You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mi...@apache.org on 2020/01/04 13:45:37 UTC
[tomcat] branch master updated: BZ 64011: JNDIRealm no longer
authenticates to LDAP
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 98e45b9 BZ 64011: JNDIRealm no longer authenticates to LDAP
98e45b9 is described below
commit 98e45b95763ded0a503ff1b05806e7138bee1915
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Sat Jan 4 14:44:52 2020 +0100
BZ 64011: JNDIRealm no longer authenticates to LDAP
---
java/org/apache/catalina/realm/JNDIRealm.java | 17 +++++++++++++++++
java/org/apache/catalina/realm/RealmBase.java | 3 ++-
webapps/docs/changelog.xml | 4 ++++
3 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index b069538..26c97f1 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -62,6 +62,7 @@ import javax.net.ssl.SSLSocketFactory;
import org.apache.catalina.LifecycleException;
import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
/**
* <p>Implementation of <strong>Realm</strong> that works with a directory
@@ -2245,6 +2246,22 @@ public class JNDIRealm extends RealmBase {
}
@Override
+ protected Principal getPrincipal(GSSName gssName,
+ GSSCredential gssCredential) {
+ String name = gssName.toString();
+
+ if (isStripRealmForGss()) {
+ int i = name.indexOf('@');
+ if (i > 0) {
+ // Zero so we don't leave a zero length name
+ name = name.substring(0, i);
+ }
+ }
+
+ return getPrincipal(name, gssCredential);
+ }
+
+ @Override
protected Principal getPrincipal(String username,
GSSCredential gssCredential) {
diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java
index 62f5b8e..3c5b1e7 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -1252,7 +1252,8 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
* @param gssCredential the GSS credential of the principal
* @return the principal associated with the given user name.
*/
- protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential) {
+ protected Principal getPrincipal(GSSName gssName,
+ GSSCredential gssCredential) {
String name = gssName.toString();
if (isStripRealmForGss()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f8f1894..3a54774 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -76,6 +76,10 @@
from Tomcat 9.0.x some time after 2020-12-31. (markt)
</scode>
<fix>
+ <bug>64011</bug>: <code>JNDIRealm</code> no longer authenticates to LDAP.
+ (michaelo)
+ </fix>
+ <fix>
<bug>64023</bug>: Skip null-valued session attributes when deserializing
sessions. (schultz)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org