/[Apache-SVN]
ViewVC logotype

Revision 1079752


Jump to revision: Previous Next
Author: markt
Date: Wed Mar 9 11:16:48 2011 UTC (14 years, 1 month ago)
Changed paths: 6
Log Message:
CVE-2011-1088
Complete the fix for this issue. The optimisation not to configure an authenticator of there were no security constraints meant that in that case @ServletSecurity annotations had no effect. The unit tests did not pick this up since they added an authenticator directly.
Add an explicit unit test for this scenario.


Changed paths

Path Details
Directorytomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java modified , text changed
Directorytomcat/trunk/test/org/apache/catalina/core/TestStandardWrapper.java modified , text changed
Directorytomcat/trunk/test/webapp-3.0-servletsecurity/ added
Directorytomcat/trunk/test/webapp-3.0-servletsecurity/WEB-INF/ added
Directorytomcat/trunk/test/webapp-3.0-servletsecurity/WEB-INF/web.xml added
Directorytomcat/trunk/webapps/docs/changelog.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26