tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1742976 - in /tomcat/trunk: java/org/apache/catalina/authenticator/AuthenticatorBase.java webapps/docs/changelog.xml
Date Mon, 09 May 2016 15:13:39 GMT
Author: markt
Date: Mon May  9 15:13:39 2016
New Revision: 1742976

URL: http://svn.apache.org/viewvc?rev=1742976&view=rev
Log:
Do not trigger unnecessary session ID changes when using JASPIC and the user is authenticated
using cached credentials.

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1742976&r1=1742975&r2=1742976&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Mon May  9
15:13:39 2016
@@ -699,7 +699,7 @@ public abstract class AuthenticatorBase
             // No JASPIC configuration. Use the standard authenticator.
             return authenticate(request, response);
         } else {
-            checkForCachedAuthentication(request, response, false);
+            boolean cachedAuth = checkForCachedAuthentication(request, response, false);
             Subject client = new Subject();
             AuthStatus authStatus;
             try {
@@ -720,7 +720,10 @@ public abstract class AuthenticatorBase
                 if (principal == null) {
                     request.setUserPrincipal(null);
                     request.setAuthType(null);
-                } else {
+                } else if (cachedAuth == false ||
+                        !principal.getUserPrincipal().equals(request.getUserPrincipal()))
{
+                    // Skip registration if authentication credentials were
+                    // cached and the Principal did not change.
                     request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client);
                     @SuppressWarnings("rawtypes")// JASPIC API uses raw types
                     Map map = messageInfo.getMap();

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1742976&r1=1742975&r2=1742976&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon May  9 15:13:39 2016
@@ -209,6 +209,10 @@
         internal <code>Response</code> object requires JASPIC authentication.
         (markt)
       </fix>
+      <fix>
+        Do not trigger unnecessary session ID changes when using JASPIC and the
+        user is authenticated using cached credentials. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message