activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gtu...@apache.org
Subject activemq git commit: https://issues.apache.org/jira/browse/AMQ-5876 - load groups properties into per user set once also to avoid parse per login attempt
Date Thu, 29 Oct 2015 14:22:17 GMT
Repository: activemq
Updated Branches:
  refs/heads/master 4d73b0892 -> 8d63083df


https://issues.apache.org/jira/browse/AMQ-5876 - load groups properties into per user set
once also to avoid parse per login attempt


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/8d63083d
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/8d63083d
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/8d63083d

Branch: refs/heads/master
Commit: 8d63083dfff064efadbe99a66deeedef829e519e
Parents: 4d73b08
Author: gtully <gary.tully@gmail.com>
Authored: Thu Oct 29 13:58:47 2015 +0000
Committer: gtully <gary.tully@gmail.com>
Committed: Thu Oct 29 13:59:27 2015 +0000

----------------------------------------------------------------------
 .../activemq/jaas/CertificateLoginModule.java   |  8 ++------
 .../activemq/jaas/PropertiesLoginModule.java    | 16 ++++++---------
 .../activemq/jaas/ReloadableProperties.java     | 21 ++++++++++++++++++++
 .../jaas/TextFileCertificateLoginModule.java    | 19 ++++++------------
 4 files changed, 35 insertions(+), 29 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/8d63083d/activemq-jaas/src/main/java/org/apache/activemq/jaas/CertificateLoginModule.java
----------------------------------------------------------------------
diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/CertificateLoginModule.java
b/activemq-jaas/src/main/java/org/apache/activemq/jaas/CertificateLoginModule.java
index 4cf3930..f2a6528 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/CertificateLoginModule.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/CertificateLoginModule.java
@@ -21,7 +21,6 @@ import java.io.IOException;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
 
@@ -52,7 +51,6 @@ public abstract class CertificateLoginModule extends PropertiesLoader implements
 
     private X509Certificate certificates[];
     private String username;
-    private Set<String> groups;
     private Set<Principal> principals = new HashSet<Principal>();
 
     /**
@@ -87,8 +85,6 @@ public abstract class CertificateLoginModule extends PropertiesLoader implements
             throw new FailedLoginException("No user for client certificate: " + getDistinguishedName(certificates));
         }
 
-        groups = getUserGroups(username);
-
         if (debug) {
             LOG.debug("Certificate for user: " + username);
         }
@@ -102,7 +98,7 @@ public abstract class CertificateLoginModule extends PropertiesLoader implements
     public boolean commit() throws LoginException {
         principals.add(new UserPrincipal(username));
 
-        for (String group : groups) {
+        for (String group : getUserGroups(username)) {
              principals.add(new GroupPrincipal(group));
         }
 
@@ -147,8 +143,8 @@ public abstract class CertificateLoginModule extends PropertiesLoader
implements
      * Helper method.
      */
     private void clear() {
-        groups.clear();
         certificates = null;
+        username = null;
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/activemq/blob/8d63083d/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoginModule.java
----------------------------------------------------------------------
diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoginModule.java
b/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoginModule.java
index 42596d2..5346bd7 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoginModule.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoginModule.java
@@ -47,7 +47,7 @@ public class PropertiesLoginModule extends PropertiesLoader implements LoginModu
     private CallbackHandler callbackHandler;
 
     private Properties users;
-    private Properties groups;
+    private Map<String,Set<String>> groups;
     private String user;
     private final Set<Principal> principals = new HashSet<Principal>();
     private boolean loginSucceeded;
@@ -59,7 +59,7 @@ public class PropertiesLoginModule extends PropertiesLoader implements LoginModu
         loginSucceeded = false;
         init(options);
         users = load(USER_FILE_PROP_NAME, "user", options).getProps();
-        groups = load(GROUP_FILE_PROP_NAME, "group", options).getProps();
+        groups = load(GROUP_FILE_PROP_NAME, "group", options).invertedPropertiesValuesMap();
     }
 
     @Override
@@ -105,14 +105,10 @@ public class PropertiesLoginModule extends PropertiesLoader implements
LoginModu
         if (result) {
             principals.add(new UserPrincipal(user));
 
-            for (Map.Entry<Object, Object> entry : groups.entrySet()) {
-                String name = (String) entry.getKey();
-                String[] userList = ((String)entry.getValue()).split(",");
-                for (int i = 0; i < userList.length; i++) {
-                    if (user.equals(userList[i])) {
-                        principals.add(new GroupPrincipal(name));
-                        break;
-                    }
+            Set<String> matchedGroups = groups.get(user);
+            if (matchedGroups != null) {
+                for (String entry : matchedGroups) {
+                    principals.add(new GroupPrincipal(entry));
                 }
             }
 

http://git-wip-us.apache.org/repos/asf/activemq/blob/8d63083d/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java
----------------------------------------------------------------------
diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java
b/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java
index 958a7bd..67a22a4 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java
@@ -20,8 +20,10 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Properties;
+import java.util.Set;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -30,6 +32,7 @@ public class ReloadableProperties {
 
     private Properties props = new Properties();
     private Map<String, String> invertedProps;
+    private Map<String, Set<String>> invertedValueProps;
     private long reloadTime = -1;
     private final PropertiesLoader.FileNameKey key;
 
@@ -71,6 +74,24 @@ public class ReloadableProperties {
         return invertedProps;
     }
 
+    public synchronized Map<String, Set<String>> invertedPropertiesValuesMap()
{
+        if (invertedValueProps == null) {
+            invertedValueProps = new HashMap<>(props.size());
+            for (Map.Entry<Object, Object> val : props.entrySet()) {
+                String[] userList = ((String)val.getValue()).split(",");
+                for (String user : userList) {
+                    Set<String> set = invertedValueProps.get(user);
+                    if (set == null) {
+                        set = new HashSet<>();
+                        invertedValueProps.put(user, set);
+                    }
+                    set.add((String)val.getKey());
+                }
+            }
+        }
+        return invertedValueProps;
+    }
+
     private void load(final File source, Properties props) throws IOException {
         FileInputStream in = new FileInputStream(source);
         try {

http://git-wip-us.apache.org/repos/asf/activemq/blob/8d63083d/activemq-jaas/src/main/java/org/apache/activemq/jaas/TextFileCertificateLoginModule.java
----------------------------------------------------------------------
diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/TextFileCertificateLoginModule.java
b/activemq-jaas/src/main/java/org/apache/activemq/jaas/TextFileCertificateLoginModule.java
index 9b887ae..42f2c9d 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/TextFileCertificateLoginModule.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/TextFileCertificateLoginModule.java
@@ -18,6 +18,7 @@
 package org.apache.activemq.jaas;
 
 import java.security.cert.X509Certificate;
+import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Map;
@@ -46,7 +47,7 @@ public class TextFileCertificateLoginModule extends CertificateLoginModule
{
     private static final String USER_FILE_PROP_NAME = "org.apache.activemq.jaas.textfiledn.user";
     private static final String GROUP_FILE_PROP_NAME = "org.apache.activemq.jaas.textfiledn.group";
 
-    private Properties groups;
+    private Map<String, Set<String>> groupsByUser;
     private Map<String, String> usersByDn;
 
     /**
@@ -57,7 +58,7 @@ public class TextFileCertificateLoginModule extends CertificateLoginModule
{
         super.initialize(subject, callbackHandler, sharedState, options);
 
         usersByDn = load(USER_FILE_PROP_NAME, "", options).invertedPropertiesMap();
-        groups = load(GROUP_FILE_PROP_NAME, "", options).getProps();
+        groupsByUser = load(GROUP_FILE_PROP_NAME, "", options).invertedPropertiesValuesMap();
      }
 
     /**
@@ -89,18 +90,10 @@ public class TextFileCertificateLoginModule extends CertificateLoginModule
{
      */
     @Override
     protected Set<String> getUserGroups(String username) throws LoginException {
-        Set<String> userGroups = new HashSet<String>();
-        for (Enumeration<Object> enumeration = groups.keys(); enumeration.hasMoreElements();)
{
-            String groupName = (String)enumeration.nextElement();
-            String[] userList = (groups.getProperty(groupName) + "").split(",");
-            for (int i = 0; i < userList.length; i++) {
-                if (username.equals(userList[i])) {
-                    userGroups.add(groupName);
-                    break;
-                }
-            }
+        Set<String> userGroups = groupsByUser.get(username);
+        if (userGroups == null) {
+            userGroups = Collections.emptySet();
         }
-
         return userGroups;
     }
 }


Mime
View raw message