Bill Barker wrote:
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, October 25, 2004 2:18 PM
> Subject: cvs commit:
> jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security
> SecurityUtil.java
>
>
>
>> @@ -251,18 +251,17 @@
>> if (session != null){
>> subject =
>>
>
> (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
>
>> - }
>>
>> - if (subject == null){
>> - subject = new Subject();
>> + if (subject == null){
>> + subject = new Subject();
>>
>> - if (principal != null){
>> - subject.getPrincipals().add(principal);
>> + if (principal != null){
>> + subject.getPrincipals().add(principal);
>> + }
>> +
>> + session.setAttribute(Globals.SUBJECT_ATTR,
>
> subject);
>
>> }
>> }
>> -
>> - if (session != null)
>> - session.setAttribute(Globals.SUBJECT_ATTR,
>
> subject);
>
>> }
>>
>> Subject.doAsPrivileged(subject, pea, null);
>
>
> With this patch, If there is no session defined, then 'subject' will be null
> when I get to the doAsPrivieged.
Good catch! Fixed so that Subject is created regardless of whether
session exists, but it is added to the session only if the session
did not already contain any.
Jan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
