Author: markt
Date: Mon May 9 18:21:45 2016
New Revision: 1743023
URL: http://svn.apache.org/viewvc?rev=1743023&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59437
Ensure that JASPIC's CallbackHandler is thread-safe.
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon May 9 18:21:45 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501,1741677
,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501,1741677
,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1743023&r1=1743022&r2=1743023&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Mon May 9 18:21:45 2016
@@ -455,7 +455,7 @@ public abstract class AuthenticatorBase
messageInfo = new MessageInfoImpl(request.getRequest(),
response.getResponse(), true);
try {
ServerAuthConfig serverAuthConfig =
jaspicProvider.getServerAuthConfig(
- "HttpServlet", jaspicAppContextID, new
CallbackHandlerImpl());
+ "HttpServlet", jaspicAppContextID,
CallbackHandlerImpl.getInstance());
String authContextID =
serverAuthConfig.getAuthContextID(messageInfo);
serverAuthContext =
serverAuthConfig.getAuthContext(authContextID, null, null);
} catch (AuthException e) {
@@ -1058,7 +1058,7 @@ public abstract class AuthenticatorBase
ServerAuthContext serverAuthContext;
try {
ServerAuthConfig serverAuthConfig =
provider.getServerAuthConfig("HttpServlet",
- jaspicAppContextID, new CallbackHandlerImpl());
+ jaspicAppContextID, CallbackHandlerImpl.getInstance());
String authContextID =
serverAuthConfig.getAuthContextID(messageInfo);
serverAuthContext =
serverAuthConfig.getAuthContext(authContextID, null, null);
serverAuthContext.cleanSubject(messageInfo, client);
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java?rev=1743023&r1=1743022&r2=1743023&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
Mon May 9 18:21:45 2016
@@ -34,19 +34,40 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.res.StringManager;
+/**
+ * Implemented as a singleton since the class is stateless.
+ */
public class CallbackHandlerImpl implements CallbackHandler {
private static final Log log =
LogFactory.getLog(CallbackHandlerImpl.class);
private static final StringManager sm =
StringManager.getManager(CallbackHandlerImpl.class);
- private String name;
- private Principal principal;
- private Subject subject;
- private String[] groups;
+ private static CallbackHandler instance;
+
+
+ static {
+ instance = new CallbackHandlerImpl();
+ }
+
+
+ public static CallbackHandler getInstance() {
+ return instance;
+ }
+
+
+ private CallbackHandlerImpl() {
+ // Hide default constructor
+ }
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
+
+ String name = null;
+ Principal principal = null;
+ Subject subject = null;
+ String[] groups = null;
+
if (callbacks != null) {
// Need to combine data from multiple callbacks so use this to hold
// the data
@@ -67,7 +88,7 @@ public class CallbackHandlerImpl impleme
}
// Create the GenericPrincipal
- Principal gp = getPrincipal();
+ Principal gp = getPrincipal(principal, name, groups);
if (subject != null && gp != null) {
subject.getPrivateCredentials().add(gp);
}
@@ -75,12 +96,11 @@ public class CallbackHandlerImpl impleme
}
- private Principal getPrincipal() {
+ private Principal getPrincipal(Principal principal, String name, String[]
groups) {
// If the Principal is cached in the session JASPIC may simply return
it
if (principal instanceof GenericPrincipal) {
return principal;
}
- String name = this.name;
if (name == null && principal != null) {
name = principal.getName();
}
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1743023&r1=1743022&r2=1743023&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon May 9 18:21:45 2016
@@ -196,6 +196,10 @@
Do not trigger unnecessary session ID changes when using JASPIC and the
user is authenticated using cached credentials. (markt)
</fix>
+ <fix>
+ <bug>59437</bug>: Ensure that the JASPIC <code>CallbackHandler</code>
is
+ thread-safe. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
