Make JAASRealm mis-configuration more obvious by requiring the authenticated Subject to include at least one Principal of a type specified by userClassNames
git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc8.0.x/trunk@1833064 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/java/org/apache/catalina/realm/JAASRealm.java b/java/org/apache/catalina/realm/JAASRealm.java
index 829a184..09ec7e8 100644
--- a/java/org/apache/catalina/realm/JAASRealm.java
+++ b/java/org/apache/catalina/realm/JAASRealm.java
@@ -560,6 +560,7 @@
log.debug(sm.getString("jaasRealm.userPrincipalFailure"));
log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
}
+ return null;
} else {
if (roles.size() == 0) {
if (log.isDebugEnabled()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c44e037..1a58968 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -128,6 +128,11 @@
ensure that the correct Connector is removed when there are multiple
Connectors using different addresses but the same port. (markt)
</fix>
+ <fix>
+ Make <code>JAASRealm</code> mis-configuration more obvious by requiring
+ the authenticated Subject to include at least one Principal of a type
+ specified by <code>userClassNames</code>. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
