Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51453

Fix a regression in the preemptive authentication support (enhancement <bug>12428</bug>) that could trigger authentication even if preemptive authentication was disabled.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1141578 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index fa99f81..d84ae45 100644 (file)
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -516,13 +516,13 @@ public abstract class AuthenticatorBase extends ValveBase
             }
         }
 
-        if (!authRequired) {
+        if (!authRequired && context.getPreemptiveAuthentication()) {
             authRequired =
                 request.getCoyoteRequest().getMimeHeaders().getValue(
                         "authorization") != null;
         }
 
-        if (!authRequired) {
+        if (!authRequired && context.getPreemptiveAuthentication()) {
             X509Certificate[] certs = (X509Certificate[]) request.getAttribute(
                     Globals.CERTIFICATES_ATTR);
             authRequired = certs != null && certs.length > 0;

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0a18d55..7ad533d 100644 (file)
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -181,6 +181,11 @@
         implement SingleThreadModel. Based on a patch by Felix Schumacher.
         (markt)
       </fix>
+      <fix>
+        <bug>51453</bug>: Fix a regression in the preemptive authentication
+        support (enhancement <bug>12428</bug>) that could trigger authentication
+        even if preemptive authentication was disabled. (markt) 
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">