[kaffe] CVS kaffe (robilad): Fix for tomcat5 startup with security manager enabled
Kaffe CVS
cvs-commits at kaffe.org
Wed Sep 21 09:55:15 PDT 2005
PatchSet 6927
Date: 2005/09/21 16:48:57
Author: robilad
Branch: HEAD
Tag: (none)
Log:
Fix for tomcat5 startup with security manager enabled
2005-09-21 Santiago Gala <sgala at apache.org>
* libraries/javalib/java/security/VMAccessController.java:
Use given combiner in pushed AccessControlContext.
Fixes tomcat 5 startup with security manager enabled.
Reported by: Wolfgang Baer <WBaer at gmx.de>
Members:
ChangeLog:1.4449->1.4450
libraries/javalib/java/security/VMAccessController.java:1.7->1.8
Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.4449 kaffe/ChangeLog:1.4450
--- kaffe/ChangeLog:1.4449 Wed Sep 21 15:07:53 2005
+++ kaffe/ChangeLog Wed Sep 21 16:48:57 2005
@@ -1,3 +1,12 @@
+2005-09-21 Santiago Gala <sgala at apache.org>
+
+ * libraries/javalib/java/security/VMAccessController.java:
+ Use given combiner in pushed AccessControlContext.
+
+ Fixes tomcat 5 startup with security manager enabled.
+
+ Reported by: Wolfgang Baer <WBaer at gmx.de>
+
2005-09-21 Dalibor Topic <robilad at kaffe.org>
Resynced with GNU Classpath.
Index: kaffe/libraries/javalib/java/security/VMAccessController.java
diff -u kaffe/libraries/javalib/java/security/VMAccessController.java:1.7 kaffe/libraries/javalib/java/security/VMAccessController.java:1.8
--- kaffe/libraries/javalib/java/security/VMAccessController.java:1.7 Mon Jul 4 00:07:15 2005
+++ kaffe/libraries/javalib/java/security/VMAccessController.java Wed Sep 21 16:49:01 2005
@@ -108,6 +108,8 @@
LinkedList stack = (LinkedList) contexts.get();
if (stack == null)
{
+ if (DEBUG)
+ debug("no stack... creating ");
stack = new LinkedList();
contexts.set(stack);
}
@@ -133,7 +135,8 @@
stack.removeFirst();
if (stack.isEmpty())
contexts.set(null);
- }
+ } else if (DEBUG)
+ debug("no stack during pop?????");
}
/**
@@ -186,6 +189,7 @@
if (DEBUG)
{
debug(">>> checking " + clazz + "." + method);
+ // subject to getClassLoader RuntimePermission
debug(">>> loader = " + clazz.getClassLoader());
}
@@ -198,14 +202,16 @@
&& method.equals ("doPrivileged"))
{
// If there was a call to doPrivileged with a supplied context,
- // return that context.
+ // return that context. If using JAAS doAs*, it should be
+ // a context with a SubjectDomainCombiner
LinkedList l = (LinkedList) contexts.get();
if (l != null)
context = (AccessControlContext) l.getFirst();
privileged = 1;
}
- ProtectionDomain domain = clazz.getProtectionDomain();
+ // subject to getProtectionDomain RuntimePermission
+ ProtectionDomain domain = clazz.getProtectionDomain();
if (domain == null)
continue;
@@ -226,10 +232,12 @@
domains.toArray(new ProtectionDomain[domains.size()]);
// Intersect the derived protection domain with the context supplied
- // to doPrivileged.
+ // to doPrivileged. We use the DomainCombiner fron the popped contest
+ // to avoid that SubjectDomainCombiners with Subject information
+ // get lost here.
if (context != null)
context = new AccessControlContext(result, context,
- IntersectingDomainCombiner.SINGLETON);
+ context.getDomainCombiner());
// No context was supplied. Return the derived one.
else
context = new AccessControlContext(result);
More information about the kaffe
mailing list