tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michiel Toneman <>
Subject Loss of Subject/AccessControlContext in JSTL
Date Tue, 06 Sep 2005 12:14:39 GMT

We've been tracking a nasty issue in our web application when using 
Tomcat 5.0.28 and JSTL.

If we call a method from JSTL, any code that tries to access the 
AccessControlContext behaves differently than it would if called 
directly in a JSP using plain java.


If we have a utility method in our dataBean that returns the (JAAS) 
Subject using
Subject.getSubject(AccessController.getContext()), the syntax:

    <%= dataBean.getSubjectFromContext() %>

returns the Subject whereas:


returns null

This is quite unexpected behaviour and seems to be caused by the call to:


which uses AccessController.doPrivileged(PrivilegedExceptionAction) 
rather than AccessController.doPrivileged(PrivilegedExceptionAction, 
AccessControlContext) to evaluate the EL syntax.

I think that changing:

            retValue = AccessController.doPrivileged(
                new PrivilegedExceptionAction(){

To:         retValue = AccessController.doPrivileged(
                new PrivilegedExceptionAction(){
                }, AccessController.getContext()

should solve this.

Can someone please have a look at this?



Michiel Toneman  Software Engineer   Bibit Global Payment Services
Regulierenring 10  3981 LB  Bunnik
Tel. +31-30-6595168  Fax +31-30-6564464

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message