You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/03/29 18:29:03 UTC

[tomcat] branch main updated: replace deprecated getSubjectDN()

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 26f57f4  replace deprecated getSubjectDN()
26f57f4 is described below

commit 26f57f422badfe01c094a47bfe610e7e491f83eb
Author: sim-lus <67...@users.noreply.github.com>
AuthorDate: Wed Mar 16 12:45:36 2022 +0100

    replace deprecated getSubjectDN()
    
    According to java spec, getSubjectDN() should not be used:
    "denigrated, replaced by getSubjectX500Principal(). This method returns the subject as an implementation specific Principal object, which should not be relied upon by portable code."
    
    Not sure if my proposed change is correct, at least it is probably not compatible for all use cases.
---
 java/org/apache/catalina/realm/X509SubjectDnRetriever.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/X509SubjectDnRetriever.java b/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
index 7aa5a3a..1602c91 100644
--- a/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
+++ b/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
@@ -26,6 +26,6 @@ public class X509SubjectDnRetriever implements X509UsernameRetriever {
 
     @Override
     public String getUsername(X509Certificate clientCert) {
-        return clientCert.getSubjectDN().getName();
+        return clientCert.getSubjectX500Principal().getName();
     }
 }

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org