tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gl...@locus.apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade RequestDispatcherImpl.java
Date Thu, 28 Dec 2000 22:13:52 GMT
glenn       00/12/28 14:13:51

  Modified:    src/share/org/apache/tomcat/facade Tag: tomcat_32
                        RequestDispatcherImpl.java
  Log:
  If SecurityManager being used, wrap forward() and include() with an AccessController.doPrivileged()
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.8.2.6   +55 -0     jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/RequestDispatcherImpl.java
  
  Index: RequestDispatcherImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/RequestDispatcherImpl.java,v
  retrieving revision 1.8.2.5
  retrieving revision 1.8.2.6
  diff -u -r1.8.2.5 -r1.8.2.6
  --- RequestDispatcherImpl.java	2000/11/09 21:18:09	1.8.2.5
  +++ RequestDispatcherImpl.java	2000/12/28 22:13:50	1.8.2.6
  @@ -64,6 +64,7 @@
   import org.apache.tomcat.util.StringManager;
   import java.io.*;
   import java.util.*;
  +import java.security.*;
   import javax.servlet.*;
   import javax.servlet.http.*;
   
  @@ -138,6 +139,33 @@
       public void forward(ServletRequest request, ServletResponse response)
   	throws ServletException, IOException
       {
  +	if( System.getSecurityManager() != null ) {
  +	    final ServletRequest req = request;
  +	    final ServletResponse res = response;
  +	    try {
  +	        java.security.AccessController.doPrivileged(
  +                    new java.security.PrivilegedExceptionAction()
  +                    {
  +                        public Object run() throws ServletException, IOException {
  +			    doForward(req,res);
  +                            return null;
  +			}
  +                    }               
  +	        );
  +	    } catch( PrivilegedActionException pe) {
  +		Exception e = pe.getException();
  +		if( e.getClass().getName().equals("javax.servlet.ServletException") )
  +		    throw (ServletException)e;
  +		throw (IOException)e;
  +	    }
  +	} else {
  +	    doForward(request,response);
  +	}
  +    }
  +
  +    private void doForward(ServletRequest request, ServletResponse response)
  +        throws ServletException, IOException
  +    {
   	/** We need to find the request/response. The servlet API
   	 *  guarantees that we will receive the original request as parameter.
   	 */
  @@ -218,6 +246,33 @@
   
       public void include(ServletRequest request, ServletResponse response)
   	throws ServletException, IOException
  +    {
  +        if( System.getSecurityManager() != null ) {
  +            final ServletRequest req = request;
  +            final ServletResponse res = response;
  +            try {
  +                java.security.AccessController.doPrivileged(
  +                    new java.security.PrivilegedExceptionAction()
  +                    {
  +                        public Object run() throws ServletException, IOException {
  +                            doInclude(req,res);
  +                            return null;     
  +                        }               
  +                    }    
  +                );   
  +            } catch( PrivilegedActionException pe) {
  +                Exception e = pe.getException();       
  +                if( e.getClass().getName().equals("javax.servlet.ServletException") )
  +                    throw (ServletException)e;
  +                throw (IOException)e;
  +            }
  +        } else {
  +	    doInclude(request,response);
  +	}
  +    }
  +
  +    private void doInclude(ServletRequest request, ServletResponse response)
  +        throws ServletException, IOException
       {
           Request realRequest = ((HttpServletRequestFacade)request).
   	    getRealRequest();
  
  
  

Mime
View raw message