[tomcat] branch 9.0.x updated: Add option from JAAS to the JNDI realm

Tue, 20 Oct 2020 02:28:14 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 4ba1769  Add option from JAAS to the JNDI realm
4ba1769 is described below

commit 4ba17698d324f4d0d8565a78021c09d1a33e5cf1
Author: remm <r...@apache.org>
AuthorDate: Tue Oct 20 11:21:36 2020 +0200

    Add option from JAAS to the JNDI realm
    
    JNDI connections can allocate things and resources such as thread, this
    can avoid classloader leaking.
---
 java/org/apache/catalina/realm/JNDIRealm.java | 36 +++++++++++++++++++++++++++
 webapps/docs/changelog.xml                    |  5 ++++
 webapps/docs/config/realm.xml                 |  7 ++++++
 3 files changed, 48 insertions(+)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java 
b/java/org/apache/catalina/realm/JNDIRealm.java
index 30527c4..3d952c0 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -490,6 +490,14 @@ public class JNDIRealm extends RealmBase {
     protected int connectionPoolSize = 1;
 
 
+    /**
+     * Whether to use context ClassLoader or default ClassLoader.
+     * True means use context ClassLoader, and True is the default
+     * value.
+     */
+    protected boolean useContextClassLoader = true;
+
+
     // ------------------------------------------------------------- Properties
 
     public boolean getForceDnHexEscape() {
@@ -1246,6 +1254,26 @@ public class JNDIRealm extends RealmBase {
         return clazz.getConstructor().newInstance();
     }
 
+    /**
+     * Sets whether to use the context or default ClassLoader.
+     * True means use context ClassLoader.
+     *
+     * @param useContext True means use context ClassLoader
+     */
+    public void setUseContextClassLoader(boolean useContext) {
+        useContextClassLoader = useContext;
+    }
+
+    /**
+     * Returns whether to use the context or default ClassLoader.
+     * True means to use the context ClassLoader.
+     *
+     * @return The value of useContextClassLoader
+     */
+    public boolean isUseContextClassLoader() {
+        return useContextClassLoader;
+    }
+
     // ---------------------------------------------------------- Realm Methods
 
     /**
@@ -2487,7 +2515,12 @@ public class JNDIRealm extends RealmBase {
      * @throws NamingException if a directory server error occurs
      */
     protected void open(JNDIConnection connection) throws NamingException {
+        ClassLoader ocl = null;
         try {
+            if (!isUseContextClassLoader()) {
+                ocl = Thread.currentThread().getContextClassLoader();
+                
Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+            }
             // Ensure that we have a directory context available
             connection.context = 
createDirContext(getDirectoryContextEnvironment());
         } catch (Exception e) {
@@ -2504,6 +2537,9 @@ public class JNDIRealm extends RealmBase {
             // reset it in case the connection times out.
             // the primary may come back.
             connectionAttempt = 0;
+            if (!isUseContextClassLoader()) {
+                Thread.currentThread().setContextClassLoader(ocl);
+            }
         }
     }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1313b0c..db32630 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -75,6 +75,11 @@
         <code>ErrorReportValve</code> that returns  response as JSON instead of
         HTML. (kfujino)
       </add>
+      <fix>
+        JNDIRealm connections should only be created with the container
+        classloader as the thread context classloader, just like for the JAAS
+        realm. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">
diff --git a/webapps/docs/config/realm.xml b/webapps/docs/config/realm.xml
index 628b186..eaa8872 100644
--- a/webapps/docs/config/realm.xml
+++ b/webapps/docs/config/realm.xml
@@ -508,6 +508,13 @@
            specified, the default value of <code>302</code> is used.</p>
       </attribute>
 
+      <attribute name="useContextClassLoader" required="false">
+        <p>Instructs JNDIRealm to use the context class loader when opening the
+        connection for the JNDI provider. The default value is
+        <code>true</code>. To load classes using the container's classloader,
+        specify <code>false</code>.</p>
+      </attribute>
+
       <attribute name="useDelegatedCredential" required="false">
         <p>When the JNDIRealm is used with the SPNEGO authenticator, delegated
         credentials for the user may be available. If such credentials are


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to