Author: markt Date: Mon Aug 6 13:35:41 2018 New Revision: 1837520 URL: http://svn.apache.org/viewvc?rev=1837520&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62547 JASPIC cleanSubject() was not called on logout when the authenticator was configured to cache the authenticated Principal. Patch provided by Guillermo González de Agüero. This closes #116
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1837520&r1=1837519&r2=1837520&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Mon Aug 6 13:35:41 2018 @@ -810,7 +810,6 @@ public abstract class AuthenticatorBase !principal.getUserPrincipal().equals(request.getUserPrincipal())) { // Skip registration if authentication credentials were // cached and the Principal did not change. - request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client); @SuppressWarnings("rawtypes")// JASPIC API uses raw types Map map = state.messageInfo.getMap(); if (map != null && map.containsKey("javax.servlet.http.registerSession")) { @@ -819,6 +818,7 @@ public abstract class AuthenticatorBase register(request, response, principal, "JASPIC", null, null); } } + request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client); return true; } return false; Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1837520&r1=1837519&r2=1837520&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 6 13:35:41 2018 @@ -86,6 +86,11 @@ Make logout more robust if JASPIC subject is unexpectedly unavailable. (markt) </add> + <fix> + <bug>62547</bug>: JASPIC <code>cleanSubject()</code> was not called on + logout when the authenticator was configured to cache the authenticated + Principal. Patch provided by Guillermo González de Agüero. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org