This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch BZ-63627/tomcat-7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 297e04513a4c0247de2a17d9f2bf8995cf407691
Author: Michael Osipov <micha...@apache.org>
AuthorDate: Fri Aug 2 14:09:02 2019 +0200
BZ 63627: Implement more fine-grained handling in
RealmBase#authenticate(GSSContext, boolean)
---
.../apache/catalina/realm/LocalStrings.properties | 3 ++-
java/org/apache/catalina/realm/RealmBase.java | 31 +++++++++++++---------
webapps/docs/changelog.xml | 4 +++
3 files changed, 24 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties
b/java/org/apache/catalina/realm/LocalStrings.properties
index 95b56b5..66189e5 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -99,7 +99,8 @@ realmBase.createUsernameRetriever.ClassCastException=Class
{0} is not an X509Use
realmBase.createUsernameRetriever.ClassNotFoundException=Cannot find class {0}.
realmBase.createUsernameRetriever.IllegalAccessException=Cannot create object
of type {0}.
realmBase.createUsernameRetriever.InstantiationException=Cannot create object
of type {0}.
-realmBase.delegatedCredentialFail=Unable to obtain delegated credentials for
user [{0}]
+realmBase.delegatedCredentialFail=Unable to obtain delegated credential for
user {0}
+realmBase.credentialNotDelegated=Credential for user {0} has not been
delegated though storing was requested
realmBase.digest=Error digesting user credentials
realmBase.forbidden=Access to the requested resource has been denied
realmBase.gotX509Username=Got user name from X509 certificate: {0}
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index 9697440..099618e 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -557,27 +557,32 @@ public abstract class RealmBase extends
LifecycleMBeanBase implements Realm {
}
if (gssName!= null) {
+ GSSCredential gssCredential = null;
+ if (storeCreds) {
+ if (gssContext.getCredDelegState()) {
+ try {
+ gssCredential = gssContext.getDelegCred();
+ } catch (GSSException e) {
+ log.warn(sm.getString(
+ "realmBase.delegatedCredentialFail",
gssName), e);
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString(
+ "realmBase.credentialNotDelegated",
gssName));
+ }
+ }
+ }
+
String name = gssName.toString();
if (isStripRealmForGss()) {
int i = name.indexOf('@');
if (i > 0) {
- // Zero so we don;t leave a zero length name
+ // Zero so we don't leave a zero length name
name = name.substring(0, i);
}
}
- GSSCredential gssCredential = null;
- if (storeCreds && gssContext.getCredDelegState()) {
- try {
- gssCredential = gssContext.getDelegCred();
- } catch (GSSException e) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString(
- "realmBase.delegatedCredentialFail", name),
- e);
- }
- }
- }
return getPrincipal(name, gssCredential);
}
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9dbc17f..e315387 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -62,6 +62,10 @@
<section name="Tomcat 7.0.97 (violetagg)">
<subsection name="Catalina">
<changelog>
+ <update>
+ <bug>63627</bug>: Implement more fine-grained handling in
+ <code>RealmBase.authenticate(GSSContext, boolean)</code>. (michaelo)
+ </update>
<add>
<bug>62496</bug>: Add option to write auth information (remote
user/auth type)
to response headers. (michaelo)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
