markt-asf closed pull request #819: SpnegoAuthenticator allows wrong calls to
login/logout methods
URL: https://github.com/apache/tomcat/pull/819
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the
markt-asf commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2669268717
Thanks for the test case and the detailed configuration settings. That made
working on this a lot easier.
I have applied a fairly narrow fix for this issue that is similar to the
`M
markt-asf commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2668964117
I don't expect the bind to use kerberos, I am debugging my way through the
code and seeing kerberos being used.
--
This is an automated message from the Apache Git Service.
To respond to
michael-o commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2668906926
> > It is not that easy and I do not agree with that. Here are cases which
will not work:
>
> As the OP has indicated, they are already using a solution along these
lines and it wor
markt-asf commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2668831744
> It is not that easy and I do not agree with that. Here are cases which
will not work:
As the OP has indicated, they are already using a solution along these lines
and it works for
natalia-s-ivanova commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2668518211
> 2. If user/password auth is attempted when `authentication="GSSAPI"` then
remove the environment properties that configured GSSAPI, perform user/password
authentication and then
michael-o commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2668513322
> I think the current support for `logout()` can stay. I don't see a reason
to change it.
>
> I think the issue with `login()` is slightly different. The `JNDIRealm`
attempts to swi
markt-asf commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2668483655
I think the current support for `logout()` can stay. I don't see a reason to
change it.
I think the issue with `login()` is slightly different. The `JNDIRealm`
attempts to switch be
natalia-s-ivanova commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2667570079
> I am still getting my head around the complexities of this. I do think
that changes will be required but I am still working through what I think those
changes should be.
T
michael-o commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2666256036
> I have your example working with Tomcat's `SpnegoAuthenticator` and
`JNDIRealm`. A few tweaks were required to both the Tomcat configuration and
the web application configuration to hand
markt-asf commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2666209525
I have your example working with Tomcat's `SpnegoAuthenticator` and
`JNDIRealm`. A few tweaks were required to both the Tomcat configuration and
the web application configuration to handle
michael-o commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2665300573
> As per logout method: I am not quite sure when it is really needed when
using pure SpnegoAuthenticator. Could you, please, provide a use case of using
logout.
Here:
https://githu
natalia-s-ivanova commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2665172175
> @natalia-s-ivanova I do now understand your problem and it not related to
the `SpnegoAuthenticator` at all. It is design flaw in the realm system which
assumes that the realm ver
michael-o commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2665078872
@natalia-s-ivanova I do now understand your problem and it not related to
the `SpnegoAuthenticator` at all. It is design flaw in the realm system which
assumes that the realm verifies cred
natalia-s-ivanova commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2665013625
> There are many ways to configure the JNDI realm and the SPNEGO
authenticator I am unable to recreate the issue you are reporting with the
sub-set of configuration provided. Pleas
markt-asf commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2663571607
There are many ways to configure the JNDI realm and the SPNEGO authenticator
I am unable to recreate the issue you are reporting with the sub-set of
configuration provided. Please provide
michael-o commented on code in PR #819:
URL: https://github.com/apache/tomcat/pull/819#discussion_r1948630682
##
java/org/apache/catalina/authenticator/LoginlessAuthenticatorBase.java:
##
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
michael-o commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2647329120
> Just a heads up that review of this will take a little longer as I need to
get my SPNEGO test environment and and running again. I didn't see any issues
in a quick code review but I want
michael-o commented on code in PR #819:
URL: https://github.com/apache/tomcat/pull/819#discussion_r1948630682
##
java/org/apache/catalina/authenticator/LoginlessAuthenticatorBase.java:
##
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
markt-asf commented on PR #819:
URL: https://github.com/apache/tomcat/pull/819#issuecomment-2642387703
Just a heads up that review of this will take a little longer as I need to
get my SPNEGO test environment and and running again. I didn't see any issues
in a quick code review but I want t
natalia-s-ivanova opened a new pull request, #819:
URL: https://github.com/apache/tomcat/pull/819
**Summary:**
Inconsistent behavior of the **HttpServletRequest.login(..)** method when
using **SpnegoAuthenticator** for WEB application in Tomcat 11.0.2 and earlier.
**Details:**
21 matches
Mail list logo
