[tomcat] branch BZ-63636/tomcat-9.0.x created (now 738380b)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 738380b  BZ 63636: Context#findRoleMapping() never called in 
RealmBase#hasRole()

This branch includes the following new commits:

 new 738380b  BZ 63636: Context#findRoleMapping() never called in 
RealmBase#hasRole()

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] 01/01: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 738380b40daaf310f8e706695937f3e771fac652
Author: Michael Osipov 
AuthorDate: Mon Aug 5 21:32:58 2019 +0200

BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()
---
 java/org/apache/catalina/realm/RealmBase.java |  9 +
 test/org/apache/catalina/realm/TestRealmBase.java | 43 +++
 webapps/docs/changelog.xml|  4 +++
 3 files changed, 56 insertions(+)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index c779c34..dbeeaa3 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -928,6 +928,15 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
+if (realRole != null) {
+role = realRole;
+}
+}
+
 // Should be overridden in JAASRealm - to avoid pretty inefficient 
conversions
 if (principal == null || role == null) {
 return false;
diff --git a/test/org/apache/catalina/realm/TestRealmBase.java 
b/test/org/apache/catalina/realm/TestRealmBase.java
index 7ef9191..b4d35fb 100644
--- a/test/org/apache/catalina/realm/TestRealmBase.java
+++ b/test/org/apache/catalina/realm/TestRealmBase.java
@@ -19,7 +19,9 @@ package org.apache.catalina.realm;
 import java.io.IOException;
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.servlet.ServletSecurityElement;
 import javax.servlet.annotation.ServletSecurity;
@@ -789,4 +791,45 @@ public class TestRealmBase {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
+// We won't map ROLE3 to "another-very-complex-role-name" to make it 
fail
+// intentionally
+
+TesterMapRealm realm = new TesterMapRealm();
+MessageDigestCredentialHandler ch = new 
MessageDigestCredentialHandler();
+ch.setAlgorithm("SHA");
+realm.setCredentialHandler(ch);
+realm.setContainer(context);
+realm.start();
+
+realm.addUser(USER1, PWD_SHA);
+realm.addUserRole(USER1, ROLE1);
+realm.addUserRole(USER1, "very-complex-role-name");
+realm.addUserRole(USER1, "another-very-complex-role-name");
+
+Principal p = realm.authenticate(USER1, PWD);
+
+Assert.assertNotNull(p);
+Assert.assertEquals(USER1, p.getName());
+Assert.assertTrue(realm.hasRole(null, p, ROLE1));
+Assert.assertTrue(realm.hasRole(null, p, ROLE2));
+Assert.assertTrue(realm.hasRole(null, p, "very-complex-role-name"));
+Assert.assertFalse(realm.hasRole(null, p, ROLE3));
+}
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6414088..c56fbfb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 63627: Implement more fine-grained handling in
 RealmBase.authenticate(GSSContext, boolean). (michaelo)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



buildbot success in on tomcat-7-trunk

2019-08-05 Thread buildbot
The Buildbot has detected a restored build on builder tomcat-7-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-7-trunk/builds/1414

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' 
triggered this build
Build Source Stamp: [branch 7.0.x] c653fe553fc8bad73343ca654d4972fc98a6fc08
Blamelist: Michael Osipov 

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



buildbot failure in on tomcat-7-trunk

2019-08-05 Thread buildbot
The Buildbot has detected a new failure on builder tomcat-7-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-7-trunk/builds/1413

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' 
triggered this build
Build Source Stamp: [branch 7.0.x] c9e9b5d7f88307713c27128d12890daf1c047cc3
Blamelist: Michael Osipov 

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63636] New: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63636

Bug ID: 63636
   Summary: Context#findRoleMapping() never called in
RealmBase#hasRole()
   Product: Tomcat 8
   Version: 8.5.43
  Hardware: All
OS: All
Status: NEW
  Severity: major
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: micha...@apache.org
  Target Milestone: 

When a realm is declared within a context (context.xml) one can add role
mappings with Context#addRoleMapping(). Unfortunately, these mappings are never
queried when RealmBase#hasRole() is called. This should be done after 
Wrapper#findSecurityReference() has been called.

This crucial when application developers use symbolic role names, but your
backend store uses cryptic names like DNs or securiy IDs from Active Directory.

I have a working private patch which I will enrich with tests and will create a
PR for it.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63636] Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63636

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch BZ-63634 deleted (was c653fe5)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63634
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 was c653fe5  BZ 63634: Align setproxy target in build.xml with 8.5/9.0

The revisions that were on this branch are still contained in
other references; therefore, this change does not discard any commits
from the repository.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63634] Align setproxy target in build.xml with 8.5/9.0

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63634

Michael Osipov  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Michael Osipov  ---
Fixed in:
- 7.0.x for 7.0.97 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] asfgit merged pull request #185: BZ 63634: Align setproxy target in build.xml with 8.5/9.0

2019-08-05 Thread GitBox
asfgit merged pull request #185: BZ 63634: Align setproxy target in build.xml 
with 8.5/9.0
URL: https://github.com/apache/tomcat/pull/185
 
 
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 7.0.x updated (c9e9b5d -> c653fe5)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from c9e9b5d  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
 add c653fe5  BZ 63634: Align setproxy target in build.xml with 8.5/9.0

No new revisions were added by this update.

Summary of changes:
 build.xml  | 9 +
 webapps/docs/changelog.xml | 4 
 2 files changed, 5 insertions(+), 8 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch BZ-63634 updated (371be58 -> c653fe5)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63634
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 discard 371be58  BZ 63634: Align setproxy target in build.xml with 8.5/9.0
 new c653fe5  BZ 63634: Align setproxy target in build.xml with 8.5/9.0

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (371be58)
\
 N -- N -- N   refs/heads/BZ-63634 (c653fe5)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 webapps/docs/changelog.xml | 4 
 1 file changed, 4 insertions(+)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] 01/01: BZ 63634: Align setproxy target in build.xml with 8.5/9.0

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63634
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c653fe553fc8bad73343ca654d4972fc98a6fc08
Author: Michael Osipov 
AuthorDate: Mon Aug 5 15:17:32 2019 +0200

BZ 63634: Align setproxy target in build.xml with 8.5/9.0
---
 build.xml  | 9 +
 webapps/docs/changelog.xml | 4 
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/build.xml b/build.xml
index a0ca308..179e60d 100644
--- a/build.xml
+++ b/build.xml
@@ -2937,14 +2937,7 @@ skip.installer property in build.properties" />
 
   
 
-  
-
-
-  
-
-  
-
-  
+  
 
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e315387..ae9d261 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -95,6 +95,10 @@
   
   
 
+  
+63634: Align setproxy target in build.xml with
+8.5/9.0. (michaelo)
+  
   
 Limit the default JPDA (remote debugging interface) listen address to
 localhost:8000. (markt)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o opened a new pull request #185: BZ 63634: Align setproxy target in build.xml with 8.5/9.0

2019-08-05 Thread GitBox
michael-o opened a new pull request #185: BZ 63634: Align setproxy target in 
build.xml with 8.5/9.0
URL: https://github.com/apache/tomcat/pull/185
 
 
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch BZ-63634 created (now 371be58)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63634
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 371be58  BZ 63634: Align setproxy target in build.xml with 8.5/9.0

This branch includes the following new commits:

 new 371be58  BZ 63634: Align setproxy target in build.xml with 8.5/9.0

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] 01/01: BZ 63634: Align setproxy target in build.xml with 8.5/9.0

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63634
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 371be587b35ebbb6e054f2de1c490d08b124d0f1
Author: Michael Osipov 
AuthorDate: Mon Aug 5 15:17:32 2019 +0200

BZ 63634: Align setproxy target in build.xml with 8.5/9.0
---
 build.xml | 9 +
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/build.xml b/build.xml
index a0ca308..179e60d 100644
--- a/build.xml
+++ b/build.xml
@@ -2937,14 +2937,7 @@ skip.installer property in build.properties" />
 
   
 
-  
-
-
-  
-
-  
-
-  
+  
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch BZ-63627/tomcat-7.0.x deleted (was 297e045)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63627/tomcat-7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 was 297e045  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

This change permanently discards the following revisions:

 discard 297e045  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch BZ-63627/tomcat-9.0.x deleted (was b724612)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63627/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 was b724612  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

The revisions that were on this branch are still contained in
other references; therefore, this change does not discard any commits
from the repository.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch BZ-63627/tomcat-8.5.x deleted (was f592008)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63627/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 was f592008  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

This change permanently discards the following revisions:

 discard f592008  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63627] Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63627

Michael Osipov  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #1 from Michael Osipov  ---
Fixed in:
- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.97 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 8.5.x updated: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 6459a20  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
6459a20 is described below

commit 6459a20d916b0c0ac55dd4b1bc0ab23f6ce4018c
Author: Michael Osipov 
AuthorDate: Fri Aug 2 14:09:02 2019 +0200

BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
---
 java/org/apache/catalina/realm/CombinedRealm.java  |  4 +--
 .../apache/catalina/realm/LocalStrings.properties  |  3 +-
 java/org/apache/catalina/realm/RealmBase.java  | 33 +-
 webapps/docs/changelog.xml |  4 +++
 4 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index ed48e0e..59511fa 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -350,7 +350,7 @@ public class CombinedRealm extends RealmBase {
  * {@inheritDoc}
  */
 @Override
-public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 Principal authenticatedUser = null;
 String username = null;
@@ -371,7 +371,7 @@ public class CombinedRealm extends RealmBase {
 username, realm.getClass().getName()));
 }
 
-authenticatedUser = realm.authenticate(gssContext, storeCreds);
+authenticatedUser = realm.authenticate(gssContext, storeCred);
 
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties 
b/java/org/apache/catalina/realm/LocalStrings.properties
index 990a409..5a8aee3 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -91,7 +91,8 @@ realmBase.cannotGetRoles=Cannot get roles from principal [{0}]
 realmBase.createUsernameRetriever.ClassCastException=Class [{0}] is not an 
X509UsernameRetriever.
 realmBase.createUsernameRetriever.newInstance=Cannot create object of type 
[{0}].
 realmBase.credentialHandler.customCredentialHandler=Unable to set the property 
[{0}] to value [{1}] as a custom CredentialHandler has been configured
-realmBase.delegatedCredentialFail=Unable to obtain delegated credentials for 
user [{0}]
+realmBase.delegatedCredentialFail=Unable to obtain delegated credential for 
user [{0}]
+realmBase.credentialNotDelegated=Credential for user [{0}] has not been 
delegated though storing was requested
 realmBase.digest=Error digesting user credentials
 realmBase.forbidden=Access to the requested resource has been denied
 realmBase.gotX509Username=Got user name from X509 certificate: [{0}]
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 9a5..eaa49aa 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -472,7 +472,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
  * {@inheritDoc}
  */
 @Override
-public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 GSSName gssName = null;
 try {
@@ -482,27 +482,32 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
 }
 
 if (gssName!= null) {
+GSSCredential gssCredential = null;
+if (storeCred) {
+if (gssContext.getCredDelegState()) {
+try {
+gssCredential = gssContext.getDelegCred();
+} catch (GSSException e) {
+log.warn(sm.getString(
+"realmBase.delegatedCredentialFail", 
gssName), e);
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString(
+"realmBase.credentialNotDelegated", 
gssName));
+}
+}
+}
+
 String name = gssName.toString();
 
 if (isStripRealmForGss()) {
 int i = name.indexOf('@');
 if (i > 0) {
-// Zero so we don;t leave a zero length name
+ 

[GitHub] [tomcat] asfgit merged pull request #184: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread GitBox
asfgit merged pull request #184: BZ 63627: Implement more fine-grained handling 
in RealmBase#authenticate(GSSContext, boolean)
URL: https://github.com/apache/tomcat/pull/184
 
 
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch master updated (acf6076 -> b724612)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from acf6076  Include failed TLS handshakes in the access log
 add b724612  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

No new revisions were added by this update.

Summary of changes:
 java/org/apache/catalina/realm/CombinedRealm.java  |  4 +--
 .../apache/catalina/realm/LocalStrings.properties  |  3 +-
 java/org/apache/catalina/realm/RealmBase.java  | 33 +-
 webapps/docs/changelog.xml |  4 +++
 4 files changed, 27 insertions(+), 17 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] 01/01: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63627/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b724612ef327f1e3c493de44b29ae24e1d757d0f
Author: Michael Osipov 
AuthorDate: Fri Aug 2 14:09:02 2019 +0200

BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
---
 java/org/apache/catalina/realm/CombinedRealm.java  |  4 +--
 .../apache/catalina/realm/LocalStrings.properties  |  3 +-
 java/org/apache/catalina/realm/RealmBase.java  | 33 +-
 webapps/docs/changelog.xml |  4 +++
 4 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index c04aed1..6a73b0f 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -343,7 +343,7 @@ public class CombinedRealm extends RealmBase {
  * {@inheritDoc}
  */
 @Override
-public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 Principal authenticatedUser = null;
 String username = null;
@@ -364,7 +364,7 @@ public class CombinedRealm extends RealmBase {
 username, realm.getClass().getName()));
 }
 
-authenticatedUser = realm.authenticate(gssContext, storeCreds);
+authenticatedUser = realm.authenticate(gssContext, storeCred);
 
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties 
b/java/org/apache/catalina/realm/LocalStrings.properties
index a390fb5..1cb2407 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -102,7 +102,8 @@ realmBase.cannotGetRoles=Cannot get roles from principal 
[{0}]
 realmBase.createUsernameRetriever.ClassCastException=Class [{0}] is not an 
X509UsernameRetriever.
 realmBase.createUsernameRetriever.newInstance=Cannot create object of type 
[{0}].
 realmBase.credentialHandler.customCredentialHandler=Unable to set the property 
[{0}] to value [{1}] as a custom CredentialHandler has been configured
-realmBase.delegatedCredentialFail=Unable to obtain delegated credentials for 
user [{0}]
+realmBase.delegatedCredentialFail=Unable to obtain delegated credential for 
user [{0}]
+realmBase.credentialNotDelegated=Credential for user [{0}] has not been 
delegated though storing was requested
 realmBase.digest=Error digesting user credentials
 realmBase.forbidden=Access to the requested resource has been denied
 realmBase.gotX509Username=Got user name from X509 certificate: [{0}]
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 3fde57c..c779c34 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -470,7 +470,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
  * {@inheritDoc}
  */
 @Override
-public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 GSSName gssName = null;
 try {
@@ -480,27 +480,32 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
 }
 
 if (gssName!= null) {
+GSSCredential gssCredential = null;
+if (storeCred) {
+if (gssContext.getCredDelegState()) {
+try {
+gssCredential = gssContext.getDelegCred();
+} catch (GSSException e) {
+log.warn(sm.getString(
+"realmBase.delegatedCredentialFail", 
gssName), e);
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString(
+"realmBase.credentialNotDelegated", 
gssName));
+}
+}
+}
+
 String name = gssName.toString();
 
 if (isStripRealmForGss()) {
 int i = name.indexOf('@');
 if (i > 0) {
-// Zero so we don;t leave a zero length name
+// Zero so we don't leave a zero length name
 name = name.substring(0, i);
 }
 }
-GSSCredential 

[tomcat] branch BZ-63627/tomcat-9.0.x updated (feabfd9 -> b724612)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63627/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


omit feabfd9  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
 add acf6076  Include failed TLS handshakes in the access log
 new b724612  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (feabfd9)
\
 N -- N -- N   refs/heads/BZ-63627/tomcat-9.0.x (b724612)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/catalina/realm/CombinedRealm.java   |  4 ++--
 java/org/apache/catalina/realm/RealmBase.java   |  4 ++--
 java/org/apache/coyote/AbstractProcessor.java   | 17 -
 java/org/apache/coyote/AbstractProcessorLight.java  | 17 -
 java/org/apache/coyote/http11/Http11Processor.java  | 10 --
 java/org/apache/coyote/http2/Http2UpgradeHandler.java   |  1 +
 java/org/apache/tomcat/util/net/AprEndpoint.java|  2 ++
 java/org/apache/tomcat/util/net/Nio2Endpoint.java   |  1 +
 java/org/apache/tomcat/util/net/NioEndpoint.java|  1 +
 java/org/apache/tomcat/util/net/SocketEvent.java| 11 ++-
 .../tomcat/websocket/server/WsHttpUpgradeHandler.java   |  1 +
 .../http11/upgrade/TestUpgradeInternalHandler.java  |  1 +
 webapps/docs/changelog.xml  |  4 
 13 files changed, 65 insertions(+), 9 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 7.0.x updated: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new c9e9b5d  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
c9e9b5d is described below

commit c9e9b5d7f88307713c27128d12890daf1c047cc3
Author: Michael Osipov 
AuthorDate: Fri Aug 2 14:09:02 2019 +0200

BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
---
 java/org/apache/catalina/realm/CombinedRealm.java  |  4 +--
 .../apache/catalina/realm/LocalStrings.properties  |  3 +-
 java/org/apache/catalina/realm/RealmBase.java  | 33 +-
 webapps/docs/changelog.xml |  4 +++
 4 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index 5162e48..b203a29 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -331,7 +331,7 @@ public class CombinedRealm extends RealmBase {
  * {@inheritDoc}
  */
 @Override
-public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 Principal authenticatedUser = null;
 String username = null;
@@ -352,7 +352,7 @@ public class CombinedRealm extends RealmBase {
 username, realm.getInfo()));
 }
 
-authenticatedUser = realm.authenticate(gssContext, storeCreds);
+authenticatedUser = realm.authenticate(gssContext, storeCred);
 
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties 
b/java/org/apache/catalina/realm/LocalStrings.properties
index 95b56b5..66189e5 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -99,7 +99,8 @@ realmBase.createUsernameRetriever.ClassCastException=Class 
{0} is not an X509Use
 realmBase.createUsernameRetriever.ClassNotFoundException=Cannot find class {0}.
 realmBase.createUsernameRetriever.IllegalAccessException=Cannot create object 
of type {0}.
 realmBase.createUsernameRetriever.InstantiationException=Cannot create object 
of type {0}.
-realmBase.delegatedCredentialFail=Unable to obtain delegated credentials for 
user [{0}]
+realmBase.delegatedCredentialFail=Unable to obtain delegated credential for 
user {0}
+realmBase.credentialNotDelegated=Credential for user {0} has not been 
delegated though storing was requested
 realmBase.digest=Error digesting user credentials
 realmBase.forbidden=Access to the requested resource has been denied
 realmBase.gotX509Username=Got user name from X509 certificate: {0}
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 9697440..9c753af 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -547,7 +547,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
  * {@inheritDoc}
  */
 @Override
-public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 GSSName gssName = null;
 try {
@@ -557,27 +557,32 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
 }
 
 if (gssName!= null) {
+GSSCredential gssCredential = null;
+if (storeCred) {
+if (gssContext.getCredDelegState()) {
+try {
+gssCredential = gssContext.getDelegCred();
+} catch (GSSException e) {
+log.warn(sm.getString(
+"realmBase.delegatedCredentialFail", 
gssName), e);
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString(
+"realmBase.credentialNotDelegated", 
gssName));
+}
+}
+}
+
 String name = gssName.toString();
 
 if (isStripRealmForGss()) {
 int i = name.indexOf('@');
 if (i > 0) {
-// Zero so we don;t leave a zero length name
+// Zero so we don't leave a zero length name
   

[Bug 63634] Align setproxy target in build.xml with 8.5/9.0

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63634

--- Comment #1 from Michael Osipov  ---
This requires Ant 1.8.0+ and we require Ant 1.8.2 in BUILDING.txt, so this
should be safe to do.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63634] Align setproxy target in build.xml with 8.5/9.0

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63634

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63634] New: Align setproxy target in build.xml with 8.5/9.0

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63634

Bug ID: 63634
   Summary: Align setproxy target in build.xml with 8.5/9.0
   Product: Tomcat 7
   Version: 7.0.96
  Hardware: All
OS: All
Status: NEW
  Severity: enhancement
  Priority: P2
 Component: Integration
  Assignee: dev@tomcat.apache.org
  Reporter: micha...@apache.org
  Target Milestone: ---

Stumbled upon this when starting testing at work:

It is a bit of a pain changing proxy.use=on to proxy.use=true when testing
between Tomcat versions behind a proxy.
I propose to drop the proxyflags target and use the 'if' attribute on setproxy.

I'll prepare a PR for that.

This change is backwards compatible because the if attribute also accepts on as
far as I can see.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on issue #184: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread GitBox
michael-o commented on issue #184: BZ 63627: Implement more fine-grained 
handling in RealmBase#authenticate(GSSContext, boolean)
URL: https://github.com/apache/tomcat/pull/184#issuecomment-518193786
 
 
   Thanks, tests are already running for backports...


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] 01/01: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63627/tomcat-7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 297e04513a4c0247de2a17d9f2bf8995cf407691
Author: Michael Osipov 
AuthorDate: Fri Aug 2 14:09:02 2019 +0200

BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
---
 .../apache/catalina/realm/LocalStrings.properties  |  3 ++-
 java/org/apache/catalina/realm/RealmBase.java  | 31 +-
 webapps/docs/changelog.xml |  4 +++
 3 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/catalina/realm/LocalStrings.properties 
b/java/org/apache/catalina/realm/LocalStrings.properties
index 95b56b5..66189e5 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -99,7 +99,8 @@ realmBase.createUsernameRetriever.ClassCastException=Class 
{0} is not an X509Use
 realmBase.createUsernameRetriever.ClassNotFoundException=Cannot find class {0}.
 realmBase.createUsernameRetriever.IllegalAccessException=Cannot create object 
of type {0}.
 realmBase.createUsernameRetriever.InstantiationException=Cannot create object 
of type {0}.
-realmBase.delegatedCredentialFail=Unable to obtain delegated credentials for 
user [{0}]
+realmBase.delegatedCredentialFail=Unable to obtain delegated credential for 
user {0}
+realmBase.credentialNotDelegated=Credential for user {0} has not been 
delegated though storing was requested
 realmBase.digest=Error digesting user credentials
 realmBase.forbidden=Access to the requested resource has been denied
 realmBase.gotX509Username=Got user name from X509 certificate: {0}
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 9697440..099618e 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -557,27 +557,32 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
 }
 
 if (gssName!= null) {
+GSSCredential gssCredential = null;
+if (storeCreds) {
+if (gssContext.getCredDelegState()) {
+try {
+gssCredential = gssContext.getDelegCred();
+} catch (GSSException e) {
+log.warn(sm.getString(
+"realmBase.delegatedCredentialFail", 
gssName), e);
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString(
+"realmBase.credentialNotDelegated", 
gssName));
+}
+}
+}
+
 String name = gssName.toString();
 
 if (isStripRealmForGss()) {
 int i = name.indexOf('@');
 if (i > 0) {
-// Zero so we don;t leave a zero length name
+// Zero so we don't leave a zero length name
 name = name.substring(0, i);
 }
 }
-GSSCredential gssCredential = null;
-if (storeCreds && gssContext.getCredDelegState()) {
-try {
-gssCredential = gssContext.getDelegCred();
-} catch (GSSException e) {
-if (log.isDebugEnabled()) {
-log.debug(sm.getString(
-"realmBase.delegatedCredentialFail", name),
-e);
-}
-}
-}
 return getPrincipal(name, gssCredential);
 }
 } else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9dbc17f..e315387 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -62,6 +62,10 @@
 
   
 
+  
+63627: Implement more fine-grained handling in
+RealmBase.authenticate(GSSContext, boolean). (michaelo)
+  
   
 62496: Add option to write auth information (remote 
user/auth type)
 to response headers. (michaelo)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch BZ-63627/tomcat-7.0.x created (now 297e045)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63627/tomcat-7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 297e045  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

This branch includes the following new commits:

 new 297e045  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63625] Unable to start Tomcat 7.0.96 (stop by 0xc0000005)

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63625

--- Comment #13 from Mark Thomas  ---
Just adding to the general information. I'm not drawing any conclusions as this
point.

I'm currently setting up a clean install of 32-bit Windows 7. I haven't
finished my battle with Windows update yet but already one of the important
updates has installed (a fairly recent version of) ucrtbase.dll

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] 01/01: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63627/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f5920085da51f943cc77e1fec41ea3641fedb4f9
Author: Michael Osipov 
AuthorDate: Fri Aug 2 14:09:02 2019 +0200

BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
---
 .../apache/catalina/realm/LocalStrings.properties  |  3 ++-
 java/org/apache/catalina/realm/RealmBase.java  | 31 +-
 webapps/docs/changelog.xml |  4 +++
 3 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/catalina/realm/LocalStrings.properties 
b/java/org/apache/catalina/realm/LocalStrings.properties
index 990a409..5a8aee3 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -91,7 +91,8 @@ realmBase.cannotGetRoles=Cannot get roles from principal [{0}]
 realmBase.createUsernameRetriever.ClassCastException=Class [{0}] is not an 
X509UsernameRetriever.
 realmBase.createUsernameRetriever.newInstance=Cannot create object of type 
[{0}].
 realmBase.credentialHandler.customCredentialHandler=Unable to set the property 
[{0}] to value [{1}] as a custom CredentialHandler has been configured
-realmBase.delegatedCredentialFail=Unable to obtain delegated credentials for 
user [{0}]
+realmBase.delegatedCredentialFail=Unable to obtain delegated credential for 
user [{0}]
+realmBase.credentialNotDelegated=Credential for user [{0}] has not been 
delegated though storing was requested
 realmBase.digest=Error digesting user credentials
 realmBase.forbidden=Access to the requested resource has been denied
 realmBase.gotX509Username=Got user name from X509 certificate: [{0}]
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 9a5..d14f7b3 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -482,27 +482,32 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
 }
 
 if (gssName!= null) {
+GSSCredential gssCredential = null;
+if (storeCreds) {
+if (gssContext.getCredDelegState()) {
+try {
+gssCredential = gssContext.getDelegCred();
+} catch (GSSException e) {
+log.warn(sm.getString(
+"realmBase.delegatedCredentialFail", 
gssName), e);
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString(
+"realmBase.credentialNotDelegated", 
gssName));
+}
+}
+}
+
 String name = gssName.toString();
 
 if (isStripRealmForGss()) {
 int i = name.indexOf('@');
 if (i > 0) {
-// Zero so we don;t leave a zero length name
+// Zero so we don't leave a zero length name
 name = name.substring(0, i);
 }
 }
-GSSCredential gssCredential = null;
-if (storeCreds && gssContext.getCredDelegState()) {
-try {
-gssCredential = gssContext.getDelegCred();
-} catch (GSSException e) {
-if (log.isDebugEnabled()) {
-log.debug(sm.getString(
-"realmBase.delegatedCredentialFail", name),
-e);
-}
-}
-}
 return getPrincipal(name, gssCredential);
 }
 } else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index abe97fd..e8704dd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -47,6 +47,10 @@
 
   
 
+  
+63627: Implement more fine-grained handling in
+RealmBase.authenticate(GSSContext, boolean). (michaelo)
+  
   
 62496: Add option to write auth information (remote 
user/auth type)
 to response headers. (michaelo)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch BZ-63627/tomcat-8.5.x created (now f592008)

2019-08-05 Thread michaelo
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63627/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at f592008  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

This branch includes the following new commits:

 new f592008  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o edited a comment on issue #184: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread GitBox
michael-o edited a comment on issue #184: BZ 63627: Implement more fine-grained 
handling in RealmBase#authenticate(GSSContext, boolean)
URL: https://github.com/apache/tomcat/pull/184#issuecomment-518184381
 
 
   If I don't see ayn objection, I'll merge this by tomorrow and backport to 
8.5.x and 7.0.x.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o edited a comment on issue #184: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread GitBox
michael-o edited a comment on issue #184: BZ 63627: Implement more fine-grained 
handling in RealmBase#authenticate(GSSContext, boolean)
URL: https://github.com/apache/tomcat/pull/184#issuecomment-518184381
 
 
   If I don't see receive objection, I'll merge this by tomorrow and backport 
to 8.5.x and 7.0.x.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on issue #184: BZ 63627: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean)

2019-08-05 Thread GitBox
michael-o commented on issue #184: BZ 63627: Implement more fine-grained 
handling in RealmBase#authenticate(GSSContext, boolean)
URL: https://github.com/apache/tomcat/pull/184#issuecomment-518184381
 
 
   If I don't see ayn objection, I'll merge this by tomorrow.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63625] Unable to start Tomcat 7.0.96 (stop by 0xc0000005)

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63625

--- Comment #12 from Konstantin Prei├čer  ---
Hi,

FYI ucrtbase.dll is the Windows Universal C Runtime which will be used when
compiling with Visual C++ 2015 and higher [1].
It is included with Windows 10/Windows Server 2016 and higher. For older OSes,
it will only be present if e.g. KB3118401 was installed from Windows Update.
However, it is possible to redistribute it e.g. by using local deployment [3].


[1]
https://docs.microsoft.com/en-us/cpp/windows/universal-crt-deployment?view=vs-2019
[2]
https://support.microsoft.com/en-us/help/3118401/update-for-universal-c-runtime-in-windows
[3]
https://docs.microsoft.com/en-us/cpp/windows/universal-crt-deployment?view=vs-2019#local-deployment

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63625] Unable to start Tomcat 7.0.96 (stop by 0xc0000005)

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63625

Mark Thomas  changed:

   What|Removed |Added

 Status|NEEDINFO|NEW

--- Comment #11 from Mark Thomas  ---
Thanks for the additional investigation. This may turn out to be a Commons
Daemon issue. Let me look into the Daemon change that added the dependency on
ucrtbase.dll

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63625] Unable to start Tomcat 7.0.96 (stop by 0xc0000005)

2019-08-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63625

--- Comment #10 from Norimasa Yamamoto  ---
Difference between prunsrv.exe 1.1.0.0 and 1.2.0.0.
prunsrv.exe 1.2.0.0 :
  Try to use ucrtbase.dll!_wputenv at prunsrv!apxSetInprocEnvironment.
  When there, set SQ_ENVIRONMENT to ucrtbase.dll's environment too.

ucrtbase.dll is used from vcruntime140.dll.
When target jvm.dll is with lower than vcruntime140.dll (i.e. msvc100.dll),
prunsrv.exe must load msvcrXXX.dll, instead. Because jvm.dll's environment is
in msvcrXXX.dll (not in ucrtbase.dll).

So I silulated ucrtbase.dll was missing (patch at E0E1: 64 to 7A),
Tomcat7.exe 1.2.0.0 started. However, I don't test it work or not.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org