Skip to content

Commit 46c7905

Browse files
author
Robert Rodewald
committed
Preemptive auth deactivated for SSL auth as mandated by RFC8446
1 parent a9c6be8 commit 46c7905

File tree

1 file changed

+3
-9
lines changed

1 file changed

+3
-9
lines changed

java/org/apache/catalina/authenticator/SSLAuthenticator.java

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -20,13 +20,13 @@
2020
import java.security.Principal;
2121
import java.security.cert.X509Certificate;
2222

23-
import jakarta.servlet.http.HttpServletRequest;
24-
import jakarta.servlet.http.HttpServletResponse;
25-
2623
import org.apache.catalina.Globals;
2724
import org.apache.catalina.connector.Request;
2825
import org.apache.coyote.ActionCode;
2926

27+
import jakarta.servlet.http.HttpServletRequest;
28+
import jakarta.servlet.http.HttpServletResponse;
29+
3030
/**
3131
* An <b>Authenticator</b> and <b>Valve</b> implementation of authentication
3232
* that utilizes SSL certificates to identify client users.
@@ -103,12 +103,6 @@ protected String getAuthMethod() {
103103
return HttpServletRequest.CLIENT_CERT_AUTH;
104104
}
105105

106-
@Override
107-
protected boolean isPreemptiveAuthPossible(Request request) {
108-
X509Certificate[] certs = getRequestCertificates(request);
109-
return certs != null && certs.length > 0;
110-
}
111-
112106
/**
113107
* Look for the X509 certificate chain in the Request under the key
114108
* <code>jakarta.servlet.request.X509Certificate</code>. If not found, trigger

0 commit comments

Comments
 (0)