You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/02/12 10:56:11 UTC
svn commit: r1659188 -
/tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java
Author: markt
Date: Thu Feb 12 09:56:10 2015
New Revision: 1659188
URL: http://svn.apache.org/r1659188
Log:
Make OS user name case insensitive (as documented) and explicitly do conversion to lower case with the system's default Locale.
Modified:
tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java
Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java?rev=1659188&r1=1659187&r2=1659188&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java (original)
+++ tomcat/trunk/java/org/apache/catalina/security/SecurityListener.java Thu Feb 12 09:56:10 2015
@@ -18,6 +18,7 @@ package org.apache.catalina.security;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.Locale;
import java.util.Set;
import org.apache.catalina.Lifecycle;
@@ -70,7 +71,7 @@ public class SecurityListener implements
* default, only root is prevented from running Tomcat. Calling this method
* with null or the empty string will clear the list of users and
* effectively disables this check. User names will always be checked in a
- * case insensitive manner.
+ * case insensitive manner using the system default Locale.
*
* @param userNameList A comma separated list of operating system users not
* permitted to run Tomcat
@@ -82,7 +83,7 @@ public class SecurityListener implements
String[] userNames = userNameList.split(",");
for (String userName : userNames) {
if (userName.length() > 0) {
- checkedOsUsers.add(userName);
+ checkedOsUsers.add(userName.toLowerCase(Locale.getDefault()));
}
}
}
@@ -147,7 +148,7 @@ public class SecurityListener implements
protected void checkOsUser() {
String userName = System.getProperty("user.name");
if (userName != null) {
- String userNameLC = userName.toLowerCase();
+ String userNameLC = userName.toLowerCase(Locale.getDefault());
if (checkedOsUsers.contains(userNameLC)) {
// Have to throw Error to force start process to be aborted
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org