[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java

Sun, 09 Dec 2001 11:39:53 -0800 

  User: starksm 
  Date: 01/12/09 11:39:19

  Modified:    tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4
                        JBossSecurityMgrRealm.java
  Log:
  Don't clear the SecurityAssociation information until the entry point request
  has completed or else included content will not leave the security identity
  in tact for subsequent operations performed in the including request.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.4.2.10  +10 -4     
contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java
  
  Index: JBossSecurityMgrRealm.java
  ===================================================================
  RCS file: 
/cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v
  retrieving revision 1.4.2.9
  retrieving revision 1.4.2.10
  diff -u -r1.4.2.9 -r1.4.2.10
  --- JBossSecurityMgrRealm.java        2001/11/20 09:49:01     1.4.2.9
  +++ JBossSecurityMgrRealm.java        2001/12/09 19:39:19     1.4.2.10
  @@ -38,7 +38,7 @@
    @see org.jboss.security.SubjectSecurityManager
    
    @author [EMAIL PROTECTED]
  - @version $Revision: 1.4.2.9 $
  + @version $Revision: 1.4.2.10 $
    */
   public class JBossSecurityMgrRealm extends BaseInterceptor
   {
  @@ -262,7 +262,7 @@
      }
      
      /** Called after service method ends. We clear any SecurityAssociation that
  -    may have been set on this thread.
  +    may have been set on this thread when the entry point request completes.
       */
      public int postService(Request request, Response response)
      {
  @@ -272,13 +272,19 @@
            Principal p = SecurityAssociation.getPrincipal();
            log.trace("postService, auth="+info+", SA.principal="+p+", request=" 
+request);
         }
  -      SecurityAssociation.setPrincipal(null);
  -      SecurityAssociation.setCredential(null);
         if( info != null )
         {
            info.depth --;
            if( info.depth <= 0 )
  +         {
  +            /* The entry point request has completed so clear any SA to avoid
  +            reuse of the security credentials by the next request services by
  +            this thread.
  +            */
               authInfo.set(null);
  +            SecurityAssociation.setPrincipal(null);
  +            SecurityAssociation.setCredential(null);
  +         }
         }
         return 0;
      }
  
  
  

_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to