[ https://issues.apache.org/jira/browse/FEDIZ-243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arnaud MERGEY updated FEDIZ-243: -------------------------------- Labels: tomcat (was: ) > Fediz tomcat valve is broken with recent tomcat version > ------------------------------------------------------- > > Key: FEDIZ-243 > URL: https://issues.apache.org/jira/browse/FEDIZ-243 > Project: CXF-Fediz > Issue Type: Bug > Components: Plugin > Affects Versions: 1.4.6 > Reporter: Arnaud MERGEY > Priority: Critical > Labels: tomcat > > Since 8.5.50 and 9.0.30, the fediz tomcat valve stop working because of a > security fix done in FormAuthenticator > _Refactor FORM authentication to reduce duplicate code and to ensure that the > authenticated Principal is not cached in the session when caching is > disabled. (markt)_ > Which has been done with this commit > [https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652#diff-d3a23672da52a023e04cefd774dbe896] > I need to investigate more, but I think the main issue is > {code:java} > in > org.apache.cxf.fediz.tomcat8.FederationAuthenticator.restoreRequest(Request, > HttpServletResponse) > Principal principal = > (Principal)session.getNote(Constants.FORM_PRINCIPAL_NOTE); > {code} > > is not working anymore as Constants.FORM_PRINCIPAL_NOTE is not used anymore -- This message was sent by Atlassian Jira (v8.3.4#803005)