Author: markt Date: Sun Jan 19 19:31:24 2014 New Revision: 1559566 URL: http://svn.apache.org/r1559566 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56013 IBM JRE only understands indefinite lifetime
Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1559562 Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1559566&r1=1559565&r2=1559566&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java Sun Jan 19 19:31:24 2014 @@ -28,6 +28,7 @@ import javax.security.auth.login.LoginCo import javax.security.auth.login.LoginException; import javax.servlet.http.HttpServletResponse; +import org.apache.catalina.Globals; import org.apache.catalina.LifecycleException; import org.apache.catalina.connector.Request; import org.apache.catalina.deploy.LoginConfig; @@ -219,12 +220,19 @@ public class SpnegoAuthenticator extends // Assume the GSSContext is stateless // TODO: Confirm this assumption final GSSManager manager = GSSManager.getInstance(); + // IBM JDK only understands indefinite lifetime + final int credentialLifetime; + if (Globals.IS_IBM_JVM) { + credentialLifetime = GSSCredential.INDEFINITE_LIFETIME; + } else { + credentialLifetime = GSSCredential.DEFAULT_LIFETIME; + } final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws GSSException { return manager.createCredential(null, - GSSCredential.DEFAULT_LIFETIME, + credentialLifetime, new Oid("1.3.6.1.5.5.2"), GSSCredential.ACCEPT_ONLY); } Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1559566&r1=1559565&r2=1559566&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Jan 19 19:31:24 2014 @@ -90,6 +90,12 @@ parsing XML configuration files. (markt) </fix> <fix> + <bug>56013</bug>: Fix issue with SPNEGO authentication when using IBM + JREs. IBM JREs only understand the option of infinite lifetime for + Kerberos credentials. Based on a patch provided by Arunav Sanyal. + (markt) + </fix> + <fix> <bug>56016</bug>: When loading resources for XML schema validation, take account of the possibility that servlet-api.jar and jsp-api.jar may not be loaded by the same class loader. Patch by Juan Carlos Estibariz. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org