https://bz.apache.org/bugzilla/show_bug.cgi?id=63627
Bug ID: 63627
Summary: Implement more fine-grained handling in
RealmBase#authenticate(GSSContext, boolean)
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: micha...@apache.org
Target Milestone: ----
We maintain a custom RealmBase#authenticate(GSSContext, boolean) implementation
because the given one as a few shortcomings I'd like to address this in a PR:
* Move stripping right before #getPrincipal() to log a fully qualified GSS name
* Issue a warning instead of a debug if #getDelegCred() has failed.
Justification: the context indicates that there is a credential and the
developer has configured to store them, but this failed. A debug will be
unnoticed in a production system. The admin should see this and take action.
* If storeCreds is requested, but the credentials arent't log this in debug for
traceability.
Custom impl:
http://tomcatspnegoad.sourceforge.net/xref/net/sf/michaelo/tomcat/realm/ActiveDirectoryRealm.html#L229
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
