[tomcat] branch master updated: Update after kkolinko review of new PersistAuthentication attribute

Fri, 28 Feb 2020 11:30:44 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 86b5fc8  Update after kkolinko review of new PersistAuthentication 
attribute
86b5fc8 is described below

commit 86b5fc8e892cc37a15b90eb8ae708962054d721c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Feb 28 19:28:53 2020 +0000

    Update after kkolinko review of new PersistAuthentication attribute
---
 .../apache/catalina/session/StandardSession.java    |  4 ++--
 webapps/docs/config/manager.xml                     | 21 ++-------------------
 webapps/docs/security-howto.xml                     |  4 ++++
 3 files changed, 8 insertions(+), 21 deletions(-)

diff --git a/java/org/apache/catalina/session/StandardSession.java 
b/java/org/apache/catalina/session/StandardSession.java
index eeec5ce..951f9ee 100644
--- a/java/org/apache/catalina/session/StandardSession.java
+++ b/java/org/apache/catalina/session/StandardSession.java
@@ -1668,7 +1668,7 @@ public class StandardSession implements HttpSession, 
Session, Serializable {
         // Gather authentication information (if configured)
         String sessionAuthType = null;
         Principal sessionPrincipal = null;
-        if (isPersistAuthentication()) {
+        if (getPersistAuthentication()) {
             sessionAuthType = getAuthType();
             sessionPrincipal = getPrincipal();
             if (!(sessionPrincipal instanceof Serializable)) {
@@ -1727,7 +1727,7 @@ public class StandardSession implements HttpSession, 
Session, Serializable {
      * @return {@code true}, if authentication information shall be persisted;
      *         {@code false} otherwise
      */
-    private boolean isPersistAuthentication() {
+    private boolean getPersistAuthentication() {
         if (manager instanceof ManagerBase) {
             return ((ManagerBase) manager).getPersistAuthentication();
         }
diff --git a/webapps/docs/config/manager.xml b/webapps/docs/config/manager.xml
index 640e62d..8af3e20 100644
--- a/webapps/docs/config/manager.xml
+++ b/webapps/docs/config/manager.xml
@@ -139,23 +139,6 @@
         filter pattern in order to be restored.</p>
       </attribute>
 
-      <attribute name="persistAuthentication" required="false">
-        <p>Should authentication information be included when session state is
-        preserved across application restarts? If <code>true</code>, the 
session's
-        authentication is preserved so that the session remains authenticated
-        after the application has been restarted. If not specified, the default
-        value of <code>false</code> will be used.<br />See
-        <a href="#Persistence_Across_Restarts">Persistence Across Restarts</a>
-        for more information.</p>
-
-        <p>Please note that the session's <code>Principal</code> class as well
-        as its descendant classes are all subject to the
-        <strong>sessionAttributeValueClassNameFilter</strong>. If such a filter
-        is specified or a <code>SecurityManager</code> is enabled, the names of
-        the <code>Principal</code> class and descendant classes must match that
-        filter pattern in order to be restored.</p>
-      </attribute>
-
       <attribute name="processExpiresFrequency" required="false">
         <p>Frequency of the session expiration, and related manager operations.
         Manager operations will be done once for the specified amount of
@@ -212,7 +195,7 @@
         must fully match the pattern. If not specified, the default value of
         <code>null</code> will be used unless a <code>SecurityManager</code> is
         enabled in which case the default will be
-        
<code><nobr>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</nobr></code>.</p>
+        
<code>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</code>.</p>
       </attribute>
 
       <attribute name="warnOnSessionAttributeFilterFailure" required="false">
@@ -350,7 +333,7 @@
         must fully match the pattern. If not specified, the default value of
         <code>null</code> will be used unless a <code>SecurityManager</code> is
         enabled in which case the default will be
-        
<code><nobr>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</nobr></code>.</p>
+        
<code>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</code>.</p>
       </attribute>
 
       <attribute name="warnOnSessionAttributeFilterFailure" required="false">
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index a42eb17..fbdb9d7 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -447,6 +447,10 @@
 
       <p>The length of the session ID may be changed with the
       <strong>sessionIdLength</strong> attribute.</p>
+
+      <p>The <strong>persistAuthentication</strong> controls whether the
+      authenticated Principal associated with the session (if any) is included
+      when the session is persisted during a restart or to a Store.</p>
     </subsection>
 
     <subsection name="Cluster">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to