On Tue, Nov 23, 2021 at 2:59 PM Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.invalid> wrote: > > Short Addendum: > > The "destroyed" flag gets set, when the dispose-method of the > GSSCredentialImpl was invoked. > Currently, I have no clue when and how it happens, but I have seen this > problem every few months. > So it is only occurring sometimes. Maybe if the Kerberos ticket expires and > the http session is still alive (?) > > Nevertheless, the application should be able to recover from this situation > and handles it like "not authenticated".
So as suspected it may actually be an invalid credential that maybe Tomcat had a hand in. If Tomcat disposed the credential and then subsequently tried to use it for any reason, that would be "invalid". So that might warrant investigation before submitting a bug report. But I would still argue that a JGSS implementation should not throw exceptions that are not defined by the API and currently only GSSException is defined. Correction: This is not a bug in the JGSS API, it is (almost certainly) a bug in the *Oracle / Sun implementation* of JGSS. Mike --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org