You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/02/28 19:30:19 UTC
[tomcat] branch master updated: Update after kkolinko review of new
PersistAuthentication attribute
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 86b5fc8 Update after kkolinko review of new PersistAuthentication attribute
86b5fc8 is described below
commit 86b5fc8e892cc37a15b90eb8ae708962054d721c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Feb 28 19:28:53 2020 +0000
Update after kkolinko review of new PersistAuthentication attribute
---
.../apache/catalina/session/StandardSession.java | 4 ++--
webapps/docs/config/manager.xml | 21 ++-------------------
webapps/docs/security-howto.xml | 4 ++++
3 files changed, 8 insertions(+), 21 deletions(-)
diff --git a/java/org/apache/catalina/session/StandardSession.java b/java/org/apache/catalina/session/StandardSession.java
index eeec5ce..951f9ee 100644
--- a/java/org/apache/catalina/session/StandardSession.java
+++ b/java/org/apache/catalina/session/StandardSession.java
@@ -1668,7 +1668,7 @@ public class StandardSession implements HttpSession, Session, Serializable {
// Gather authentication information (if configured)
String sessionAuthType = null;
Principal sessionPrincipal = null;
- if (isPersistAuthentication()) {
+ if (getPersistAuthentication()) {
sessionAuthType = getAuthType();
sessionPrincipal = getPrincipal();
if (!(sessionPrincipal instanceof Serializable)) {
@@ -1727,7 +1727,7 @@ public class StandardSession implements HttpSession, Session, Serializable {
* @return {@code true}, if authentication information shall be persisted;
* {@code false} otherwise
*/
- private boolean isPersistAuthentication() {
+ private boolean getPersistAuthentication() {
if (manager instanceof ManagerBase) {
return ((ManagerBase) manager).getPersistAuthentication();
}
diff --git a/webapps/docs/config/manager.xml b/webapps/docs/config/manager.xml
index 640e62d..8af3e20 100644
--- a/webapps/docs/config/manager.xml
+++ b/webapps/docs/config/manager.xml
@@ -139,23 +139,6 @@
filter pattern in order to be restored.</p>
</attribute>
- <attribute name="persistAuthentication" required="false">
- <p>Should authentication information be included when session state is
- preserved across application restarts? If <code>true</code>, the session's
- authentication is preserved so that the session remains authenticated
- after the application has been restarted. If not specified, the default
- value of <code>false</code> will be used.<br />See
- <a href="#Persistence_Across_Restarts">Persistence Across Restarts</a>
- for more information.</p>
-
- <p>Please note that the session's <code>Principal</code> class as well
- as its descendant classes are all subject to the
- <strong>sessionAttributeValueClassNameFilter</strong>. If such a filter
- is specified or a <code>SecurityManager</code> is enabled, the names of
- the <code>Principal</code> class and descendant classes must match that
- filter pattern in order to be restored.</p>
- </attribute>
-
<attribute name="processExpiresFrequency" required="false">
<p>Frequency of the session expiration, and related manager operations.
Manager operations will be done once for the specified amount of
@@ -212,7 +195,7 @@
must fully match the pattern. If not specified, the default value of
<code>null</code> will be used unless a <code>SecurityManager</code> is
enabled in which case the default will be
- <code><nobr>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</nobr></code>.</p>
+ <code>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</code>.</p>
</attribute>
<attribute name="warnOnSessionAttributeFilterFailure" required="false">
@@ -350,7 +333,7 @@
must fully match the pattern. If not specified, the default value of
<code>null</code> will be used unless a <code>SecurityManager</code> is
enabled in which case the default will be
- <code><nobr>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</nobr></code>.</p>
+ <code>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</code>.</p>
</attribute>
<attribute name="warnOnSessionAttributeFilterFailure" required="false">
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index a42eb17..fbdb9d7 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -447,6 +447,10 @@
<p>The length of the session ID may be changed with the
<strong>sessionIdLength</strong> attribute.</p>
+
+ <p>The <strong>persistAuthentication</strong> controls whether the
+ authenticated Principal associated with the session (if any) is included
+ when the session is persisted during a restart or to a Store.</p>
</subsection>
<subsection name="Cluster">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org