On Mon, Nov 22, 2021 at 2:39 AM Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.invalid> wrote: > Would it be better to also catch IllegalStateException and instead of > checking left == 0 to change it to left <= 0 ?
I would argue that this is a bug in JGSS. JGSS has been a comedy of errors over the years. I thought it had mostly stabilized over the last 5-10 years but this is a good example of the sort of bad behavior from that lib. Throwing an IllegalStateException there is a bad API choice. I have to wonder if that was not the designers intention. The getRemainingLifetime API documentation does not say anything about it throwing an IllegalStateException when your cred expires. You might want to try the latest JRE if you're using something old. Or maybe there's something screwy about the cred and it's tripping up an unexpected code path. I assume you mean Kerberos and not LDAP BTW. But I think the only real short term solution for now would be to catch the IllegalStateException and just set left = 0. Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org