svn commit: r1790459 - in /tomcat/trunk/java/org/apache/jasper: runtime/PageContextImpl.java security/SecurityClassLoad.java

[markt]

Author: markt
Date: Thu Apr  6 20:42:01 2017
New Revision: 1790459

URL: http://svn.apache.org/viewvc?rev=1790459&view=rev
Log:
Remove unnecessary privileged block from getAttributeNamesInScope.
I can't see anything in doGetAttributeNamesInScope that would trigger a 
security check.

Modified:
    tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
    tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java

Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=1790459&r1=1790458&r2=1790459&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Thu Apr  6 
20:42:01 2017
@@ -420,20 +420,6 @@ public class PageContextImpl extends Pag
 
     @Override
     public Enumeration<String> getAttributeNamesInScope(final int scope) {
-        if (SecurityUtil.isPackageProtectionEnabled()) {
-            return AccessController.doPrivileged(
-                    new PrivilegedAction<Enumeration<String>>() {
-                        @Override
-                        public Enumeration<String> run() {
-                            return doGetAttributeNamesInScope(scope);
-                        }
-                    });
-        } else {
-            return doGetAttributeNamesInScope(scope);
-        }
-    }
-
-    private Enumeration<String> doGetAttributeNamesInScope(int scope) {
         switch (scope) {
         case PAGE_SCOPE:
             return Collections.enumeration(attributes.keySet());
@@ -443,8 +429,7 @@ public class PageContextImpl extends Pag
 
         case SESSION_SCOPE:
             if (session == null) {
-                throw new IllegalStateException(Localizer
-                        .getMessage("jsp.error.page.noSession"));
+                throw new 
IllegalStateException(Localizer.getMessage("jsp.error.page.noSession"));
             }
             return session.getAttributeNames();
 

Modified: tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1790459&r1=1790458&r2=1790459&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java 
(original)
+++ tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java Thu Apr 
 6 20:42:01 2017
@@ -57,7 +57,6 @@ public final class SecurityClassLoad {
             loader.loadClass( basePackage + "runtime.PageContextImpl$4");
             loader.loadClass( basePackage + "runtime.PageContextImpl$5");
             loader.loadClass( basePackage + "runtime.PageContextImpl$6");
-            loader.loadClass( basePackage + "runtime.PageContextImpl$7");
 
             loader.loadClass( basePackage + "runtime.JspContextWrapper");
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org