You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mi...@apache.org on 2019/08/05 10:57:54 UTC
[tomcat] branch BZ-63627/tomcat-8.5.x created (now f592008)
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a change to branch BZ-63627/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
at f592008 BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)
This branch includes the following new commits:
new f592008 BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/01: BZ 63627: Implement more fine-grained handling in
RealmBase#authenticate(GSSContext, boolean)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch BZ-63627/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f5920085da51f943cc77e1fec41ea3641fedb4f9
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Fri Aug 2 14:09:02 2019 +0200
BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)
---
.../apache/catalina/realm/LocalStrings.properties | 3 ++-
java/org/apache/catalina/realm/RealmBase.java | 31 +++++++++++++---------
webapps/docs/changelog.xml | 4 +++
3 files changed, 24 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties b/java/org/apache/catalina/realm/LocalStrings.properties
index 990a409..5a8aee3 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -91,7 +91,8 @@ realmBase.cannotGetRoles=Cannot get roles from principal [{0}]
realmBase.createUsernameRetriever.ClassCastException=Class [{0}] is not an X509UsernameRetriever.
realmBase.createUsernameRetriever.newInstance=Cannot create object of type [{0}].
realmBase.credentialHandler.customCredentialHandler=Unable to set the property [{0}] to value [{1}] as a custom CredentialHandler has been configured
-realmBase.delegatedCredentialFail=Unable to obtain delegated credentials for user [{0}]
+realmBase.delegatedCredentialFail=Unable to obtain delegated credential for user [{0}]
+realmBase.credentialNotDelegated=Credential for user [{0}] has not been delegated though storing was requested
realmBase.digest=Error digesting user credentials
realmBase.forbidden=Access to the requested resource has been denied
realmBase.gotX509Username=Got user name from X509 certificate: [{0}]
diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java
index 55559a5..d14f7b3 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -482,27 +482,32 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
}
if (gssName!= null) {
+ GSSCredential gssCredential = null;
+ if (storeCreds) {
+ if (gssContext.getCredDelegState()) {
+ try {
+ gssCredential = gssContext.getDelegCred();
+ } catch (GSSException e) {
+ log.warn(sm.getString(
+ "realmBase.delegatedCredentialFail", gssName), e);
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString(
+ "realmBase.credentialNotDelegated", gssName));
+ }
+ }
+ }
+
String name = gssName.toString();
if (isStripRealmForGss()) {
int i = name.indexOf('@');
if (i > 0) {
- // Zero so we don;t leave a zero length name
+ // Zero so we don't leave a zero length name
name = name.substring(0, i);
}
}
- GSSCredential gssCredential = null;
- if (storeCreds && gssContext.getCredDelegState()) {
- try {
- gssCredential = gssContext.getDelegCred();
- } catch (GSSException e) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString(
- "realmBase.delegatedCredentialFail", name),
- e);
- }
- }
- }
return getPrincipal(name, gssCredential);
}
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index abe97fd..e8704dd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -47,6 +47,10 @@
<section name="Tomcat 8.5.44 (markt)" rtext="in development">
<subsection name="Catalina">
<changelog>
+ <update>
+ <bug>63627</bug>: Implement more fine-grained handling in
+ <code>RealmBase.authenticate(GSSContext, boolean)</code>. (michaelo)
+ </update>
<add>
<bug>62496</bug>: Add option to write auth information (remote user/auth type)
to response headers. (michaelo)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org