[kaffe] CVS kaffe (robilad): Fix for tomcat5 startup with security manager enabled

Kaffe CVS cvs-commits at kaffe.org
Wed Sep 21 09:55:15 PDT 2005


PatchSet 6927 
Date: 2005/09/21 16:48:57
Author: robilad
Branch: HEAD
Tag: (none) 
Log:
Fix for tomcat5 startup with security manager enabled

2005-09-21  Santiago Gala <sgala at apache.org>

        * libraries/javalib/java/security/VMAccessController.java:
        Use given combiner in pushed AccessControlContext.

        Fixes tomcat 5 startup with security manager enabled.

        Reported by:  Wolfgang Baer <WBaer at gmx.de>

Members: 
	ChangeLog:1.4449->1.4450 
	libraries/javalib/java/security/VMAccessController.java:1.7->1.8 

Index: kaffe/ChangeLog
diff -u kaffe/ChangeLog:1.4449 kaffe/ChangeLog:1.4450
--- kaffe/ChangeLog:1.4449	Wed Sep 21 15:07:53 2005
+++ kaffe/ChangeLog	Wed Sep 21 16:48:57 2005
@@ -1,3 +1,12 @@
+2005-09-21  Santiago Gala <sgala at apache.org>
+
+	* libraries/javalib/java/security/VMAccessController.java:
+	Use given combiner in pushed AccessControlContext.
+
+	Fixes tomcat 5 startup with security manager enabled.
+
+	Reported by:  Wolfgang Baer <WBaer at gmx.de>
+
 2005-09-21  Dalibor Topic  <robilad at kaffe.org>
 
 	Resynced with GNU Classpath.
Index: kaffe/libraries/javalib/java/security/VMAccessController.java
diff -u kaffe/libraries/javalib/java/security/VMAccessController.java:1.7 kaffe/libraries/javalib/java/security/VMAccessController.java:1.8
--- kaffe/libraries/javalib/java/security/VMAccessController.java:1.7	Mon Jul  4 00:07:15 2005
+++ kaffe/libraries/javalib/java/security/VMAccessController.java	Wed Sep 21 16:49:01 2005
@@ -108,6 +108,8 @@
     LinkedList stack = (LinkedList) contexts.get();
     if (stack == null)
       {
+         if (DEBUG)
+           debug("no stack... creating ");
         stack = new LinkedList();
         contexts.set(stack);
       }
@@ -133,7 +135,8 @@
         stack.removeFirst();
         if (stack.isEmpty())
           contexts.set(null);
-      }
+      } else if (DEBUG)
+        debug("no stack during pop?????");
   }
 
   /**
@@ -186,6 +189,7 @@
         if (DEBUG)
           {
             debug(">>> checking " + clazz + "." + method);
+	    // subject to getClassLoader RuntimePermission
             debug(">>> loader = " + clazz.getClassLoader());
           }
 
@@ -198,14 +202,16 @@
             && method.equals ("doPrivileged"))
           {
             // If there was a call to doPrivileged with a supplied context,
-            // return that context.
+            // return that context. If using JAAS doAs*, it should be 
+	    // a context with a SubjectDomainCombiner
             LinkedList l = (LinkedList) contexts.get();
             if (l != null)
               context = (AccessControlContext) l.getFirst();
             privileged = 1;
           }
 
-        ProtectionDomain domain = clazz.getProtectionDomain();
+        // subject to getProtectionDomain RuntimePermission
+	ProtectionDomain domain = clazz.getProtectionDomain();
 
         if (domain == null)
           continue;
@@ -226,10 +232,12 @@
       domains.toArray(new ProtectionDomain[domains.size()]);
 
     // Intersect the derived protection domain with the context supplied
-    // to doPrivileged.
+    // to doPrivileged. We use the DomainCombiner fron the popped contest
+    // to avoid that SubjectDomainCombiners with Subject information
+    // get lost here.
     if (context != null)
       context = new AccessControlContext(result, context,
-                                         IntersectingDomainCombiner.SINGLETON);
+                                         context.getDomainCombiner());
     // No context was supplied. Return the derived one.
     else
       context = new AccessControlContext(result);




More information about the kaffe mailing list