https://bz.apache.org/bugzilla/show_bug.cgi?id=60379
Bug ID: 60379
Summary: GenericPrincipal never frees GSSCredential
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: 1983-01...@gmx.net
Target Milestone: ----
Created attachment 34453
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34453&action=edit
Patch for disposing the delegated GSS credential
GenericPrincipal#logout() implementation never frees GSSCredential on logout
but the contract of GSSCredential#dispose() requires to be called as soon as
this senstivive auth data is not needed anymore.
A simple
if (gssCredential != null) {
gssCredential.dispose();
}
can be added to the #logout() implementation.
See
http://docs.oracle.com/javase/7/docs/api/org/ietf/jgss/GSSCredential.html#dispose()
of dispose().
This issue will likely apply to 9.0.x as well.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
