You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by vi...@apache.org on 2013/08/16 07:58:50 UTC

svn commit: r1514589 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml

Author: violetagg
Date: Fri Aug 16 05:58:50 2013
New Revision: 1514589

URL: http://svn.apache.org/r1514589
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55354
Merged revision 1514470 from tomcat/trunk:
Restore the context environment parameters after associating the Principle with the given user. Based on patch provided by Richard Begg.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1514470

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1514589&r1=1514588&r2=1514589&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java Fri Aug 16 05:58:50 2013
@@ -2070,9 +2070,12 @@ public class JNDIRealm extends RealmBase
 
         User user = null;
         List<String> roles = null;
+        Hashtable<?, ?> preservedEnvironment = null;
 
         try {
             if (gssCredential != null && isUseDelegatedCredential()) {
+                // Preserve the current context environment parameters
+                preservedEnvironment = context.getEnvironment();
                 // Set up context
                 context.addToEnvironment(
                         Context.SECURITY_AUTHENTICATION, "GSSAPI");
@@ -2088,24 +2091,12 @@ public class JNDIRealm extends RealmBase
                 roles = getRoles(context, user);
             }
         } finally {
-            try {
-                context.removeFromEnvironment(
-                        Context.SECURITY_AUTHENTICATION);
-            } catch (NamingException e) {
-                // Ignore
-            }
-            try {
-                context.removeFromEnvironment(
-                        "javax.security.sasl.server.authentication");
-            } catch (NamingException e) {
-                // Ignore
-            }
-            try {
-                context.removeFromEnvironment(
-                        "javax.security.sasl.qop");
-            } catch (NamingException e) {
-                // Ignore
-            }
+            restoreEnvironmentParameter(context,
+                    Context.SECURITY_AUTHENTICATION, preservedEnvironment);
+            restoreEnvironmentParameter(context,
+                    "javax.security.sasl.server.authentication", preservedEnvironment);
+            restoreEnvironmentParameter(context, "javax.security.sasl.qop",
+                    preservedEnvironment);
         }
 
         if (user != null) {
@@ -2116,6 +2107,19 @@ public class JNDIRealm extends RealmBase
         return null;
     }
 
+    private void restoreEnvironmentParameter(DirContext context,
+            String parameterName, Hashtable<?, ?> preservedEnvironment) {
+        try {
+            context.removeFromEnvironment(parameterName);
+            if (preservedEnvironment != null && preservedEnvironment.containsKey(parameterName)) {
+                context.addToEnvironment(parameterName,
+                        preservedEnvironment.get(parameterName));
+            }
+        } catch (NamingException e) {
+            // Ignore
+        }
+    }
+
     /**
      * Open (if necessary) and return a connection to the configured
      * directory server for this Realm.

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1514589&r1=1514588&r2=1514589&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Aug 16 05:58:50 2013
@@ -108,6 +108,11 @@
         ServletContext. (markt)
       </fix>
       <fix>
+        <bug>55354</bug>: Ensure that the naming context environment parameters
+        are restored after associating the Principle with the user name. Based
+        on patch provided by Richard Begg. (violetagg)
+      </fix>
+      <fix>
         <bug>55357</bug>: Ensure the web application class loader is set as a
         thread context class loader during session deserialization. (violetagg)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org