Author: kkolinko
Date: Tue May 13 14:11:11 2014
New Revision: 1594229
URL: http://svn.apache.org/r1594229
Log:
Require RuntimePermission when introducing a new token.
Modified:
tomcat/trunk/java/org/apache/naming/ContextAccessController.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/naming/ContextAccessController.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/ContextAccessController.java?rev=1594229&r1=1594228&r2=1594229&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/naming/ContextAccessController.java (original)
+++ tomcat/trunk/java/org/apache/naming/ContextAccessController.java Tue May 13
14:11:11 2014
@@ -55,6 +55,12 @@ public class ContextAccessController {
* @param token Security token
*/
public static void setSecurityToken(Object name, Object token) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(new RuntimePermission(
+ ContextAccessController.class.getName()
+ + ".setSecurityToken"));
+ }
if ((!securityTokens.containsKey(name)) && (token != null)) {
securityTokens.put(name, token);
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1594229&r1=1594228&r2=1594229&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue May 13 14:11:11 2014
@@ -171,7 +171,8 @@
</add>
<fix>
Make the naming context tokens for containers more robust by using a
- separate object. (markt/kkolinko)
+ separate object. Require RuntimePermission when introducing a new
token.
+ (markt/kkolinko)
</fix>
<fix>
<bug>56501</bug>: <code>HttpServletRequest.getContextPath()</code>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
