JNDIRealm is configured to
use GSSAPI
fd96ab4156 is described below
commit fd96ab415631eea44636c94f911dd38427070ef9
Author: Mark Thomas
AuthorDate: Wed Feb 19 17:11:47 2025 +
Fix credential validation when JNDIRealm is configured to use GSSAPI
Enable the validation of credentials
JNDIRealm is configured to
use GSSAPI
c32bbd37ea is described below
commit c32bbd37ea9ee0aaab848af4ee1c9a76e84240ea
Author: Mark Thomas
AuthorDate: Wed Feb 19 17:11:47 2025 +
Fix credential validation when JNDIRealm is configured to use GSSAPI
Enable the validation of credentials
JNDIRealm is configured to
use GSSAPI
0cd21c0393 is described below
commit 0cd21c0393b8811af22daddbba7b4e7328e2d79e
Author: Mark Thomas
AuthorDate: Wed Feb 19 17:11:47 2025 +
Fix credential validation when JNDIRealm is configured to use GSSAPI
Enable the validation of credentials
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 99e3403b0d Fix credential validation when JNDIRealm
https://bz.apache.org/bugzilla/show_bug.cgi?id=62214
Mark Thomas changed:
What|Removed |Added
Product|Tomcat 8|Tomcat 9
Version|8.5.29
IOException in LdapRequest gets wrapped as a CommunicationException.
So the workaround is not needed in Tomcat 11 (trunk) since it requires
Java 21. However, Java 17 (and 11 obviously) don't have the fix, so
the change is ne
6).
It looks like we now can expect to even get an IOException in case the
LDAP connection has been closed.
Regards
Felix
Rémy
Regards
Felix
PS. I will do a PR, if we agree on changing the catch clause.
PPS. The code to catch the exception is the same in current tomcat JNDIRealm
cl
proposed change would mean everything is assumed to be
recoverable which is not good, but unavoidable if everything is
reported as a NamingException.
Rémy
>
> Regards
>
> Felix
>
> PS. I will do a PR, if we agree on changing the catch clause.
>
> PPS. The code to catch the
the catch clause.
PPS. The code to catch the exception is the same in current tomcat
JNDIRealm classes, even if the line numbers changed a bit.
OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
https://bz.apache.org/bugzilla/show_bug.cgi?id=62214
--- Comment #6 from Martin bestandig ---
Dellet
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apa
Hi all,
I now have a bit more information on this.
The problem arises, when you have configured a single LDAP connection
(no pooling) and the a naming exception is thrown (for example) in
JNDIRealm#getPrincipal (for example line 2242 in current main). In that
location we hold a lock while
Hi all,
yesterday, we had a Tomcat, that would be unresponsive for about twenty
minutes on every full hour. The cause was a long running scheduled job
that used the /last/ available connection of the 200 default
connections. All other connections were waiting to lock the single LDAP
connectio
of the JNDIRealm
bf13482 is described below
commit bf1348232d47c6da9612363fceefeb384bf097d5
Author: Mark Thomas
AuthorDate: Mon Jan 31 10:35:35 2022 +
Improve docs for the protocol attribute of the JNDIRealm
---
webapps/docs/changelog.xml| 4
webapps/docs/config/realm.xml | 4
of the JNDIRealm
7a04bdf is described below
commit 7a04bdf527cd68535e5757eda10501f96f0f8602
Author: Mark Thomas
AuthorDate: Mon Jan 31 10:35:35 2022 +
Improve docs for the protocol attribute of the JNDIRealm
---
webapps/docs/changelog.xml| 4
webapps/docs/config/realm.xml | 4
of the JNDIRealm
c37eecb is described below
commit c37eecbe444cc8be4385481e20b3b8e3ac249f2a
Author: Mark Thomas
AuthorDate: Mon Jan 31 10:35:35 2022 +
Improve docs for the protocol attribute of the JNDIRealm
---
webapps/docs/changelog.xml| 4
webapps/docs/config/realm.xml | 4
the JNDIRealm
da7d3b1 is described below
commit da7d3b12be19df0408bc22dd0f2b7d507f432921
Author: Mark Thomas
AuthorDate: Mon Jan 31 10:35:35 2022 +
Improve docs for the protocol attribute of the JNDIRealm
---
webapps/docs/changelog.xml| 4
webapps/docs/config/realm.xml | 4
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553
--- Comment #5 from Mark Thomas ---
OpenJDK bug created
https://bugs.openjdk.java.net/browse/JDK-8273874
We will still need to address this in Tomcat to cover the time until we can
guarantee that the version of the JRE that Tomcat is running
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553
--- Comment #4 from Michael Osipov ---
(In reply to Thomas Hoffmann from comment #3)
> Hello Michael,
> if the leak is reported without using JNDIRealm, it might be
> that your application creates an LDAP-Query or InitialDirContex
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553
--- Comment #3 from Thomas Hoffmann ---
Hello Michael,
if the leak is reported without using JNDIRealm, it might be
that your application creates an LDAP-Query or InitialDirContext without
closing it?
Maybe you can use a breakpoint in
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553
--- Comment #2 from Michael Osipov ---
I see the same in my application, though not with the JNDIRealm:
2021-08-31T20:25:13.679 INFORMATION [https-openssl-apr-8443-exec-67]
org.apache.catalina.core.ApplicationContext.log HTMLManager: stop
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553
Mark Thomas changed:
What|Removed |Added
OS||All
--- Comment #1 from Mark Thomas ---
https://bz.apache.org/bugzilla/show_bug.cgi?id=65553
Bug ID: 65553
Summary: Orphaned thread by JNDIRealm / clearReferencesThreads
reports memory leak
Product: Tomcat 9
Version: 9.0.52
Hardware: PC
Status: NEW
JNDIRealm
86b9958 is described below
commit 86b9958b191a7cb924a54c86205a5a247174f1be
Author: Mark Thomas
AuthorDate: Mon Jun 21 18:12:49 2021 +0100
Make fields accessible to sub-classes of JNDIRealm
Access problem for sub-classes reported via users@tomcat.a.o
https
of JNDIRealm
b651945 is described below
commit b651945857d9a47523e336a83cb4024a65f6e518
Author: Mark Thomas
AuthorDate: Mon Jun 21 18:12:49 2021 +0100
Make fields accessible to sub-classes of JNDIRealm
Access problem for sub-classes reported via users@tomcat.a.o
https
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
Mark Thomas changed:
What|Removed |Added
CC||sl...@aceslash.net
--- Comment #4 from M
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
--- Comment #3 from Mark Thomas ---
Thanks for catching this,
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
Felix Schumacher changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
--- Comment #1 from Remy Maucherat ---
+1 for your patch, obviously. You can add the tests of course, but you could do
without them as well it's just adding a null check, so it cannot possibly break
anything and we know it will work.
--
You a
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
Bug ID: 65308
Summary: NPE in JNDIRealm when no userRoleAttribute is given
Product: Tomcat 10
Version: unspecified
Hardware: All
OS: All
Status: NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=65224
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
. Correct escaping in JNDIRealm
---
java/org/apache/catalina/realm/JNDIRealm.java | 161 ++
webapps/docs/changelog.xml| 4 +
2 files changed, 142 insertions(+), 23 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org
expand JNDIRealm unit tests
---
build.properties.default | 9 ++
build.xml | 9 ++
.../catalina/realm/TestJNDIRealmIntegration.java | 144 +
webapps/docs/changelog.xml | 8 ++
4 files
expand JNDIRealm unit tests
---
build.properties.default | 9 ++
build.xml | 9 ++
.../catalina/realm/TestJNDIRealmIntegration.java | 144 +
webapps/docs/changelog.xml | 4 +
4 files
expand JNDIRealm unit tests
---
build.properties.default | 9 ++
build.xml | 9 ++
.../catalina/realm/TestJNDIRealmIntegration.java | 144 +
webapps/docs/changelog.xml | 8 ++
4
https://bz.apache.org/bugzilla/show_bug.cgi?id=65224
Bug ID: 65224
Summary: JNDIRealm doesn't escape filters containing username
Product: Tomcat 8
Version: 8.5.65
Hardware: PC
OS: Mac OS X 10.1
Status
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
--- Comment #9 from Satya ---
Thanks for reply. we will test with Tomcat 8.5.62 once its released.
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
Remy Maucherat changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
--- Comment #7 from Remy Maucherat ---
(In reply to Satya from comment #6)
> Thanks for your quick responses.
>
> could you please let me know , which version of Tomcat contains the fix for
> this issue.
It is not fixed yet.
(In reply to Sat
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
--- Comment #6 from Satya ---
Thanks for your quick responses.
could you please let me know , which version of Tomcat contains the fix for
this issue.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
--- Comment #5 from Satya ---
could you please provide some information with sample example on how to
configure connectionPoolSize(connectionPoolSize="2"). i will test and provide
the results.
--
You are receiving this mail because:
You are t
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
--- Comment #4 from Remy Maucherat ---
Thanks, that's what I thought. When using a single connection, then get() locks
but never unlocks if there is an exception there. I should have a patch
shortly, but I'm trying to verify with a test. As a w
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
--- Comment #3 from Satya ---
Below is the stcktarce
"https-jsse-nio-8443-exec-4" #70 daemon prio=5 os_prio=0 tid=0x7f6a784f4800
nid=0x1cc8b5 waiting on condition [0x7f6a541f]
java.lang.Thread.State: WAITING (parking)
a
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
--- Comment #2 from Satya ---
Created attachment 37654
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37654&action=edit
Tomcat 8.5.60/61 User authentication with JNDIRealm failure stacktrace
--
You are receiving this mail
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
--- Comment #1 from Remy Maucherat ---
This is caused by the refactoring which added connection pooling. I think I
have an idea of what the problem is (bad cleanup if the error is when calling
get() in authenticate, the connection object could
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
Satya changed:
What|Removed |Added
Severity|critical|major
--
You are receiving this mail because:
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
Satya changed:
What|Removed |Added
CC||rsnraju...@gmail.com
--
You are receiving thi
https://bz.apache.org/bugzilla/show_bug.cgi?id=65033
Bug ID: 65033
Summary: Tomcat 8.5.60/61 User authentication with JNDIRealm
failure
Product: Tomcat 8
Version: 8.5.60
Hardware: PC
OS: Linux
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
Michael Osipov changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 6174d33 BZ 64011: JNDIRealm no longer
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new a00e863 BZ 64011: JNDIRealm no longer
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 98e45b9 BZ 64011: JNDIRealm no longer
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #19 from Michael Osipov ---
(In reply to Mike Lothian from comment #18)
> Yes, I tested it on the system I was using yesterday
>
> I'll take a look at your project, but I think we might be too far along with
> u
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #18 from Mike Lothian ---
Yes, I tested it on the system I was using yesterday
I'll take a look at your project, but I think we might be too far along with
using JNDIRealm to change at this point. If the documentation is b
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #17 from Michael Osipov ---
(In reply to Mike Lothian from comment #16)
> That works :D
Did you already try? Can I go ahead and commit that?
> Do you have more info on your SPNEGO realm? Does it allow fallback to
> another type to
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #16 from Mike Lothian ---
That works :D
Do you have more info on your SPNEGO realm? Does it allow fallback to another
type too?
--
You are receiving this mail because:
You are the assignee for the bug.
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #15 from Michael Osipov ---
Created attachment 36946
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36946&action=edit
Patch against tag 8.5.50
I personally don't like the strip operation because it is flawed in several
ways
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #14 from Mike Lothian ---
If you could post the patch I'll test it tomorrow when I'm in the office,
thanks
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
Michael Osipov changed:
What|Removed |Added
Severity|normal |regression
--
You are receiving this
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #13 from Michael Osipov ---
I have found the bug. Apologies, this was an oversight although I have read the
diff many times before merging into master.
Can add a modified JAR to your installation to verify potential fix? I will
pro
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #12 from Michael Osipov ---
Looked into it. Something is fishy because the issue should have failed
earlier. Will know more tomorrow.
I have the slight feeling that the changed triggered an bug previously present
in the code.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
Michael Osipov changed:
What|Removed |Added
Status|NEEDINFO|NEW
--- Comment #11 from Michael Osip
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #10 from Mike Lothian ---
Created attachment 36942
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36942&action=edit
Revert
This was my attempt at reverting the problem commit and does get things working
for me again
--
Yo
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #9 from Mike Lothian ---
Hi
I bisected between 8.5.49 and 8.5.50 and this was the first bad commit:
commit 12b857227b2671c9c871aa324cf5fc25c5d53c9a
Author: Michael Osipov
Date: Wed Aug 21 23:23:19 2019 +0200
BZ 63681: Intr
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #8 from Michael Osipov ---
Can you please also enable debug log on authenticators and also provide a
tcpdump of the unsuccessful and successful dump. If you don't want to disclose
the dump, plase send to my apache email address, if
Maucherat ---
There are no changes in JNDIRealm in 8.5.50, so given the stack and error
message a Tomcat issue is not the most likely explanation at the moment.
You should continue investigating without assuming it is a Tomcat issue, for
example you have a meaningful error message with a key "
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #6 from Mike Lothian ---
This was with:
org.apache.catalina.realm.level = FINEST
org.apache.catalina.authenticator.level = FINEST
Added to logging.properties
--
You are receiving this mail because:
You are the assignee for the b
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #5 from Mike Lothian ---
Created attachment 36941
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36941&action=edit
Broken logs
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #4 from Mike Lothian ---
Created attachment 36940
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36940&action=edit
Working logs
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #3 from Michael Osipov ---
(In reply to Mike Lothian from comment #2)
> I got the info from here:
>
> https://tomcat.apache.org/tomcat-8.5-doc/config/realm.html
>
> spnegoDelegationQop This attribute should be a comma-separated li
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
--- Comment #2 from Mike Lothian ---
I got the info from here:
https://tomcat.apache.org/tomcat-8.5-doc/config/realm.html
spnegoDelegationQop This attribute should be a comma-separated list of values
selected from auth-conf, auth-int and auth
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
Michael Osipov changed:
What|Removed |Added
CC||micha...@apache.org
--
You are recei
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
Michael Osipov changed:
What|Removed |Added
OS||All
--- Comment #1 from Michael Osipo
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
Bug ID: 64011
Summary: JNDIRealm no longer authenticates to LDAP
Product: Tomcat 8
Version: 8.5.50
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
https://bz.apache.org/bugzilla/show_bug.cgi?id=63550
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=63550
--- Comment #6 from Michael Osipov ---
My proposal works if you use JNDI with InitialDirContext directly. I don't use
the JNDIRealm, I use a custom ActiveDirectoryRealm which is perfectly coded for
AD only. Our connetion URL contains e
https://bz.apache.org/bugzilla/show_bug.cgi?id=63550
--- Comment #5 from Eugène Adell ---
(In reply to Michael Osipov from comment #4)
> That's the wrong spot, you need to look here:
> https://docs.oracle.com/javase/7/docs/technotes/guides/jndi/jndi-ldap-gl.
> html#url
Thank you Michael, that do
https://bz.apache.org/bugzilla/show_bug.cgi?id=63550
--- Comment #4 from Michael Osipov ---
(In reply to Eugène Adell from comment #3)
> (In reply to Michael Osipov from comment #2)
> > Don't use the altenative URL. Oracle's default implementation for LDAP will
> > handle multiple space-separated
https://bz.apache.org/bugzilla/show_bug.cgi?id=63550
--- Comment #3 from Eugène Adell ---
(In reply to Michael Osipov from comment #2)
> Don't use the altenative URL. Oracle's default implementation for LDAP will
> handle multiple space-separated URLs properly.
Is it documented anywhere ? I don'
https://bz.apache.org/bugzilla/show_bug.cgi?id=63550
--- Comment #2 from Michael Osipov ---
(In reply to Eugène Adell from comment #1)
> JNDIRealm.java :
>
> if (connectionURL != null && connectionAttempt == 0)
> env.put(Context.PROVIDER_URL, connectionURL);
> else if
https://bz.apache.org/bugzilla/show_bug.cgi?id=63550
--- Comment #1 from Eugène Adell ---
JNDIRealm.java :
if (connectionURL != null && connectionAttempt == 0)
env.put(Context.PROVIDER_URL, connectionURL);
else if (alternateURL != null && connectionAttempt > 0)
https://bz.apache.org/bugzilla/show_bug.cgi?id=63550
Bug ID: 63550
Summary: LDAP non standard port leads to JNDIRealm erratic
behaviour
Product: Tomcat 9
Version: 9.0.x
Hardware: All
OS: All
https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
--- Comment #5 from Mark Thomas ---
RFC 4514 (string representation of distinguished names) states that a space at
the beginning or end of a string must be escaped (there are other escaping
requirements but I am ignoring them for this discussio
https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
--- Comment #4 from Mark Thomas ---
Ah.
net user "bug63026 " pwd /ADD
does the trick. Interestingly, if you specify multiple spaces Windows only
escapes the last one in the UI. I wonder if this is an AD issue. I'll dig
further as I don't nece
https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
--- Comment #3 from Mark Thomas ---
Which version of Windows are you using? I'm using my default AD test
environment built with 2k8r2 and the UI won't allow creating of users where the
CN has trailing spaces. Alternatively, how are you creating
https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
--- Comment #2 from Michael Osipov ---
(In reply to Dave Anuszewski from comment #0)
> Using JNDIRealm to authenticate users against Microsoft Active Directory
> fails if the AD user object has 2 trailing spaces in it's cn
Christopher Schultz ---
Sounds miserable.
Any reason this user's username includes two – or even one – trailing space?
Since you debugged so successfully, would you care to prepare a patch for the
JNDIRealm?
--
You are receiving this mail because:
You are the assignee for th
https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
Bug ID: 63026
Summary: JNDIRealm fails to authenticate user with 2 trailing
spaces CN
Product: Tomcat 8
Version: 8.0.33
Hardware: PC
Status: NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=62214
Mark Thomas changed:
What|Removed |Added
Severity|normal |enhancement
--- Comment #5 from Mark Tho
https://bz.apache.org/bugzilla/show_bug.cgi?id=62214
Mark Thomas changed:
What|Removed |Added
Status|NEEDINFO|NEW
--- Comment #4 from Mark Thomas ---
https://bz.apache.org/bugzilla/show_bug.cgi?id=62214
marian.romasc...@nuance.com changed:
What|Removed |Added
Severity|major |normal
--
You are receiv
a fix. This test involved multiple
JNDIRealms.
The issue is the following - a JNDIRealm entry coming first in the "combined
realm" and matching the user but not the role will mask a JNDIRealm entry
coming after matching both user and role.
For instance let's assume we have:
user &
Schumacher ---
(In reply to marian.romascanu from comment #1)
> Wireshark traces available if needed. Impact is significant - we'll end-up
> with many JNDIRealm entries, one for each possible userBase
Wireshark trace would be great.
Is the tree testusers a referral to another serve
marian.romasc...@nuance.com ---
Wireshark traces available if needed. Impact is significant - we'll end-up with
many JNDIRealm entries, one for each possible userBase
--
You are receiving this mail because:
You are the assignee for th
https://bz.apache.org/bugzilla/show_bug.cgi?id=62214
Bug ID: 62214
Summary: The "userSubtree=true" and "roleSubtree=true" in
JNDIRealm not working
Product: Tomcat 8
Version: 8.5.29
Hardware: PC
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977
--- Comment #16 from Mark Thomas ---
OK. That looks like a regression. You'll need to report that to Oracle. I'd
expect the bug to be accepted fairly quickly if there is a regression but let
us know on the dev list if not.
--
You are receivin
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977
--- Comment #15 from marian.romasc...@nuance.com ---
Yes it seems to work. Just tested it wit JDK 8u162 and without the JNDIREalm
patch. The only hic of the fix, whatever that is,is the side effect that might
break other applications running on
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977
--- Comment #13 from marian.romasc...@nuance.com ---
Will reproduce on our side and send traces and logs
--
You are receiving this mail because:
You are the assignee for the bug.
1 - 100 of 268 matches
Mail list logo
