From ad0d801f1628cdb0807cf8389695e1a529241d5f Mon Sep 17 00:00:00 2001 From: Mark Craig <mark.craig@forgerock.com> Date: Fri, 18 May 2012 06:08:50 +0000 Subject: [PATCH] Align with r8000 --- opendj-sdk/opendj3/src/main/docbkx/dev-guide/chap-simple-proxy.xml | 28 ++++++++++++++++++---------- opendj-sdk/opendj3/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/Proxy.java | 2 +- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/opendj-sdk/opendj3/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/Proxy.java b/opendj-sdk/opendj3/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/Proxy.java index 4e9c66c..016815d 100644 --- a/opendj-sdk/opendj3/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/Proxy.java +++ b/opendj-sdk/opendj3/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/Proxy.java @@ -82,7 +82,7 @@ * This example takes the following command line parameters: * * <pre> - * <listenAddress> <listenPort> <remoteAddress1> <remotePort1> + * <listenAddress> <listenPort> <proxyDN> <proxyPassword> <remoteAddress1> <remotePort1> * [<remoteAddress2> <remotePort2> ...] * </pre> */ diff --git a/opendj-sdk/opendj3/src/main/docbkx/dev-guide/chap-simple-proxy.xml b/opendj-sdk/opendj3/src/main/docbkx/dev-guide/chap-simple-proxy.xml index f14770c..12163ba 100644 --- a/opendj-sdk/opendj3/src/main/docbkx/dev-guide/chap-simple-proxy.xml +++ b/opendj-sdk/opendj3/src/main/docbkx/dev-guide/chap-simple-proxy.xml @@ -66,8 +66,11 @@ <programlisting language="java" >final List<ConnectionFactory> factories = new LinkedList<ConnectionFactory>(); -factories.add(Connections.newFixedConnectionPool(new LDAPConnectionFactory( - remoteAddress, remotePort), Integer.MAX_VALUE));</programlisting> +factories.add(Connections.newFixedConnectionPool( + Connections.newAuthenticatedConnectionFactory( + new LDAPConnectionFactory(remoteAddress,remotePort), + Requests.newSimpleBindRequest(proxyDN, proxyPassword.toCharArray())), + Integer.MAX_VALUE));</programlisting> <para>Connections are returned to the pool when you <literal>close()</literal> them. Notice that <literal>Connections</literal> also provides methods to @@ -75,14 +78,19 @@ connections provided by the factory, and connection factories that authenticate connections before returning them.</para> - <para>Connections in the pool are intended for reuse. Therefore when you - <literal>close()</literal> a connection from the pool, the OpenDJ LDAP SDK - does not perform an <literal>unbind()</literal>. You must therefore be careful - about how you manage authentication on connections from a pool. As a rule, - either bind separately and use proxied authorization as in the Proxy example, - or make sure that the first operation on a connection retrieved from the pool - is a bind that correctly authenticates the user currently served by the - connection.</para> + <para>Connections in the pool are intended for reuse. The Proxy gets an + authenticated connection, which is a connection where the OpenDJ LDAP + SDK passes a bind request immediately when getting the connection. The Proxy + then uses proxied authorization to handle the identity from the client + requesting the operation. As a rule, either handle binds separately and use + proxied authorization as in the Proxy example, or else make sure that the + first operation on a connection retrieved from the pool is a bind that + correctly authenticates the user currently served by the connection.</para> + + <para>When you <literal>close()</literal> a connection from the pool, the + OpenDJ LDAP SDK does not perform an <literal>unbind()</literal>. This is why + you must be careful about how you manage authentication on connections from a + pool.</para> </section> <section xml:id="load-balancing-and-failover"> -- Gitblit v1.10.0