tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gl...@locus.apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core ApplicationDispatcher.java
Date Fri, 29 Dec 2000 17:38:40 GMT
glenn       00/12/29 09:38:39

  Modified:    catalina/src/share/org/apache/catalina/core
                        ApplicationDispatcher.java
  Log:
  If SecurityManager being used, wrap forward() and include() with an AccessController.doPrivileged()
  
  Revision  Changes    Path
  1.9       +63 -8     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java
  
  Index: ApplicationDispatcher.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- ApplicationDispatcher.java	2000/10/28 18:56:04	1.8
  +++ ApplicationDispatcher.java	2000/12/29 17:38:39	1.9
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java,v
1.8 2000/10/28 18:56:04 craigmcc Exp $
  - * $Revision: 1.8 $
  - * $Date: 2000/10/28 18:56:04 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java,v
1.9 2000/12/29 17:38:39 glenn Exp $
  + * $Revision: 1.9 $
  + * $Date: 2000/12/29 17:38:39 $
    *
    * ====================================================================
    *
  @@ -95,7 +95,7 @@
    * <code>javax.servlet.ServletResponseWrapper</code>.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.8 $ $Date: 2000/10/28 18:56:04 $
  + * @version $Revision: 1.9 $ $Date: 2000/12/29 17:38:39 $
    */
   
   final class ApplicationDispatcher
  @@ -208,9 +208,37 @@
        * @exception IOException if an input/output error occurs
        * @exception ServletException if a servlet exception occurs
        */
  -    public void forward(ServletRequest request, ServletResponse response)
  -        throws IOException, ServletException {
   
  +    public void forward(ServletRequest request, ServletResponse response)
  +        throws ServletException, IOException
  +    {
  +        if( System.getSecurityManager() != null ) {
  +            final ServletRequest req = request;
  +            final ServletResponse res = response;
  +            try {
  +                java.security.AccessController.doPrivileged(
  +                    new java.security.PrivilegedExceptionAction()
  +                    {
  +                        public Object run() throws ServletException, IOException {
  +                            doForward(req,res);
  +                            return null;
  +                        }
  +                    }
  +                );
  +            } catch( PrivilegedActionException pe) {
  +                Exception e = pe.getException();
  +                if( e.getClass().getName().equals("javax.servlet.ServletException") )
  +                    throw (ServletException)e;
  +                throw (IOException)e;
  +            }
  +        } else {
  +            doForward(request,response);
  +        }
  +    }    
  +     
  +    private void doForward(ServletRequest request, ServletResponse response)
  +        throws ServletException, IOException
  +    {
   	// Reset any output that has been buffered, but keep headers/cookies
   	if (response.isCommitted())
   	    throw new IllegalStateException
  @@ -334,8 +362,35 @@
        * @exception ServletException if a servlet exception occurs
        */
       public void include(ServletRequest request, ServletResponse response)
  -        throws IOException, ServletException {
  -
  +        throws ServletException, IOException
  +    {
  +        if( System.getSecurityManager() != null ) {
  +            final ServletRequest req = request;
  +            final ServletResponse res = response;
  +            try {
  +                java.security.AccessController.doPrivileged(
  +                    new java.security.PrivilegedExceptionAction()
  +                    {
  +                        public Object run() throws ServletException, IOException {
  +                            doInclude(req,res);
  +                            return null;       
  +                        }               
  +                    }       
  +                );      
  +            } catch( PrivilegedActionException pe) {
  +                Exception e = pe.getException();
  +                if( e.getClass().getName().equals("javax.servlet.ServletException") )
  +                    throw (ServletException)e;
  +                throw (IOException)e;
  +            }
  +        } else {
  +            doInclude(request,response);
  +        }
  +    }    
  +     
  +    private void doInclude(ServletRequest request, ServletResponse response)
  +        throws ServletException, IOException
  +    {
   	// Create a wrapped response to use for this request
   	ServletResponse wresponse = null;
   	if (response instanceof HttpServletResponse) {
  
  
  

Mime
View raw message