User: starksm
Date: 01/07/26 20:51:33
Modified: tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4
JBossSecurityMgrRealm.java
Log:
Clear any SecurityAssociation value at the end of the service call to
ensure that reuse of the thread with unsecure content does not allow access
to components it should not
Revision Changes Path
No revision
No revision
1.4.2.4 +11 -1
contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java
Index: JBossSecurityMgrRealm.java
===================================================================
RCS file:
/cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v
retrieving revision 1.4.2.3
retrieving revision 1.4.2.4
diff -u -r1.4.2.3 -r1.4.2.4
--- JBossSecurityMgrRealm.java 2001/06/27 01:05:59 1.4.2.3
+++ JBossSecurityMgrRealm.java 2001/07/27 03:51:33 1.4.2.4
@@ -37,7 +37,7 @@
@see org.jboss.security.SubjectSecurityManager
@author [EMAIL PROTECTED]
-@version $Revision: 1.4.2.3 $
+@version $Revision: 1.4.2.4 $
*/
public class JBossSecurityMgrRealm extends BaseInterceptor
{
@@ -229,6 +229,16 @@
}
return code;
+ }
+
+ /** Called after service method ends. We clear any SecurityAssociation that
+ may have been set.
+ */
+ public int postService(Request request, Response response)
+ {
+ SecurityAssociation.setPrincipal(null);
+ SecurityAssociation.setCredential(null);
+ return 0;
}
}
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... starksm
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... starksm
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... starksm
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... starksm
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... starksm
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... starksm
- Re: [JBoss-dev] JBossSecurityMgrRealm.java David Green
- Re: [JBoss-dev] JBossSecurityMgrRealm.java Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... starksm
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... starksm
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Scott M Stark
- [JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/to... Adrian Brock
