From 1b0418dfe163e61b825678e046fba7044c3baf8f Mon Sep 17 00:00:00 2001
From: Mike Lothian <mike@fireburn.co.uk>
Date: Thu, 2 Jan 2020 16:38:39 +0000
Subject: [PATCH] Revert "BZ 63681: Introduce RealmBase#authenticate(GSSName,
 GSSCredential) and friends"

This reverts commit 12b857227b2671c9c871aa324cf5fc25c5d53c9a.

Conflicts:
	java/org/apache/catalina/realm/CombinedRealm.java
	java/org/apache/catalina/realm/RealmBase.java
---
 java/org/apache/catalina/GSSRealm.java            | 45 -----------------
 java/org/apache/catalina/realm/CombinedRealm.java | 42 ----------------
 java/org/apache/catalina/realm/LockOutRealm.java  | 13 -----
 java/org/apache/catalina/realm/RealmBase.java     | 61 +++++------------------
 webapps/docs/changelog.xml                        |  4 --
 5 files changed, 12 insertions(+), 153 deletions(-)
 delete mode 100644 java/org/apache/catalina/GSSRealm.java

diff --git a/java/org/apache/catalina/GSSRealm.java b/java/org/apache/catalina/GSSRealm.java
deleted file mode 100644
index 2f4b16f..0000000
--- a/java/org/apache/catalina/GSSRealm.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.catalina;
-
-import java.security.Principal;
-
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSName;
-
-/**
- * A <b>GSSRealm</b> is a specialized realm for GSS-based principals.
- *
- * @deprecated This will be removed in Tomcat 9 and integrated into {@link Realm}.
- */
-@Deprecated
-public interface GSSRealm extends Realm {
-
-
-    // --------------------------------------------------------- Public Methods
-
-    /**
-     * Try to authenticate using a {@link GSSName}
-     *
-     * @param gssName The {@link GSSName} of the principal to look up
-     * @param gssCredential The {@link GSSCredential} of the principal, may be
-     *                      {@code null}
-     * @return the associated principal, or {@code null} if there is none
-     */
-    public Principal authenticate(GSSName gssName, GSSCredential gssCredential);
-
-}
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java b/java/org/apache/catalina/realm/CombinedRealm.java
index 03665e4..6e247de 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -33,7 +33,6 @@ import org.apache.catalina.Wrapper;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSName;
 
@@ -394,47 +393,6 @@ public class CombinedRealm extends RealmBase {
     /**
      * {@inheritDoc}
      */
-    @SuppressWarnings("deprecation")
-    @Override
-    public Principal authenticate(GSSName gssName, GSSCredential gssCredential) {
-        Principal authenticatedUser = null;
-
-        for (Realm realm : realms) {
-            if (log.isDebugEnabled()) {
-                log.debug(sm.getString("combinedRealm.authStart",
-                        gssName, realm.getClass().getName()));
-            }
-
-            if (!(realm instanceof org.apache.catalina.GSSRealm)) {
-                if (log.isDebugEnabled()) {
-                    log.debug(sm.getString("combinedRealm.authFail",
-                            gssName, realm.getClass().getName()));
-                }
-
-                continue;
-            }
-
-            authenticatedUser = ((org.apache.catalina.GSSRealm) realm).authenticate(gssName, gssCredential);
-
-            if (authenticatedUser == null) {
-                if (log.isDebugEnabled()) {
-                    log.debug(sm.getString("combinedRealm.authFail",
-                            gssName, realm.getClass().getName()));
-                }
-            } else {
-                if (log.isDebugEnabled()) {
-                    log.debug(sm.getString("combinedRealm.authSuccess",
-                            gssName, realm.getClass().getName()));
-                }
-                break;
-            }
-        }
-        return authenticatedUser;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
     @Override
     public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
         for (Realm realm : realms) {
diff --git a/java/org/apache/catalina/realm/LockOutRealm.java b/java/org/apache/catalina/realm/LockOutRealm.java
index 119c2b6..8bf0691 100644
--- a/java/org/apache/catalina/realm/LockOutRealm.java
+++ b/java/org/apache/catalina/realm/LockOutRealm.java
@@ -27,7 +27,6 @@ import org.apache.catalina.LifecycleException;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSName;
 
@@ -206,18 +205,6 @@ public class LockOutRealm extends CombinedRealm {
         return null;
     }
 
-    /**
-     * {@inheritDoc}
-     */
-    @Override
-    public Principal authenticate(GSSName gssName, GSSCredential gssCredential) {
-        String username = gssName.toString();
-
-        Principal authenticatedUser = super.authenticate(gssName, gssCredential);
-
-        return filterLockedAccounts(username, authenticatedUser);
-    }
-
 
     /*
      * Filters authenticated principals to ensure that <code>null</code> is
diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java
index 5fd7f18..45d195d 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -40,6 +40,7 @@ import org.apache.catalina.Engine;
 import org.apache.catalina.Host;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.LifecycleState;
+import org.apache.catalina.Realm;
 import org.apache.catalina.Server;
 import org.apache.catalina.Service;
 import org.apache.catalina.Wrapper;
@@ -70,7 +71,7 @@ import org.ietf.jgss.GSSName;
  * @author Craig R. McClanahan
  */
 @SuppressWarnings("deprecation")
-public abstract class RealmBase extends LifecycleMBeanBase implements org.apache.catalina.GSSRealm {
+public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
 
     private static final Log log = LogFactory.getLog(RealmBase.class);
 
@@ -498,7 +499,16 @@ public abstract class RealmBase extends LifecycleMBeanBase implements org.apache
                     }
                 }
 
-                return getPrincipal(gssName, gssCredential);
+                String name = gssName.toString();
+
+                if (isStripRealmForGss()) {
+                    int i = name.indexOf('@');
+                    if (i > 0) {
+                        // Zero so we don't leave a zero length name
+                        name = name.substring(0, i);
+                    }
+                }
+                return getPrincipal(name, gssCredential);
             }
         } else {
             log.error(sm.getString("realmBase.gssContextNotEstablished"));
@@ -510,19 +520,6 @@ public abstract class RealmBase extends LifecycleMBeanBase implements org.apache
 
 
     /**
-     * {@inheritDoc}
-     */
-    @Override
-    public Principal authenticate(GSSName gssName, GSSCredential gssCredential) {
-        if (gssName == null) {
-            return null;
-        }
-
-        return getPrincipal(gssName, gssCredential);
-    }
-
-
-    /**
      * Execute a periodic task, such as reloading, etc. This method will be
      * invoked inside the classloading context of this container. Unexpected
      * throwables will be caught and logged.
@@ -1245,11 +1242,6 @@ public abstract class RealmBase extends LifecycleMBeanBase implements org.apache
     protected abstract Principal getPrincipal(String username);
 
 
-    /**
-     * @deprecated This will be removed in Tomcat 10. Use
-     *             {@link #getPrincipal(GSSName, GSSCredential)} instead.
-     */
-    @Deprecated
     protected Principal getPrincipal(String username,
             GSSCredential gssCredential) {
         Principal p = getPrincipal(username);
@@ -1261,35 +1253,6 @@ public abstract class RealmBase extends LifecycleMBeanBase implements org.apache
         return p;
     }
 
-
-    /**
-     * Get the principal associated with the specified {@link GSSName}.
-     *
-     * @param gssName The GSS name
-     * @param gssCredential the GSS credential of the principal
-     * @return the principal associated with the given user name.
-     */
-    protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential) {
-        String name = gssName.toString();
-
-        if (isStripRealmForGss()) {
-            int i = name.indexOf('@');
-            if (i > 0) {
-                // Zero so we don't leave a zero length name
-                name = name.substring(0, i);
-            }
-        }
-
-        Principal p = getPrincipal(name);
-
-        if (p instanceof GenericPrincipal) {
-            ((GenericPrincipal) p).setGssCredential(gssCredential);
-        }
-
-        return p;
-    }
-
-
     /**
      * Return the Server object that is the ultimate parent for the container
      * with which this Realm is associated. If the server cannot be found (eg
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0811e98..b12b3a2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -52,10 +52,6 @@
         CSRF nonce request parameter name to be customized.
         (schultz)
       </add>
-      <add>
-        <bug>63681</bug>: Introduce RealmBase#authenticate(GSSName, GSSCredential)
-        and friends. (michaelo)
-      </add>
       <fix>
         <bug>63964</bug>: Correct a regression in the static resource caching
         changes introduced in 9.0.28. URLs constructed from URLs obtained from
-- 
1.8.3.1