You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/05/09 15:13:39 UTC
svn commit: r1742976 - in /tomcat/trunk:
java/org/apache/catalina/authenticator/AuthenticatorBase.java
webapps/docs/changelog.xml
Author: markt
Date: Mon May 9 15:13:39 2016
New Revision: 1742976
URL: http://svn.apache.org/viewvc?rev=1742976&view=rev
Log:
Do not trigger unnecessary session ID changes when using JASPIC and the user is authenticated using cached credentials.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1742976&r1=1742975&r2=1742976&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Mon May 9 15:13:39 2016
@@ -699,7 +699,7 @@ public abstract class AuthenticatorBase
// No JASPIC configuration. Use the standard authenticator.
return authenticate(request, response);
} else {
- checkForCachedAuthentication(request, response, false);
+ boolean cachedAuth = checkForCachedAuthentication(request, response, false);
Subject client = new Subject();
AuthStatus authStatus;
try {
@@ -720,7 +720,10 @@ public abstract class AuthenticatorBase
if (principal == null) {
request.setUserPrincipal(null);
request.setAuthType(null);
- } else {
+ } else if (cachedAuth == false ||
+ !principal.getUserPrincipal().equals(request.getUserPrincipal())) {
+ // Skip registration if authentication credentials were
+ // cached and the Principal did not change.
request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client);
@SuppressWarnings("rawtypes")// JASPIC API uses raw types
Map map = messageInfo.getMap();
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1742976&r1=1742975&r2=1742976&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon May 9 15:13:39 2016
@@ -209,6 +209,10 @@
internal <code>Response</code> object requires JASPIC authentication.
(markt)
</fix>
+ <fix>
+ Do not trigger unnecessary session ID changes when using JASPIC and the
+ user is authenticated using cached credentials. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org