You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/02/12 10:56:11 UTC

svn commit: r1659188 - /tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java

Author: markt
Date: Thu Feb 12 09:56:10 2015
New Revision: 1659188

URL: http://svn.apache.org/r1659188
Log:
Make OS user name case insensitive (as documented) and explicitly do conversion to lower case with the system's default Locale.

Modified:
    tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java

Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java?rev=1659188&r1=1659187&r2=1659188&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java (original)
+++ tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java Thu Feb 12 09:56:10 2015
@@ -18,6 +18,7 @@ package org.apache.catalina.security;
 
 import java.util.HashSet;
 import java.util.Iterator;
+import java.util.Locale;
 import java.util.Set;
 
 import org.apache.catalina.Lifecycle;
@@ -70,7 +71,7 @@ public class SecurityListener implements
      * default, only root is prevented from running Tomcat. Calling this method
      * with null or the empty string will clear the list of users and
      * effectively disables this check. User names will always be checked in a
-     * case insensitive manner.
+     * case insensitive manner using the system default Locale.
      *
      * @param userNameList  A comma separated list of operating system users not
      *                      permitted to run Tomcat
@@ -82,7 +83,7 @@ public class SecurityListener implements
             String[] userNames = userNameList.split(",");
             for (String userName : userNames) {
                 if (userName.length() > 0) {
-                    checkedOsUsers.add(userName);
+                    checkedOsUsers.add(userName.toLowerCase(Locale.getDefault()));
                 }
             }
         }
@@ -147,7 +148,7 @@ public class SecurityListener implements
     protected void checkOsUser() {
         String userName = System.getProperty("user.name");
         if (userName != null) {
-            String userNameLC = userName.toLowerCase();
+            String userNameLC = userName.toLowerCase(Locale.getDefault());
 
             if (checkedOsUsers.contains(userNameLC)) {
                 // Have to throw Error to force start process to be aborted



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org