Author: markt Date: Thu May 15 11:30:46 2014 New Revision: 1594870 URL: http://svn.apache.org/r1594870 Log: Require RuntimePermission when introducing a new token. (kkolinko)
Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc6.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1589763,1589837,1589842,1589980,1590648,1594229 Merged /tomcat/tc7.0.x/trunk:r1588997,1589851,1589997,1590028,1590651,1594230 Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1594870&r1=1594869&r2=1594870&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu May 15 11:30:46 2014 @@ -28,11 +28,6 @@ None PATCHES PROPOSED TO BACKPORT: [ New proposals should be added at the end of the list ] -* Require RuntimePermission when introducing a new token. - https://svn.apache.org/r1594230 - +1: kkolinko, remm, markt - -1: - PATCHES/ISSUES THAT ARE STALLED: Modified: tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java?rev=1594870&r1=1594869&r2=1594870&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java Thu May 15 11:30:46 2014 @@ -55,6 +55,12 @@ public class ContextAccessController { * @param token Security token */ public static void setSecurityToken(Object name, Object token) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(new RuntimePermission( + ContextAccessController.class.getName() + + ".setSecurityToken")); + } if ((!securityTokens.containsKey(name)) && (token != null)) { securityTokens.put(name, token); } Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1594870&r1=1594869&r2=1594870&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu May 15 11:30:46 2014 @@ -115,8 +115,8 @@ when running under a security manager. (markt) </add> <fix> - Make the naming context tokens for containers more robust. - (markt/kkolinko) + Make the naming context tokens for containers more robust. Require + RuntimePermission when introducing a new token. (markt/kkolinko) </fix> </changelog> </subsection> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org