8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked

Reviewed-by: aefimov, dfuchs
2022-05-12 16:16:49 +00:00 · 2022-05-12 16:16:49 +00:00 · 3be394e160
commit 3be394e160
parent cc7560e995
1 changed files with 8 additions and 0 deletions
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
@ -189,6 +189,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
                    ctx = getLdapCtxFromUrl(
                            r.getDomainName(), url, new LdapURL(u), env);
                    return ctx;
+                } catch (AuthenticationException e) {
+                    // do not retry on a different endpoint to avoid blocking
+                    // the user if authentication credentials are wrong.
+                    throw e;
                } catch (NamingException e) {
                    // try the next element
                    lastException = e;
@ -241,6 +245,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
        for (String u : urls) {
            try {
                return getUsingURL(u, env);
+            } catch (AuthenticationException e) {
+                // do not retry on a different URL to avoid blocking
+                // the user if authentication credentials are wrong.
+                throw e;
            } catch (NamingException e) {
                ex = e;
            }