import java.util.Hashtable;
import java.io.Serializable;
+import org.apache.catalina.ServerFactory;
+
/**
* Holds and manages the naming resources defined in the J2EE Enterprise
public void addEnvironment(ContextEnvironment environment) {
if (entries.containsKey(environment.getName())) {
- if (findEnvironment(environment.getName()).getOverride()) {
- removeEnvironment(environment.getName());
+ ContextEnvironment ce = findEnvironment(environment.getName());
+ ContextResourceLink rl = findResourceLink(environment.getName());
+ if (ce != null) {
+ if (ce.getOverride()) {
+ removeEnvironment(environment.getName());
+ } else {
+ return;
+ }
+ } else if (rl != null) {
+ // Link. Need to look at the global resources
+ NamingResources global =
+ ServerFactory.getServer().getGlobalNamingResources();
+ if (global.findEnvironment(rl.getGlobal()) != null) {
+ if (global.findEnvironment(rl.getGlobal()).getOverride()) {
+ removeResourceLink(environment.getName());
+ } else {
+ return;
+ }
+ }
} else {
+ // It exists but it isn't an env or a res link...
return;
}
}
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
</fix>
+ <fix>
+ <bug>42547</bug>: Fix NPE when a ResourceLink in context.xml tries to
+ override an env-entry in web.xml.
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
projects / tomcat7.0 / commitdiff