svn commit: r1743022 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/authenticator/AuthenticatorBase.java webapps/docs/changelog.xml

Mon, 09 May 2016 11:22:10 -0700 

Author: markt
Date: Mon May  9 18:21:07 2016
New Revision: 1743022

URL: http://svn.apache.org/viewvc?rev=1743022&view=rev
Log:
Do not trigger unnecessary session ID changes when using JASPIC and the user is 
authenticated using cached credentials.

Modified:
    tomcat/tc8.5.x/trunk/   (props changed)
    
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon May  9 18:21:07 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501,1741677
 
,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975,1742984,1742986
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501,1741677
 
,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1743022&r1=1743021&r2=1743022&view=diff
==============================================================================
--- 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
 (original)
+++ 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
 Mon May  9 18:21:07 2016
@@ -699,7 +699,7 @@ public abstract class AuthenticatorBase
             // No JASPIC configuration. Use the standard authenticator.
             return authenticate(request, response);
         } else {
-            checkForCachedAuthentication(request, response, false);
+            boolean cachedAuth = checkForCachedAuthentication(request, 
response, false);
             Subject client = new Subject();
             AuthStatus authStatus;
             try {
@@ -720,7 +720,10 @@ public abstract class AuthenticatorBase
                 if (principal == null) {
                     request.setUserPrincipal(null);
                     request.setAuthType(null);
-                } else {
+                } else if (cachedAuth == false ||
+                        
!principal.getUserPrincipal().equals(request.getUserPrincipal())) {
+                    // Skip registration if authentication credentials were
+                    // cached and the Principal did not change.
                     request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client);
                     @SuppressWarnings("rawtypes")// JASPIC API uses raw types
                     Map map = messageInfo.getMap();

Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1743022&r1=1743021&r2=1743022&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon May  9 18:21:07 2016
@@ -192,6 +192,10 @@
         internal <code>Response</code> object requires JASPIC authentication.
         (markt)
       </fix>
+      <fix>
+        Do not trigger unnecessary session ID changes when using JASPIC and the
+        user is authenticated using cached credentials. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to