This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 4501fa5bce Logout after a null subject may throw exceptions
4501fa5bce is described below

commit 4501fa5bce39567967f58c74ad8a0a50522f7e8b
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 29 11:05:53 2026 +0100

    Logout after a null subject may throw exceptions
---
 java/org/apache/catalina/realm/JAASRealm.java          | 17 +++++++++++++----
 java/org/apache/catalina/realm/LocalStrings.properties |  1 +
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/realm/JAASRealm.java 
b/java/org/apache/catalina/realm/JAASRealm.java
index 2b7684166b..c4fdbd6f5f 100644
--- a/java/org/apache/catalina/realm/JAASRealm.java
+++ b/java/org/apache/catalina/realm/JAASRealm.java
@@ -361,7 +361,6 @@ public class JAASRealm extends RealmBase {
 
         // Establish a LoginContext to use for authentication
         try {
-
             if (log.isTraceEnabled()) {
                 log.trace(sm.getString("jaasRealm.beginLogin", username, 
appName));
             }
@@ -409,9 +408,9 @@ public class JAASRealm extends RealmBase {
                 invocationSuccess = true;
                 if (subject == null) {
                     if (log.isDebugEnabled()) {
-                        log.debug(sm.getString("jaasRealm.failedLogin", 
username));
+                        log.debug(sm.getString("jaasRealm.nullSubject", 
username));
                     }
-                    loginContext.logout();
+                    silentLogout(loginContext);
                     return null;
                 }
             } catch (AccountExpiredException e) {
@@ -463,7 +462,7 @@ public class JAASRealm extends RealmBase {
                 if (log.isDebugEnabled()) {
                     log.debug(sm.getString("jaasRealm.authenticateFailure", 
username));
                 }
-                loginContext.logout();
+                silentLogout(loginContext);
                 return null;
             }
             if (log.isTraceEnabled()) {
@@ -480,6 +479,16 @@ public class JAASRealm extends RealmBase {
     }
 
 
+    private void silentLogout(LoginContext loginContext) {
+        try {
+            loginContext.logout();
+        } catch (Throwable t) {
+            ExceptionUtils.handleThrowable(t);
+            // Ignore anything else. Caller should have created any necessary 
log entries.
+        }
+    }
+
+
     /**
      * @return the password associated with the given principal's username. 
This always returns null as the JAASRealm
      *             has no way of obtaining this information.
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties 
b/java/org/apache/catalina/realm/LocalStrings.properties
index 114ed3c81a..617b4c538a 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -65,6 +65,7 @@ jaasRealm.failedLogin=Username [{0}] NOT authenticated due to 
failed login
 jaasRealm.loginContextCreated=JAAS LoginContext created for username [{0}]
 jaasRealm.loginException=Login exception authenticating username [{0}]
 jaasRealm.notPrincipal=Class [{0}] not added as it does not implement 
java.security.Principal
+jaasRealm.nullSubject=Login succeeded for username [{0}] but a null Subject 
was returned
 jaasRealm.rolePrincipalAdd=Adding role Principal [{0}] to this user 
Principal''s roles
 jaasRealm.rolePrincipalFailure=No valid role Principals found.
 jaasRealm.unexpectedError=Unexpected error


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to