Bug 60926 - Servlet 4 method ApplicationContextFacade.setSessionTimeout() calls wrong method
Summary: Servlet 4 method ApplicationContextFacade.setSessionTimeout() calls wrong method
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.5.12
Hardware: PC All
: P2 normal (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-27 23:24 UTC by Konstantin Kolinko
Modified: 2017-03-28 10:36 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Konstantin Kolinko 2017-03-27 23:24:31 UTC 
Noted when reviewing r1784768 while investigating a different bug:

in org.apache.catalina.core.ApplicationContextFacade:

    @Override
    public void setSessionTimeout(int sessionTimeout) {
        if (SecurityUtil.isPackageProtectionEnabled()) {
            doPrivileged("getSessionTimeout", new Object[] { Integer.valueOf(sessionTimeout) });
        } else  {
            context.setSessionTimeout(sessionTimeout);
        }
    }

calls a wrong method when running with SecurityManager:

s/"getSessionTimeout"/"setSessionTimeout"/
Comment 1 Violeta Georgieva 2017-03-28 07:13:09 UTC 
Hi,

This is fixed with r1784911.

Regards,
Violeta
Comment 2 Konstantin Kolinko 2017-03-28 10:16:29 UTC 
Looking into src.zip of 8.5.13, this was fixed in trunk only, but not in 8.5.
Comment 3 Violeta Georgieva 2017-03-28 10:36:51 UTC 
(In reply to Konstantin Kolinko from comment #2)
> Looking into src.zip of 8.5.13, this was fixed in trunk only, but not in 8.5.

You are right. I backported this change to Tomcat 8.5 - r1789090.
The fix will be available in 8.5.14 onwards.

Thanks,
Violeta