From 73a26870895b4ddc81c8b930e8ddfdbdb8cf48fc Mon Sep 17 00:00:00 2001
From: Richard Millet <remillet@berkeley.edu>
Date: Tue, 7 Jan 2014 11:06:17 -0800
Subject: [PATCH] Adding timeout params to our JDBC datasources -see
 http://people.apache.org/~fhanik/tomcat/jdbc-pool.html for details.

---
 .../src/main/webapp/META-INF/context.xml      | 82 +++++++++++--------
 .../spring/SpringPermissionEvaluator.java     | 27 ++++--
 .../common/document/TransactionException.java |  7 +-
 3 files changed, 73 insertions(+), 43 deletions(-)

diff --git a/services/JaxRsServiceProvider/src/main/webapp/META-INF/context.xml b/services/JaxRsServiceProvider/src/main/webapp/META-INF/context.xml
index a534188f6..1755aaf48 100644
--- a/services/JaxRsServiceProvider/src/main/webapp/META-INF/context.xml
+++ b/services/JaxRsServiceProvider/src/main/webapp/META-INF/context.xml
@@ -47,6 +47,7 @@
         factory="org.nuxeo.runtime.jtajca.NuxeoTransactionManagerFactory"
         transactionTimeoutSeconds="300"/>
     <Transaction factory="org.nuxeo.runtime.jtajca.NuxeoUserTransactionFactory"/>
+    
     <Resource name="NuxeoConnectionManager" auth="Container"
         type="javax.resource.spi.ConnectionManager"
         factory="org.nuxeo.runtime.jtajca.NuxeoConnectionManagerFactory" minPoolSize="0"
@@ -61,44 +62,57 @@
     <!-- 
 		For CollectionSpace services
 	 -->
-    <Resource name="jdbc/CspaceDS"
-           auth="Container"
-           type="javax.sql.DataSource"
-           username="${db.user}"
-           password="${db.user.password}"
-           driverClassName="${db.jdbc.driver.class}"
-           url="${db.jdbc.cspace.url}"
-           maxActive="8"
-           maxIdle="4"/>
+	 
+	<Resource name="jdbc/CspaceDS"
+		auth="Container"
+		type="javax.sql.DataSource"
+		username="${db.user}"
+		password="${db.user.password}"
+		driverClassName="${db.jdbc.driver.class}"
+		url="${db.jdbc.cspace.url}"
+		maxActive="8"
+		maxIdle="4"
+		testWhileIdle="true"
+		validationQuery="SELECT 1"
+		logAbandoned="true"/>
 		
 	<Resource name="jdbc/NuxeoDS"
-           auth="Container"
-           type="javax.sql.DataSource"
-           username="${db.nuxeo.user}"
-           password="${db.nuxeo.user.password}"
-           driverClassName="${db.jdbc.driver.class}"
-           url="jdbc:${db}://${db.host}:${db.port}/${DatabaseName}"
-           maxActive="8"
-           maxIdle="4"/>	
+		auth="Container"
+		type="javax.sql.DataSource"
+		username="${db.nuxeo.user}"
+		password="${db.nuxeo.user.password}"
+		driverClassName="${db.jdbc.driver.class}"
+		url="jdbc:${db}://${db.host}:${db.port}/${DatabaseName}"
+		maxActive="8"
+		maxIdle="4"
+		testWhileIdle="true"
+		validationQuery="SELECT 1"
+		logAbandoned="true"/>
 
-  <Resource name="jdbc/NuxeoMgrDS"
-    auth="Container"
-    type="javax.sql.DataSource"
-    username="${db.user}"
-    password="${db.user.password}"
-    driverClassName="${db.jdbc.driver.class}"
-    url="${db.jdbc.csadmin.url}"
-    maxActive="8"
-    maxIdle="4"/>	
+	<Resource name="jdbc/NuxeoMgrDS"
+		auth="Container"
+		type="javax.sql.DataSource"
+		username="${db.user}"
+		password="${db.user.password}"
+		driverClassName="${db.jdbc.driver.class}"
+		url="${db.jdbc.csadmin.url}"
+		maxActive="8"
+		maxIdle="4"
+		testWhileIdle="true"
+		validationQuery="SELECT 1"
+		logAbandoned="true"/>
   
   <Resource name="jdbc/NuxeoReaderDS"
-           auth="Container"
-           type="javax.sql.DataSource"
-           username="reader"
-           password="read"
-           driverClassName="${db.jdbc.driver.class}"
-           url="jdbc:${db}://${db.host}:${db.port}/${DatabaseName}"
-           maxActive="8"
-           maxIdle="4"/>	
+		auth="Container"
+		type="javax.sql.DataSource"
+		username="reader"
+		password="read"
+		driverClassName="${db.jdbc.driver.class}"
+		url="jdbc:${db}://${db.host}:${db.port}/${DatabaseName}"
+		maxActive="8"
+		maxIdle="4"
+		testWhileIdle="true"
+		validationQuery="SELECT 1"
+		logAbandoned="true"/>
 
 </Context>
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionEvaluator.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionEvaluator.java
index e8fce22f9..bdb1e80cd 100644
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionEvaluator.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionEvaluator.java
@@ -52,15 +52,26 @@ public class SpringPermissionEvaluator implements CSpacePermissionEvaluator {
 
     @Override
     public boolean hasPermission(CSpaceResource res, CSpaceAction action) {
-        Permission perm = SpringAuthorizationProvider.getPermission(action);
-        Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
-        Serializable objectIdId = SpringAuthorizationProvider.getObjectIdentityIdentifier(res);
-        String objectIdType = SpringAuthorizationProvider.getObjectIdentityType(res);
-        PermissionEvaluator eval = provider.getProviderPermissionEvaluator();
+    	boolean result = false;
+    	
+    	try {
+	        Permission perm = SpringAuthorizationProvider.getPermission(action);
+	        Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
+	        Serializable objectIdId = SpringAuthorizationProvider.getObjectIdentityIdentifier(res);
+	        String objectIdType = SpringAuthorizationProvider.getObjectIdentityType(res);
+	        PermissionEvaluator eval = provider.getProviderPermissionEvaluator();
+	        
+	        debug(res, authToken, objectIdId, objectIdType, perm);
+	        result = eval.hasPermission(authToken,
+	                objectIdId, objectIdType, perm);
+    	} catch (Exception e) {
+    		//
+    		// If this exception is caused by a network timeout, we may want to reattempt
+    		//
+    		log.error("Unexpected exception encountered while evaluating permissions.", e);
+    	}
         
-        debug(res, authToken, objectIdId, objectIdType, perm);
-        return eval.hasPermission(authToken,
-                objectIdId, objectIdType, perm);
+        return result;
     }
     
     private void debug(CSpaceResource res,
diff --git a/services/common/src/main/java/org/collectionspace/services/common/document/TransactionException.java b/services/common/src/main/java/org/collectionspace/services/common/document/TransactionException.java
index 2f49eb0af..92316e0d4 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/document/TransactionException.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/document/TransactionException.java
@@ -23,7 +23,12 @@ package org.collectionspace.services.common.document;
  */
 public class TransactionException extends DocumentException {
 
-    // Custom HTTP status code, per the extensibility offered via RFC-2616
+    /**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	// Custom HTTP status code, per the extensibility offered via RFC-2616
     // e.g. http://tools.ietf.org/html/rfc2616#section-6.1.1
     final public static int HTTP_CODE = 590;
     
-- 
2.47.3