[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-dev
Subject: svn commit: r1546631 - in /tomcat/trunk/java/org/apache/catalina/connector: LocalStrings.properties
From: markt () apache ! org
Date: 2013-11-29 19:25:49
Message-ID: 20131129192549.CAA18238888F () eris ! apache ! org
[Download RAW message or body]
Author: markt
Date: Fri Nov 29 19:25:49 2013
New Revision: 1546631
URL: http://svn.apache.org/r1546631
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55804
If the GSSCrednetial for the cached principal expires when using SPNEGO \
authentication, force a re-authentication.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/connector/Request.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties?rev=1546631&r1=1546630&r2=1546631&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties \
(original)
+++ tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties Fri Nov \
29 19:25:49 2013 @@ -34,6 +34,7 @@ coyoteOutputStream.nbNotready=In non-blo
coyoteRequest.getInputStream.ise=getReader() has already been called for this \
request coyoteRequest.getReader.ise=getInputStream() has already been called for \
this request +coyoteRequest.gssLifetimeFail=Failed to obtain remaining lifetime for \
user principal [{0}] coyoteRequest.sessionCreateCommitted=Cannot create a session \
after the response has been committed coyoteRequest.changeSessionId=Cannot change \
session ID. There is no session associated with this request. \
coyoteRequest.setAttribute.namenull=Cannot call setAttribute with a null name
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=1546631&r1=1546630&r2=1546631&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Fri Nov 29 19:25:49 \
2013 @@ -96,6 +96,8 @@ import org.apache.tomcat.util.http.fileu
import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
import org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext;
import org.apache.tomcat.util.res.StringManager;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
/**
@@ -2333,6 +2335,27 @@ public class Request
@Override
public Principal getUserPrincipal() {
if (userPrincipal instanceof TomcatPrincipal) {
+ GSSCredential gssCredential =
+ ((TomcatPrincipal) userPrincipal).getGssCredential();
+ if (gssCredential != null) {
+ int left = -1;
+ try {
+ left = gssCredential.getRemainingLifetime();
+ } catch (GSSException e) {
+ log.warn(sm.getString("coyoteRequest.gssLifetimeFail",
+ userPrincipal.getName()), e);
+ }
+ if (left == 0) {
+ // GSS credential has expired. Need to re-authenticate.
+ try {
+ logout();
+ } catch (ServletException e) {
+ // Should never happen (no code called by logout()
+ // throws a ServletException
+ }
+ return null;
+ }
+ }
return ((TomcatPrincipal) userPrincipal).getUserPrincipal();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic