[jdk17u-dev] RFR: 8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked [v2]
Ryan Flegel
duke at openjdk.org
Fri Sep 9 20:45:05 UTC 2022
On Wed, 7 Sep 2022 14:42:19 GMT, Ryan Flegel <duke at openjdk.org> wrote:
>> Backport [8275535](https://bugs.openjdk.org/browse/JDK-8275535).
>>
>> Fixes authentication issue introduced by [8160768](https://bugs.openjdk.org/browse/JDK-8160768).
>
> Ryan Flegel has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
>
> Backport 3be394e
Following up from the conversation at [openjdk/jdk11u-dev#1351 (comment)](https://github.com/openjdk/jdk11u-dev/pull/1351#issuecomment-1238595078) (since I did things in the wrong order).
> In OpenJDK update projects, although a PR is marked clean, you must not integrate it before you've requested and received maintainer approval via JBS flags (e.g. jdk11u-fix-request/jdk11u-fix-yes). For more details about the process, please see [here](https://wiki.openjdk.org/display/JDKUpdates/How+to+contribute+a+fix). I assume you don't have a JBS account though. In that case I can add a request for you. Please provide me some text that I can post. E.g. why you want that backport and how you tested it. Speaking about testing: Please enable Github Actions on your fork and trigger a run, e.g. by merging master into your branch, to have some basic testing of the backport.
Thanks. The GitHub Actions are enabled now. The force-push was to trigger the actions.
I don't have a JBS account, so if you could create a request, that would be great.
I would like to backport this change because I have been affected by a bug (JDK-8275535) introduced by JDK-8160768. It is causing users to get locked out too quickly since incorrect credentials are being sent to every LDAP server configured. I have tested the patch by stepping through the scenario and confirming in the debugger that the behaviour is the same as before JDK-8160768.
I have also run javax/naming, tier1 and tier2 tests locally (build/macosx-x86_64-server-release).
* javax/naming - All passed.
* tier1 - GTests Hotspot tests failed since I did not have it configured
* tier2 - There were 15 unrelated test failures in java.lang, java.net, java.nio and sun.net
When I exported/imported the patch I did not use `git cherry-pick` (and therefore did not preserve the metadata). Should I fix that or will that be done automatically during squash & rebase when integrated?
-------------
PR: https://git.openjdk.org/jdk17u-dev/pull/654
More information about the jdk-updates-dev
mailing list