We're updating the issue view to help you get more done. 

Permit use of LDAP connections pool in AbstractLdapPersonDirectoryCredentialsToPrincipalResolver and AbstractLdapUsernamePasswordAuthenticationHandler

Description

After a little play with jmeter, it points out that I have an issue with LDAP connection times. We use SSL to secure connection between CAS and Active Directory and it appeared that time needed to establish a connection is about 200ms. With out authentification configuration, I get 4 connections for a login/password authentication : 1 for each authentication method & 1 for authentication checking. A bit expensive I think.
I looked at the sources and unfortunately, the two classes involved in ldap connections doesn't allow connection pooling :

  • AbstractLdapPersonDirectoryCredentialsToPrincipalResolver requires a LdapContextSource bean which I don't know how to pool. I've tested with org.springframework.ldap.pool.factory.PoolingContextSource and got an exception (spring cannot cast a ContextSource to a LdapContextSource)

  • AbstractLdapUsernamePasswordAuthenticationHandler uses only one ContextSource for 2 purposes : authentication & lookup. I've read that authentication connections cannot be pooled because of authentication context that is not reset between uses, but lookup connection could/should be pooled I think.

So i made a test : I copied these two abstract classes and daughter classes, made needed modifications and it seems to work as I expected.

But as I'm not a java expert, I don't know if it's a good idea.

Environment

CentOS 5.6 32bit
Java oracle JDK 1.6.0u24
Apache Tomcat 6.0.32
CAS Authentication method used : X509 (upn field) + X509 (CN field) + Login/password on Active Directory, each with one CredentialToPrincipalNameResolver attached.

Status

Assignee

ScottS

Reporter

Philippe Marasse

Labels

None

Estimated End Date

None

Audience

None

Components

Fix versions

Affects versions

3.3.5.1
3.4.8

Priority

Minor