Hello, though it might be a bug in the implementation, the current proposed remediation within Tomcat is still a good choice for the time being in my point of view and won't have any bad side effects in future. It makes Tomcat more robust, more robust than the JGSS API requires.
Greetings, Thomas -----Ursprüngliche Nachricht----- Von: Michael B Allen <iop...@gmail.com> Gesendet: Dienstag, 23. November 2021 21:42 An: Tomcat Users List <users@tomcat.apache.org> Betreff: Re: Authentication with Browser stopped working / missing exception handling in getRemainingLifetime On Tue, Nov 23, 2021 at 2:59 PM Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.invalid> wrote: > > Short Addendum: > > The "destroyed" flag gets set, when the dispose-method of the > GSSCredentialImpl was invoked. > Currently, I have no clue when and how it happens, but I have seen this > problem every few months. > So it is only occurring sometimes. Maybe if the Kerberos ticket > expires and the http session is still alive (?) > > Nevertheless, the application should be able to recover from this situation > and handles it like "not authenticated". So as suspected it may actually be an invalid credential that maybe Tomcat had a hand in. If Tomcat disposed the credential and then subsequently tried to use it for any reason, that would be "invalid". So that might warrant investigation before submitting a bug report. But I would still argue that a JGSS implementation should not throw exceptions that are not defined by the API and currently only GSSException is defined. Correction: This is not a bug in the JGSS API, it is (almost certainly) a bug in the *Oracle / Sun implementation* of JGSS. Mike --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
