You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ba...@apache.org on 2021/09/28 13:47:29 UTC

[jackrabbit-oak] branch 1.8 updated: OAK-9519: TlsGuardingConnection doesn't do a TLS handshake on reused connections

This is an automated email from the ASF dual-hosted git repository.

baedke pushed a commit to branch 1.8
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git


The following commit(s) were added to refs/heads/1.8 by this push:
     new a22bac7  OAK-9519: TlsGuardingConnection doesn't do a TLS handshake on reused connections
a22bac7 is described below

commit a22bac7ef157bf80f983df67bed07ac165d9b9f1
Author: Manfred Baedke <ma...@greenbytes.de>
AuthorDate: Thu Sep 23 00:26:04 2021 +0200

    OAK-9519: TlsGuardingConnection doesn't do a TLS handshake on reused connections
    
    Removed redundant legacy workaround that doesn't work with org.apache.directory.api.api-all-2.0.1.
---
 .../impl/PoolableUnboundConnectionFactory.java     | 28 +---------------------
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java b/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
index bd783a7..87f03f2 100644
--- a/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
+++ b/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
@@ -96,9 +96,7 @@ public class PoolableUnboundConnectionFactory extends BasePooledObjectFactory<Ld
      * {@inheritDoc}
      */
     public LdapConnection create() throws LdapException {
-        LdapNetworkConnection connection = config.isUseTls()
-                ? new TlsGuardingConnection(config)
-                : new LdapNetworkConnection(config);
+        LdapNetworkConnection connection = new LdapNetworkConnection(config);
         connection.connect();
         log.debug("creating new connection: {}", connection);
         return connection;
@@ -124,28 +122,4 @@ public class PoolableUnboundConnectionFactory extends BasePooledObjectFactory<Ld
         log.debug("validating connection {}: {}", connection, valid);
         return valid;
     }
-
-    /**
-     * internal helper class that guards the original ldap connection from starting TLS if already started..
-     * this is to ensure that pooled connections can be 'bind()' several times.
-     *
-     * @see org.apache.directory.ldap.client.api.LdapNetworkConnection#bindAsync(org.apache.directory.api.ldap.model.message.BindRequest)
-     */
-    private static final class TlsGuardingConnection extends LdapNetworkConnection {
-
-        private boolean tlsStarted;
-
-        private TlsGuardingConnection(LdapConnectionConfig config) {
-            super(config);
-        }
-
-        @Override
-        public void startTls() throws LdapException {
-            if (tlsStarted) {
-                return;
-            }
-            super.startTls();
-            tlsStarted = true;
-        }
-    }
 }