Bug 61780

Summary: If AuthConfigFactoryImpl.getRegistrationIDs() is called to get the IDs of all active registrations, it always returns the default registration id in the result list
Product: Tomcat 8 Reporter: Lazar Kirchev <lazar.kirchev>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Severity: normal    
Priority: P2    
Version: 8.5.23   
Target Milestone: ----   
Hardware: PC   
OS: All   

Description Lazar Kirchev 2017-11-18 13:58:59 UTC
When AuthConfigFactoryImpl.getRegistrationIDs() is called with null parameter in order to get all active registrations' IDs, it always returns in the result list the default registration id, even if there is no registration with this ID.
It adds the default registration ID to the list if the default registration map is not null, but it actually is always non-null becuase it is created upon creation of the AuthConfigFactoryImpl instance.
Comment 1 Lazar Kirchev 2017-11-18 14:00:45 UTC
This pull request contains a test case, which illustrates the problem and a fix for it: https://github.com/apache/tomcat/pull/88

One comment - in the proposed fix I add a check if the default registrations map is empty. However, here the check for null seems not to be necessary as the map is created upon creation of the AuthConfigFactoryImpl instance.
Comment 2 Mark Thomas 2017-11-20 13:24:44 UTC
Agreed. It looks like some refactoring took place that wasn't fully taken into account. The null check is unnecessary. As is making the map volatile.
Comment 3 Mark Thomas 2017-11-20 13:39:47 UTC
Thanks for the pull request. I tweaked it slightly as per my previous comment before applying it.

Fixed in:
- trunk for 9.0.2 onwards
- 8.5.x for 8.5.24 onwards