ASF Bugzilla – Attachment 36942 Details for
Bug 64011
JNDIRealm no longer authenticates to LDAP
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
Revert
0001-Revert-BZ-63681-Introduce-RealmBase-authenticate-GSS.patch (text/plain), 10.35 KB, created by
Mike Lothian
on 2020-01-02 16:41:19 UTC
(
hide
)
Description:
Revert
Filename:
MIME Type:
Creator:
Mike Lothian
Created:
2020-01-02 16:41:19 UTC
Size:
10.35 KB
patch
obsolete
>From 1b0418dfe163e61b825678e046fba7044c3baf8f Mon Sep 17 00:00:00 2001 >From: Mike Lothian <mike@fireburn.co.uk> >Date: Thu, 2 Jan 2020 16:38:39 +0000 >Subject: [PATCH] Revert "BZ 63681: Introduce RealmBase#authenticate(GSSName, > GSSCredential) and friends" > >This reverts commit 12b857227b2671c9c871aa324cf5fc25c5d53c9a. > >Conflicts: > java/org/apache/catalina/realm/CombinedRealm.java > java/org/apache/catalina/realm/RealmBase.java >--- > java/org/apache/catalina/GSSRealm.java | 45 ----------------- > java/org/apache/catalina/realm/CombinedRealm.java | 42 ---------------- > java/org/apache/catalina/realm/LockOutRealm.java | 13 ----- > java/org/apache/catalina/realm/RealmBase.java | 61 +++++------------------ > webapps/docs/changelog.xml | 4 -- > 5 files changed, 12 insertions(+), 153 deletions(-) > delete mode 100644 java/org/apache/catalina/GSSRealm.java > >diff --git a/java/org/apache/catalina/GSSRealm.java b/java/org/apache/catalina/GSSRealm.java >deleted file mode 100644 >index 2f4b16f..0000000 >--- a/java/org/apache/catalina/GSSRealm.java >+++ /dev/null >@@ -1,45 +0,0 @@ >-/* >- * Licensed to the Apache Software Foundation (ASF) under one or more >- * contributor license agreements. See the NOTICE file distributed with >- * this work for additional information regarding copyright ownership. >- * The ASF licenses this file to You under the Apache License, Version 2.0 >- * (the "License"); you may not use this file except in compliance with >- * the License. You may obtain a copy of the License at >- * >- * http://www.apache.org/licenses/LICENSE-2.0 >- * >- * Unless required by applicable law or agreed to in writing, software >- * distributed under the License is distributed on an "AS IS" BASIS, >- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >- * See the License for the specific language governing permissions and >- * limitations under the License. >- */ >-package org.apache.catalina; >- >-import java.security.Principal; >- >-import org.ietf.jgss.GSSCredential; >-import org.ietf.jgss.GSSName; >- >-/** >- * A <b>GSSRealm</b> is a specialized realm for GSS-based principals. >- * >- * @deprecated This will be removed in Tomcat 9 and integrated into {@link Realm}. >- */ >-@Deprecated >-public interface GSSRealm extends Realm { >- >- >- // --------------------------------------------------------- Public Methods >- >- /** >- * Try to authenticate using a {@link GSSName} >- * >- * @param gssName The {@link GSSName} of the principal to look up >- * @param gssCredential The {@link GSSCredential} of the principal, may be >- * {@code null} >- * @return the associated principal, or {@code null} if there is none >- */ >- public Principal authenticate(GSSName gssName, GSSCredential gssCredential); >- >-} >diff --git a/java/org/apache/catalina/realm/CombinedRealm.java b/java/org/apache/catalina/realm/CombinedRealm.java >index 03665e4..6e247de 100644 >--- a/java/org/apache/catalina/realm/CombinedRealm.java >+++ b/java/org/apache/catalina/realm/CombinedRealm.java >@@ -33,7 +33,6 @@ import org.apache.catalina.Wrapper; > import org.apache.juli.logging.Log; > import org.apache.juli.logging.LogFactory; > import org.ietf.jgss.GSSContext; >-import org.ietf.jgss.GSSCredential; > import org.ietf.jgss.GSSException; > import org.ietf.jgss.GSSName; > >@@ -394,47 +393,6 @@ public class CombinedRealm extends RealmBase { > /** > * {@inheritDoc} > */ >- @SuppressWarnings("deprecation") >- @Override >- public Principal authenticate(GSSName gssName, GSSCredential gssCredential) { >- Principal authenticatedUser = null; >- >- for (Realm realm : realms) { >- if (log.isDebugEnabled()) { >- log.debug(sm.getString("combinedRealm.authStart", >- gssName, realm.getClass().getName())); >- } >- >- if (!(realm instanceof org.apache.catalina.GSSRealm)) { >- if (log.isDebugEnabled()) { >- log.debug(sm.getString("combinedRealm.authFail", >- gssName, realm.getClass().getName())); >- } >- >- continue; >- } >- >- authenticatedUser = ((org.apache.catalina.GSSRealm) realm).authenticate(gssName, gssCredential); >- >- if (authenticatedUser == null) { >- if (log.isDebugEnabled()) { >- log.debug(sm.getString("combinedRealm.authFail", >- gssName, realm.getClass().getName())); >- } >- } else { >- if (log.isDebugEnabled()) { >- log.debug(sm.getString("combinedRealm.authSuccess", >- gssName, realm.getClass().getName())); >- } >- break; >- } >- } >- return authenticatedUser; >- } >- >- /** >- * {@inheritDoc} >- */ > @Override > public boolean hasRole(Wrapper wrapper, Principal principal, String role) { > for (Realm realm : realms) { >diff --git a/java/org/apache/catalina/realm/LockOutRealm.java b/java/org/apache/catalina/realm/LockOutRealm.java >index 119c2b6..8bf0691 100644 >--- a/java/org/apache/catalina/realm/LockOutRealm.java >+++ b/java/org/apache/catalina/realm/LockOutRealm.java >@@ -27,7 +27,6 @@ import org.apache.catalina.LifecycleException; > import org.apache.juli.logging.Log; > import org.apache.juli.logging.LogFactory; > import org.ietf.jgss.GSSContext; >-import org.ietf.jgss.GSSCredential; > import org.ietf.jgss.GSSException; > import org.ietf.jgss.GSSName; > >@@ -206,18 +205,6 @@ public class LockOutRealm extends CombinedRealm { > return null; > } > >- /** >- * {@inheritDoc} >- */ >- @Override >- public Principal authenticate(GSSName gssName, GSSCredential gssCredential) { >- String username = gssName.toString(); >- >- Principal authenticatedUser = super.authenticate(gssName, gssCredential); >- >- return filterLockedAccounts(username, authenticatedUser); >- } >- > > /* > * Filters authenticated principals to ensure that <code>null</code> is >diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java >index 5fd7f18..45d195d 100644 >--- a/java/org/apache/catalina/realm/RealmBase.java >+++ b/java/org/apache/catalina/realm/RealmBase.java >@@ -40,6 +40,7 @@ import org.apache.catalina.Engine; > import org.apache.catalina.Host; > import org.apache.catalina.LifecycleException; > import org.apache.catalina.LifecycleState; >+import org.apache.catalina.Realm; > import org.apache.catalina.Server; > import org.apache.catalina.Service; > import org.apache.catalina.Wrapper; >@@ -70,7 +71,7 @@ import org.ietf.jgss.GSSName; > * @author Craig R. McClanahan > */ > @SuppressWarnings("deprecation") >-public abstract class RealmBase extends LifecycleMBeanBase implements org.apache.catalina.GSSRealm { >+public abstract class RealmBase extends LifecycleMBeanBase implements Realm { > > private static final Log log = LogFactory.getLog(RealmBase.class); > >@@ -498,7 +499,16 @@ public abstract class RealmBase extends LifecycleMBeanBase implements org.apache > } > } > >- return getPrincipal(gssName, gssCredential); >+ String name = gssName.toString(); >+ >+ if (isStripRealmForGss()) { >+ int i = name.indexOf('@'); >+ if (i > 0) { >+ // Zero so we don't leave a zero length name >+ name = name.substring(0, i); >+ } >+ } >+ return getPrincipal(name, gssCredential); > } > } else { > log.error(sm.getString("realmBase.gssContextNotEstablished")); >@@ -510,19 +520,6 @@ public abstract class RealmBase extends LifecycleMBeanBase implements org.apache > > > /** >- * {@inheritDoc} >- */ >- @Override >- public Principal authenticate(GSSName gssName, GSSCredential gssCredential) { >- if (gssName == null) { >- return null; >- } >- >- return getPrincipal(gssName, gssCredential); >- } >- >- >- /** > * Execute a periodic task, such as reloading, etc. This method will be > * invoked inside the classloading context of this container. Unexpected > * throwables will be caught and logged. >@@ -1245,11 +1242,6 @@ public abstract class RealmBase extends LifecycleMBeanBase implements org.apache > protected abstract Principal getPrincipal(String username); > > >- /** >- * @deprecated This will be removed in Tomcat 10. Use >- * {@link #getPrincipal(GSSName, GSSCredential)} instead. >- */ >- @Deprecated > protected Principal getPrincipal(String username, > GSSCredential gssCredential) { > Principal p = getPrincipal(username); >@@ -1261,35 +1253,6 @@ public abstract class RealmBase extends LifecycleMBeanBase implements org.apache > return p; > } > >- >- /** >- * Get the principal associated with the specified {@link GSSName}. >- * >- * @param gssName The GSS name >- * @param gssCredential the GSS credential of the principal >- * @return the principal associated with the given user name. >- */ >- protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential) { >- String name = gssName.toString(); >- >- if (isStripRealmForGss()) { >- int i = name.indexOf('@'); >- if (i > 0) { >- // Zero so we don't leave a zero length name >- name = name.substring(0, i); >- } >- } >- >- Principal p = getPrincipal(name); >- >- if (p instanceof GenericPrincipal) { >- ((GenericPrincipal) p).setGssCredential(gssCredential); >- } >- >- return p; >- } >- >- > /** > * Return the Server object that is the ultimate parent for the container > * with which this Realm is associated. If the server cannot be found (eg >diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml >index 0811e98..b12b3a2 100644 >--- a/webapps/docs/changelog.xml >+++ b/webapps/docs/changelog.xml >@@ -52,10 +52,6 @@ > CSRF nonce request parameter name to be customized. > (schultz) > </add> >- <add> >- <bug>63681</bug>: Introduce RealmBase#authenticate(GSSName, GSSCredential) >- and friends. (michaelo) >- </add> > <fix> > <bug>63964</bug>: Correct a regression in the static resource caching > changes introduced in 9.0.28. URLs constructed from URLs obtained from >-- >1.8.3.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=36942">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 64011
:
36940
|
36941
| 36942 |
36946