We've been tracking a nasty issue in our web application when using
Tomcat 5.0.28 and JSTL.
If we call a method from JSTL, any code that tries to access the
AccessControlContext behaves differently than it would if called
directly in a JSP using plain java.
e.g.
If we have a utility method in our dataBean that returns the (JAAS)
Subject using
Subject.getSubject(AccessController.getContext()), the syntax:
<%= dataBean.getSubjectFromContext() %>
returns the Subject whereas:
${dataBean.subjectFromContext}
returns null
This is quite unexpected behaviour and seems to be caused by the call to:
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:880)
which uses AccessController.doPrivileged(PrivilegedExceptionAction)
rather than AccessController.doPrivileged(PrivilegedExceptionAction,
AccessControlContext) to evaluate the EL syntax.
I think that changing:
retValue = AccessController.doPrivileged(
new PrivilegedExceptionAction(){
.....
}
);
To: retValue = AccessController.doPrivileged(
new PrivilegedExceptionAction(){
.....
}, AccessController.getContext()
);
should solve this.
Can someone please have a look at this?
Cheers,
Michiel
--
Michiel Toneman Software Engineer Bibit Global Payment Services
Regulierenring 10 3981 LB Bunnik [EMAIL PROTECTED]
Tel. +31-30-6595168 Fax +31-30-6564464 http://www.bibit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]