This is an automated email from the ASF dual-hosted git repository.
rmaucher pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 63597f22ec Clarify create behavior
63597f22ec is described below
commit 63597f22ec422b4427f2b615bc1460a32c17c8e0
Author: remm <[email protected]>
AuthorDate: Tue May 26 20:45:44 2026 +0200
Clarify create behavior
Will return null if there's a preexisting object rather than doing a
weird inconsistent override (it would fail for the DS since it would do
an insert).
Remove has to be used first (or modify instead).
Harmonize with the digester factories.
---
java/org/apache/catalina/UserDatabase.java | 6 +++---
java/org/apache/catalina/users/DataSourceUserDatabase.java | 9 +++++++++
java/org/apache/catalina/users/MemoryUserDatabase.java | 12 +++++++++---
webapps/docs/changelog.xml | 5 +++++
4 files changed, 26 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/catalina/UserDatabase.java
b/java/org/apache/catalina/UserDatabase.java
index 5d2639a740..41ebcbc2fd 100644
--- a/java/org/apache/catalina/UserDatabase.java
+++ b/java/org/apache/catalina/UserDatabase.java
@@ -77,7 +77,7 @@ public interface UserDatabase {
* @param groupname The group name of the new group (must be unique)
* @param description The description of this group
*
- * @return The new group
+ * @return The new group, or {@code null} if there's a pre existing group
*/
Group createGroup(String groupname, String description);
@@ -88,7 +88,7 @@ public interface UserDatabase {
* @param rolename The role name of the new role (must be unique)
* @param description The description of this role
*
- * @return The new role
+ * @return The new role, or {@code null} if there's a pre existing role
*/
Role createRole(String rolename, String description);
@@ -100,7 +100,7 @@ public interface UserDatabase {
* @param password The logon password of the new user
* @param fullName The full name of the new user
*
- * @return The new user
+ * @return The new user, or {@code null} if there's a pre existing user
*/
User createUser(String username, String password, String fullName);
diff --git a/java/org/apache/catalina/users/DataSourceUserDatabase.java
b/java/org/apache/catalina/users/DataSourceUserDatabase.java
index a66964b0f0..195a2679f7 100644
--- a/java/org/apache/catalina/users/DataSourceUserDatabase.java
+++ b/java/org/apache/catalina/users/DataSourceUserDatabase.java
@@ -663,6 +663,9 @@ public class DataSourceUserDatabase extends
SparseUserDatabase {
public Group createGroup(String groupname, String description) {
dbReadLock.lock();
try {
+ if (findGroup(groupname) != null) {
+ return null;
+ }
groupsWriteLock.lock();
try {
Group group = new GenericGroup<>(this, groupname, description,
null);
@@ -681,6 +684,9 @@ public class DataSourceUserDatabase extends
SparseUserDatabase {
public Role createRole(String rolename, String description) {
dbReadLock.lock();
try {
+ if (findRole(rolename) != null) {
+ return null;
+ }
rolesWriteLock.lock();
try {
Role role = new GenericRole<>(this, rolename, description);
@@ -699,6 +705,9 @@ public class DataSourceUserDatabase extends
SparseUserDatabase {
public User createUser(String username, String password, String fullName) {
dbReadLock.lock();
try {
+ if (findUser(username) != null) {
+ return null;
+ }
usersWriteLock.lock();
try {
User user = new GenericUser<>(this, username, password,
fullName, null, null);
diff --git a/java/org/apache/catalina/users/MemoryUserDatabase.java
b/java/org/apache/catalina/users/MemoryUserDatabase.java
index 489e4f8885..764f85d3d4 100644
--- a/java/org/apache/catalina/users/MemoryUserDatabase.java
+++ b/java/org/apache/catalina/users/MemoryUserDatabase.java
@@ -280,7 +280,9 @@ public class MemoryUserDatabase implements UserDatabase {
Group group = new GenericGroup<>(this, groupname, description, null);
readLock.lock();
try {
- groups.put(group.getGroupname(), group);
+ if (groups.putIfAbsent(group.getGroupname(), group) != null) {
+ return null;
+ }
} finally {
readLock.unlock();
}
@@ -299,7 +301,9 @@ public class MemoryUserDatabase implements UserDatabase {
Role role = new GenericRole<>(this, rolename, description);
readLock.lock();
try {
- roles.put(role.getRolename(), role);
+ if (roles.putIfAbsent(role.getRolename(), role) != null) {
+ return null;
+ }
} finally {
readLock.unlock();
}
@@ -319,7 +323,9 @@ public class MemoryUserDatabase implements UserDatabase {
User user = new GenericUser<>(this, username, password, fullName,
null, null);
readLock.lock();
try {
- users.put(user.getUsername(), user);
+ if (users.put(user.getUsername(), user) != null) {
+ return null;
+ }
} finally {
readLock.unlock();
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index de68fde179..08f8d19d77 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -294,6 +294,11 @@
Incorrect processing of modified users in
<code>DataSourceUSerDatabase</code>. (remm)
</fix>
+ <update>
+ Clarify behavior in the <code>UserDatabase</code> for user, role and
+ group creation that it does not immediately override existing elements.
+ Removal (or update) needs to be used instead. (remm)
+ </update>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
