Bug 60395

Summary: Log if GSSContext passed to RealmBase#authenticate(GSSContext, boolean) is not fully established
Product: Tomcat 8 Reporter: Michael Osipov <michaelo>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 8.5.x-trunk   
Target Milestone: ----   
Hardware: All   
OS: All   
Attachments: Log incomplete context

Description Michael Osipov 2016-11-20 21:32:27 UTC 
org.apache.catalina.realm.RealmBase.authenticate(GSSContext, boolean) does not log when an incomplete GSS context is passed, it simply returns null. Given that an authenticator is incorrectly implemented, this would be unnnoticed. Many resources on the net never care about context completion and think pass token and this is it.
Comment 1 Michael Osipov 2016-11-20 21:33:10 UTC 
Created attachment 34465 [details]
Log incomplete context
Comment 2 Mark Thomas 2016-11-25 21:04:05 UTC 
Thanks for the report and the patch.
Fixed in:
- trunk for 9.0.0.M14 onwards
- 8.5.x for 8.5.9 onwards
- 8.0.x for 8.0.40 onwards
- 7.0.x for 7.0.74 onwards