424303 @ServletSecurity not applied on non load-on-startup servlets
This commit is contained in:
parent
56b0fedf69
commit
801a33d367
|
@ -323,6 +323,8 @@ public class ServletHolder extends Holder<Servlet> implements UserIdentity.Scope
|
|||
throw ue;
|
||||
}
|
||||
|
||||
//check if we need to forcibly set load-on-startup
|
||||
checkInitOnStartup();
|
||||
|
||||
_identityService = _servletHandler.getIdentityService();
|
||||
if (_identityService!=null && _runAsRole!=null)
|
||||
|
@ -465,6 +467,23 @@ public class ServletHolder extends Holder<Servlet> implements UserIdentity.Scope
|
|||
|
||||
return isStarted()&& _unavailable==0;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Check if there is a javax.servlet.annotation.ServletSecurity
|
||||
* annotation on the servlet class. If there is, then we force
|
||||
* it to be loaded on startup, because all of the security
|
||||
* constraints must be calculated as the container starts.
|
||||
*
|
||||
*/
|
||||
private void checkInitOnStartup()
|
||||
{
|
||||
if (_class==null)
|
||||
return;
|
||||
|
||||
if ((_class.getAnnotation(javax.servlet.annotation.ServletSecurity.class) != null) && !_initOnStartup)
|
||||
setInitOrder(Integer.MAX_VALUE);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
private void makeUnavailable(UnavailableException e)
|
||||
|
|
Loading…
Reference in New Issue