tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cédric Couralet <>
Subject Re: Question regarding JNDIRealm - tomcat 6.0.35
Date Wed, 20 Feb 2013 12:05:26 GMT
2013/2/20 Tanmoy Chatterjee <>:
> Hello Cédric,
> The reason I want to do is as follows:
> I am facing the problem already expressed in
> I see that the bug status shows as Fixed, however I still get the same Issue on the Stack
mentioned earlier.
> Hence what I have done is that I have already extended the JNDIRealm class (CustomJNDIRealm)
to disconnect as soon as authentication is successful. (ref:
> public class CustomJNDIRealm extends JNDIRealm {
>   @Override
>   public Principal authenticate(String username, String credentials) {
>   Principal principal = super.authenticate(username, credentials);
>     if (context != null) {
>       close(context);
>     }
>     return principal;
>   }
> }
> Have tested this and I see it to be working great except a small problem.
> After tomcat starts successfully and remains idle i.e let's say there is no user who
logs in (gets authenticated) for 5-10 mins...I face the same issue as mentioned in the above
bug. This is because the initial connection to the LDAP exists and the above overridden authenticate
() doesn't get called. Hence I want to prevent the initial connection started by tomcat to
LDAP as well.
> I am looking for some good way of doing this only on tomcat start-up and not all other
the times.
> What I am not able to understand is why Tomcat doesn't allow configurable parameters
to either select / deselect the Realm connections on startup.

So you don't mind the initial connection but want to close it as soon
as possible. Then what about writing a custom start method in your
CustomJNDIRealm based on your overriding of the authenticate method :

    public void start() throws LifecycleException {
          if (context != null) {


To come back to the root of the problem. In tomcat6, there is a chance
an exception is thrown with JNDIRealm when no user has tried to log in
in a certain time.

That exception is logged at a WARNING level and I tend to ignore them
because tomcat retries anyway. I don't think you should do anything
just to avoid those.

Hope this helps,

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message