Bug 60395 - Log if GSSContext passed to RealmBase#authenticate(GSSContext, boolean) is not fully established
Summary: Log if GSSContext passed to RealmBase#authenticate(GSSContext, boolean) is no...
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.5.x-trunk
Hardware: All All
: P2 normal (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2016-11-20 21:32 UTC by Michael Osipov
Modified: 2016-11-25 21:04 UTC (History)
0 users

Log incomplete context (1.45 KB, patch)
2016-11-20 21:33 UTC, Michael Osipov
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2016-11-20 21:32:27 UTC
org.apache.catalina.realm.RealmBase.authenticate(GSSContext, boolean) does not log when an incomplete GSS context is passed, it simply returns null. Given that an authenticator is incorrectly implemented, this would be unnnoticed. Many resources on the net never care about context completion and think pass token and this is it.
Comment 1 Michael Osipov 2016-11-20 21:33:10 UTC
Created attachment 34465 [details]
Log incomplete context
Comment 2 Mark Thomas 2016-11-25 21:04:05 UTC
Thanks for the report and the patch.
Fixed in:
- trunk for 9.0.0.M14 onwards
- 8.5.x for 8.5.9 onwards
- 8.0.x for 8.0.40 onwards
- 7.0.x for 7.0.74 onwards