You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/11/24 09:25:54 UTC
[tomcat] branch 9.0.x updated: Expand code comments
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new cd1e61b Expand code comments
cd1e61b is described below
commit cd1e61b9abef886a212fe24883bdab465706e8ac
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Nov 24 09:25:19 2021 +0000
Expand code comments
---
java/org/apache/catalina/connector/Request.java | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index 7d4a949..0d2c5ff 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2656,13 +2656,23 @@ public class Request implements HttpServletRequest {
if (gssCredential != null) {
int left = -1;
try {
+ // Concurrent calls to this method from an expired session
+ // can trigger an ISE. If one thread calls logout() below
+ // before another thread calls getRemainingLifetime() then
+ // then since logout() eventually calls
+ // GSSCredential.dispose(), the subsequent call to
+ // GSSCredential.getRemainingLifetime() will throw an ISE.
+ // Avoiding the ISE would require locking in this method to
+ // protect against concurrent access to the GSSCredential.
+ // That would have a small performance impact. The ISE is
+ // rare so it is caught and handled rather than avoided.
left = gssCredential.getRemainingLifetime();
} catch (GSSException | IllegalStateException e) {
log.warn(sm.getString("coyoteRequest.gssLifetimeFail",
userPrincipal.getName()), e);
}
- // zero is expired.
- // Should never be less than zero but handle those values too
+ // zero is expired. Exception above will mean left == -1
+ // Treat both as expired.
if (left <= 0) {
// GSS credential has expired. Need to re-authenticate.
try {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org