Author: markt
Date: Fri May 16 18:27:25 2014
New Revision: 1595285
URL: http://svn.apache.org/r1595285
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56536
Ensure that HttpSessionBindingListener.valueUnbound() uses the correct class
loader when the <code>SingleSignOn</code> valve is used.
Modified:
tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/StandardSession.java?rev=1595285&r1=1595284&r2=1595285&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/StandardSession.java Fri May
16 18:27:25 2014
@@ -826,10 +826,10 @@ public class StandardSession implements
// The call to expire() may not have been triggered by the webapp.
// Make sure the webapp's class loader is set when calling the
// listeners
- ClassLoader oldContextClassLoader = null;
- try {
- oldContextClassLoader =
context.bind(Globals.IS_SECURITY_ENABLED, null);
- if (notify) {
+ if (notify) {
+ ClassLoader oldContextClassLoader = null;
+ try {
+ oldContextClassLoader =
context.bind(Globals.IS_SECURITY_ENABLED, null);
Object listeners[] =
context.getApplicationLifecycleListeners();
if (listeners != null && listeners.length > 0) {
HttpSessionEvent event =
@@ -859,9 +859,9 @@ public class StandardSession implements
}
}
}
+ } finally {
+ context.unbind(Globals.IS_SECURITY_ENABLED,
oldContextClassLoader);
}
- } finally {
- context.unbind(Globals.IS_SECURITY_ENABLED,
oldContextClassLoader);
}
if (ACTIVITY_CHECK) {
@@ -894,9 +894,15 @@ public class StandardSession implements
// Unbind any objects associated with this session
String keys[] = keys();
- for (int i = 0; i < keys.length; i++)
- removeAttributeInternal(keys[i], notify);
-
+ ClassLoader oldContextClassLoader = null;
+ try {
+ oldContextClassLoader =
context.bind(Globals.IS_SECURITY_ENABLED, null);
+ for (int i = 0; i < keys.length; i++) {
+ removeAttributeInternal(keys[i], notify);
+ }
+ } finally {
+ context.unbind(Globals.IS_SECURITY_ENABLED,
oldContextClassLoader);
+ }
}
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1595285&r1=1595284&r2=1595285&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri May 16 18:27:25 2014
@@ -45,6 +45,15 @@
issues to not "pop up" wrt. others).
-->
<section name="Tomcat 8.0.8 (markt)">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ <bug>56536</bug>: Ensure that
+ <code>HttpSessionBindingListener.valueUnbound()</code> uses the correct
+ class loader when the <code>SingleSignOn</code> valve is used. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Jasper">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
