realm.xml

markt Mon, 24 Jul 2017 07:50:13 -0700

Author: markt
Date: Mon Jul 24 14:49:59 2017
New Revision: 1802820

URL: http://svn.apache.org/viewvc?rev=1802820&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61313
Make the read timeout configurable in the JNDIRealm and ensure that a read 
timeout will result in an attempt to fail over to the alternateURL.
Based on patches by Peter Maloney and Felix Schumacher.


Modified:
    tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/docs/config/realm.xml

Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1802820&r1=1802819&r2=1802820&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Mon Jul 24 
14:49:59 2017
@@ -417,6 +417,12 @@ public class JNDIRealm extends RealmBase
     protected String connectionTimeout = "5000";
 
     /**
+     * The timeout, in milliseconds, to use when trying to read from a 
connection
+     * to the directory. The default is 5000 (5 seconds).
+     */
+    protected String readTimeout = "5000";
+
+    /**
      * The sizeLimit (also known as the countLimit) to use when the realm is
      * configured with {@link #userSearch}. Zero for no limit.
      */
@@ -1037,6 +1043,27 @@ public class JNDIRealm extends RealmBase
 
     }
 
+    /**
+     * @return the read timeout.
+     */
+    public String getReadTimeout() {
+
+        return readTimeout;
+
+    }
+
+
+    /**
+     * Set the read timeout.
+     *
+     * @param timeout The new read timeout
+     */
+    public void setReadTimeout(String timeout) {
+
+        this.readTimeout = timeout;
+
+    }
+
 
     public long getSizeLimit() {
         return sizeLimit;
@@ -1259,11 +1286,22 @@ public class JNDIRealm extends RealmBase
                 // Authenticate the specified username if possible
                 principal = authenticate(context, username, credentials);
 
-            } catch (NullPointerException | CommunicationException
-                    | ServiceUnavailableException e) {
-                /* BZ 42449 - Catch NPE - Kludge Sun's LDAP provider
-                   with broken SSL
-                */
+            } catch (NullPointerException | NamingException e) {
+                /*
+                 * BZ 61313
+                 * NamingException may or may not indicate an error that is
+                 * recoverable via fail over. Therefore a decision needs to be
+                 * made whether to fail over or not. Generally, attempting to
+                 * fail over when it is not appropriate is better than not
+                 * failing over when it is appropriate so the code always
+                 * attempts to fail over for NamingExceptions.
+                 */
+
+                /*
+                 * BZ 42449
+                 * Catch NPE - Kludge Sun's LDAP provider with broken SSL.
+                 */
+
                 // log the exception so we know it's there.
                 containerLog.info(sm.getString("jndiRealm.exception.retry"), 
e);
 
@@ -2511,6 +2549,8 @@ public class JNDIRealm extends RealmBase
             env.put(JNDIRealm.DEREF_ALIASES, derefAliases);
         if (connectionTimeout != null)
             env.put("com.sun.jndi.ldap.connect.timeout", connectionTimeout);
+        if (readTimeout != null)
+            env.put("com.sun.jndi.ldap.read.timeout", readTimeout);
 
         return env;
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1802820&r1=1802819&r2=1802820&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jul 24 14:49:59 2017
@@ -67,6 +67,12 @@
         cause an byte order mark character to appear at the start of content
         included by the <code>DefaultServlet</code>. (markt)
       </fix>
+      <fix>
+        <bug>61313</bug>: Make the read timeout configurable in the
+        <code>JNDIRealm</code> and ensure that a read timeout will result in an
+        attempt to fail over to the alternateURL. Based on patches by Peter
+        Maloney and Felix Schumacher. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">

Modified: tomcat/trunk/webapps/docs/config/realm.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=1802820&r1=1802819&r2=1802820&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/trunk/webapps/docs/config/realm.xml Mon Jul 24 14:49:59 2017
@@ -470,6 +470,12 @@
          the providers default is used.</p>
       </attribute>
 
+      <attribute name="readTimeout" required="false">
+          <p>The timeout, in milliseconds, to use when trying to read from a
+          connection to the directory. If not specified, the default of 5000
+          (5 seconds) is used.</p>
+      </attribute>
+
       <attribute name="referrals" required="false">
         <p>How do we handle JNDI referrals? Allowed values are
         "ignore", "follow", or "throw"  (see javax.naming.Context.REFERRAL



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1802820 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml

Reply via email to