tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security SecurityUtil.java
Date Mon, 25 Oct 2004 22:56:40 GMT

----- Original Message -----
From: <luehe@apache.org>
To: <jakarta-tomcat-catalina-cvs@apache.org>
Sent: Monday, October 25, 2004 2:18 PM
Subject: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security
SecurityUtil.java


>   @@ -251,18 +251,17 @@
>                    if (session != null){
>                        subject =
>
(Subject)session.getAttribute(Globals.SUBJECT_ATTR);
>   -                }
>
>   -                if (subject == null){
>   -                    subject = new Subject();
>   +                    if (subject == null){
>   +                        subject = new Subject();
>
>   -                    if (principal != null){
>   -                        subject.getPrincipals().add(principal);
>   +                        if (principal != null){
>   +                            subject.getPrincipals().add(principal);
>   +                        }
>   +
>   +                        session.setAttribute(Globals.SUBJECT_ATTR,
subject);
>                        }
>                    }
>   -
>   -                if (session != null)
>   -                    session.setAttribute(Globals.SUBJECT_ATTR,
subject);
>                }
>
>                Subject.doAsPrivileged(subject, pea, null);

With this patch, If there is no session defined, then 'subject' will be null
when I get to the doAsPrivieged.




This message is intended only for the use of the person(s) listed above as the intended recipient(s),
and may contain information that is PRIVILEGED and CONFIDENTIAL.  If you are not an intended
recipient, you may not read, copy, or distribute this message or any attachment. If you received
this communication in error, please notify us immediately by e-mail and then delete all copies
of this message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet
is not secure. Do not send confidential or sensitive information, such as social security
numbers, account numbers, personal identification numbers and passwords, to us via ordinary
(unencrypted) e-mail.



Mime
View raw message