When a SecurityManager is intalled, ApplicationFilterChain.doFilter()
wraps its internalDoFilter() call with AccessController.doPrivileged(),
but I'm having trouble figuring out why.
doFilter() gets called from:
a) StandardWrapperValve.invoke(), in which case (presumably) the
container and all its ancestors in the call chain have a
superset of the permissions of the Filter code, so the call
to doPrivileged() doesn't matter.
b) A user filter. The user filter (presumably) is in the same
domain as any other filters and the servlet. And the doFilter()
code is (presumably) in a domain with more permissions than
the webapp code. So the call to doPrivileged wouldn't matter.
I'm still fuzzy on many of the practical aspects of the 1.2
Security Architecture, and I cheerfully admit the possibility
that I'm missing something obvious. Can anyone enlighten me? Or
point me to some catalina specific docs? I'm clear on the other
uses of doPrivileged() (like in HttpRequestBase), it's just the
call in ApplicationFilterChain that has me puzzled.
TIA.
> Minimalistic is clearly not a word.
>
Just because a word isn't in (your) dictionary doesn't
mean it isn't "real". There also may be some word play
involved :-)
--
Christopher St. John [EMAIL PROTECTED]
DistribuTopia http://www.distributopia.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
