tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michiel Toneman <Michiel.Tone...@bibit.com>
Subject Loss of Subject/AccessControlContext in JSTL
Date Tue, 06 Sep 2005 12:14:39 GMT

We've been tracking a nasty issue in our web application when using 
Tomcat 5.0.28 and JSTL.

If we call a method from JSTL, any code that tries to access the 
AccessControlContext behaves differently than it would if called 
directly in a JSP using plain java.

e.g.

If we have a utility method in our dataBean that returns the (JAAS) 
Subject using
Subject.getSubject(AccessController.getContext()), the syntax:

    <%= dataBean.getSubjectFromContext() %>

returns the Subject whereas:

    ${dataBean.subjectFromContext}

returns null

This is quite unexpected behaviour and seems to be caused by the call to:

    org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:880)


which uses AccessController.doPrivileged(PrivilegedExceptionAction) 
rather than AccessController.doPrivileged(PrivilegedExceptionAction, 
AccessControlContext) to evaluate the EL syntax.

I think that changing:

            retValue = AccessController.doPrivileged(
                new PrivilegedExceptionAction(){
                .....
                }
             );

To:         retValue = AccessController.doPrivileged(
                new PrivilegedExceptionAction(){
                .....
                }, AccessController.getContext()
             );

should solve this.

Can someone please have a look at this?

Cheers,

Michiel

-- 
Michiel Toneman  Software Engineer   Bibit Global Payment Services
Regulierenring 10  3981 LB  Bunnik       Michiel.Toneman@bibit.com
Tel. +31-30-6595168  Fax +31-30-6564464      http://www.bibit.com/


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message