On 11/06/2024 11:14, micha...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 956c4577ca Add RealmBase.getPrincipal(GSSName, GSSCredential,
GSSContext)
956c4577ca is described below
commit 956c4577caedca7d77c5eb996a83ebafdf80b889
Author: Michael Osipov <micha...@apache.org>
AuthorDate: Tue Jun 11 11:11:29 2024 +0200
Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)
A realm might want to access extended/additional information from an
established GSS context to properly build an authenticated princpal.
One prominent example is
com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType).
Do we want to deprecate the old method?
Mark
---
java/org/apache/catalina/realm/RealmBase.java | 16 +++++++++++++++-
webapps/docs/changelog.xml | 5 +++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index c0aaa49068..c441d51ecf 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -484,7 +484,7 @@ public abstract class RealmBase extends LifecycleMBeanBase
implements Realm {
}
}
- return getPrincipal(gssName, gssCredential);
+ return getPrincipal(gssName, gssCredential, gssContext);
}
} else {
log.error(sm.getString("realmBase.gssContextNotEstablished"));
@@ -1201,6 +1201,20 @@ public abstract class RealmBase extends
LifecycleMBeanBase implements Realm {
protected abstract Principal getPrincipal(String username);
+ /**
+ * Get the principal associated with the specified {@link GSSName}.
+ *
+ * @param gssName The GSS name
+ * @param gssCredential the GSS credential of the principal
+ * @param gssContext the established GSS context
+ *
+ * @return the principal associated with the given user name.
+ */
+ protected Principal getPrincipal(GSSName gssName, GSSCredential
gssCredential, GSSContext gssContext) {
+ return getPrincipal(gssName, gssCredential);
+ }
+
+
/**
* Get the principal associated with the specified {@link GSSName}.
*
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cd704f988c..1273c41722 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,11 @@
<bug>69066</bug>: Fix regression in SPNEGO authenticator when
processing Base64. Submitted by Daniel Lyko. (remm)
</fix>
+ <add>
+ Add <code>RealmBase.getPrincipal(GSSName, GSSCredential,
GSSContext)</code>
+ for retrieving extended/additional information from an established
+ GSS context. (michaelo)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
