This is an automated email from the ASF dual-hosted git repository.
fschumacher pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 2a80e8e117 Catch NamingException instead of specialized sub-classes
new 46e93b4ec6 Merge pull request #640 from
FSchumacher/catch-naming-exception-in-getprincipal
2a80e8e117 is described below
commit 2a80e8e117cf178aac23ce4deff04a49429ae1bd
Author: Felix Schumacher <[email protected]>
AuthorDate: Thu Jul 20 11:14:19 2023 +0200
Catch NamingException instead of specialized sub-classes
In Java 8 and up to 17 a closed connection is signaled with
a NamingException and not a CommunicationException ora
ServiceUnavailableException. Such a condition should lead
to re-opening the LDAP connection.
In Java 18 it is fixed by https://bugs.openjdk.org/browse/JDK-8273402
---
java/org/apache/catalina/realm/JNDIRealm.java | 10 +++++++---
webapps/docs/changelog.xml | 4 ++++
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index 947eb1517f..f772c5acf6 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -37,7 +37,6 @@ import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.naming.AuthenticationException;
-import javax.naming.CommunicationException;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.InvalidNameException;
@@ -47,7 +46,6 @@ import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
-import javax.naming.ServiceUnavailableException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
@@ -2355,7 +2353,13 @@ public class JNDIRealm extends RealmBase {
// Authenticate the specified username if possible
principal = getPrincipal(connection, username, gssCredential);
- } catch (CommunicationException | ServiceUnavailableException e) {
+ } catch (NamingException e) {
+ /* While we would like to catch specialized exceptions like
+ * CommunicationException and ServiceUnavailableException,
+ * some network communication problems are reported as
+ * this general exception. This is fixed in Java 18 by
+ * https://bugs.openjdk.org/browse/JDK-8273402
+ */
// log the exception so we know it's there.
containerLog.info(sm.getString("jndiRealm.exception.retry"),
e);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 246b17c9c3..a2631300b4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,6 +112,10 @@
presistence process, do not log a warning that null Principals are not
serializable. Pull request <pr>638</pr> provided by tsryo. (markt)
</fix>
+ <fix>
+ Catch <code>NamingException</code> in
<code>JNDIRealm#getPrincipal</code>.
+ It is used in Java up to 17 to signal closed connections. (fschumacher)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
