You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by vi...@apache.org on 2013/08/15 22:31:48 UTC

svn commit: r1514470 - /tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java

Author: violetagg
Date: Thu Aug 15 20:31:48 2013
New Revision: 1514470

URL: http://svn.apache.org/r1514470
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55354
Restore the context environment parameters after associating the Principle with the given user. Based on patch provided by Richard Begg.

Modified:
    tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1514470&r1=1514469&r2=1514470&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Thu Aug 15 20:31:48 2013
@@ -2050,9 +2050,12 @@ public class JNDIRealm extends RealmBase
 
         User user = null;
         List<String> roles = null;
+        Hashtable<?, ?> preservedEnvironment = null;
 
         try {
             if (gssCredential != null && isUseDelegatedCredential()) {
+                // Preserve the current context environment parameters
+                preservedEnvironment = context.getEnvironment();
                 // Set up context
                 context.addToEnvironment(
                         Context.SECURITY_AUTHENTICATION, "GSSAPI");
@@ -2068,24 +2071,12 @@ public class JNDIRealm extends RealmBase
                 roles = getRoles(context, user);
             }
         } finally {
-            try {
-                context.removeFromEnvironment(
-                        Context.SECURITY_AUTHENTICATION);
-            } catch (NamingException e) {
-                // Ignore
-            }
-            try {
-                context.removeFromEnvironment(
-                        "javax.security.sasl.server.authentication");
-            } catch (NamingException e) {
-                // Ignore
-            }
-            try {
-                context.removeFromEnvironment(
-                        "javax.security.sasl.qop");
-            } catch (NamingException e) {
-                // Ignore
-            }
+            restoreEnvironmentParameter(context,
+                    Context.SECURITY_AUTHENTICATION, preservedEnvironment);
+            restoreEnvironmentParameter(context,
+                    "javax.security.sasl.server.authentication", preservedEnvironment);
+            restoreEnvironmentParameter(context, "javax.security.sasl.qop",
+                    preservedEnvironment);
         }
 
         if (user != null) {
@@ -2096,6 +2087,19 @@ public class JNDIRealm extends RealmBase
         return null;
     }
 
+    private void restoreEnvironmentParameter(DirContext context,
+            String parameterName, Hashtable<?, ?> preservedEnvironment) {
+        try {
+            context.removeFromEnvironment(parameterName);
+            if (preservedEnvironment != null && preservedEnvironment.containsKey(parameterName)) {
+                context.addToEnvironment(parameterName,
+                        preservedEnvironment.get(parameterName));
+            }
+        } catch (NamingException e) {
+            // Ignore
+        }
+    }
+
     /**
      * Open (if necessary) and return a connection to the configured
      * directory server for this Realm.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org