You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by tr...@apache.org on 2015/06/08 23:50:52 UTC
svn commit: r1684287 -
/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Author: tripod
Date: Mon Jun 8 21:50:52 2015
New Revision: 1684287
URL: http://svn.apache.org/r1684287
Log:
OAK-2951 Regression: SSL errors with latest ldap client
Modified:
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1684287&r1=1684286&r2=1684287&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Mon Jun 8 21:50:52 2015
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
+import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
@@ -28,6 +29,7 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
+import javax.net.ssl.SSLContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.pool.impl.GenericObjectPool;
@@ -116,6 +118,10 @@ public class LdapIdentityProvider implem
*/
private PoolableUnboundConnectionFactory userConnectionFactory;
+ /**
+ * SSL protocols (initialized on init)
+ */
+ private String[] enabledSSLProtocols;
/**
* Default constructor for OSGi
@@ -480,6 +486,15 @@ public class LdapIdentityProvider implem
throw new IllegalStateException("Provider already initialized.");
}
+ // make sure the JVM supports the TLSv1.1
+ try {
+ enabledSSLProtocols = null;
+ SSLContext.getInstance("TLSv1.1");
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("JDK does not support TLSv1.1. Disabling it.");
+ enabledSSLProtocols = new String[]{"TLSv1"};
+ }
+
// setup admin connection pool
LdapConnectionConfig cc = createConnectionConfig();
String bindDN = config.getBindDN();
@@ -535,6 +550,11 @@ public class LdapIdentityProvider implem
if (config.noCertCheck()) {
cc.setTrustManagers(new NoVerificationTrustManager());
}
+
+ if (enabledSSLProtocols != null) {
+ cc.setEnabledProtocols(enabledSSLProtocols);
+ }
+
return cc;
}