You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/11/05 17:17:16 UTC
svn commit: r711600 - in /tomcat/trunk/java/org/apache/catalina:
core/ApplicationFilterChain.java security/SecurityUtil.java
Author: markt
Date: Wed Nov 5 08:17:16 2008
New Revision: 711600
URL: http://svn.apache.org/viewvc?rev=711600&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46011
Make Principal accessible (if set) via Subject.getSubject(AccessController.getContext()) when processing filters.
Based on a patch provided by tsveg1
Modified:
tomcat/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java
tomcat/trunk/java/org/apache/catalina/security/SecurityUtil.java
Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java?rev=711600&r1=711599&r2=711600&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationFilterChain.java Wed Nov 5 08:17:16 2008
@@ -228,7 +228,7 @@
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege
- ("doFilter", filter, classType, args);
+ ("doFilter", filter, classType, args, principal);
args = null;
} else {
Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityUtil.java?rev=711600&r1=711599&r2=711600&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/security/SecurityUtil.java (original)
+++ tomcat/trunk/java/org/apache/catalina/security/SecurityUtil.java Wed Nov 5 08:17:16 2008
@@ -180,7 +180,7 @@
/**
- * Perform work as a particular </code>Subject</code>. Here the work
+ * Perform work as a particular <code>Subject</code>. Here the work
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
@@ -196,6 +196,31 @@
final Class[] targetType,
final Object[] targetArguments)
throws java.lang.Exception{
+
+ doAsPrivilege(
+ methodName, targetObject, targetType, targetArguments, null);
+ }
+
+ /**
+ * Perform work as a particular <code>Subject</code>. Here the work
+ * will be granted to a <code>null</code> subject.
+ *
+ * @param methodName the method to apply the security restriction
+ * @param targetObject the <code>Filter</code> on which the method will
+ * be called.
+ * @param targetType <code>Class</code> array used to instanciate a
+ * <code>Method</code> object.
+ * @param targetArguments <code>Object</code> array contains the
+ * runtime parameters instance.
+ * @param principal the <code>Principal</code> to which the security
+ * privilege apply
+ */
+ public static void doAsPrivilege(final String methodName,
+ final Filter targetObject,
+ final Class[] targetType,
+ final Object[] targetArguments,
+ Principal principal)
+ throws java.lang.Exception{
Method method = null;
Method[] methodsCache = null;
@@ -215,7 +240,7 @@
targetType);
}
- execute(method, targetObject, targetArguments, null);
+ execute(method, targetObject, targetArguments, principal);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org