svn commit: r1768123 - in /tomcat/trunk: java/org/apache/catalina/ java/org/apache/catalina/realm/ webapps/docs/

Fri, 04 Nov 2016 16:10:03 -0700 

Author: remm
Date: Fri Nov  4 23:09:45 2016
New Revision: 1768123

URL: http://svn.apache.org/viewvc?rev=1768123&view=rev
Log:
60202: Add an available flag to realms, to indicate the state, or the realm 
backend. Update lockout realm to only register auth failures if the realm is 
available.

Modified:
    tomcat/trunk/java/org/apache/catalina/Realm.java
    tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java
    tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
    tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java
    tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
    tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/Realm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Realm.java?rev=1768123&r1=1768122&r2=1768123&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/Realm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Realm.java Fri Nov  4 23:09:45 2016
@@ -231,4 +231,13 @@ public interface Realm {
      * @return principal roles
      */
     public String[] getRoles(Principal principal);
+
+
+    /**
+     * Return the availability of the realm for authentication.
+     * @return <code>true</code> if the realm is able to perform authentication
+     */
+    default public boolean isAvailable() {
+        return true;
+    }
 }

Modified: tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java?rev=1768123&r1=1768122&r2=1768123&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java Fri Nov  4 
23:09:45 2016
@@ -418,4 +418,15 @@ public class CombinedRealm extends Realm
         throw uoe;
     }
 
+
+    @Override
+    public boolean isAvailable() {
+        for (Realm realm : realms) {
+            if (!realm.isAvailable()) {
+                return false;
+            }
+        }
+        return true;
+    }
+
 }

Modified: tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1768123&r1=1768122&r2=1768123&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java Fri Nov  4 
23:09:45 2016
@@ -107,6 +107,12 @@ public class DataSourceRealm extends Rea
     protected String userTable = null;
 
 
+    /**
+     * Last connection attempt.
+     */
+    private volatile boolean connectionSuccess = true;
+
+
     // ------------------------------------------------------------- Properties
 
 
@@ -270,6 +276,11 @@ public class DataSourceRealm extends Rea
     }
 
 
+    @Override
+    public boolean isAvailable() {
+        return connectionSuccess;
+    }
+
     // -------------------------------------------------------- Package Methods
 
 
@@ -378,8 +389,11 @@ public class DataSourceRealm extends Rea
                 context = getServer().getGlobalNamingContext();
             }
             DataSource dataSource = (DataSource)context.lookup(dataSourceName);
-        return dataSource.getConnection();
+            Connection connection = dataSource.getConnection();
+            connectionSuccess = true;
+            return connection;
         } catch (Exception e) {
+            connectionSuccess = false; 
             // Log the problem for posterity
             containerLog.error(sm.getString("dataSourceRealm.exception"), e);
         }

Modified: tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=1768123&r1=1768122&r2=1768123&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java Fri Nov  4 
23:09:45 2016
@@ -414,6 +414,12 @@ public class JDBCRealm
     }
 
 
+    @Override
+    public boolean isAvailable() {
+        return (dbConnection != null);
+    }
+
+
     /**
      * Close the specified database connection.
      *

Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1768123&r1=1768122&r2=1768123&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Fri Nov  4 
23:09:45 2016
@@ -2379,6 +2379,12 @@ public class JNDIRealm extends RealmBase
 
     }
 
+    @Override
+    public boolean isAvailable() {
+        // Simple best effort check
+        return (context != null);
+    }
+
     private DirContext createDirContext(Hashtable<String, String> env) throws 
NamingException {
         if (useStartTls) {
             return createTlsDirContext(env);

Modified: tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java?rev=1768123&r1=1768122&r2=1768123&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java Fri Nov  4 
23:09:45 2016
@@ -212,7 +212,7 @@ public class LockOutRealm extends Combin
      */
     private Principal filterLockedAccounts(String username, Principal 
authenticatedUser) {
         // Register all failed authentications
-        if (authenticatedUser == null) {
+        if (authenticatedUser == null && isAvailable()) {
             registerAuthFailure(username);
         }
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1768123&r1=1768122&r2=1768123&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Nov  4 23:09:45 2016
@@ -45,6 +45,15 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 9.0.0.M13" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <update>
+        <bug>60202</bug>: Add an available flag to realms, to indicate the
+        state, or the realm backend. Update lockout realm to only register
+        auth failures if the realm is available. (remm)
+      </update>
+    </changelog>
+  </subsection>
   <subsection name="Coyote">
     <changelog>
       <fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to