glenn 00/12/29 09:38:39
Modified: catalina/src/share/org/apache/catalina/core
ApplicationDispatcher.java
Log:
If SecurityManager being used, wrap forward() and include() with an
AccessController.doPrivileged()
Revision Changes Path
1.9 +63 -8
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java
Index: ApplicationDispatcher.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ApplicationDispatcher.java 2000/10/28 18:56:04 1.8
+++ ApplicationDispatcher.java 2000/12/29 17:38:39 1.9
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java,v
1.8 2000/10/28 18:56:04 craigmcc Exp $
- * $Revision: 1.8 $
- * $Date: 2000/10/28 18:56:04 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java,v
1.9 2000/12/29 17:38:39 glenn Exp $
+ * $Revision: 1.9 $
+ * $Date: 2000/12/29 17:38:39 $
*
* ====================================================================
*
@@ -95,7 +95,7 @@
* <code>javax.servlet.ServletResponseWrapper</code>.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.8 $ $Date: 2000/10/28 18:56:04 $
+ * @version $Revision: 1.9 $ $Date: 2000/12/29 17:38:39 $
*/
final class ApplicationDispatcher
@@ -208,9 +208,37 @@
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet exception occurs
*/
- public void forward(ServletRequest request, ServletResponse response)
- throws IOException, ServletException {
+ public void forward(ServletRequest request, ServletResponse response)
+ throws ServletException, IOException
+ {
+ if( System.getSecurityManager() != null ) {
+ final ServletRequest req = request;
+ final ServletResponse res = response;
+ try {
+ java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedExceptionAction()
+ {
+ public Object run() throws ServletException, IOException {
+ doForward(req,res);
+ return null;
+ }
+ }
+ );
+ } catch( PrivilegedActionException pe) {
+ Exception e = pe.getException();
+ if( e.getClass().getName().equals("javax.servlet.ServletException")
)
+ throw (ServletException)e;
+ throw (IOException)e;
+ }
+ } else {
+ doForward(request,response);
+ }
+ }
+
+ private void doForward(ServletRequest request, ServletResponse response)
+ throws ServletException, IOException
+ {
// Reset any output that has been buffered, but keep headers/cookies
if (response.isCommitted())
throw new IllegalStateException
@@ -334,8 +362,35 @@
* @exception ServletException if a servlet exception occurs
*/
public void include(ServletRequest request, ServletResponse response)
- throws IOException, ServletException {
-
+ throws ServletException, IOException
+ {
+ if( System.getSecurityManager() != null ) {
+ final ServletRequest req = request;
+ final ServletResponse res = response;
+ try {
+ java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedExceptionAction()
+ {
+ public Object run() throws ServletException, IOException {
+ doInclude(req,res);
+ return null;
+ }
+ }
+ );
+ } catch( PrivilegedActionException pe) {
+ Exception e = pe.getException();
+ if( e.getClass().getName().equals("javax.servlet.ServletException")
)
+ throw (ServletException)e;
+ throw (IOException)e;
+ }
+ } else {
+ doInclude(request,response);
+ }
+ }
+
+ private void doInclude(ServletRequest request, ServletResponse response)
+ throws ServletException, IOException
+ {
// Create a wrapped response to use for this request
ServletResponse wresponse = null;
if (response instanceof HttpServletResponse) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
