Clear gsstoken during connection close

Irfan Sharif · Irfan Sharif · commit 170690d9700a · 2025-10-08T13:46:38.000-04:00
Signed-off-by: Irfan Sharif &lt;IrfanSharif@ibm.com&gt;
diff --git a/src/main/java/com/ibm/as400/access/AS400.java b/src/main/java/com/ibm/as400/access/AS400.java
@@ -404,6 +404,11 @@ private byte[] getGSSToken() {
         return this.gssToken_;
     }
 
+    public void clearGSSToken() {
+        if (this.gssToken_ != null)
+            CredentialVault.clearArray(gssToken_);
+    }
+
     // Determines if the password contains a Kerberos token
     private boolean isGSSToken(char[] auth){
         char[] prefix = KERBEROS_PREFIX_CHARS;
@@ -4201,6 +4206,7 @@ public void removeVetoableChangeListener(VetoableChangeListener listener)
     public synchronized void resetAllServices()
     {
         if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Resetting all services.");
+        clearGSSToken();
         setStayAlive(0);
 
         disconnectAllServices();
diff --git a/src/main/java/com/ibm/as400/access/AS400JDBCConnectionImpl.java b/src/main/java/com/ibm/as400/access/AS400JDBCConnectionImpl.java
@@ -592,6 +592,11 @@ public void close ()
 
 
             as400_.disconnectServer (server_);
+            // Clear the sensitive auth token via the public AS400 object
+            if (as400PublicClassObj_ != null) {
+                as400PublicClassObj_.clearGSSToken();
+            }
+
             server_ = null;
         }
 

Original file line number	Diff line number	Diff line change
`@@ -592,6 +592,11 @@ public void close ()`
`592`	`592`
`593`	`593`
`594`	`594`	`as400_.disconnectServer (server_);`
	`595`	`+ // Clear the sensitive auth token via the public AS400 object`
	`596`	`+ if (as400PublicClassObj_ != null) {`
	`597`	`+ as400PublicClassObj_.clearGSSToken();`
	`598`	`+ }`
	`599`	`+`
`595`	`600`	`server_ = null;`
`596`	`601`	`}`
`597`	`602`