This is an automated email from the ASF dual-hosted git repository.
rmaucher pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 559ff361b1 Use logout
559ff361b1 is described below
commit 559ff361b1af3690ca9109b6e62f00af2b74f4a2
Author: remm <[email protected]>
AuthorDate: Fri Jun 26 17:06:12 2026 +0200
Use logout
Logout when login does not fail but authenticate would return a null
principal.
---
java/org/apache/catalina/realm/JAASRealm.java | 5 ++---
webapps/docs/changelog.xml | 4 ++++
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/JAASRealm.java
b/java/org/apache/catalina/realm/JAASRealm.java
index ef6efb16ee..4acddb9f0a 100644
--- a/java/org/apache/catalina/realm/JAASRealm.java
+++ b/java/org/apache/catalina/realm/JAASRealm.java
@@ -362,9 +362,6 @@ public class JAASRealm extends RealmBase {
// Establish a LoginContext to use for authentication
try {
- if (appName == null) {
- appName = "Tomcat";
- }
if (log.isTraceEnabled()) {
log.trace(sm.getString("jaasRealm.beginLogin", username,
appName));
@@ -415,6 +412,7 @@ public class JAASRealm extends RealmBase {
if (log.isDebugEnabled()) {
log.debug(sm.getString("jaasRealm.failedLogin",
username));
}
+ loginContext.logout();
return null;
}
} catch (AccountExpiredException e) {
@@ -466,6 +464,7 @@ public class JAASRealm extends RealmBase {
if (log.isDebugEnabled()) {
log.debug(sm.getString("jaasRealm.authenticateFailure",
username));
}
+ loginContext.logout();
return null;
}
if (log.isTraceEnabled()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 46437c8760..75bfc3f0f3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -249,6 +249,10 @@
Use <code>Files</code> API to create temporary docBase when
<code>antiLockingDocBase</code> is enabled. (markt)
</fix>
+ <fix>
+ <code>JAASRealm</code> should do a logout if login does not fail
outright but
+ does not produce a Principal. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
