JNDIRealm not retrying connections on NamingException

Thu, 20 Jul 2023 02:10:56 -0700 

Hi all,
at work, we have seen the following stacktrace without a retrying log message. 

javax.naming.NamingException: LDAP connection has been closed

    at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:133) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.Connection.readReply(Connection.java:469) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:638) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:561) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2013) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1872) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797) 
~[?:1.8.0_342]
    at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) 
~[?:1.8.0_342]
    at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) 
~[?:1.8.0_342]
    at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) 
~[?:1.8.0_342]
    at 
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) 
~[?:1.8.0_342]
    at 
org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1610) 
~[catalina.jar:9.0.50.redhat-00007]
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1447) 
~[catalina.jar:9.0.50.redhat-00007]
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1376) 
~[catalina.jar:9.0.50.redhat-00007]
    at 
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2348) 
~[catalina.jar:9.0.50.redhat-00007]
    at 
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2288) 
[catalina.jar:9.0.50.redhat-00007]
    at 
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2253) 
[catalina.jar:9.0.50.redhat-00007]



That happens, because we are catching CommunicationException and 
ServiceUnavailableException in getPrincipal instead of the more general 
NamingException.



We had a similar issue in Bug 61313. To fix that bug we changed the 
catch clause from CommunicationException to NamingException.



I think we should change the code in getPrincipal to catch the more 
general exception, too. Does anyone know, why we catched those 
specialized NamingExceptions instead of the general one?


Regards

 Felix

PS. I will do a PR, if we agree on changing the catch clause.


PPS. The code to catch the exception is the same in current tomcat 
JNDIRealm classes, even if the line numbers changed a bit.





Attachment:
OpenPGP_0xEA6C3728EA91C4AF.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature

Description: OpenPGP digital signature






















					Reply via email to