directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-core git commit: FC-96 - Externalize fortress web.war config
Date Sun, 10 May 2015 08:07:31 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 7f5479f9b -> 5d04a6517


FC-96 - Externalize fortress web.war config


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/5d04a651
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/5d04a651
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/5d04a651

Branch: refs/heads/master
Commit: 5d04a651762cdbda8a36748ff45cc29b980e8528
Parents: 7f5479f
Author: Shawn McKinney <smckinney@apache.org>
Authored: Sun May 10 02:22:02 2015 -0500
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Sun May 10 02:22:02 2015 -0500

----------------------------------------------------------------------
 .../directory/fortress/core/GlobalIds.java      |  18 ++
 .../directory/fortress/core/cfg/Config.java     | 197 +++++++++++++++----
 .../core/ldap/ApacheDsDataProvider.java         |  60 +++---
 3 files changed, 203 insertions(+), 72 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/5d04a651/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
index 7d785c4..002bec9 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
@@ -448,6 +448,24 @@ public class GlobalIds
     public static final String AUTH_Z_FAILED_VALUE = POP_NAME + "=" + AUTH_Z_FAILED;
 
     /**
+     * Used for ldap connection pool of admin users.
+     */
+    public static final String LDAP_ADMIN_POOL_MIN = "min.admin.conn";
+    public static final String LDAP_ADMIN_POOL_MAX = "max.admin.conn";
+    public static final String LDAP_ADMIN_POOL_UID = "admin.user";
+    public static final String LDAP_ADMIN_POOL_PW = "admin.pw";
+
+    // Used for TLS/SSL client-side configs:
+    public static final String ENABLE_LDAP_SSL = "enable.ldap.ssl";
+    public static final String ENABLE_LDAP_SSL_DEBUG = "enable.ldap.ssl.debug";
+    public static final String TRUST_STORE = Config.getProperty( "trust.store" );
+    public static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password"
);
+    public static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
+    public static final String LDAP_HOST = "host";
+    public static final String LDAP_PORT = "port";
+
+
+    /**
      * maximum number of entries allowed for ldap filter replacements.
      */
     private static int ldapFilterSize = 25;

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/5d04a651/src/main/java/org/apache/directory/fortress/core/cfg/Config.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/cfg/Config.java b/src/main/java/org/apache/directory/fortress/core/cfg/Config.java
index 97256e0..6fd9873 100755
--- a/src/main/java/org/apache/directory/fortress/core/cfg/Config.java
+++ b/src/main/java/org/apache/directory/fortress/core/cfg/Config.java
@@ -25,6 +25,7 @@ import java.util.Enumeration;
 import java.util.Properties;
 
 import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.directory.fortress.core.util.attr.VUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -34,7 +35,6 @@ import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GlobalIds;
 import org.apache.directory.fortress.core.SecurityException;
 
-
 /**
  * This class wraps <a href="http://commons.apache.org/cfg/">Apache Commons Config</a>
utility and is used by internal components to retrieve name-value
  * pair properties from its cfg context.  The class will combine properties that it finds
in its local property
@@ -52,8 +52,20 @@ public class Config
 {
     final private static String propFile = "fortress.properties";
     final private static String userPropFile = "fortress.user.properties";
-    private static final PropertiesConfiguration config;
-    private static final String CLS_NM = Config.class.getName();
+    final private static String EXT_LDAP_HOST = "fortress.host";
+    final private static String EXT_LDAP_PORT = "fortress.port";
+    final private static String EXT_LDAP_ADMIN_POOL_UID = "fortress.admin.user";
+    final private static String EXT_LDAP_ADMIN_POOL_PW = "fortress.admin.pw";
+    final private static String EXT_LDAP_ADMIN_POOL_MIN = "fortress.min.admin.conn";
+    final private static String EXT_LDAP_ADMIN_POOL_MAX = "fortress.max.admin.conn";
+    final private static String EXT_ENABLE_LDAP_SSL = "fortress.enable.ldap.ssl";
+    final private static String EXT_ENABLE_LDAP_SSL_DEBUG = "fortress.enable.ldap.ssl.debug";
+    final private static String EXT_TRUST_STORE = "fortress.trust.store";
+    final private static String EXT_TRUST_STORE_PW = "fortress.trust.store.password";
+    final private static String EXT_SET_TRUST_STORE_PROP = "fortress.trust.store.set.prop";
+    final private static String EXT_CONFIG_REALM = "fortress.config.realm";
+    final private static PropertiesConfiguration config;
+    final private static String CLS_NM = Config.class.getName();
     final private static Logger LOG = LoggerFactory.getLogger( CLS_NM );
 
     static
@@ -85,6 +97,10 @@ public class Config
                 config.load( fUserUrl );
             }
 
+            // Check to see if any of the ldap connection parameters have been overridden:
+            getExternalConfig();
+
+            // Retrieve parameters from the config node stored in target LDAP DIT:
             String realmName = config.getString( GlobalIds.CONFIG_REALM );
             if ( realmName != null && realmName.length() > 0 )
             {
@@ -123,38 +139,6 @@ public class Config
 
 
     /**
-     * Fetch the remote cfg params from ldap with given name.
-     *
-     * @param realmName required attribute contains the name of config node name on ldap.
-     * @return {@link Properties} containing collection of name/value pairs found in directory.
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *          in the event of system or validation error.
-     */
-    private static Properties getRemoteConfig( String realmName ) throws SecurityException
-    {
-        Properties props = null;
-        try
-        {
-            ConfigMgr cfgMgr = ConfigMgrFactory.createInstance();
-            props = cfgMgr.read( realmName );
-        }
-        catch ( CfgException ce )
-        {
-            if ( ce.getErrorId() == GlobalErrIds.FT_CONFIG_NOT_FOUND )
-            {
-                String warning = "getRemoteConfig could not find cfg entry";
-                LOG.warn( warning );
-            }
-            else
-            {
-                throw ce;
-            }
-        }
-        return props;
-    }
-
-
-    /**
      * Gets the prop attribute as String value from the apache commons cfg component.
      *
      * @param name contains the name of the property.
@@ -340,4 +324,147 @@ public class Config
         }
         return value;
     }
+
+
+    /**
+     * Set the property String value to the apache commons config.
+     *
+     * @param name         contains the name of the property.
+     * @param value        contains the String value of the property.
+     */
+    public static void setProperty( String name, String value )
+    {
+        if ( config != null )
+        {
+            config.setProperty( name, value );
+        }
+        else
+        {
+            String warn = "setProperty invalid config, can't set prop name [" + name + "],
value [" + value + "]";
+            LOG.warn( warn );
+        }
+    }
+
+
+    /**
+     * Fetch the remote cfg params from ldap with given name.
+     *
+     * @param realmName required attribute contains the name of config node name on ldap.
+     * @return {@link Properties} containing collection of name/value pairs found in directory.
+     * @throws org.apache.directory.fortress.core.SecurityException
+     *          in the event of system or validation error.
+     */
+    private static Properties getRemoteConfig( String realmName ) throws SecurityException
+    {
+        Properties props = null;
+        try
+        {
+            ConfigMgr cfgMgr = ConfigMgrFactory.createInstance();
+            props = cfgMgr.read( realmName );
+        }
+        catch ( CfgException ce )
+        {
+            if ( ce.getErrorId() == GlobalErrIds.FT_CONFIG_NOT_FOUND )
+            {
+                String warning = "getRemoteConfig could not find cfg entry";
+                LOG.warn( warning );
+            }
+            else
+            {
+                throw ce;
+            }
+        }
+        return props;
+    }
+
+
+    /**
+     * This method is called during configuration initialization.  It determines if
+     * the ldap connection coordinates have been overridden as system properties.
+     */
+    private static void getExternalConfig()
+    {
+        // Check to see if the ldap host has been overriden by a system property:
+        String szValue = System.getProperty( EXT_LDAP_HOST );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.LDAP_HOST, szValue );
+        }
+        // Check to see if the ldap port has been overriden by a system property:
+        szValue = System.getProperty( EXT_LDAP_PORT );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.LDAP_PORT, szValue );
+        }
+
+        // Check to see if the admin pool uid has been overriden by a system property:
+        szValue = System.getProperty( EXT_LDAP_ADMIN_POOL_UID );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.LDAP_ADMIN_POOL_UID, szValue );
+        }
+
+        // Check to see if the admin pool pw has been overriden by a system property:
+        szValue = System.getProperty( EXT_LDAP_ADMIN_POOL_PW );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.LDAP_ADMIN_POOL_PW, szValue );
+        }
+
+        // Check to see if the admin pool min connections has been overriden by a system
property:
+        szValue = System.getProperty( EXT_LDAP_ADMIN_POOL_MIN );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.LDAP_ADMIN_POOL_MIN, szValue );
+        }
+
+        // Check to see if the admin pool max connections has been overriden by a system
property:
+        szValue = System.getProperty( EXT_LDAP_ADMIN_POOL_MAX );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.LDAP_ADMIN_POOL_MAX, new Integer( szValue ) );
+        }
+
+        // Check to see if ssl enabled parameter has been overriden by a system property:
+        szValue = System.getProperty( EXT_ENABLE_LDAP_SSL );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.ENABLE_LDAP_SSL, szValue );
+        }
+
+        // Check to see if the ssl debug enabled parameter has been overriden by a system
property:
+        szValue = System.getProperty( EXT_ENABLE_LDAP_SSL_DEBUG );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.ENABLE_LDAP_SSL_DEBUG, szValue );
+        }
+
+        // Check to see if the trust store location has been overriden by a system property:
+        szValue = System.getProperty( EXT_TRUST_STORE );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.TRUST_STORE, szValue );
+        }
+
+        // Check to see if the trust store password has been overriden by a system property:
+        szValue = System.getProperty( EXT_TRUST_STORE_PW );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.TRUST_STORE_PW, szValue );
+        }
+
+        // Check to see if the trust store set parameter has been overriden by a system property:
+        szValue = System.getProperty( EXT_SET_TRUST_STORE_PROP );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.SET_TRUST_STORE_PROP, szValue );
+        }
+
+        // Check to see if the config realm name has been overriden by a system property:
+        szValue = System.getProperty( EXT_CONFIG_REALM );
+        if( VUtil.isNotNullOrEmpty( szValue ))
+        {
+            config.setProperty( GlobalIds.CONFIG_REALM, szValue );
+        }
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/5d04a651/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
b/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
index ae6ecaf..5bc5b0e 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
@@ -86,8 +86,6 @@ import org.apache.directory.fortress.core.util.time.Constraint;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.naming.ldap.ExtendedResponse;
-
 
 /**
  * Abstract class contains methods to perform low-level entity to ldap persistence.  These
methods are called by the
@@ -108,12 +106,6 @@ public abstract class ApacheDsDataProvider
 
     private static final int MAX_DEPTH = 100;
     private static final LdapCounters counters = new LdapCounters();
-    private static final String LDAP_HOST = "host";
-    private static final String LDAP_PORT = "port";
-    private static final String LDAP_ADMIN_POOL_MIN = "min.admin.conn";
-    private static final String LDAP_ADMIN_POOL_MAX = "max.admin.conn";
-    private static final String LDAP_ADMIN_POOL_UID = "admin.user";
-    private static final String LDAP_ADMIN_POOL_PW = "admin.pw";
 
     // Used for slapd access log {@link org.apache.directory.fortress.core.rbacAuditDAO}
     private static final String LDAP_LOG_POOL_UID = "log.admin.user";
@@ -121,25 +113,19 @@ public abstract class ApacheDsDataProvider
     private static final String LDAP_LOG_POOL_MIN = "min.log.conn";
     private static final String LDAP_LOG_POOL_MAX = "max.log.conn";
 
-    // Used for TLS/SSL client-side configs:
-    private static final String ENABLE_LDAP_SSL = "enable.ldap.ssl";
-    private static final String ENABLE_LDAP_SSL_DEBUG = "enable.ldap.ssl.debug";
-    private static final String TRUST_STORE = Config.getProperty( "trust.store" );
-    private static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password"
);
     private static final boolean IS_SSL = (
-        Config.getProperty( ENABLE_LDAP_SSL ) != null &&
-            Config.getProperty( ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
-            TRUST_STORE != null &&
-        TRUST_STORE_PW != null );
+        Config.getProperty( GlobalIds.ENABLE_LDAP_SSL ) != null &&
+            Config.getProperty( GlobalIds.ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
+            GlobalIds.TRUST_STORE != null &&
+        GlobalIds.TRUST_STORE_PW != null );
 
-    private static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
     private static final boolean IS_SET_TRUST_STORE_PROP = (
         IS_SSL &&
-            Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
-        Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ) );
+            Config.getProperty( GlobalIds.SET_TRUST_STORE_PROP ) != null &&
+        Config.getProperty( GlobalIds.SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ) );
 
-    private static final boolean IS_SSL_DEBUG = ( ( Config.getProperty( ENABLE_LDAP_SSL_DEBUG
) != null ) && ( Config
-        .getProperty( ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase( "true" ) ) );
+    private static final boolean IS_SSL_DEBUG = ( ( Config.getProperty( GlobalIds.ENABLE_LDAP_SSL_DEBUG
) != null ) && ( Config
+        .getProperty( GlobalIds.ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase( "true" ) ) );
 
     /**
      * The Admin connection pool
@@ -161,10 +147,10 @@ public abstract class ApacheDsDataProvider
 
     static
     {
-        String host = Config.getProperty( LDAP_HOST, "localhost" );
-        int port = Config.getInt( LDAP_PORT, 10389 );
-        int min = Config.getInt( LDAP_ADMIN_POOL_MIN, 1 );
-        int max = Config.getInt( LDAP_ADMIN_POOL_MAX, 10 );
+        String host = Config.getProperty( GlobalIds.LDAP_HOST, "localhost" );
+        int port = Config.getInt( GlobalIds.LDAP_PORT, 10389 );
+        int min = Config.getInt( GlobalIds.LDAP_ADMIN_POOL_MIN, 1 );
+        int max = Config.getInt( GlobalIds.LDAP_ADMIN_POOL_MAX, 10 );
         int logmin = Config.getInt( LDAP_LOG_POOL_MIN, 1 );
         int logmax = Config.getInt( LDAP_LOG_POOL_MAX, 10 );
         LOG.info( "LDAP POOL:  host=[{}], port=[{}], min=[{}], max=[{}]", host, port, min,
max);
@@ -172,36 +158,36 @@ public abstract class ApacheDsDataProvider
         if ( IS_SET_TRUST_STORE_PROP )
         {
             LOG.info( "Set JSSE truststore properties in Apache LDAP client:" );
-            LOG.info( "javax.net.ssl.trustStore: {}", TRUST_STORE );
+            LOG.info( "javax.net.ssl.trustStore: {}", GlobalIds.TRUST_STORE );
             LOG.info( "javax.net.debug: {}" + IS_SSL_DEBUG );
-            System.setProperty( "javax.net.ssl.trustStore", TRUST_STORE );
-            System.setProperty( "javax.net.ssl.trustStorePassword", TRUST_STORE_PW );
+            System.setProperty( "javax.net.ssl.trustStore", GlobalIds.TRUST_STORE );
+            System.setProperty( "javax.net.ssl.trustStorePassword", GlobalIds.TRUST_STORE_PW
);
             System.setProperty( "javax.net.debug", new Boolean( IS_SSL_DEBUG ).toString()
);
         }
 
         LdapConnectionConfig config = new LdapConnectionConfig();
         config.setLdapHost( host );
         config.setLdapPort( port );
-        config.setName( Config.getProperty( LDAP_ADMIN_POOL_UID, "" ) );
+        config.setName( Config.getProperty( GlobalIds.LDAP_ADMIN_POOL_UID, "" ) );
 
         config.setUseSsl( IS_SSL );
         //config.setTrustManagers( new NoVerificationTrustManager() );
 
-        if ( IS_SSL && VUtil.isNotNullOrEmpty( TRUST_STORE ) && VUtil.isNotNullOrEmpty(
TRUST_STORE_PW ) )
+        if ( IS_SSL && VUtil.isNotNullOrEmpty( GlobalIds.TRUST_STORE ) &&
VUtil.isNotNullOrEmpty( GlobalIds.TRUST_STORE_PW ) )
         {
             // validate certificates but allow self-signed certs if within this truststore:
-            config.setTrustManagers( new LdapClientTrustStoreManager( TRUST_STORE, TRUST_STORE_PW.toCharArray(),
null,
+            config.setTrustManagers( new LdapClientTrustStoreManager( GlobalIds.TRUST_STORE,
GlobalIds.TRUST_STORE_PW.toCharArray(), null,
                 true ) );
         }
 
         String adminPw;
         if ( EncryptUtil.isEnabled() )
         {
-            adminPw = EncryptUtil.decrypt( Config.getProperty( LDAP_ADMIN_POOL_PW ) );
+            adminPw = EncryptUtil.decrypt( Config.getProperty( GlobalIds.LDAP_ADMIN_POOL_PW
) );
         }
         else
         {
-            adminPw = Config.getProperty( LDAP_ADMIN_POOL_PW );
+            adminPw = Config.getProperty( GlobalIds.LDAP_ADMIN_POOL_PW );
         }
 
         config.setCredentials( adminPw );
@@ -257,14 +243,14 @@ public abstract class ApacheDsDataProvider
             LdapConnectionConfig logConfig = new LdapConnectionConfig();
             logConfig.setLdapHost( host );
             logConfig.setLdapPort( port );
-            logConfig.setName( Config.getProperty( LDAP_ADMIN_POOL_UID, "" ) );
+            logConfig.setName( Config.getProperty( GlobalIds.LDAP_ADMIN_POOL_UID, "" ) );
 
             logConfig.setUseSsl( IS_SSL );
 
-            if ( IS_SSL && VUtil.isNotNullOrEmpty( TRUST_STORE ) && VUtil.isNotNullOrEmpty(
TRUST_STORE_PW ) )
+            if ( IS_SSL && VUtil.isNotNullOrEmpty( GlobalIds.TRUST_STORE ) &&
VUtil.isNotNullOrEmpty( GlobalIds.TRUST_STORE_PW ) )
             {
                 // validate certificates but allow self-signed certs if within this truststore:
-                logConfig.setTrustManagers( new LdapClientTrustStoreManager( TRUST_STORE,
TRUST_STORE_PW.toCharArray(),
+                logConfig.setTrustManagers( new LdapClientTrustStoreManager( GlobalIds.TRUST_STORE,
GlobalIds.TRUST_STORE_PW.toCharArray(),
                     null, true ) );
             }
 


Mime
View raw message