activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dej...@apache.org
Subject svn commit: r1348761 - in /activemq/trunk/activemq-core/src: main/java/org/apache/activemq/security/CachedLDAPAuthorizationMap.java test/java/org/apache/activemq/security/AbstractCachedLDAPAuthorizationMapLegacyTest.java
Date Mon, 11 Jun 2012 09:24:52 GMT
Author: dejanb
Date: Mon Jun 11 09:24:51 2012
New Revision: 1348761

URL: http://svn.apache.org/viewvc?rev=1348761&view=rev
Log:
https://issues.apache.org/jira/browse/AMQ-3845 - handle LDAP restarts in cached ldap authorization
map

Modified:
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/CachedLDAPAuthorizationMap.java
    activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/AbstractCachedLDAPAuthorizationMapLegacyTest.java

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/CachedLDAPAuthorizationMap.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/CachedLDAPAuthorizationMap.java?rev=1348761&r1=1348760&r2=1348761&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/CachedLDAPAuthorizationMap.java
(original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/CachedLDAPAuthorizationMap.java
Mon Jun 11 09:24:51 2012
@@ -94,6 +94,22 @@ public class CachedLDAPAuthorizationMap 
     protected HashMap<ActiveMQDestination, AuthorizationEntry> entries = 
             new HashMap<ActiveMQDestination, AuthorizationEntry>();
 
+    protected DirContext createContext() throws NamingException {
+        Hashtable<String, String> env = new Hashtable<String, String>();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
+        if (connectionUsername != null || !"".equals(connectionUsername)) {
+            env.put(Context.SECURITY_PRINCIPAL, connectionUsername);
+        }
+        if (connectionPassword != null || !"".equals(connectionPassword)) {
+            env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
+        }
+        env.put(Context.SECURITY_PROTOCOL, connectionProtocol);
+        env.put(Context.PROVIDER_URL, connectionURL);
+        env.put(Context.SECURITY_AUTHENTICATION, authentication);
+        //env.put("com.sun.jndi.ldap.connect.pool", "true");
+        return new InitialDirContext(env);
+    }
+
     /**
      * Returns the existing open context or creates a new one and registers listeners for
      * push notifications if such an update style is enabled.  This implementation should
not
@@ -105,23 +121,20 @@ public class CachedLDAPAuthorizationMap 
      */
     protected DirContext open() throws NamingException {
         if (context != null) {
-            return context;
-        }
-
-        try {
-            Hashtable<String, String> env = new Hashtable<String, String>();
-            env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
-            if (connectionUsername != null || !"".equals(connectionUsername)) {
-                env.put(Context.SECURITY_PRINCIPAL, connectionUsername);
+            boolean alive = true;
+            try {
+                context.getAttributes("");
+            } catch (Exception e) {
+               LOG.info("LDAP connection failed", e);
+               alive = false;
             }
-            if (connectionPassword != null || !"".equals(connectionPassword)) {
-                env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
+            if (alive) {
+                return context;
             }
-            env.put(Context.SECURITY_PROTOCOL, connectionProtocol);
-            env.put(Context.PROVIDER_URL, connectionURL);
-            env.put(Context.SECURITY_AUTHENTICATION, authentication);
-            context = new InitialDirContext(env);
+        }
 
+        try {
+            context = createContext();
 
             if (refreshInterval == -1 && !refreshDisabled) {
                 eventContext = ((EventDirContext)context.lookup(""));
@@ -158,6 +171,7 @@ public class CachedLDAPAuthorizationMap 
                     eventContext.addNamingListener(tempSearchBase, getFilterForPermissionType(permissionType),
constraints,
                             this.new CachedLDAPAuthorizationMapNamespaceChangeListener(DestinationType.TEMP,
permissionType));
                 }
+
             }
         } catch (NamingException e) {
             context = null;
@@ -616,8 +630,15 @@ public class CachedLDAPAuthorizationMap 
      * and are the refresh interval has elapsed.
      */
     protected void checkForUpdates() {
-        if (!refreshDisabled && (refreshInterval != -1 && System.currentTimeMillis()
>= lastUpdated + refreshInterval)) {
-
+        if (context == null || (!refreshDisabled && (refreshInterval != -1 &&
System.currentTimeMillis() >= lastUpdated + refreshInterval))) {
+            if (context == null) {
+                try {
+                    context = createContext();
+                } catch (NamingException ne) {
+                    // LDAP is down, use already cached values
+                    return;
+                }
+            }
             reset();
             setTempDestinationAuthorizationEntry(null);
             entries.clear();
@@ -688,6 +709,7 @@ public class CachedLDAPAuthorizationMap 
      * {@link AuthorizationEntry} is not setup for concurrent access.
      */
     public synchronized Set<Object> getReadACLs(ActiveMQDestination destination) {
+        checkForUpdates();
         return super.getReadACLs(destination);
     }
 
@@ -696,6 +718,7 @@ public class CachedLDAPAuthorizationMap 
      * {@link AuthorizationEntry} is not setup for concurrent access.
      */
     public synchronized Set<Object> getWriteACLs(ActiveMQDestination destination) {
+        checkForUpdates();
         return super.getWriteACLs(destination);
     }
 
@@ -850,6 +873,7 @@ public class CachedLDAPAuthorizationMap 
      * @param namingExceptionEvent the exception event
      */
     public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
+        context = null;
         LOG.error("Caught unexpected exception.", namingExceptionEvent.getException());
     }
     

Modified: activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/AbstractCachedLDAPAuthorizationMapLegacyTest.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/AbstractCachedLDAPAuthorizationMapLegacyTest.java?rev=1348761&r1=1348760&r2=1348761&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/AbstractCachedLDAPAuthorizationMapLegacyTest.java
(original)
+++ activemq/trunk/activemq-core/src/test/java/org/apache/activemq/security/AbstractCachedLDAPAuthorizationMapLegacyTest.java
Mon Jun 11 09:24:51 2012
@@ -274,6 +274,53 @@ public abstract class AbstractCachedLDAP
         failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
         assertEquals("set size: " + failedACLs, 1, failedACLs.size());
     }
+
+    @Test
+    public void testRestartAsync() throws Exception {
+        testRestart(false);
+    }
+
+    @Test
+    public void testRestartSync() throws Exception {
+        testRestart(true);
+    }
+
+    public void testRestart(boolean sync) throws Exception {
+        map.query();
+        if (sync) {
+            map.setRefreshInterval(1);
+        }
+
+        Set<?> failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
+        assertEquals("set size: " + failedACLs, 0, failedACLs.size());
+
+        failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
+        assertEquals("set size: " + failedACLs, 2, failedACLs.size());
+
+        getLdapServer().stop();
+
+        Thread.sleep(1000);
+
+        failedACLs = map.getReadACLs(new ActiveMQQueue("TEST.FOO"));
+        assertEquals("set size: " + failedACLs, 2, failedACLs.size());
+
+        getLdapServer().start();
+
+        Thread.sleep(1000);
+
+        connection = getLdapConnection();
+
+        LdifReader reader = new LdifReader(getAddLdif());
+
+        for (LdifEntry entry : reader) {
+            connection.add(entry.getEntry());
+        }
+
+        Thread.sleep(2000);
+
+        failedACLs = map.getReadACLs(new ActiveMQQueue("FAILED"));
+        assertEquals("set size: " + failedACLs, 2, failedACLs.size());
+    }
     
     protected CachedLDAPAuthorizationMap createMap() {
         return new CachedLDAPAuthorizationMap();



Mime
View raw message