This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new a00e863 BZ 64011: JNDIRealm no longer authenticates to LDAP
a00e863 is described below
commit a00e86375e597f6633039248e13b777fd6e6ecfc
Author: Michael Osipov <micha...@apache.org>
AuthorDate: Sat Jan 4 14:44:52 2020 +0100
BZ 64011: JNDIRealm no longer authenticates to LDAP
---
java/org/apache/catalina/realm/JNDIRealm.java | 17 +++++++++++++++++
java/org/apache/catalina/realm/RealmBase.java | 3 ++-
webapps/docs/changelog.xml | 4 ++++
3 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index bfae8e0..387198b 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -62,6 +62,7 @@ import javax.net.ssl.SSLSocketFactory;
import org.apache.catalina.LifecycleException;
import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
/**
* <p>Implementation of <strong>Realm</strong> that works with a directory
@@ -2260,6 +2261,22 @@ public class JNDIRealm extends RealmBase {
}
@Override
+ protected Principal getPrincipal(GSSName gssName,
+ GSSCredential gssCredential) {
+ String name = gssName.toString();
+
+ if (isStripRealmForGss()) {
+ int i = name.indexOf('@');
+ if (i > 0) {
+ // Zero so we don't leave a zero length name
+ name = name.substring(0, i);
+ }
+ }
+
+ return getPrincipal(name, gssCredential);
+ }
+
+ @Override
protected Principal getPrincipal(String username,
GSSCredential gssCredential) {
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index b1cbfc7..ec5d010 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -1274,7 +1274,8 @@ public abstract class RealmBase extends
LifecycleMBeanBase implements org.apache
* @param gssCredential the GSS credential of the principal
* @return the principal associated with the given user name.
*/
- protected Principal getPrincipal(GSSName gssName, GSSCredential
gssCredential) {
+ protected Principal getPrincipal(GSSName gssName,
+ GSSCredential gssCredential) {
String name = gssName.toString();
if (isStripRealmForGss()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 810c7ff..d6d1cc2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -84,6 +84,10 @@
from Tomcat 8.5.x some time after 2020-12-31. (markt)
</scode>
<fix>
+ <bug>64011</bug>: <code>JNDIRealm</code> no longer authenticates to
LDAP.
+ (michaelo)
+ </fix>
+ <fix>
<bug>64023</bug>: Skip null-valued session attributes when
deserializing
sessions. (schultz)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
