[tomcat] branch 7.0.x updated: Avoid possibly useless environment restore in JNDI realm

Mon, 16 Dec 2019 02:41:14 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new cdb7961  Avoid possibly useless environment restore in JNDI realm
cdb7961 is described below

commit cdb7961b631f407e1631278695d74929d4ed8b9a
Author: remm <r...@apache.org>
AuthorDate: Mon Dec 16 11:35:54 2019 +0100

    Avoid possibly useless environment restore in JNDI realm
---
 java/org/apache/catalina/realm/JNDIRealm.java | 17 +++++++++--------
 webapps/docs/changelog.xml                    |  8 ++++++++
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java 
b/java/org/apache/catalina/realm/JNDIRealm.java
index e5104b6..aadbc0c 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1590,7 +1590,6 @@ public class JNDIRealm extends RealmBase {
                 containerLog.debug("Found user by search [" + user + "]");
             }
         }
-
         if (userPassword == null && credentials != null && user != null) {
             // The password is available. Insert it since it may be required 
for
             // role searches.
@@ -2291,7 +2290,7 @@ public class JNDIRealm extends RealmBase {
 
         try {
             User user = getUser(open(), username, null);
-             if (user == null) {
+            if (user == null) {
                 // User should be found...
                 return null;
             } else {
@@ -2425,12 +2424,14 @@ public class JNDIRealm extends RealmBase {
                 roles = getRoles(context, user);
             }
         } finally {
-            restoreEnvironmentParameter(context,
-                    Context.SECURITY_AUTHENTICATION, preservedEnvironment);
-            restoreEnvironmentParameter(context,
-                    "javax.security.sasl.server.authentication", 
preservedEnvironment);
-            restoreEnvironmentParameter(context, "javax.security.sasl.qop",
-                    preservedEnvironment);
+            if (gssCredential != null && isUseDelegatedCredential()) {
+                restoreEnvironmentParameter(context,
+                        Context.SECURITY_AUTHENTICATION, preservedEnvironment);
+                restoreEnvironmentParameter(context,
+                        "javax.security.sasl.server.authentication", 
preservedEnvironment);
+                restoreEnvironmentParameter(context, "javax.security.sasl.qop",
+                        preservedEnvironment);
+            }
         }
 
         if (user != null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 477737c..9d241f3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -60,6 +60,14 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 7.0.100 (violetagg)">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        Avoid useless environment restore when not using GSSCredential
+        in JNDIRealm. (remm)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 7.0.99 (violetagg)">
   <subsection name="Catalina">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to