Re: (tomcat) branch main updated: Use per connection authenticator for Ant Tasks

Wed, 20 May 2026 12:44:21 -0700 

On Wed, May 20, 2026 at 9:18 PM <[email protected]> wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> markt-asf pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
>      new 8ae6b209ad Use per connection authenticator for Ant Tasks
> 8ae6b209ad is described below
>
> commit 8ae6b209ad8d52335580dd754ff1492eaaf8528e
> Author: Mark Thomas <[email protected]>
> AuthorDate: Wed May 20 20:17:14 2026 +0100
>
>     Use per connection authenticator for Ant Tasks
>
>     Avoids potential concurrency issues when using the global Authenticator

Even better.

Rémy

> ---
>  .../apache/catalina/ant/AbstractCatalinaTask.java  | 24 
> +++++++++-------------
>  webapps/docs/changelog.xml                         |  2 +-
>  2 files changed, 11 insertions(+), 15 deletions(-)
>
> diff --git a/java/org/apache/catalina/ant/AbstractCatalinaTask.java 
> b/java/org/apache/catalina/ant/AbstractCatalinaTask.java
> index 82e9d48059..05fa31d980 100644
> --- a/java/org/apache/catalina/ant/AbstractCatalinaTask.java
> +++ b/java/org/apache/catalina/ant/AbstractCatalinaTask.java
> @@ -225,12 +225,7 @@ public abstract class AbstractCatalinaTask extends 
> BaseRedirectorHelperTask {
>              throws BuildException {
>
>          InputStreamReader reader = null;
> -        Authenticator defaultAuthenticator = null;
>          try {
> -            // Set up authorization with our credentials
> -            defaultAuthenticator = Authenticator.getDefault();
> -            Authenticator.setDefault(new TaskAuthenticator(username, 
> password));
> -
>              // Create a connection for this command
>              URI uri = new URI(url + command);
>              URLConnection conn = 
> uri.parseServerAuthority().toURL().openConnection();
> @@ -240,8 +235,13 @@ public abstract class AbstractCatalinaTask extends 
> BaseRedirectorHelperTask {
>              hconn.setAllowUserInteraction(false);
>              hconn.setDoInput(true);
>              hconn.setUseCaches(false);
> +
> +            // Set up authorization with our credentials
> +            Authenticator authenticator = new TaskAuthenticator(username, 
> password);
> +            hconn.setAuthenticator(authenticator);
> +
>              if (istream != null) {
> -                preAuthenticate();
> +                preAuthenticate(authenticator);
>
>                  hconn.setDoOutput(true);
>                  hconn.setRequestMethod(Method.PUT);
> @@ -314,11 +314,6 @@ public abstract class AbstractCatalinaTask extends 
> BaseRedirectorHelperTask {
>                  handleErrorOutput(e.getMessage());
>              }
>          } finally {
> -            try {
> -                Authenticator.setDefault(defaultAuthenticator);
> -            } catch (Exception ioe) {
> -                // Ignore
> -            }
>              closeRedirector();
>              if (reader != null) {
>                  try {
> @@ -344,10 +339,10 @@ public abstract class AbstractCatalinaTask extends 
> BaseRedirectorHelperTask {
>       * the above two are not compatible. When the request is made, the 
> resulting 401 triggers an exception because, when
>       * using streams, the InputStream is no longer available to send with 
> the repeated request that now includes the
>       * appropriate Authorization header. The hack is to make a simple 
> OPTIONS request- i.e. without a request body. This
> -     * triggers authentication and the requirement to authenticate for this 
> host is cached and used to provide an
> -     * appropriate Authorization when the next request is made (that 
> includes a request body).
> +     * triggers authentication and the requirement to authenticate for this 
> host is cached in the Authenticator and used
> +     * to provide an appropriate Authorization when the next request is made 
> (that includes a request body).
>       */
> -    private void preAuthenticate() throws IOException, URISyntaxException {
> +    private void preAuthenticate(Authenticator authenticator) throws 
> IOException, URISyntaxException {
>
>          // Create a connection for this command
>          URI uri = new URI(url);
> @@ -359,6 +354,7 @@ public abstract class AbstractCatalinaTask extends 
> BaseRedirectorHelperTask {
>          hconn.setDoInput(true);
>          hconn.setUseCaches(false);
>          hconn.setDoOutput(false);
> +        hconn.setAuthenticator(authenticator);
>          hconn.setRequestMethod(Method.OPTIONS);
>          hconn.setRequestProperty("User-Agent", "Catalina-Ant-Task/1.0");
>
> diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
> index b8722ac4b3..bee5950194 100644
> --- a/webapps/docs/changelog.xml
> +++ b/webapps/docs/changelog.xml
> @@ -447,7 +447,7 @@
>        </add>
>        <!-- Entries for backport and removal before 12.0.0-M1 below this line 
> -->
>        <fix>
> -        Restore default authenticator after executing an Ant task. (remm)
> +        Use per connection authenticator when executing an Ant task. (remm)
>        </fix>
>      </changelog>
>    </subsection>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to