Problems are inevatible when a resource is opened, passed around
and closed by a different method. This can improved upon easily.

Applying patch proposed by Luki de Silva.

https://github.com/igniterealtime/Openfire/pull/279

Ldapconnectionfixes

Added readtimeout and connect time out to getcontext

Reverting some changes made with PR #239. by enabling the custom socket factory.  Added the use of Comparator per http://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap.html#pooling
  for connection pooling

Reverting some changes made with PR #239. by enabling the custom socket factory.  Added the use of Comparator per http://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap.html#pooling
  for connection pooling

Improves GroupAwareMap and GroupAwareList implementations by caching
group names (in lieu of group instances) that are referenced in the
corresponding collection. This enables rapid group retrieval from
primary cache where applicable.

Fixes caching issue which prevented users from joining MUC rooms in
certain cases.

OF-918: BOSH should use UTF-8 character set.

Address XSS issues in admin console and monitoring plugin

A number of stored XSS issues were found by Dean Hardcastle during testing of
the monitoring plugin's admin console. These include cases where chatroom
nicknames and message text are not adequately escaped.

Denote Openfire 3.10.2 Release

See http://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap.html#pooling

LDAP Connection Pooling is disabled when using a custom ssl socket. The custom
socket was used to accept unsigned/untrusted/expired ssl certs. I removed the
use of the custom socket, and also added the required system property to enable
connection pooling when using SSL, which was missing.

Rollback of this commit for OF-421:
https://github.com/igniterealtime/Openfire/commit/89c06a88d75e15d36ce7f6ace88bbf5c71fb08df

The inputClosed method was added during troubleshooting for MINA 2.0.9
and can be removed now that we have downgraded to 2.0.7.

Openfire 3.10.1 Release

Prevent sessions in admin console from showing UnknownHostException

OF-889: Added try-catch blocks to the various JSP pages where Session.getHostName or Session.getHostAddress is called to prevent the Sessions tab from showing UnknownHostExceptions when there are bad client sessions laying around

Address current problems in 3.10

Where the session is part-closed, these can throw NPE due to getRemoteAddress()
returning null. This sledge-hammers the problem away.

Addressing DIRMINA-1012

Do not synchronize on isClosed()

There is a deadlock while reading the state variable if close() is running.

This switches the state to be volatile instead - it's only written to inside
the lengthy close() lock, so this should be reasonable.

Openfire 3.10.1 Release Candidate

By closing a session when the new MINA inputClosed() handler is triggered, we run
the risk of sending data to the peer. As that peer is known to be dead, this is
pointless (and potentially dangerous - deadlocks have been observed that are likely
related to this scenario).

To prevent sending data during session closure, the close() method has been
overloaded with an argument that indicates if the peer is known to be dead. When
set, its implementation will not attempt to send data.

Currently, only stanzas containing errors of type cancel will cause the
occupant to be removed, however this doesn't appear to catch and remove many
occupants in practise.

This patch therefore removes occupants from the service on any message or
presence error stanza, irrespective of the error type. IQ stanzas do not
trigger the same response, as these may be due to lack of client support
rather than a vanished occupant.

The close listeners should not be called from within a synchronized block.