This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 879c487bfc Logout after a null subject may throw exceptions
879c487bfc is described below

commit 879c487bfc6f91610c0cd0cb957513554f650790
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 29 11:05:53 2026 +0100

    Logout after a null subject may throw exceptions
---
 java/org/apache/catalina/realm/JAASRealm.java          | 17 +++++++++++++----
 java/org/apache/catalina/realm/LocalStrings.properties |  1 +
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/realm/JAASRealm.java 
b/java/org/apache/catalina/realm/JAASRealm.java
index 4acddb9f0a..28a0258ba0 100644
--- a/java/org/apache/catalina/realm/JAASRealm.java
+++ b/java/org/apache/catalina/realm/JAASRealm.java
@@ -362,7 +362,6 @@ public class JAASRealm extends RealmBase {
 
         // Establish a LoginContext to use for authentication
         try {
-
             if (log.isTraceEnabled()) {
                 log.trace(sm.getString("jaasRealm.beginLogin", username, 
appName));
             }
@@ -410,9 +409,9 @@ public class JAASRealm extends RealmBase {
                 invocationSuccess = true;
                 if (subject == null) {
                     if (log.isDebugEnabled()) {
-                        log.debug(sm.getString("jaasRealm.failedLogin", 
username));
+                        log.debug(sm.getString("jaasRealm.nullSubject", 
username));
                     }
-                    loginContext.logout();
+                    silentLogout(loginContext);
                     return null;
                 }
             } catch (AccountExpiredException e) {
@@ -464,7 +463,7 @@ public class JAASRealm extends RealmBase {
                 if (log.isDebugEnabled()) {
                     log.debug(sm.getString("jaasRealm.authenticateFailure", 
username));
                 }
-                loginContext.logout();
+                silentLogout(loginContext);
                 return null;
             }
             if (log.isTraceEnabled()) {
@@ -481,6 +480,16 @@ public class JAASRealm extends RealmBase {
     }
 
 
+    private void silentLogout(LoginContext loginContext) {
+        try {
+            loginContext.logout();
+        } catch (Throwable t) {
+            ExceptionUtils.handleThrowable(t);
+            // Ignore anything else. Caller should have created any necessary 
log entries.
+        }
+    }
+
+
     /**
      * @return the password associated with the given principal's username. 
This always returns null as the JAASRealm
      *             has no way of obtaining this information.
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties 
b/java/org/apache/catalina/realm/LocalStrings.properties
index 775e74ab5b..7155a4f803 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -62,6 +62,7 @@ jaasRealm.failedLogin=Username [{0}] NOT authenticated due to 
failed login
 jaasRealm.loginContextCreated=JAAS LoginContext created for username [{0}]
 jaasRealm.loginException=Login exception authenticating username [{0}]
 jaasRealm.notPrincipal=Class [{0}] not added as it does not implement 
java.security.Principal
+jaasRealm.nullSubject=Login succeeded for username [{0}] but a null Subject 
was returned
 jaasRealm.rolePrincipalAdd=Adding role Principal [{0}] to this user 
Principal''s roles
 jaasRealm.rolePrincipalFailure=No valid role Principals found.
 jaasRealm.unexpectedError=Unexpected error


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to