Summary: | Subject incorrectly removed from user session | ||
---|---|---|---|
Product: | Tomcat 7 | Reporter: | Jan Engehausen <smurf667> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | trunk | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All |
Description
Jan Engehausen
2017-03-06 16:53:49 UTC
Tomcat 7.0.47 is over three years old, and many, many changes have gone in since then. Please update to a current version of Tomcat and see if the problem persists. Hi Chuck, I understand. We're seeing this in production with 7.0.54, and have a standalone reproduceable scenario with 7.0.47 (embedded). We believe the issue to be in org.apache.catalina.connector.Request.setUserPrincipal(java.security.Principal) and looking at the code of 7.0.63 or 8.0.24 it seems to be still in there as well. http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/7.0.63/org/apache/catalina/connector/Request.java#Request.setUserPrincipal%28java.security.Principal%29 http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/8.0.24/org/apache/catalina/connector/Request.java#Request.setUserPrincipal%28java.security.Principal%29 Kind regards, Jan I've now upgrade the reproduceable scenario to use Tomcat 7.0.63. The problem also manifests in this version. Kind regards, Jan (In reply to Jan Engehausen from comment #3) > I've now upgrade the reproduceable scenario to use Tomcat 7.0.63. The > problem also manifests in this version. 7.0.63 is still over 1.5 years old. Please try with the _current_ release (7.0.75). I've update the demonstration to use 7.0.75. The problem is showing. Confirmed. The current code is affected. I do wonder if Request.subject is required although I can think of some (slightly odd) use cases where it might be. Fixed in: - trunk for 9.0.0.M18 onwards - 8.5.x for 8.5.12 onwards - 8.0.x for 8.0.42 onwards - 7.0.x for 7.0.76 onwards Hey guys, most impressive! THANK YOU! Regards, Jan |