https://bz.apache.org/bugzilla/show_bug.cgi?id=63627
Bug ID: 63627 Summary: Implement more fine-grained handling in RealmBase#authenticate(GSSContext, boolean) Product: Tomcat 8 Version: 8.5.x-trunk Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: micha...@apache.org Target Milestone: ---- We maintain a custom RealmBase#authenticate(GSSContext, boolean) implementation because the given one as a few shortcomings I'd like to address this in a PR: * Move stripping right before #getPrincipal() to log a fully qualified GSS name * Issue a warning instead of a debug if #getDelegCred() has failed. Justification: the context indicates that there is a credential and the developer has configured to store them, but this failed. A debug will be unnoticed in a production system. The admin should see this and take action. * If storeCreds is requested, but the credentials arent't log this in debug for traceability. Custom impl: http://tomcatspnegoad.sourceforge.net/xref/net/sf/michaelo/tomcat/realm/ActiveDirectoryRealm.html#L229 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org