glenn 01/06/22 13:09:25
Modified: catalina/src/share/org/apache/catalina/connector
HttpRequestBase.java
Log:
Add a doPrivileged for getSession()
Revision Changes Path
1.26 +28 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
Index: HttpRequestBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- HttpRequestBase.java 2001/05/16 17:55:21 1.25
+++ HttpRequestBase.java 2001/06/22 20:09:24 1.26
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.25 2001/05/16 17:55:21 remm Exp $
- * $Revision: 1.25 $
- * $Date: 2001/05/16 17:55:21 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.26 2001/06/22 20:09:24 glenn Exp $
+ * $Revision: 1.26 $
+ * $Date: 2001/06/22 20:09:24 $
*
* ====================================================================
*
@@ -101,7 +101,7 @@
* be implemented.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.25 $ $Date: 2001/05/16 17:55:21 $
+ * @version $Revision: 1.26 $ $Date: 2001/06/22 20:09:24 $
*/
public class HttpRequestBase
@@ -109,6 +109,22 @@
implements HttpRequest, HttpServletRequest {
+ protected class PrivilegedGetSession
+ implements PrivilegedAction {
+
+ private boolean create;
+
+ PrivilegedGetSession(boolean create) {
+ this.create = create;
+ }
+
+ public Object run() {
+ return doGetSession(create);
+ }
+
+ }
+
+
// ----------------------------------------------------- Instance Variables
@@ -1038,6 +1054,14 @@
* @param create Create a new session if one does not exist
*/
public HttpSession getSession(boolean create) {
+ if( System.getSecurityManager() != null ) {
+ PrivilegedGetSession dp = new PrivilegedGetSession(create);
+ return (HttpSession)AccessController.doPrivileged(dp);
+ }
+ return doGetSession(create);
+ }
+
+ private HttpSession doGetSession(boolean create) {
// There cannot be a session if no context has been assigned yet
if (context == null)
return (null);