[tomcat] branch master updated: BZ 64011: JNDIRealm no longer authenticates to LDAP

Sat, 04 Jan 2020 05:45:50 -0800 

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 98e45b9  BZ 64011: JNDIRealm no longer authenticates to LDAP
98e45b9 is described below

commit 98e45b95763ded0a503ff1b05806e7138bee1915
Author: Michael Osipov <micha...@apache.org>
AuthorDate: Sat Jan 4 14:44:52 2020 +0100

    BZ 64011: JNDIRealm no longer authenticates to LDAP
---
 java/org/apache/catalina/realm/JNDIRealm.java | 17 +++++++++++++++++
 java/org/apache/catalina/realm/RealmBase.java |  3 ++-
 webapps/docs/changelog.xml                    |  4 ++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java 
b/java/org/apache/catalina/realm/JNDIRealm.java
index b069538..26c97f1 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -62,6 +62,7 @@ import javax.net.ssl.SSLSocketFactory;
 
 import org.apache.catalina.LifecycleException;
 import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
 
 /**
  * <p>Implementation of <strong>Realm</strong> that works with a directory
@@ -2245,6 +2246,22 @@ public class JNDIRealm extends RealmBase {
     }
 
     @Override
+    protected Principal getPrincipal(GSSName gssName,
+            GSSCredential gssCredential) {
+        String name = gssName.toString();
+
+        if (isStripRealmForGss()) {
+            int i = name.indexOf('@');
+            if (i > 0) {
+                // Zero so we don't leave a zero length name
+                name = name.substring(0, i);
+            }
+        }
+
+        return getPrincipal(name, gssCredential);
+    }
+
+    @Override
     protected Principal getPrincipal(String username,
             GSSCredential gssCredential) {
 
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 62f5b8e..3c5b1e7 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -1252,7 +1252,8 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
      * @param gssCredential the GSS credential of the principal
      * @return the principal associated with the given user name.
      */
-    protected Principal getPrincipal(GSSName gssName, GSSCredential 
gssCredential) {
+    protected Principal getPrincipal(GSSName gssName,
+            GSSCredential gssCredential) {
         String name = gssName.toString();
 
         if (isStripRealmForGss()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f8f1894..3a54774 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -76,6 +76,10 @@
         from Tomcat 9.0.x some time after 2020-12-31. (markt)
       </scode>
       <fix>
+        <bug>64011</bug>: <code>JNDIRealm</code> no longer authenticates to 
LDAP.
+        (michaelo)
+      </fix>
+      <fix>
         <bug>64023</bug>: Skip null-valued session attributes when 
deserializing
         sessions. (schultz)
       </fix>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to