This is an automated email from the ASF dual-hosted git repository. rzo1 pushed a commit to branch ee11 in repository https://gitbox.apache.org/repos/asf/tomee.git
commit ac1d4fd924d90cd1ada349898a5ae741afebac41 Author: Markus Jung <[email protected]> AuthorDate: Mon Mar 17 18:01:01 2025 +0100 tomcat 11 --- .../arquillian/tests/realm/CdiEventRealmTest.java | 15 +++++++------- .../arquillian/tests/realm/HardCodedRealm.java | 2 +- .../arquillian/tests/realm/MultiAuthenticator.java | 2 +- .../arquillian/tests/realm/MyCdiLazyRealm.java | 6 +++--- .../tests/realm/MyCdiRealmBaseLazyRealm.java | 2 +- .../main/resources/tomee/conf/catalina.properties | 24 ---------------------- .../src/main/resources/tomee/conf/server.xml | 16 ++++----------- .../main/resources/tomee/conf/catalina.properties | 24 ---------------------- .../src/main/resources/tomee/conf/server.xml | 16 ++++----------- .../main/resources/tomee/conf/catalina.properties | 24 ---------------------- .../src/main/resources/tomee/conf/server.xml | 16 ++++----------- .../main/resources/tomee/conf/catalina.properties | 24 ---------------------- .../src/main/resources/tomee/conf/server.xml | 16 ++++----------- pom.xml | 2 +- .../java/org/apache/tomee/catalina/TomEERealm.java | 8 ++++---- .../apache/tomee/catalina/realm/CdiEventRealm.java | 7 ++++--- .../org/apache/tomee/catalina/realm/LazyRealm.java | 7 ++++--- .../apache/tomee/catalina/realm/LowTypedRealm.java | 9 ++++---- .../realm/event/DigestAuthenticationEvent.java | 16 ++++++++++----- .../tomee/security/TomEESecurityContext.java | 1 - 20 files changed, 59 insertions(+), 178 deletions(-) diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java index a1883e8eef..51223cb447 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java @@ -70,9 +70,9 @@ public class CdiEventRealmTest { @Test public void digest() { - final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate("ryan", "md5", "nonce", "nc", "cnonce", "qop", "realm", "md5a2")); + final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate("ryan", "md5", "nonce", "nc", "cnonce", "qop", "realm", "digestA2", "algorithm")); final String[] actual = gp.getRoles(); - final String[] expected = new String[] {"ryan", "md5", "nonce", "nc", "cnonce", "qop", "realm", "md5a2"}; + final String[] expected = new String[] {"ryan", "md5", "nonce", "nc", "cnonce", "qop", "realm", "digestA2", "algorithm"}; Arrays.sort(actual); Arrays.sort(expected); @@ -91,7 +91,7 @@ public class CdiEventRealmTest { @Test public void ssl() { X509Certificate cert = mock(X509Certificate.class); - GenericPrincipal expected = new GenericPrincipal("john", "doe", Arrays.asList("test")); + GenericPrincipal expected = new GenericPrincipal("john", Arrays.asList("test")); when(cert.getSubjectDN()).thenReturn(expected); final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(new X509Certificate[] { cert })); assertEquals(expected, gp); @@ -123,25 +123,26 @@ public class CdiEventRealmTest { public void authenticate(@Observes final UserPasswordAuthenticationEvent event) { assertEquals("john", event.getUsername()); assertEquals("secret", event.getCredential()); - event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList("admin"))); + event.setPrincipal(new GenericPrincipal(event.getUsername(), Arrays.asList("admin"))); } public void authenticate(@Observes final DigestAuthenticationEvent event) { final List<String> roles = new ArrayList<>(); roles.add(event.getCnonce()); roles.add(event.getDigest()); - roles.add(event.getMd5a2()); + roles.add(event.getDigestA2()); + roles.add(event.getAlgorithm()); roles.add(event.getNc()); roles.add(event.getNonce()); roles.add(event.getQop()); roles.add(event.getRealm()); roles.add(event.getUsername()); - event.setPrincipal(new GenericPrincipal(event.getUsername(), "", roles)); + event.setPrincipal(new GenericPrincipal(event.getUsername(), roles)); } public void authenticate(@Observes final GssAuthenticationEvent event) { assertNotNull(event.getGssContext()); - event.setPrincipal(new GenericPrincipal("gss", "", Arrays.asList("dummy"))); + event.setPrincipal(new GenericPrincipal("gss", Arrays.asList("dummy"))); } public void authenticate(@Observes final SslAuthenticationEvent event) { diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/HardCodedRealm.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/HardCodedRealm.java index 3a5f36c290..d4950e9cee 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/HardCodedRealm.java +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/HardCodedRealm.java @@ -34,6 +34,6 @@ public class HardCodedRealm extends RealmBase @Override protected Principal getPrincipal(final String username) { - return new GenericPrincipal(username, "ee", asList("role ")); + return new GenericPrincipal(username, asList("role ")); } } diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MultiAuthenticator.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MultiAuthenticator.java index aabea669c6..5ae4db3296 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MultiAuthenticator.java +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MultiAuthenticator.java @@ -29,7 +29,7 @@ public class MultiAuthenticator { public void authenticate(@Observes final UserPasswordAuthenticationEvent event) { if (!"secret".equals(event.getCredential())) return; // not authenticated - event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList(event.getUsername()))); + event.setPrincipal(new GenericPrincipal(event.getUsername(), Arrays.asList(event.getUsername()))); } public void stacked(@Observes final UserPasswordAuthenticationEvent event) { diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MyCdiLazyRealm.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MyCdiLazyRealm.java index 180b0600d9..b1443a9f13 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MyCdiLazyRealm.java +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MyCdiLazyRealm.java @@ -69,18 +69,18 @@ public class MyCdiLazyRealm implements Realm { @Override public Principal authenticate(final String username) { - return "user".equalsIgnoreCase(username) ? new GenericPrincipal(username, "pwd", asList("role")) : null; + return "user".equalsIgnoreCase(username) ? new GenericPrincipal(username, asList("role")) : null; } @Override public Principal authenticate(final String username, final String credentials) { - return "user".equalsIgnoreCase(username) && "pwd".equalsIgnoreCase(credentials) ? new GenericPrincipal(username, "pwd", asList("role")) : null; + return "user".equalsIgnoreCase(username) && "pwd".equalsIgnoreCase(credentials) ? new GenericPrincipal(username, asList("role")) : null; } @Override public Principal authenticate(final String username, final String digest, final String nonce, final String nc, final String cnonce, final String qop, - final String realm, final String md5a2) { + final String realm, final String digestA2, final String algorithm) { throw new UnsupportedOperationException(); } diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MyCdiRealmBaseLazyRealm.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MyCdiRealmBaseLazyRealm.java index 81f94ae25a..b4a5f7e077 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MyCdiRealmBaseLazyRealm.java +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/MyCdiRealmBaseLazyRealm.java @@ -32,6 +32,6 @@ public class MyCdiRealmBaseLazyRealm extends RealmBase { @Override protected Principal getPrincipal(final String username) { - return new GenericPrincipal(username, getPassword(username), asList("role")); + return new GenericPrincipal(username, asList("role")); } } diff --git a/boms/tomee-microprofile/src/main/resources/tomee/conf/catalina.properties b/boms/tomee-microprofile/src/main/resources/tomee/conf/catalina.properties index def5959349..810ecec6fa 100644 --- a/boms/tomee-microprofile/src/main/resources/tomee/conf/catalina.properties +++ b/boms/tomee-microprofile/src/main/resources/tomee/conf/catalina.properties @@ -13,26 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\ -org.apache.jasper.,org.apache.naming.,org.apache.tomcat. - # # # List of comma-separated paths defining the contents of the "common" @@ -216,7 +196,3 @@ tomcat.util.buf.StringCache.byte.enabled=true #tomcat.util.buf.StringCache.char.enabled=true #tomcat.util.buf.StringCache.trainThreshold=500000 #tomcat.util.buf.StringCache.cacheSize=5000 - -# Disable use of some privilege blocks Tomcat doesn't need since calls to the -# code in question are always already inside a privilege block -org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED=false diff --git a/boms/tomee-microprofile/src/main/resources/tomee/conf/server.xml b/boms/tomee-microprofile/src/main/resources/tomee/conf/server.xml index 2a6d47e058..d8a10f1694 100644 --- a/boms/tomee-microprofile/src/main/resources/tomee/conf/server.xml +++ b/boms/tomee-microprofile/src/main/resources/tomee/conf/server.xml @@ -71,17 +71,13 @@ --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" - maxParameterCount="1000" - xpoweredBy="false" server="Apache TomEE" /> + redirectPort="8443" xpoweredBy="false" server="Apache TomEE" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" - maxParameterCount="1000" - /> + redirectPort="8443" /> --> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This connector uses the NIO implementation. The default @@ -92,9 +88,7 @@ --> <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" - maxThreads="150" SSLEnabled="true" - maxParameterCount="1000" - xpoweredBy="false" server="Apache TomEE" > + maxThreads="150" SSLEnabled="true" xpoweredBy="false" server="Apache TomEE" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" @@ -108,9 +102,7 @@ <Connector protocol="AJP/1.3" address="::1" port="8009" - redirectPort="8443" - maxParameterCount="1000" - /> + redirectPort="8443" /> --> <!-- An Engine represents the entry point (within Catalina) that processes diff --git a/boms/tomee-plume/src/main/resources/tomee/conf/catalina.properties b/boms/tomee-plume/src/main/resources/tomee/conf/catalina.properties index def5959349..810ecec6fa 100644 --- a/boms/tomee-plume/src/main/resources/tomee/conf/catalina.properties +++ b/boms/tomee-plume/src/main/resources/tomee/conf/catalina.properties @@ -13,26 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\ -org.apache.jasper.,org.apache.naming.,org.apache.tomcat. - # # # List of comma-separated paths defining the contents of the "common" @@ -216,7 +196,3 @@ tomcat.util.buf.StringCache.byte.enabled=true #tomcat.util.buf.StringCache.char.enabled=true #tomcat.util.buf.StringCache.trainThreshold=500000 #tomcat.util.buf.StringCache.cacheSize=5000 - -# Disable use of some privilege blocks Tomcat doesn't need since calls to the -# code in question are always already inside a privilege block -org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED=false diff --git a/boms/tomee-plume/src/main/resources/tomee/conf/server.xml b/boms/tomee-plume/src/main/resources/tomee/conf/server.xml index 2a6d47e058..d8a10f1694 100644 --- a/boms/tomee-plume/src/main/resources/tomee/conf/server.xml +++ b/boms/tomee-plume/src/main/resources/tomee/conf/server.xml @@ -71,17 +71,13 @@ --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" - maxParameterCount="1000" - xpoweredBy="false" server="Apache TomEE" /> + redirectPort="8443" xpoweredBy="false" server="Apache TomEE" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" - maxParameterCount="1000" - /> + redirectPort="8443" /> --> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This connector uses the NIO implementation. The default @@ -92,9 +88,7 @@ --> <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" - maxThreads="150" SSLEnabled="true" - maxParameterCount="1000" - xpoweredBy="false" server="Apache TomEE" > + maxThreads="150" SSLEnabled="true" xpoweredBy="false" server="Apache TomEE" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" @@ -108,9 +102,7 @@ <Connector protocol="AJP/1.3" address="::1" port="8009" - redirectPort="8443" - maxParameterCount="1000" - /> + redirectPort="8443" /> --> <!-- An Engine represents the entry point (within Catalina) that processes diff --git a/boms/tomee-plus/src/main/resources/tomee/conf/catalina.properties b/boms/tomee-plus/src/main/resources/tomee/conf/catalina.properties index def5959349..810ecec6fa 100644 --- a/boms/tomee-plus/src/main/resources/tomee/conf/catalina.properties +++ b/boms/tomee-plus/src/main/resources/tomee/conf/catalina.properties @@ -13,26 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\ -org.apache.jasper.,org.apache.naming.,org.apache.tomcat. - # # # List of comma-separated paths defining the contents of the "common" @@ -216,7 +196,3 @@ tomcat.util.buf.StringCache.byte.enabled=true #tomcat.util.buf.StringCache.char.enabled=true #tomcat.util.buf.StringCache.trainThreshold=500000 #tomcat.util.buf.StringCache.cacheSize=5000 - -# Disable use of some privilege blocks Tomcat doesn't need since calls to the -# code in question are always already inside a privilege block -org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED=false diff --git a/boms/tomee-plus/src/main/resources/tomee/conf/server.xml b/boms/tomee-plus/src/main/resources/tomee/conf/server.xml index 2a6d47e058..d8a10f1694 100644 --- a/boms/tomee-plus/src/main/resources/tomee/conf/server.xml +++ b/boms/tomee-plus/src/main/resources/tomee/conf/server.xml @@ -71,17 +71,13 @@ --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" - maxParameterCount="1000" - xpoweredBy="false" server="Apache TomEE" /> + redirectPort="8443" xpoweredBy="false" server="Apache TomEE" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" - maxParameterCount="1000" - /> + redirectPort="8443" /> --> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This connector uses the NIO implementation. The default @@ -92,9 +88,7 @@ --> <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" - maxThreads="150" SSLEnabled="true" - maxParameterCount="1000" - xpoweredBy="false" server="Apache TomEE" > + maxThreads="150" SSLEnabled="true" xpoweredBy="false" server="Apache TomEE" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" @@ -108,9 +102,7 @@ <Connector protocol="AJP/1.3" address="::1" port="8009" - redirectPort="8443" - maxParameterCount="1000" - /> + redirectPort="8443" /> --> <!-- An Engine represents the entry point (within Catalina) that processes diff --git a/boms/tomee-webprofile/src/main/resources/tomee/conf/catalina.properties b/boms/tomee-webprofile/src/main/resources/tomee/conf/catalina.properties index def5959349..810ecec6fa 100644 --- a/boms/tomee-webprofile/src/main/resources/tomee/conf/catalina.properties +++ b/boms/tomee-webprofile/src/main/resources/tomee/conf/catalina.properties @@ -13,26 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\ -org.apache.jasper.,org.apache.naming.,org.apache.tomcat. - # # # List of comma-separated paths defining the contents of the "common" @@ -216,7 +196,3 @@ tomcat.util.buf.StringCache.byte.enabled=true #tomcat.util.buf.StringCache.char.enabled=true #tomcat.util.buf.StringCache.trainThreshold=500000 #tomcat.util.buf.StringCache.cacheSize=5000 - -# Disable use of some privilege blocks Tomcat doesn't need since calls to the -# code in question are always already inside a privilege block -org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED=false diff --git a/boms/tomee-webprofile/src/main/resources/tomee/conf/server.xml b/boms/tomee-webprofile/src/main/resources/tomee/conf/server.xml index 2a6d47e058..d8a10f1694 100644 --- a/boms/tomee-webprofile/src/main/resources/tomee/conf/server.xml +++ b/boms/tomee-webprofile/src/main/resources/tomee/conf/server.xml @@ -71,17 +71,13 @@ --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" - maxParameterCount="1000" - xpoweredBy="false" server="Apache TomEE" /> + redirectPort="8443" xpoweredBy="false" server="Apache TomEE" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" - maxParameterCount="1000" - /> + redirectPort="8443" /> --> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This connector uses the NIO implementation. The default @@ -92,9 +88,7 @@ --> <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" - maxThreads="150" SSLEnabled="true" - maxParameterCount="1000" - xpoweredBy="false" server="Apache TomEE" > + maxThreads="150" SSLEnabled="true" xpoweredBy="false" server="Apache TomEE" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" @@ -108,9 +102,7 @@ <Connector protocol="AJP/1.3" address="::1" port="8009" - redirectPort="8443" - maxParameterCount="1000" - /> + redirectPort="8443" /> --> <!-- An Engine represents the entry point (within Catalina) that processes diff --git a/pom.xml b/pom.xml index c2d132934e..adaa165576 100644 --- a/pom.xml +++ b/pom.xml @@ -198,7 +198,7 @@ <version.geronimo-mail_2.1_spec>1.0.2</version.geronimo-mail_2.1_spec> <!-- Jakarta EE Impl. --> - <tomcat.version>10.1.48</tomcat.version> + <tomcat.version>11.0.11</tomcat.version> <!-- com.sun --> <version.impl.saaj>3.0.4</version.impl.saaj> <!-- org.apache --> diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEERealm.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEERealm.java index 2a5c87ed07..864d1f70de 100644 --- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEERealm.java +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEERealm.java @@ -54,10 +54,10 @@ public class TomEERealm extends CombinedRealm { } @Override - public Principal authenticate(final String username, final String clientDigest, - final String nonce, final String nc, final String cnonce, final String qop, - final String realmName, final String md5a2) { - return logInTomEE(super.authenticate(username, clientDigest, nonce, nc, cnonce, qop, realmName, md5a2)); + public Principal authenticate(final String username, final String digest, final String nonce, + final String nc, final String cnonce, final String qop, final String realm, + final String digestA2, final String algorithm) { + return logInTomEE(super.authenticate(username, digest, nonce, nc, cnonce, qop, realm, digestA2, algorithm)); } @Override diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java index a8042689dd..e84ed5a680 100644 --- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java @@ -52,14 +52,15 @@ public class CdiEventRealm extends RealmBase { } @Override - public Principal authenticate(final String username, final String digest, final String nonce, final String nc, - final String cnonce, final String qop, final String realm, final String md5a2) { + public Principal authenticate(final String username, final String digest, final String nonce, + final String nc, final String cnonce, final String qop, final String realm, + final String digestA2, final String algorithm) { if (beanManager() == null) { return null; } final DigestAuthenticationEvent event = new DigestAuthenticationEvent(username, digest, nonce, nc, - cnonce, qop, realm, md5a2); + cnonce, qop, realm, digestA2, algorithm); beanManager().getEvent().fire(event); return event.getPrincipal(); } diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/LazyRealm.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/LazyRealm.java index c5bb4177f1..21e412607a 100644 --- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/LazyRealm.java +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/LazyRealm.java @@ -277,9 +277,10 @@ public class LazyRealm extends LifecycleBase implements Realm { } @Override - public Principal authenticate(final String username, final String digest, final String nonce, final String nc, - final String cnonce, final String qop, final String realm, final String md5a2) { - return instance().authenticate(username, digest, nonce, nc, cnonce, qop, realm, md5a2); + public Principal authenticate(final String username, final String digest, final String nonce, + final String nc, final String cnonce, final String qop, final String realm, + final String digestA2, final String algorithm) { + return instance().authenticate(username, digest, nonce, nc, cnonce, qop, realm, digestA2, algorithm); } @Override diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/LowTypedRealm.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/LowTypedRealm.java index 52008b7406..93f292c484 100644 --- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/LowTypedRealm.java +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/LowTypedRealm.java @@ -157,9 +157,9 @@ public class LowTypedRealm implements Realm { @Override public Principal authenticate(final String username, final String digest, final String nonce, - final String nc, final String cnonce, final String qop, - final String realm, final String md5a2) { - return (Principal) invoke(authenticateMethod, username, digest, nonce, nc, cnonce, qop, realm, md5a2); + final String nc, final String cnonce, final String qop, final String realm, + final String digestA2, final String algorithm) { + return (Principal) invoke(authenticateMethod, username, digest, nonce, nc, cnonce, qop, realm, digestA2, algorithm); } @Override @@ -167,7 +167,8 @@ public class LowTypedRealm implements Realm { return (Principal) invoke(gsMethod, gssContext, storeCreds); } - @Override public Principal authenticate(final GSSName gssName, final GSSCredential gssCredential) { + @Override + public Principal authenticate(final GSSName gssName, final GSSCredential gssCredential) { return (Principal) invoke(gsNameCredentials, gssName, gssCredential); } diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java index 4a71825bd3..f06cdbd02f 100644 --- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java @@ -25,10 +25,11 @@ public class DigestAuthenticationEvent extends BaseAuthenticationEvent { private final String cnonce; private final String qop; private final String realm; - private final String md5a2; + private final String digestA2; + private final String algorithm; public DigestAuthenticationEvent(final String username, final String digest, final String nonce, final String nc, - final String cnonce, final String qop, final String realm, final String md5a2) { + final String cnonce, final String qop, final String realm, final String digestA2, final String algorithm) { this.username = username; this.digest = digest; @@ -37,7 +38,8 @@ public class DigestAuthenticationEvent extends BaseAuthenticationEvent { this.cnonce = cnonce; this.qop = qop; this.realm = realm; - this.md5a2 = md5a2; + this.digestA2 = digestA2; + this.algorithm = algorithm; } public String getUsername() { @@ -68,7 +70,11 @@ public class DigestAuthenticationEvent extends BaseAuthenticationEvent { return realm; } - public String getMd5a2() { - return md5a2; + public String getDigestA2() { + return digestA2; + } + + public String getAlgorithm() { + return algorithm; } } diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/TomEESecurityContext.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/TomEESecurityContext.java index ab71b5814b..6729b5fb61 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/TomEESecurityContext.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/TomEESecurityContext.java @@ -138,7 +138,6 @@ public class TomEESecurityContext implements SecurityContext { final GenericPrincipal genericPrincipal = new GenericPrincipal( principal.getName(), - null, groups == null ? Collections.emptyList() : new ArrayList<>(groups), principal);
