[tomcat] branch 8.5.x updated: Expand code comments

Wed, 24 Nov 2021 01:31:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 9a132b6  Expand code comments
9a132b6 is described below

commit 9a132b60be805c3a90da0bc97fabfd9302bad944
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Nov 24 09:25:19 2021 +0000

    Expand code comments
---
 java/org/apache/catalina/connector/Request.java | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 98b61f3..50d3174 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2671,13 +2671,23 @@ public class Request implements HttpServletRequest {
             if (gssCredential != null) {
                 int left = -1;
                 try {
+                    // Concurrent calls to this method from an expired session
+                    // can trigger an ISE. If one thread calls logout() below
+                    // before another thread calls getRemainingLifetime() then
+                    // then since logout() eventually calls
+                    // GSSCredential.dispose(), the subsequent call to
+                    // GSSCredential.getRemainingLifetime() will throw an ISE.
+                    // Avoiding the ISE would require locking in this method to
+                    // protect against concurrent access to the GSSCredential.
+                    // That would have a small performance impact. The ISE is
+                    // rare so it is caught and handled rather than avoided.
                     left = gssCredential.getRemainingLifetime();
                 } catch (GSSException | IllegalStateException e) {
                     log.warn(sm.getString("coyoteRequest.gssLifetimeFail",
                             userPrincipal.getName()), e);
                 }
-                // zero is expired.
-                // Should never be less than zero but handle those values too
+                // zero is expired. Exception above will mean left == -1
+                // Treat both as expired.
                 if (left <= 0) {
                     // GSS credential has expired. Need to re-authenticate.
                     try {

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to