This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 8ae6b209ad Use per connection authenticator for Ant Tasks
8ae6b209ad is described below
commit 8ae6b209ad8d52335580dd754ff1492eaaf8528e
Author: Mark Thomas <[email protected]>
AuthorDate: Wed May 20 20:17:14 2026 +0100
Use per connection authenticator for Ant Tasks
Avoids potential concurrency issues when using the global Authenticator
---
.../apache/catalina/ant/AbstractCatalinaTask.java | 24 +++++++++-------------
webapps/docs/changelog.xml | 2 +-
2 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/catalina/ant/AbstractCatalinaTask.java
b/java/org/apache/catalina/ant/AbstractCatalinaTask.java
index 82e9d48059..05fa31d980 100644
--- a/java/org/apache/catalina/ant/AbstractCatalinaTask.java
+++ b/java/org/apache/catalina/ant/AbstractCatalinaTask.java
@@ -225,12 +225,7 @@ public abstract class AbstractCatalinaTask extends
BaseRedirectorHelperTask {
throws BuildException {
InputStreamReader reader = null;
- Authenticator defaultAuthenticator = null;
try {
- // Set up authorization with our credentials
- defaultAuthenticator = Authenticator.getDefault();
- Authenticator.setDefault(new TaskAuthenticator(username,
password));
-
// Create a connection for this command
URI uri = new URI(url + command);
URLConnection conn =
uri.parseServerAuthority().toURL().openConnection();
@@ -240,8 +235,13 @@ public abstract class AbstractCatalinaTask extends
BaseRedirectorHelperTask {
hconn.setAllowUserInteraction(false);
hconn.setDoInput(true);
hconn.setUseCaches(false);
+
+ // Set up authorization with our credentials
+ Authenticator authenticator = new TaskAuthenticator(username,
password);
+ hconn.setAuthenticator(authenticator);
+
if (istream != null) {
- preAuthenticate();
+ preAuthenticate(authenticator);
hconn.setDoOutput(true);
hconn.setRequestMethod(Method.PUT);
@@ -314,11 +314,6 @@ public abstract class AbstractCatalinaTask extends
BaseRedirectorHelperTask {
handleErrorOutput(e.getMessage());
}
} finally {
- try {
- Authenticator.setDefault(defaultAuthenticator);
- } catch (Exception ioe) {
- // Ignore
- }
closeRedirector();
if (reader != null) {
try {
@@ -344,10 +339,10 @@ public abstract class AbstractCatalinaTask extends
BaseRedirectorHelperTask {
* the above two are not compatible. When the request is made, the
resulting 401 triggers an exception because, when
* using streams, the InputStream is no longer available to send with the
repeated request that now includes the
* appropriate Authorization header. The hack is to make a simple OPTIONS
request- i.e. without a request body. This
- * triggers authentication and the requirement to authenticate for this
host is cached and used to provide an
- * appropriate Authorization when the next request is made (that includes
a request body).
+ * triggers authentication and the requirement to authenticate for this
host is cached in the Authenticator and used
+ * to provide an appropriate Authorization when the next request is made
(that includes a request body).
*/
- private void preAuthenticate() throws IOException, URISyntaxException {
+ private void preAuthenticate(Authenticator authenticator) throws
IOException, URISyntaxException {
// Create a connection for this command
URI uri = new URI(url);
@@ -359,6 +354,7 @@ public abstract class AbstractCatalinaTask extends
BaseRedirectorHelperTask {
hconn.setDoInput(true);
hconn.setUseCaches(false);
hconn.setDoOutput(false);
+ hconn.setAuthenticator(authenticator);
hconn.setRequestMethod(Method.OPTIONS);
hconn.setRequestProperty("User-Agent", "Catalina-Ant-Task/1.0");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b8722ac4b3..bee5950194 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -447,7 +447,7 @@
</add>
<!-- Entries for backport and removal before 12.0.0-M1 below this line
-->
<fix>
- Restore default authenticator after executing an Ant task. (remm)
+ Use per connection authenticator when executing an Ant task. (remm)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
