Author: markt
Date: Thu May 15 11:30:46 2014
New Revision: 1594870

URL: http://svn.apache.org/r1594870
Log:
Require RuntimePermission when introducing a new token. (kkolinko)

Modified:
    tomcat/tc6.0.x/trunk/   (props changed)
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1589763,1589837,1589842,1589980,1590648,1594229
  Merged /tomcat/tc7.0.x/trunk:r1588997,1589851,1589997,1590028,1590651,1594230

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1594870&r1=1594869&r2=1594870&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu May 15 11:30:46 2014
@@ -28,11 +28,6 @@ None
 PATCHES PROPOSED TO BACKPORT:
   [ New proposals should be added at the end of the list ]
 
-* Require RuntimePermission when introducing a new token.
-  https://svn.apache.org/r1594230
-  +1: kkolinko, remm, markt
-  -1:
-
 
 PATCHES/ISSUES THAT ARE STALLED:
 

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java?rev=1594870&r1=1594869&r2=1594870&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java 
Thu May 15 11:30:46 2014
@@ -55,6 +55,12 @@ public class ContextAccessController {
      * @param token Security token
      */
     public static void setSecurityToken(Object name, Object token) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(new RuntimePermission(
+                    ContextAccessController.class.getName()
+                            + ".setSecurityToken"));
+        }
         if ((!securityTokens.containsKey(name)) && (token != null)) {
             securityTokens.put(name, token);
         }

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1594870&r1=1594869&r2=1594870&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu May 15 11:30:46 2014
@@ -115,8 +115,8 @@
         when running under a security manager. (markt)
       </add>
       <fix>
-        Make the naming context tokens for containers more robust.
-        (markt/kkolinko)
+        Make the naming context tokens for containers more robust. Require
+        RuntimePermission when introducing a new token. (markt/kkolinko)
       </fix>
     </changelog>
   </subsection>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to