Author: markt
Date: Fri Nov 29 19:25:49 2013
New Revision: 1546631
URL: http://svn.apache.org/r1546631
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55804
If the GSSCrednetial for the cached principal expires when using SPNEGO
authentication, force a re-authentication.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/connector/Request.java
Modified:
tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties?rev=1546631&r1=1546630&r2=1546631&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/connector/LocalStrings.properties Fri
Nov 29 19:25:49 2013
@@ -34,6 +34,7 @@ coyoteOutputStream.nbNotready=In non-blo
coyoteRequest.getInputStream.ise=getReader() has already been called for this
request
coyoteRequest.getReader.ise=getInputStream() has already been called for this
request
+coyoteRequest.gssLifetimeFail=Failed to obtain remaining lifetime for user
principal [{0}]
coyoteRequest.sessionCreateCommitted=Cannot create a session after the
response has been committed
coyoteRequest.changeSessionId=Cannot change session ID. There is no session
associated with this request.
coyoteRequest.setAttribute.namenull=Cannot call setAttribute with a null name
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=1546631&r1=1546630&r2=1546631&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Fri Nov 29
19:25:49 2013
@@ -96,6 +96,8 @@ import org.apache.tomcat.util.http.fileu
import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
import org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext;
import org.apache.tomcat.util.res.StringManager;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
/**
@@ -2333,6 +2335,27 @@ public class Request
@Override
public Principal getUserPrincipal() {
if (userPrincipal instanceof TomcatPrincipal) {
+ GSSCredential gssCredential =
+ ((TomcatPrincipal) userPrincipal).getGssCredential();
+ if (gssCredential != null) {
+ int left = -1;
+ try {
+ left = gssCredential.getRemainingLifetime();
+ } catch (GSSException e) {
+ log.warn(sm.getString("coyoteRequest.gssLifetimeFail",
+ userPrincipal.getName()), e);
+ }
+ if (left == 0) {
+ // GSS credential has expired. Need to re-authenticate.
+ try {
+ logout();
+ } catch (ServletException e) {
+ // Should never happen (no code called by logout()
+ // throws a ServletException
+ }
+ return null;
+ }
+ }
return ((TomcatPrincipal) userPrincipal).getUserPrincipal();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
