This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push: new b8ddc8c Update after kkolinko review of new PersistAuthentication attribute b8ddc8c is described below commit b8ddc8cc8df8fa9c85525a32973202401ad79345 Author: Mark Thomas <ma...@apache.org> AuthorDate: Fri Feb 28 19:28:53 2020 +0000 Update after kkolinko review of new PersistAuthentication attribute --- .../apache/catalina/session/StandardSession.java | 4 ++-- webapps/docs/config/manager.xml | 21 ++------------------- webapps/docs/security-howto.xml | 4 ++++ 3 files changed, 8 insertions(+), 21 deletions(-) diff --git a/java/org/apache/catalina/session/StandardSession.java b/java/org/apache/catalina/session/StandardSession.java index 0c87fea..a93d9fd 100644 --- a/java/org/apache/catalina/session/StandardSession.java +++ b/java/org/apache/catalina/session/StandardSession.java @@ -1709,7 +1709,7 @@ public class StandardSession implements HttpSession, Session, Serializable { // Gather authentication information (if configured) String sessionAuthType = null; Principal sessionPrincipal = null; - if (isPersistAuthentication()) { + if (getPersistAuthentication()) { sessionAuthType = getAuthType(); sessionPrincipal = getPrincipal(); if (!(sessionPrincipal instanceof Serializable)) { @@ -1768,7 +1768,7 @@ public class StandardSession implements HttpSession, Session, Serializable { * @return {@code true}, if authentication information shall be persisted; * {@code false} otherwise */ - private boolean isPersistAuthentication() { + private boolean getPersistAuthentication() { if (manager instanceof ManagerBase) { return ((ManagerBase) manager).getPersistAuthentication(); } diff --git a/webapps/docs/config/manager.xml b/webapps/docs/config/manager.xml index 7f2d963..fc16389 100644 --- a/webapps/docs/config/manager.xml +++ b/webapps/docs/config/manager.xml @@ -161,23 +161,6 @@ filter pattern in order to be restored.</p> </attribute> - <attribute name="persistAuthentication" required="false"> - <p>Should authentication information be included when session state is - preserved across application restarts? If <code>true</code>, the session's - authentication is preserved so that the session remains authenticated - after the application has been restarted. If not specified, the default - value of <code>false</code> will be used.<br />See - <a href="#Persistence_Across_Restarts">Persistence Across Restarts</a> - for more information.</p> - - <p>Please note that the session's <code>Principal</code> class as well - as its descendant classes are all subject to the - <strong>sessionAttributeValueClassNameFilter</strong>. If such a filter - is specified or a <code>SecurityManager</code> is enabled, the names of - the <code>Principal</code> class and descendant classes must match that - filter pattern in order to be restored.</p> - </attribute> - <attribute name="processExpiresFrequency" required="false"> <p>Frequency of the session expiration, and related manager operations. Manager operations will be done once for the specified amount of @@ -234,7 +217,7 @@ must fully match the pattern. If not specified, the default value of <code>null</code> will be used unless a <code>SecurityManager</code> is enabled in which case the default will be - <code><nobr>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</nobr></code>.</p> + <code>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</code>.</p> </attribute> <attribute name="warnOnSessionAttributeFilterFailure" required="false"> @@ -372,7 +355,7 @@ must fully match the pattern. If not specified, the default value of <code>null</code> will be used unless a <code>SecurityManager</code> is enabled in which case the default will be - <code><nobr>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</nobr></code>.</p> + <code>java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|org\\.apache\\.catalina\\.realm\\.GenericPrincipal\\$SerializablePrincipal|\\[Ljava.lang.String;</code>.</p> </attribute> <attribute name="warnOnSessionAttributeFilterFailure" required="false"> diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index 6f97025..d52fc01 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -444,6 +444,10 @@ <p>The length of the session ID may be changed with the <strong>sessionIdLength</strong> attribute.</p> + + <p>The <strong>persistAuthentication</strong> controls whether the + authenticated Principal associated with the session (if any) is included + when the session is persisted during a restart or to a Store.</p> </subsection> <subsection name="Cluster"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org