Thanks Cédric, I will try this and let you know. Once Ldap closes the connection from it's end, tomcat indeed keeps on trying and finally establishes a new connection....but the time spent in retrying is too high (more than 4-5 minutes) and in that time...user cannot login....the login page just sort of hangs in the browser. (Probably at the OS level tcp connection timeout etc can be set but I don't want to change any OS parameter because of only this issue). Hence the need to have this workaround unless someone can suggest something smarter apart from Ignoring.
-----Original Message----- From: Cédric Couralet [mailto:cedric.coura...@gmail.com] Sent: Wednesday, February 20, 2013 1:05 PM To: Tomcat Users List Subject: Re: Question regarding JNDIRealm - tomcat 6.0.35 2013/2/20 Tanmoy Chatterjee <tanmoy.chatter...@nxp.com>: > Hello Cédric, > The reason I want to do is as follows: > I am facing the problem already expressed in > https://issues.apache.org/bugzilla/show_bug.cgi?id=33774 > I see that the bug status shows as Fixed, however I still get the same Issue > on the Stack mentioned earlier. > > Hence what I have done is that I have already extended the JNDIRealm > class (CustomJNDIRealm) to disconnect as soon as authentication is > successful. (ref: > http://stackoverflow.com/questions/10911897/tomcat-7-0-14-ldap-authent > ication) > > public class CustomJNDIRealm extends JNDIRealm { > @Override > public Principal authenticate(String username, String credentials) { > Principal principal = super.authenticate(username, credentials); > > if (context != null) { > close(context); > } > return principal; > } > } > > Have tested this and I see it to be working great except a small problem. > After tomcat starts successfully and remains idle i.e let's say there is no > user who logs in (gets authenticated) for 5-10 mins...I face the same issue > as mentioned in the above bug. This is because the initial connection to the > LDAP exists and the above overridden authenticate () doesn't get called. > Hence I want to prevent the initial connection started by tomcat to LDAP as > well. > I am looking for some good way of doing this only on tomcat start-up and not > all other the times. > What I am not able to understand is why Tomcat doesn't allow configurable > parameters to either select / deselect the Realm connections on startup. So you don't mind the initial connection but want to close it as soon as possible. Then what about writing a custom start method in your CustomJNDIRealm based on your overriding of the authenticate method : @Override public void start() throws LifecycleException { super.start(); if (context != null) { close(context); } } To come back to the root of the problem. In tomcat6, there is a chance an exception is thrown with JNDIRealm when no user has tried to log in in a certain time. That exception is logged at a WARNING level and I tend to ignore them because tomcat retries anyway. I don't think you should do anything just to avoid those. Hope this helps, Cédric --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
