p.add(fp);
// Read on the common and apps dir
fp = new FilePermission(cm.getInstallDir() + File.separator +
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>