You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/07/24 14:49:59 UTC
svn commit: r1802820 - in /tomcat/trunk:
java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml
webapps/docs/config/realm.xml
Author: markt
Date: Mon Jul 24 14:49:59 2017
New Revision: 1802820
URL: http://svn.apache.org/viewvc?rev=1802820&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61313
Make the read timeout configurable in the JNDIRealm and ensure that a read timeout will result in an attempt to fail over to the alternateURL.
Based on patches by Peter Maloney and Felix Schumacher.
Modified:
tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/realm.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1802820&r1=1802819&r2=1802820&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Mon Jul 24 14:49:59 2017
@@ -417,6 +417,12 @@ public class JNDIRealm extends RealmBase
protected String connectionTimeout = "5000";
/**
+ * The timeout, in milliseconds, to use when trying to read from a connection
+ * to the directory. The default is 5000 (5 seconds).
+ */
+ protected String readTimeout = "5000";
+
+ /**
* The sizeLimit (also known as the countLimit) to use when the realm is
* configured with {@link #userSearch}. Zero for no limit.
*/
@@ -1037,6 +1043,27 @@ public class JNDIRealm extends RealmBase
}
+ /**
+ * @return the read timeout.
+ */
+ public String getReadTimeout() {
+
+ return readTimeout;
+
+ }
+
+
+ /**
+ * Set the read timeout.
+ *
+ * @param timeout The new read timeout
+ */
+ public void setReadTimeout(String timeout) {
+
+ this.readTimeout = timeout;
+
+ }
+
public long getSizeLimit() {
return sizeLimit;
@@ -1259,11 +1286,22 @@ public class JNDIRealm extends RealmBase
// Authenticate the specified username if possible
principal = authenticate(context, username, credentials);
- } catch (NullPointerException | CommunicationException
- | ServiceUnavailableException e) {
- /* BZ 42449 - Catch NPE - Kludge Sun's LDAP provider
- with broken SSL
- */
+ } catch (NullPointerException | NamingException e) {
+ /*
+ * BZ 61313
+ * NamingException may or may not indicate an error that is
+ * recoverable via fail over. Therefore a decision needs to be
+ * made whether to fail over or not. Generally, attempting to
+ * fail over when it is not appropriate is better than not
+ * failing over when it is appropriate so the code always
+ * attempts to fail over for NamingExceptions.
+ */
+
+ /*
+ * BZ 42449
+ * Catch NPE - Kludge Sun's LDAP provider with broken SSL.
+ */
+
// log the exception so we know it's there.
containerLog.info(sm.getString("jndiRealm.exception.retry"), e);
@@ -2511,6 +2549,8 @@ public class JNDIRealm extends RealmBase
env.put(JNDIRealm.DEREF_ALIASES, derefAliases);
if (connectionTimeout != null)
env.put("com.sun.jndi.ldap.connect.timeout", connectionTimeout);
+ if (readTimeout != null)
+ env.put("com.sun.jndi.ldap.read.timeout", readTimeout);
return env;
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1802820&r1=1802819&r2=1802820&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jul 24 14:49:59 2017
@@ -67,6 +67,12 @@
cause an byte order mark character to appear at the start of content
included by the <code>DefaultServlet</code>. (markt)
</fix>
+ <fix>
+ <bug>61313</bug>: Make the read timeout configurable in the
+ <code>JNDIRealm</code> and ensure that a read timeout will result in an
+ attempt to fail over to the alternateURL. Based on patches by Peter
+ Maloney and Felix Schumacher. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Web applications">
Modified: tomcat/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=1802820&r1=1802819&r2=1802820&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/trunk/webapps/docs/config/realm.xml Mon Jul 24 14:49:59 2017
@@ -470,6 +470,12 @@
the providers default is used.</p>
</attribute>
+ <attribute name="readTimeout" required="false">
+ <p>The timeout, in milliseconds, to use when trying to read from a
+ connection to the directory. If not specified, the default of 5000
+ (5 seconds) is used.</p>
+ </attribute>
+
<attribute name="referrals" required="false">
<p>How do we handle JNDI referrals? Allowed values are
"ignore", "follow", or "throw" (see javax.naming.Context.REFERRAL
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org