-
Notifications
You must be signed in to change notification settings - Fork 80
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improved ServerSet health check reliability
Updated the LDAP SDK's ServerSet implementations so that they can perform bind and post-connect processing on the connections that they create. Previously, server sets were only intended to establish connections, but not to authenticate them, and not to perform any other post-processing on them (like using the StartTLS extended operation to convert an insecure connection to a secure one). It was up to the caller (which was often a connection pool) to perform that processing once it got the connection back from the server set. However, when asked to create a connection, a server set can be given an LDAPConnectionPoolHealthCheck to use to check the validity of the connection that it has created. If such a health check was provided, then it would have always been invoked on an unauthenticated connection, which could cause problems against servers that do not permit unauthenticated requests. Further, if some post-connect processing (for example, the StartTLS operation) is needed on those connections, then the health checking would have been performed before that processing had been completed, and that could also lead to erroneous behavior. With this update, server sets can now be created so that they themselves perform authentication and post-connect processing on connections before they make those connections available to the caller. More importantly, if provided with a health check, then any appropriate authentication and post-connect processing will have been performed on the connection before the health check is invoked. This makes the health check more reliable because the connection can be in a more useful state. When a server set configured with support for bind and post-connect processing is used in conjunction with a connection pool, the pool will now delegate that processing to the server set. If the associated server set is not configured to perform authentication and post-connect processing, then the connection pool will still perform those tasks. This update also fixes a potential problem that could lead to the connection pool being unable to obtain a connection for processing an operation. Most server set implementations can be used in conjunction with multiple servers, so that if it fails to establish a usable connection to one server, it can try to obtain a connection from a different server and shield the caller from the connection problem. However, this only applies to the portion of the processing that is performed within the server set itself. When the authentication and post-connect processing were left up to the caller of the server set, the caller was more likely to encounter a problem that it could not work around. Now that the additional processing is performed by the server set, its resiliency can be extended to this authentication and post-connect processing.
- Loading branch information
Showing
13 changed files
with
1,106 additions
and
181 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.