Author: markt
Date: Thu May 15 11:30:46 2014
New Revision: 1594870
URL: http://svn.apache.org/r1594870
Log:
Require RuntimePermission when introducing a new token. (kkolinko)
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1589763,1589837,1589842,1589980,1590648,1594229
Merged /tomcat/tc7.0.x/trunk:r1588997,1589851,1589997,1590028,1590651,1594230
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1594870&r1=1594869&r2=1594870&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu May 15 11:30:46 2014
@@ -28,11 +28,6 @@ None
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
-* Require RuntimePermission when introducing a new token.
- https://svn.apache.org/r1594230
- +1: kkolinko, remm, markt
- -1:
-
PATCHES/ISSUES THAT ARE STALLED:
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java?rev=1594870&r1=1594869&r2=1594870&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/naming/ContextAccessController.java
Thu May 15 11:30:46 2014
@@ -55,6 +55,12 @@ public class ContextAccessController {
* @param token Security token
*/
public static void setSecurityToken(Object name, Object token) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(new RuntimePermission(
+ ContextAccessController.class.getName()
+ + ".setSecurityToken"));
+ }
if ((!securityTokens.containsKey(name)) && (token != null)) {
securityTokens.put(name, token);
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1594870&r1=1594869&r2=1594870&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu May 15 11:30:46 2014
@@ -115,8 +115,8 @@
when running under a security manager. (markt)
</add>
<fix>
- Make the naming context tokens for containers more robust.
- (markt/kkolinko)
+ Make the naming context tokens for containers more robust. Require
+ RuntimePermission when introducing a new token. (markt/kkolinko)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
