changelog.xml

kkolinko Tue, 13 May 2014 07:11:50 -0700

Author: kkolinko
Date: Tue May 13 14:11:11 2014
New Revision: 1594229

URL: http://svn.apache.org/r1594229
Log:
Require RuntimePermission when introducing a new token.


Modified:
    tomcat/trunk/java/org/apache/naming/ContextAccessController.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/naming/ContextAccessController.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/ContextAccessController.java?rev=1594229&r1=1594228&r2=1594229&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/naming/ContextAccessController.java (original)
+++ tomcat/trunk/java/org/apache/naming/ContextAccessController.java Tue May 13 
14:11:11 2014
@@ -55,6 +55,12 @@ public class ContextAccessController {
      * @param token Security token
      */
     public static void setSecurityToken(Object name, Object token) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(new RuntimePermission(
+                    ContextAccessController.class.getName()
+                            + ".setSecurityToken"));
+        }
         if ((!securityTokens.containsKey(name)) && (token != null)) {
             securityTokens.put(name, token);
         }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1594229&r1=1594228&r2=1594229&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue May 13 14:11:11 2014
@@ -171,7 +171,8 @@
       </add>
       <fix>
         Make the naming context tokens for containers more robust by using a
-        separate object. (markt/kkolinko)
+        separate object. Require RuntimePermission when introducing a new 
token.
+        (markt/kkolinko)
       </fix>
       <fix>
         <bug>56501</bug>: <code>HttpServletRequest.getContextPath()</code>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1594229 - in /tomcat/trunk: java/org/apache/naming/ContextAccessController.java webapps/docs/changelog.xml

Reply via email to