ASF Bugzilla – Attachment 34463 Details for
Bug 60380
HttpServletRequest#logout() never calls TomcatPrincipal#logout()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch calling TomcatPrincipal#logout()
BZ-60380.patch (text/plain), 2.16 KB, created by
Michael Osipov
on 2016-11-20 18:54:26 UTC
(
hide
)
Description:
Patch calling TomcatPrincipal#logout()
Filename:
MIME Type:
Creator:
Michael Osipov
Created:
2016-11-20 18:54:26 UTC
Size:
2.16 KB
patch
obsolete
>Index: java/org/apache/catalina/authenticator/AuthenticatorBase.java >=================================================================== >--- java/org/apache/catalina/authenticator/AuthenticatorBase.java (revision 1770568) >+++ java/org/apache/catalina/authenticator/AuthenticatorBase.java (working copy) >@@ -48,6 +48,7 @@ > import org.apache.catalina.Manager; > import org.apache.catalina.Realm; > import org.apache.catalina.Session; >+import org.apache.catalina.TomcatPrincipal; > import org.apache.catalina.Valve; > import org.apache.catalina.Wrapper; > import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl; >@@ -1107,6 +1108,15 @@ > } > } > >+ Principal p = request.getPrincipal(); >+ if (p instanceof TomcatPrincipal) { >+ try { >+ ((TomcatPrincipal) p).logout(); >+ } catch (Exception e) { >+ log.debug(sm.getString("authenticator.tomcatPrincipalLogoutFail"), e); >+ } >+ } >+ > register(request, request.getResponse(), null, null, null, null); > } > >Index: java/org/apache/catalina/authenticator/LocalStrings.properties >=================================================================== >--- java/org/apache/catalina/authenticator/LocalStrings.properties (revision 1770568) >+++ java/org/apache/catalina/authenticator/LocalStrings.properties (working copy) >@@ -30,6 +30,7 @@ > authenticator.requestBodyTooBig=The request body was too large to be cached during the authentication process > authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser > authenticator.unauthorized=Cannot authenticate with the provided credentials >+authenticator.tomcatPrincipalLogoutFail=Logout with TomcatPrincipal instance has failed > > digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes. >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 60380
:
34462
| 34463