Author: markt
Date: Sun Jan 19 19:31:24 2014
New Revision: 1559566
URL: http://svn.apache.org/r1559566
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56013
IBM JRE only understands indefinite lifetime
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1559562
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1559566&r1=1559565&r2=1559566&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Sun Jan 19 19:31:24 2014
@@ -28,6 +28,7 @@ import javax.security.auth.login.LoginCo
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
@@ -219,12 +220,19 @@ public class SpnegoAuthenticator extends
// Assume the GSSContext is stateless
// TODO: Confirm this assumption
final GSSManager manager = GSSManager.getInstance();
+ // IBM JDK only understands indefinite lifetime
+ final int credentialLifetime;
+ if (Globals.IS_IBM_JVM) {
+ credentialLifetime = GSSCredential.INDEFINITE_LIFETIME;
+ } else {
+ credentialLifetime = GSSCredential.DEFAULT_LIFETIME;
+ }
final PrivilegedExceptionAction<GSSCredential> action =
new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws GSSException {
return manager.createCredential(null,
- GSSCredential.DEFAULT_LIFETIME,
+ credentialLifetime,
new Oid("1.3.6.1.5.5.2"),
GSSCredential.ACCEPT_ONLY);
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1559566&r1=1559565&r2=1559566&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Jan 19 19:31:24 2014
@@ -90,6 +90,12 @@
parsing XML configuration files. (markt)
</fix>
<fix>
+ <bug>56013</bug>: Fix issue with SPNEGO authentication when using IBM
+ JREs. IBM JREs only understand the option of infinite lifetime for
+ Kerberos credentials. Based on a patch provided by Arunav Sanyal.
+ (markt)
+ </fix>
+ <fix>
<bug>56016</bug>: When loading resources for XML schema validation,
take
account of the possibility that servlet-api.jar and jsp-api.jar may not
be loaded by the same class loader. Patch by Juan Carlos Estibariz.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
