This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 805ab28395 If the Jakarta Authentication fails with an exception, set
a 500 status
805ab28395 is described below
commit 805ab28395dfd4f372376f648175585ef444fd88
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 19 13:25:24 2024 +0100
If the Jakarta Authentication fails with an exception, set a 500 status
Depending on what fails where, the status may not be set or may be set
incorrectly.
---
java/org/apache/catalina/authenticator/AuthenticatorBase.java | 2 ++
1 file changed, 2 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index ba5e1baa4b..db467ba4e9 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -803,6 +803,8 @@ public abstract class AuthenticatorBase extends ValveBase
implements Authenticat
authStatus =
state.serverAuthContext.validateRequest(state.messageInfo, client, null);
} catch (AuthException e) {
log.debug(sm.getString("authenticator.loginFail"), e);
+ // Need to explicitly set the return code as the ServerAuthContext
may not have done.
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return false;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
