https://issues.apache.org/bugzilla/show_bug.cgi?id=55804
Bug ID: 55804
Summary: SPNEGOAUTHENTICATOR - GSSCredential does not get
renewed after RemainingLifeTime is less than zero
Product: Tomcat 7
Version: 7.0.47
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
In SpnegoAuthenticator, we check for request.getUserPrincipal() if it returns a
prinicpal we do not do a fresh authentication. This happens even when the
GSSCredential returned by GenericPrincipal has remainingLife time less than
zero. This causes issues in delegating the credential as the credential is not
valid any more.
Can we add additional check to reauthenticate when the credental has expired
and put GSSCredential in the same session?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
