This is an automated email from the ASF dual-hosted git repository. fschumacher pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new 4b140ee40f Catch NamingException instead of specialized sub-classes 4b140ee40f is described below commit 4b140ee40f58373de28bf90eabec90fdcf53ef40 Author: Felix Schumacher <fschumac...@apache.org> AuthorDate: Thu Jul 20 11:14:19 2023 +0200 Catch NamingException instead of specialized sub-classes In Java 8 and up to 17 a closed connection is signaled with a NamingException and not a CommunicationException ora ServiceUnavailableException. Such a condition should lead to re-opening the LDAP connection. In Java 18 it is fixed by https://bugs.openjdk.org/browse/JDK-8273402 --- java/org/apache/catalina/realm/JNDIRealm.java | 10 +++++++--- webapps/docs/changelog.xml | 4 ++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java index 1f9690ab78..c55f075779 100644 --- a/java/org/apache/catalina/realm/JNDIRealm.java +++ b/java/org/apache/catalina/realm/JNDIRealm.java @@ -37,7 +37,6 @@ import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReentrantLock; import javax.naming.AuthenticationException; -import javax.naming.CommunicationException; import javax.naming.CompositeName; import javax.naming.Context; import javax.naming.InvalidNameException; @@ -47,7 +46,6 @@ import javax.naming.NameParser; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.PartialResultException; -import javax.naming.ServiceUnavailableException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.DirContext; @@ -2372,7 +2370,13 @@ public class JNDIRealm extends RealmBase { // Authenticate the specified username if possible principal = getPrincipal(connection, username, gssCredential); - } catch (CommunicationException | ServiceUnavailableException e) { + } catch (NamingException e) { + /* While we would like to catch specialized exceptions like + * CommunicationException and ServiceUnavailableException, + * some network communication problems are reported as + * this general exception. This is fixed in Java 18 by + * https://bugs.openjdk.org/browse/JDK-8273402 + */ // log the exception so we know it's there. containerLog.info(sm.getString("jndiRealm.exception.retry"), e); diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0d5be9f071..f5cea73c49 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -116,6 +116,10 @@ presistence process, do not log a warning that null Principals are not serializable. Pull request <pr>638</pr> provided by tsryo. (markt) </fix> + <fix> + Catch <code>NamingException</code> in <code>JNDIRealm#getPrincipal</code>. + It is used in Java up to 17 to signal closed connections. (fschumacher) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org