[tomcat] branch 9.0.x updated: Take account of tomcatAuthorization for auth_type

Thu, 21 Sep 2023 14:23:30 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 63b66bf6e0 Take account of tomcatAuthorization for auth_type
63b66bf6e0 is described below

commit 63b66bf6e00b57ed886a607365fb28a7a9bd7558
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 21 22:21:22 2023 +0100

    Take account of tomcatAuthorization for auth_type
    
    This aligns the handling of auth_type (0x04) with that of remote_user
    (0x03).
---
 java/org/apache/coyote/ajp/AjpProcessor.java | 9 +++++----
 webapps/docs/changelog.xml                   | 6 ++++++
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java 
b/java/org/apache/coyote/ajp/AjpProcessor.java
index 8b8ae93cc7..09bad6a7e9 100644
--- a/java/org/apache/coyote/ajp/AjpProcessor.java
+++ b/java/org/apache/coyote/ajp/AjpProcessor.java
@@ -789,11 +789,12 @@ public class AjpProcessor extends AbstractProcessor {
                     break;
 
                 case Constants.SC_A_AUTH_TYPE:
-                    if (protocol.getTomcatAuthentication()) {
-                        // ignore server
-                        requestHeaderMessage.getBytes(tmpMB);
-                    } else {
+                    if (protocol.getTomcatAuthorization() || 
!protocol.getTomcatAuthentication()) {
+                        // Implies tomcatAuthentication == false
                         requestHeaderMessage.getBytes(request.getAuthType());
+                    } else {
+                        // Ignore user information from reverse proxy
+                        requestHeaderMessage.getBytes(tmpMB);
                     }
                     break;
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 713ea813db..9d71b0be00 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,6 +119,12 @@
   </subsection>
   <subsection name="Coyote">
     <changelog>
+      <fix>
+        <bug>67198</bug>: Ensure that the AJP connector attribute
+        <code>tomcatAuthorization</code> takes precedence over the
+        <code>tomcatAuthentication</code> attribute when processing an
+        <code>auth_type</code> attribute received from a proxy server. (markt)
+      </fix>
       <fix>
         <bug>67235</bug>: Fix a <code>NullPointerException</code> when an
         <code>AsyncListener</code> handles an error with a dispatch rather than


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to