/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* Contains utilities for managing connection pools of LdapClient.
* Contains method for
* - checking whether attempted connection creation may be pooled
* - creating a pooled connection
* - closing idle connections.
*
* If a timeout period has been configured, then it will automatically
* close and remove idle connections (those that have not been
* used for the duration of the timeout period).
*
* @author Rosanna Lee
*/
public final class LdapPoolManager {
"com.sun.jndi.ldap.connect.pool.debug";
public static final boolean debug =
// ---------- System properties for connection pooling
// Authentication mechanisms of connections that may be pooled
"com.sun.jndi.ldap.connect.pool.authentication";
// Protocol types of connections that may be pooled
"com.sun.jndi.ldap.connect.pool.protocol";
// Maximum number of identical connections per pool
"com.sun.jndi.ldap.connect.pool.maxsize";
// Preferred number of identical connections per pool
"com.sun.jndi.ldap.connect.pool.prefsize";
// Initial number of identical connections per pool
// Milliseconds to wait before closing idle connections
"com.sun.jndi.ldap.connect.pool.timeout";
// Properties for DIGEST
"java.naming.security.sasl.callback";
// --------- Constants
// --------- static fields
private static boolean supportPlainProtocol = false;
private static boolean supportSslProtocol = false;
// List of pools used for different auth types
static {
// Determine supported authentication mechanisms
int p;
for (int i = 0; i < count; i++) {
mech = "none";
}
}
}
// Determine supported protocols
for (int i = 0; i < count; i++) {
supportPlainProtocol = true;
supportSslProtocol = true;
} else {
// ignore
}
}
if (idleTimeout > 0) {
// Create cleaner to expire idle connections
}
if (debug) {
}
}
// Cannot instantiate one of these
private LdapPoolManager() {
}
/**
* Find the index of the pool for the specified mechanism. If not
* one of "none", "simple", "DIGEST-MD5", or "GSSAPI",
* return -1.
* @param mech mechanism type
*/
return NONE;
return SIMPLE;
return DIGEST;
}
return -1;
}
/**
* Determines whether pooling is allowed given information on how
* the connection will be used.
*
* Non-configurable rejections:
* - nonstandard socketFactory has been specified: the pool manager
* cannot track input or parameters used by the socket factory and
* thus has no way of determining whether two connection requests
* are equivalent. Maybe in the future it might add a list of allowed
* socket factories to be configured
* - trace enabled (except when debugging)
* - for Digest authentication, if a callback handler has been specified:
* the pool manager cannot track input collected by the handler
* and thus has no way of determining whether two connection requests are
* equivalent. Maybe in the future it might add a list of allowed
* callback handlers.
*
* Configurable tests:
* - Pooling for the requested protocol (plain or ssl) is supported
* - Pooling for the requested authentication mechanism is supported
*
*/
throws NamingException {
// Requesting plain protocol but it is not supported
// Requesting ssl protocol but it is not supported
d("Pooling disallowed due to tracing or unsupported pooling of protocol");
return false;
}
// pooling of custom socket factory is possible only if the
// socket factory interface implements java.util.comparator
boolean foundSockCmp = false;
if ((socketFactory != null) &&
try {
foundSockCmp = true;
}
}
} catch (Exception e) {
new CommunicationException("Loading the socket factory");
ce.setRootCause(e);
throw ce;
}
if (!foundSockCmp) {
return false;
}
}
// Cannot use pooling if authMech is not a supported mechs
// Cannot use pooling if authMech contains multiple mechs
d("authmech not found: ", authMech);
return false;
}
d("using authmech: ", authMech);
switch (p) {
case NONE:
case SIMPLE:
return true;
case DIGEST:
// Provider won't be able to determine connection identity
// if an alternate callback handler is used
}
return false;
}
/**
* Obtains a pooled connection that either already exists or is
* newly created using the parameters supplied. If it is newly
* created, it needs to go through the authentication checks to
* determine whether an LDAP bind is necessary.
*
* Caller needs to invoke ldapClient.authenticateCalled() to
* determine whether ldapClient.authenticate() needs to be invoked.
* Caller has that responsibility because caller needs to deal
* with the LDAP bind response, which might involve referrals,
* response controls, errors, etc. This method is responsible only
* for establishing the connection.
*
* @return an LdapClient that is pooled.
*/
// Create base identity for LdapClient
throw new IllegalArgumentException(
"Attempting to use pooling for an unsupported mechanism: " +
authMech);
}
switch (p) {
case NONE:
break;
case SIMPLE:
// Add identity information used in simple authentication
break;
case DIGEST:
break;
}
readTimeout, trace));
}
(i == NONE ? "anonymous pools" :
i == SIMPLE ? "simple auth pools" :
+ ":");
}
}
}
/**
* Closes idle connections idle since specified time.
*
* @param threshold Close connections idle since this time, as
* specified in milliseconds since "the epoch".
* @see java.util.Date
*/
}
}
}
if (debug) {
}
}
if (debug) {
}
}
new PrivilegedAction() {
try {
} catch (SecurityException e) {
return defVal;
}
}
});
}
final int defVal) {
new PrivilegedAction() {
try {
} catch (SecurityException e) {
}
}
});
}
final long defVal) {
new PrivilegedAction() {
try {
} catch (SecurityException e) {
}
}
});
}
}