This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 4501fa5bce Logout after a null subject may throw exceptions
4501fa5bce is described below
commit 4501fa5bce39567967f58c74ad8a0a50522f7e8b
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 29 11:05:53 2026 +0100
Logout after a null subject may throw exceptions
---
java/org/apache/catalina/realm/JAASRealm.java | 17 +++++++++++++----
java/org/apache/catalina/realm/LocalStrings.properties | 1 +
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/realm/JAASRealm.java
b/java/org/apache/catalina/realm/JAASRealm.java
index 2b7684166b..c4fdbd6f5f 100644
--- a/java/org/apache/catalina/realm/JAASRealm.java
+++ b/java/org/apache/catalina/realm/JAASRealm.java
@@ -361,7 +361,6 @@ public class JAASRealm extends RealmBase {
// Establish a LoginContext to use for authentication
try {
-
if (log.isTraceEnabled()) {
log.trace(sm.getString("jaasRealm.beginLogin", username,
appName));
}
@@ -409,9 +408,9 @@ public class JAASRealm extends RealmBase {
invocationSuccess = true;
if (subject == null) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.failedLogin",
username));
+ log.debug(sm.getString("jaasRealm.nullSubject",
username));
}
- loginContext.logout();
+ silentLogout(loginContext);
return null;
}
} catch (AccountExpiredException e) {
@@ -463,7 +462,7 @@ public class JAASRealm extends RealmBase {
if (log.isDebugEnabled()) {
log.debug(sm.getString("jaasRealm.authenticateFailure",
username));
}
- loginContext.logout();
+ silentLogout(loginContext);
return null;
}
if (log.isTraceEnabled()) {
@@ -480,6 +479,16 @@ public class JAASRealm extends RealmBase {
}
+ private void silentLogout(LoginContext loginContext) {
+ try {
+ loginContext.logout();
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ // Ignore anything else. Caller should have created any necessary
log entries.
+ }
+ }
+
+
/**
* @return the password associated with the given principal's username.
This always returns null as the JAASRealm
* has no way of obtaining this information.
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties
b/java/org/apache/catalina/realm/LocalStrings.properties
index 114ed3c81a..617b4c538a 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -65,6 +65,7 @@ jaasRealm.failedLogin=Username [{0}] NOT authenticated due to
failed login
jaasRealm.loginContextCreated=JAAS LoginContext created for username [{0}]
jaasRealm.loginException=Login exception authenticating username [{0}]
jaasRealm.notPrincipal=Class [{0}] not added as it does not implement
java.security.Principal
+jaasRealm.nullSubject=Login succeeded for username [{0}] but a null Subject
was returned
jaasRealm.rolePrincipalAdd=Adding role Principal [{0}] to this user
Principal''s roles
jaasRealm.rolePrincipalFailure=No valid role Principals found.
jaasRealm.unexpectedError=Unexpected error
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]