Tomcat JNDIRealm does not retry authentication with a NamingException

Issue

• Our ldap connections intermittently timeout out or are closed due to idleness. This can cause an authentication failure as the closed connection raises a NamingException and the JNDIRealm makes no effort to retry in that case:

SEVERE [http-apr-8080-exec-3] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication
 javax.naming.NamingException: LDAP connection has been closed; remaining name
    at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:133)
    at com.sun.jndi.ldap.Connection.readReply(Connection.java:469)
    at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:638)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:561)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2013)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1872)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
    at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1653)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1489)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1437)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1378)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1265)
    at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:193)