Fix saved request serialization issue in FORM

Introduced when allowing infinite session timeouts.
BZ69706

Author: rmaucher

java/org/apache/catalina/authenticator/FormAuthenticator.java

@@ -646,8 +646,8 @@ protected boolean restoreRequest(Request request, Session session) throws IOExce
         request.getCoyoteRequest().queryString().toStringType();
         request.getCoyoteRequest().protocol().toStringType();
 
-        if (saved.getOriginalMaxInactiveIntervalOptional().isPresent()) {
-            session.setMaxInactiveInterval(saved.getOriginalMaxInactiveIntervalOptional().getAsInt());
+        if (saved.getOriginalMaxInactiveIntervalOptional() != null) {
+            session.setMaxInactiveInterval(saved.getOriginalMaxInactiveIntervalOptional().intValue());
         }
 
         return true;
@@ -724,14 +724,14 @@ protected void saveRequest(Request request, Session session) throws IOException
                     session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
                 }
             } else if (previousSavedRequest != null &&
-                    previousSavedRequest.getOriginalMaxInactiveIntervalOptional().isPresent()) {
+                    previousSavedRequest.getOriginalMaxInactiveIntervalOptional() != null) {
                 /*
                  * The user may have refreshed the browser page during authentication. Transfer the original max inactive
                  * interval from previous saved request to current one else, once authentication is completed, the session
                  * will retain the shorter authentication session timeout
                  */
                 saved.setOriginalMaxInactiveInterval(
-                        previousSavedRequest.getOriginalMaxInactiveIntervalOptional().getAsInt());
+                        previousSavedRequest.getOriginalMaxInactiveIntervalOptional().intValue());
             }
         }
 

java/org/apache/catalina/authenticator/SavedRequest.java

@@ -24,7 +24,6 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.OptionalInt;
 
 import javax.servlet.http.Cookie;
 
@@ -182,9 +181,9 @@ public void setContentType(String contentType) {
     /**
      * The original maxInactiveInterval for the session.
      */
-    private OptionalInt originalMaxInactiveInterval = OptionalInt.empty();
+    private Integer originalMaxInactiveInterval = null;
 
-    public OptionalInt getOriginalMaxInactiveIntervalOptional() {
+    public Integer getOriginalMaxInactiveIntervalOptional() {
         return originalMaxInactiveInterval;
     }
 
@@ -198,10 +197,10 @@ public OptionalInt getOriginalMaxInactiveIntervalOptional() {
      */
     @Deprecated
     public int getOriginalMaxInactiveInterval() {
-        return originalMaxInactiveInterval.orElse(-1);
+        return (originalMaxInactiveInterval == null) ? -1 : originalMaxInactiveInterval.intValue();
     }
 
     public void setOriginalMaxInactiveInterval(int originalMaxInactiveInterval) {
-        this.originalMaxInactiveInterval = OptionalInt.of(originalMaxInactiveInterval);
+        this.originalMaxInactiveInterval = Integer.valueOf(originalMaxInactiveInterval);
     }
 }

webapps/docs/changelog.xml

@@ -131,6 +131,10 @@
         rewrite map files to align behaviour with Apache httpd. Pull request
         provided by Chenjp. (markt)
       </add>
+      <fix>
+        <bug>69706</bug>: Fix saved request serialization issue in FORM
+        introduced when allowing infinite session timeouts. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">