[jboss-cvs] JBossAS SVN: r62925 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.

[jboss-cvs-commits at lists.jboss.org]

Author: anil.saldhana at jboss.com
Date: 2007-05-08 23:09:13 -0400 (Tue, 08 May 2007)
New Revision: 62925

Modified:
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
Log:
add check on caller subject before authorization

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2007-05-09 03:08:38 UTC (rev 62924)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2007-05-09 03:09:13 UTC (rev 62925)
@@ -472,6 +472,8 @@
                                       securityConstraints, context);  
       
       Subject caller = this.establishSubjectContext(request.getPrincipal());
+      if(caller == null)
+         throw new IllegalStateException("Caller subject is null");
 
       Map<String,Object> map =  new HashMap<String,Object>(); 
       map.put(ResourceKeys.WEB_REQUEST, request);