Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46011

Make Principal accessible (if set) via Subject.getSubject(AccessController.getContext()) when processing filters.
Based on a patch provided by tsveg1

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@711600 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/core/ApplicationFilterChain.java b/java/org/apache/catalina/core/ApplicationFilterChain.java
index 24ae109..5b47576 100644 (file)
--- a/java/org/apache/catalina/core/ApplicationFilterChain.java
+++ b/java/org/apache/catalina/core/ApplicationFilterChain.java
@@ -228,7 +228,7 @@ final class ApplicationFilterChain implements FilterChain, CometFilterChain {
 
                     Object[] args = new Object[]{req, res, this};
                     SecurityUtil.doAsPrivilege
-                        ("doFilter", filter, classType, args);
+                        ("doFilter", filter, classType, args, principal);
                     
                     args = null;
                 } else {  

diff --git a/java/org/apache/catalina/security/SecurityUtil.java b/java/org/apache/catalina/security/SecurityUtil.java
index 8a6a4b2..3afbd92 100644 (file)
--- a/java/org/apache/catalina/security/SecurityUtil.java
+++ b/java/org/apache/catalina/security/SecurityUtil.java
@@ -180,7 +180,7 @@ public final class SecurityUtil{
  
     
     /**
-     * Perform work as a particular </code>Subject</code>. Here the work
+     * Perform work as a particular <code>Subject</code>. Here the work
      * will be granted to a <code>null</code> subject. 
      *
      * @param methodName the method to apply the security restriction
@@ -196,6 +196,31 @@ public final class SecurityUtil{
                                      final Class[] targetType,
                                      final Object[] targetArguments) 
         throws java.lang.Exception{
+
+        doAsPrivilege(
+                methodName, targetObject, targetType, targetArguments, null);
+    }
+    
+    /**
+     * Perform work as a particular <code>Subject</code>. Here the work
+     * will be granted to a <code>null</code> subject. 
+     *
+     * @param methodName the method to apply the security restriction
+     * @param targetObject the <code>Filter</code> on which the method will 
+     * be called.
+     * @param targetType <code>Class</code> array used to instanciate a
+     * <code>Method</code> object.
+     * @param targetArguments <code>Object</code> array contains the 
+     * runtime parameters instance.
+     * @param principal the <code>Principal</code> to which the security 
+     * privilege apply
+     */    
+    public static void doAsPrivilege(final String methodName, 
+                                     final Filter targetObject, 
+                                     final Class[] targetType,
+                                     final Object[] targetArguments,
+                                     Principal principal) 
+        throws java.lang.Exception{
         Method method = null;
 
         Method[] methodsCache = null;
@@ -215,7 +240,7 @@ public final class SecurityUtil{
                                             targetType);                     
         }
 
-        execute(method, targetObject, targetArguments, null);
+        execute(method, targetObject, targetArguments, principal);
     }