subject:"cvs commit\: jakarta\-tomcat\-catalina\/catalina\/src\/share\/org\/apache\/catalina\/security SecurityUtil.java"

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2004-10-25 Thread Jan Luehe

Bill Barker wrote:
> - Original Message -
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, October 25, 2004 2:18 PM
> Subject: cvs commit:
> jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security
> SecurityUtil.java
> 
> 
> 
>>  @@ -251,18 +251,17 @@
>>   if (session != null){
>>   subject =
>>
> 
> (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
> 
>>  -}
>>
>>  -if (subject == null){
>>  -subject = new Subject();
>>  +if (subject == null){
>>  +subject = new Subject();
>>
>>  -if (principal != null){
>>  -subject.getPrincipals().add(principal);
>>  +if (principal != null){
>>  +subject.getPrincipals().add(principal);
>>  +}
>>  +
>>  +session.setAttribute(Globals.SUBJECT_ATTR,
> 
> subject);
> 
>>   }
>>   }
>>  -
>>  -if (session != null)
>>  -session.setAttribute(Globals.SUBJECT_ATTR,
> 
> subject);
> 
>>   }
>>
>>   Subject.doAsPrivileged(subject, pea, null);
> 
> 
> With this patch, If there is no session defined, then 'subject' will be null
> when I get to the doAsPrivieged.

Good catch! Fixed so that Subject is created regardless of whether
session exists, but it is added to the session only if the session
did not already contain any.


Jan



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2004-10-25 Thread luehe

luehe   2004/10/25 19:02:37

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Create Subject if one was not already associated with the session, and add
  it to the session *only* in that case
  
  Revision  ChangesPath
  1.14  +11 -7 
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- SecurityUtil.java 25 Oct 2004 21:18:49 -  1.13
  +++ SecurityUtil.java 26 Oct 2004 02:02:37 -  1.14
  @@ -247,20 +247,24 @@
   HttpServletRequest request = 
   (HttpServletRequest)targetArguments[0];
   
  +boolean hasSubject = false;
   HttpSession session = request.getSession(false);
   if (session != null){
   subject = 
   (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
  +hasSubject = (subject != null);
  +}
   
  -if (subject == null){
  -subject = new Subject();
  +if (subject == null){
  +subject = new Subject();
   
  -if (principal != null){
  -subject.getPrincipals().add(principal);
  -}
  - 
  -session.setAttribute(Globals.SUBJECT_ATTR, subject);
  +if (principal != null){
  +subject.getPrincipals().add(principal);
   }
  +}
  +
  +if (session != null && !hasSubject) {
  +session.setAttribute(Globals.SUBJECT_ATTR, subject);
   }
   }
   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2004-10-25 Thread Bill Barker

- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 25, 2004 2:18 PM
Subject: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security
SecurityUtil.java

>   @@ -251,18 +251,17 @@
>if (session != null){
>subject =
>
(Subject)session.getAttribute(Globals.SUBJECT_ATTR);
>   -}
>
>   -if (subject == null){
>   -subject = new Subject();
>   +if (subject == null){
>   +subject = new Subject();
>
>   -if (principal != null){
>   -subject.getPrincipals().add(principal);
>   +if (principal != null){
>   +subject.getPrincipals().add(principal);
>   +}
>   +
>   +session.setAttribute(Globals.SUBJECT_ATTR,
subject);
>}
>}
>   -
>   -if (session != null)
>   -session.setAttribute(Globals.SUBJECT_ATTR,
subject);
>}
>
>Subject.doAsPrivileged(subject, pea, null);

With this patch, If there is no session defined, then 'subject' will be null
when I get to the doAsPrivieged.

This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2004-10-25 Thread luehe

luehe   2004/10/25 14:18:49

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Call session.setAttribute(Globals.SUBJECT_ATTR, subject) only if
  necessary, i.e, only if the session does not already contain such an
  attribute, allowing for session persistence optimizations by
  persisting only those sessions that have actually changed (i.e., whose
  setAttribute() or removeAttribute() have been called) since the
  sessions were last persisted.
  
  Revision  ChangesPath
  1.13  +8 -9  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- SecurityUtil.java 20 Aug 2004 14:43:17 -  1.12
  +++ SecurityUtil.java 25 Oct 2004 21:18:49 -  1.13
  @@ -224,7 +224,7 @@
* @param targetArguments Object array contains the 
* runtime parameters instance.
* @param principal the Principal to which the security 
  - * privilege apply..
  + * privilege applies
*/
   private static void execute(final Method method,
   final Object targetObject, 
  @@ -251,18 +251,17 @@
   if (session != null){
   subject = 
   (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
  -}
   
  -if (subject == null){
  -subject = new Subject();
  +if (subject == null){
  +subject = new Subject();
   
  -if (principal != null){
  -subject.getPrincipals().add(principal);
  +if (principal != null){
  +subject.getPrincipals().add(principal);
  +}
  + 
  +session.setAttribute(Globals.SUBJECT_ATTR, subject);
   }
   }
  -
  -if (session != null)
  -session.setAttribute(Globals.SUBJECT_ATTR, subject);
   }
   
   Subject.doAsPrivileged(subject, pea, null);   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2004-08-20 Thread jfarcand

jfarcand2004/08/20 07:43:17

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Port fix for bug 30602
  
  Revision  ChangesPath
  1.12  +9 -7  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- SecurityUtil.java 26 May 2004 15:53:20 -  1.11
  +++ SecurityUtil.java 20 Aug 2004 14:43:17 -  1.12
  @@ -251,16 +251,18 @@
   if (session != null){
   subject = 
   (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
  +}
   
  -if (subject == null){
  -subject = new Subject();
  -
  -if (principal != null){
  -subject.getPrincipals().add(principal);
  -}
  -session.setAttribute(Globals.SUBJECT_ATTR, subject);
  +if (subject == null){
  +subject = new Subject();
  +
  +if (principal != null){
  +subject.getPrincipals().add(principal);
   }
   }
  +
  +if (session != null)
  +session.setAttribute(Globals.SUBJECT_ATTR, subject);
   }
   
   Subject.doAsPrivileged(subject, pea, null);   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2004-08-20 Thread jfarcand

jfarcand2004/08/20 07:28:38

  Modified:catalina/src/share/org/apache/catalina/security Tag:
TOMCAT_5_0 SecurityUtil.java
  Log:
  Fix for Bugzilla 30602: Subject is not available during the first call to the 
servlet which use the basic authentication.
  
  All Servlet TCKs passed with Security enabled
  
  Submitted by: Josip Jureta at videotron.ca
  
  Revision  ChangesPath
  No   revision
  No   revision
  1.11.2.1  +9 -7  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.11
  retrieving revision 1.11.2.1
  diff -u -r1.11 -r1.11.2.1
  --- SecurityUtil.java 26 May 2004 15:53:20 -  1.11
  +++ SecurityUtil.java 20 Aug 2004 14:28:38 -  1.11.2.1
  @@ -251,16 +251,18 @@
   if (session != null){
   subject = 
   (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
  +}
   
  -if (subject == null){
  -subject = new Subject();
  -
  -if (principal != null){
  -subject.getPrincipals().add(principal);
  -}
  -session.setAttribute(Globals.SUBJECT_ATTR, subject);
  +if (subject == null){
  +subject = new Subject();
  +
  +if (principal != null){
  +subject.getPrincipals().add(principal);
   }
   }
  +
  +if (session != null)
  +session.setAttribute(Globals.SUBJECT_ATTR, subject);
   }
   
   Subject.doAsPrivileged(subject, pea, null);   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2004-05-26 Thread yoavs

yoavs   2004/05/26 08:53:20

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Minor JavaDoc fixes (Bugzilla 28335)
  
  Revision  ChangesPath
  1.11  +6 -6  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- SecurityUtil.java 17 May 2004 17:59:39 -  1.10
  +++ SecurityUtil.java 26 May 2004 15:53:20 -  1.11
  @@ -98,7 +98,7 @@
* be called.
* @param targetType Class array used to instanciate a i
* Method object.
  - * @param targetObject Object array contains the runtime 
  + * @param targetArguments Object array contains the runtime 
* parameters instance.
*/
   public static void doAsPrivilege(final String methodName, 
  @@ -124,7 +124,7 @@
* be called.
* @param targetType Class array used to instanciate a 
* Method object.
  - * @param targetArgumentst Object array contains the 
  + * @param targetArguments Object array contains the 
* runtime parameters instance.
* @param principal the Principal to which the security 
* privilege apply..
  @@ -183,7 +183,7 @@
* be called.
* @param targetType Class array used to instanciate a
* Method object.
  - * @param targetArgumentst Object array contains the 
  + * @param targetArguments Object array contains the 
* runtime parameters instance.
*/
   public static void doAsPrivilege(final String methodName, 
  @@ -221,9 +221,7 @@
* @param methodName the method to apply the security restriction
* @param targetObject the Servlet on which the method will
* be called.
  - * @param targetType Class array used to instanciate a 
  - * Method object.
  - * @param targetArgumentst Object array contains the 
  + * @param targetArguments Object array contains the 
* runtime parameters instance.
* @param principal the Principal to which the security 
* privilege apply..
  @@ -354,6 +352,8 @@
   
   /**
* Remove the object from the cache.
  + *
  + * @param cachedObject The object to remove
*/
   public static void remove(Object cachedObject){
   objectCache.remove(cachedObject);
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2004-05-17 Thread jfarcand

jfarcand2004/05/17 10:59:39

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Fix subject lost problem (problem discovered on tomcat-users)
  
  Submitted by : Janne Väänänen at eventizer dot com
  
  Revision  ChangesPath
  1.10  +6 -1  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- SecurityUtil.java 27 Feb 2004 14:58:46 -  1.9
  +++ SecurityUtil.java 17 May 2004 17:59:39 -  1.10
  @@ -251,10 +251,15 @@
   
   HttpSession session = request.getSession(false);
   if (session != null){
  -subject = (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
  +subject = 
  +(Subject)session.getAttribute(Globals.SUBJECT_ATTR);
   
   if (subject == null){
   subject = new Subject();
  +
  +if (principal != null){
  +subject.getPrincipals().add(principal);
  +}
   session.setAttribute(Globals.SUBJECT_ATTR, subject);
   }
   }
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2003-09-10 Thread jfarcand

jfarcand2003/09/10 14:28:37

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Do not create session when no one is available.
  
  Revision  ChangesPath
  1.8   +9 -5  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- SecurityUtil.java 10 Sep 2003 16:56:45 -  1.7
  +++ SecurityUtil.java 10 Sep 2003 21:28:37 -  1.8
  @@ -73,6 +73,7 @@
   import javax.servlet.ServletException;
   import javax.servlet.UnavailableException;
   import javax.servlet.http.HttpServletRequest;
  +import javax.servlet.http.HttpSession;
   
   import org.apache.catalina.Globals;
   import org.apache.catalina.util.StringManager;
  @@ -290,12 +291,15 @@
   && targetArguments[0] instanceof HttpServletRequest){
   HttpServletRequest request = 
   (HttpServletRequest)targetArguments[0];
  -subject = (Subject)request.getSession()
  -.getAttribute(Globals.SUBJECT_ATTR);
   
  -if (subject == null){
  -subject = new Subject();
  -request.getSession().setAttribute(Globals.SUBJECT_ATTR, 
subject);
  +HttpSession session = request.getSession(false);
  +if (session != null){
  +subject = (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
  +
  +if (subject == null){
  +subject = new Subject();
  +session.setAttribute(Globals.SUBJECT_ATTR, subject);
  +}
   }
   }
   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2003-09-10 Thread jfarcand

jfarcand2003/09/10 09:56:45

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Always associate a Subject. If not created, then create a default one.
  
  Revision  ChangesPath
  1.7   +5 -0  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- SecurityUtil.java 2 Sep 2003 21:22:06 -   1.6
  +++ SecurityUtil.java 10 Sep 2003 16:56:45 -  1.7
  @@ -292,6 +292,11 @@
   (HttpServletRequest)targetArguments[0];
   subject = (Subject)request.getSession()
   .getAttribute(Globals.SUBJECT_ATTR);
  +
  +if (subject == null){
  +subject = new Subject();
  +request.getSession().setAttribute(Globals.SUBJECT_ATTR, 
subject);
  +}
   }
   
   Subject.doAsPrivileged(subject, pea, null);   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2003-06-05 Thread jfarcand

jfarcand2003/06/04 14:15:39

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Add caching mechanism to improve performance. Instead of creating a Method object 
each time the filter/servlet is invoked, use the cached object previously created.
  
  Note: this apply only when the security manager is turned on.
  
  Revision  ChangesPath
  1.4   +137 -16   
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- SecurityUtil.java 21 Oct 2002 14:22:54 -  1.3
  +++ SecurityUtil.java 4 Jun 2003 21:15:39 -   1.4
  @@ -62,6 +62,7 @@
   import java.io.IOException;
   import java.lang.reflect.Method;
   import java.lang.reflect.InvocationTargetException;
  +import java.util.HashMap;
   import java.security.AccessController;
   import java.security.Principal;
   import java.security.PrivilegedActionException;
  @@ -73,6 +74,8 @@
   import javax.servlet.ServletException;
   import javax.servlet.UnavailableException;
   
  +import org.apache.tomcat.util.buf.MessageBytes;
  +
   import org.apache.catalina.util.StringManager;
   
   /**
  @@ -88,6 +91,21 @@
   
   public final class SecurityUtil{
   
  +private final static int INIT= 0;
  +private final static int SERVICE = 1;
  +private final static int DOFILTER = 1;
  +private final static int DESTROY = 2;
  +
  +private final static String INIT_METHOD = "init";
  +private final static String DOFILTER_METHOD = "doFilter";
  +private final static String SERVICE_METHOD = "service";
  +private final static String DESTROY_METHOD = "destroy";
  +   
  +/**
  + * Cache every object for which we are creating method on it.
  + */
  +private static HashMap objectCache = new HashMap();
  +
   private static org.apache.commons.logging.Log log=
   org.apache.commons.logging.LogFactory.getLog( SecurityUtil.class );
   
  @@ -137,7 +155,7 @@
* @param methodName the method to apply the security restriction
* @param targetObject the Servlet on which the method will be 
called.
* @param targetType Class array used to instanciate a 
Method object.
  - * @param targetObject Object array contains the runtime 
parameters instance.
  + * @param targetArgumentst Object array contains the runtime 
parameters instance.
* @param principal the Principal to which the security privilege 
apply..
*/
   public static void doAsPrivilege(final String methodName, 
  @@ -145,8 +163,25 @@
final Class[] targetType,
final Object[] targetArguments,
Principal principal) throws 
java.lang.Exception{
  -   final Method method = targetObject.getClass().getMethod(methodName, 
targetType);   
  -   execute(method, targetObject, targetArguments, principal);
  +Method method = null;
  +Method[] methodsCache = null;
  +if(objectCache.containsKey(targetObject)){
  +methodsCache = (Method[])objectCache.get(targetObject);
  +method = findMethod(methodsCache, methodName);
  +if (method == null){
  +method = createMethodAndCacheIt(methodsCache,
  +methodName,
  +targetObject,
  +targetType);
  +}
  +} else {
  +method = createMethodAndCacheIt(methodsCache,
  +methodName,
  +targetObject,
  +targetType); 
  +}
  +
  +execute(method, targetObject, targetArguments, principal);
   }

   
  @@ -169,13 +204,32 @@
*
* @param methodName the method to apply the security restriction
* @param targetObject the Filter on which the method will be 
called.
  + * @param targetType Class array used to instanciate a 
Method object.
  + * @param targetArgumentst Object array contains the runtime 
parameters instance.
*/
   public static void doAsPrivilege(final String methodName, 
final Filter targetObject, 
final Class[] targetType,
final Object[] targetArguments) throws 
java.lang.Exception{
  -   final Method method = targetObject.getClass().getMethod(methodName, 
target

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

2002-10-16 Thread jfarcand


jfarcand2002/10/16 13:01:02

  Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
  Log:
  Security Audit. Protect the class (make it final)
  
  Revision  ChangesPath
  1.2   +1 -1  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- SecurityUtil.java 16 Oct 2002 15:40:42 -  1.1
  +++ SecurityUtil.java 16 Oct 2002 20:01:01 -  1.2
  @@ -86,7 +86,7 @@
* @author Jean-Francois Arcand
*/
   
  -public class SecurityUtil{
  +public final class SecurityUtil{
   
   private static org.apache.commons.logging.Log log=
   org.apache.commons.logging.LogFactory.getLog( SecurityUtil.class );
  
  
  

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java LocalStrings.properties

2002-10-16 Thread jfarcand


jfarcand2002/10/16 08:40:42

  Added:   catalina/src/share/org/apache/catalina/security
SecurityUtil.java LocalStrings.properties
  Log:
  Security Audit. Create a specialized folder where security sensible class should go. 
This class was first committed under the util directory, but since this dir has 
special access permission (accessClassInPackage), the class is exposed to the web-app 
(now in Tomcat 4, but when we merge, we will have the problem).
  
  Revision  ChangesPath
  1.1  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
  
  Index: SecurityUtil.java
  ===
  /** 
   * 
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999-2002 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *notice, this list of conditions and the following disclaimer in
   *the documentation and/or other materials provided with the
   *distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *any, must include the following acknowlegement:
   *   "This product includes software developed by the
   *Apache Software Foundation (http://www.apache.org/)."
   *Alternately, this acknowlegement may appear in the software itself,
   *if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *Foundation" must not be used to endorse or promote products derived
   *from this software without prior written permission. For written
   *permission, please contact [EMAIL PROTECTED]
   *
   * 5. Products derived from this software may not be called "Apache"
   *nor may "Apache" appear in their names without prior written
   *permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * 
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * .
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  package org.apache.catalina.security;
  
  
  import java.io.IOException;
  import java.lang.reflect.Method;
  import java.lang.reflect.InvocationTargetException;
  import java.security.AccessController;
  import java.security.Principal;
  import java.security.PrivilegedActionException;
  import java.security.PrivilegedExceptionAction;
  import javax.security.auth.Subject;
  
  import javax.servlet.Filter;
  import javax.servlet.Servlet;
  import javax.servlet.ServletException;
  import javax.servlet.UnavailableException;
  
  import org.apache.catalina.util.StringManager;
  
  /**
   * This utility class associates a Subject to the current 
   * AccessControlContext. When a SecurityManager is used, 
   * the container will always associate the called thread with an AccessControlContext
   * containing only the principal of the requested Servlet/Filter.
   *
   * This class uses reflection to invoke the invoke methods.
   *
   * @author Jean-Francois Arcand
   */
  
  public class SecurityUtil{
  
  private static org.apache.commons.logging.Log log=
  org.apache.commons.logging.LogFactory.getLog( SecurityUtil.class );
  
  private static String PACKAGE = "org.apache.catalina.util";
  
  /**
   * The string resources for this package.
   */
  private static final StringManager sm =
  StringManager.getManager(PACKAGE);
  
  
  /**

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java LocalStrings.properties

13 matches

Site Navigation

Mail list logo

Footer information