svn commit: r1829924 - in /tomcat/trunk: java/org/apache/catalina/connector/Request.java webapps/docs/changelog.xml

Mon, 23 Apr 2018 12:34:33 -0700 

Author: markt
Date: Mon Apr 23 19:33:49 2018
New Revision: 1829924

URL: http://svn.apache.org/viewvc?rev=1829924&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62309
Fix a SecurityException when using JASPIC under a SecurityManager when 
authentication is not mandatory.

Modified:
    tomcat/trunk/java/org/apache/catalina/connector/Request.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=1829924&r1=1829923&r2=1829924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Mon Apr 23 
19:33:49 2018
@@ -1913,7 +1913,7 @@ public class Request implements HttpServ
      * @param principal The user Principal
      */
     public void setUserPrincipal(final Principal principal) {
-        if (Globals.IS_SECURITY_ENABLED) {
+        if (Globals.IS_SECURITY_ENABLED && principal != null) {
             if (subject == null) {
                 final HttpSession session = getSession(false);
                 if (session == null) {

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1829924&r1=1829923&r2=1829924&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Apr 23 19:33:49 2018
@@ -72,6 +72,11 @@
         Update the internal fork of Apache Commons BCEL to r1829827 to add 
early
         access Java 11 support to the annotation scanning code. (markt)
       </add>
+      <fix>
+        <bug>62309</bug>: Fix a <code>SecurityException</code> when using 
JASPIC
+        under a <code>SecurityManager</code> when authentication is not
+        mandatory. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to