This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 537dc9a Bugfix for 65479 - PasswordValidationCallback does not return
validation result in getResult
537dc9a is described below
commit 537dc9ada185b9d14dd292e3262968d5f0353bdb
Author: Robert Rodewald <r.rodew...@airitsystems.de>
AuthorDate: Mon Aug 2 11:27:08 2021 +0200
Bugfix for 65479 - PasswordValidationCallback does not return validation
result in getResult
---
.../apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java | 1 +
.../authenticator/TestJaspicCallbackHandlerInAuthenticator.java | 2 ++
webapps/docs/changelog.xml | 7 +++++++
3 files changed, 10 insertions(+)
diff --git
a/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
b/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
index b1acaa5..d88ff80 100644
--- a/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
+++ b/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
@@ -79,6 +79,7 @@ public class CallbackHandlerImpl implements CallbackHandler,
Contained {
PasswordValidationCallback pvc =
(PasswordValidationCallback) callback;
principal =
container.getRealm().authenticate(pvc.getUsername(),
String.valueOf(pvc.getPassword()));
+ pvc.setResult(principal != null);
subject = pvc.getSubject();
}
} else {
diff --git
a/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java
b/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java
index a5f7c75..2c1bc25 100644
---
a/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java
+++
b/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java
@@ -115,9 +115,11 @@ public class TestJaspicCallbackHandlerInAuthenticator {
PasswordValidationCallback pvc1 = new
PasswordValidationCallback(clientSubject, "name1",
"password".toCharArray());
callbackHandler.handle(new Callback[] { pvc1 });
+ Assert.assertTrue(pvc1.getResult());
PasswordValidationCallback pvc2 = new
PasswordValidationCallback(clientSubject, "name2",
"invalid".toCharArray());
callbackHandler.handle(new Callback[] { pvc2 });
+ Assert.assertFalse(pvc2.getResult());
Set<Object> credentials = clientSubject.getPrivateCredentials();
Assert.assertTrue(credentials.size() == 1);
GenericPrincipal gp = (GenericPrincipal) credentials.iterator().next();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7dcf9d7..474f354 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,13 @@
body is no longer sent. This acts as an additional signal to the client
that the request experienced an error. (markt)
</fix>
+ <fix>
+ <bug>65479</bug>: When handling requests using JASPIC authentication,
+ ensure that <code>PasswordValidationCallback.getResult()</code> returns
+ the result of the password validation rather than always returning
+ <code>false</code>. Fixed via pull request <pr>438</pr> provided by
+ Robert Rodewald. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
