tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50015] New: dynamic servlet security incomplete and badly distributed
Date Mon, 27 Sep 2010 20:22:59 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50015

           Summary: dynamic servlet security incomplete and badly
                    distributed
           Product: Tomcat 7
           Version: trunk
          Platform: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: djencks@apache.org


The current implementation of dynamic servlet security through
ServletRegistration.Dynamic.setServletSecurity and the
ServletContext.createServlet and addServlet methods is incomplete, and includes
some logic that exposes internals of the tomcat security framework directly in
the ServletRegistration.Dynamic implementation.

The attached patch:

- moves the logic that depends on the internals of tomcats security
implementation from ApplicationServletRegistration to StandardContext where it
can at least be overridden by e.g. jacc implementations

- provides notifications to StandardContext of users calling createServlet and
addServlet on ApplicationContext/ServletContext so subclasses of
StandardContext can implement the spec behavior without subclassing
ApplicationContext.

This patch is generated from a tomcat copy that already has several other
patches I've proposed applied.  Let me know if there are problems applying it.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message