You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by tr...@apache.org on 2014/10/17 23:06:48 UTC
svn commit: r1632666 - in /jackrabbit/oak/trunk/oak-auth-ldap/src:
main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/
test/java/org/apache/jackrabbit/oak/security/authentication/ldap/
Author: tripod
Date: Fri Oct 17 21:06:47 2014
New Revision: 1632666
URL: http://svn.apache.org/r1632666
Log:
OAK-2212 Add configuration options for ldap connection pools
- add configuration for maxActive pool size
Modified:
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java
jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1632666&r1=1632665&r2=1632666&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Fri Oct 17 21:06:47 2014
@@ -97,14 +97,20 @@ public class LdapIdentityProvider implem
private LdapConnectionPool adminPool;
/**
+ * admin connection factory
+ */
+ private PoolableLdapConnectionFactory adminConnectionFactory;
+
+ /**
* the connection pool with unbound connections
*/
private UnboundLdapConnectionPool userPool;
/**
- * temporary flag to disable connection pooling during unit tests. somehow the internal DS does not work correctly.
+ * user connection factory
*/
- public boolean disableConnectionPooling;
+ private PoolableUnboundConnectionFactory userConnectionFactory;
+
/**
* Default constructor for OSGi
@@ -138,7 +144,7 @@ public class LdapIdentityProvider implem
* Initializes the ldap identity provider.
*/
private void init() {
- if (adminPool != null) {
+ if (adminConnectionFactory != null) {
throw new IllegalStateException("Provider already initialized.");
}
@@ -148,17 +154,27 @@ public class LdapIdentityProvider implem
cc.setName(config.getBindDN());
cc.setCredentials(config.getBindPassword());
}
+ adminConnectionFactory = new PoolableLdapConnectionFactory(cc);
- PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory(cc);
- adminPool = new LdapConnectionPool(factory);
- adminPool.setTestOnBorrow(true);
- adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_GROW);
+ if (config.getAdminPoolConfig().getMaxActive() != 0) {
+ adminPool = new LdapConnectionPool(adminConnectionFactory);
+ adminPool.setTestOnBorrow(true);
+ adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
+ adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
+ }
// setup unbound connection pool. let's create a new version of the config
cc = createConnectionConfig();
- userPool = new UnboundLdapConnectionPool(new PoolableUnboundConnectionFactory(cc));
- userPool.setTestOnBorrow(true);
- userPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_GROW);
+
+ userConnectionFactory = new PoolableUnboundConnectionFactory(cc);
+ if (config.getUserPoolConfig().getMaxActive() != 0) {
+ userPool = new UnboundLdapConnectionPool(userConnectionFactory);
+ userPool.setTestOnBorrow(true);
+ userPool.setMaxActive(config.getUserPoolConfig().getMaxActive());
+ userPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
+ }
+
+ log.info("LdapIdentityProvider initialized: {}", config);
}
/**
@@ -510,7 +526,11 @@ public class LdapIdentityProvider implem
@Nonnull
private LdapConnection connect() throws ExternalIdentityException {
try {
- return adminPool.getConnection();
+ if (adminPool == null) {
+ return adminConnectionFactory.makeObject();
+ } else {
+ return adminPool.getConnection();
+ }
} catch (Throwable e) {
log.error("Error while connecting to the ldap server.", e);
throw new ExternalIdentityException("Error while connecting and binding to the ldap server", e);
@@ -520,10 +540,11 @@ public class LdapIdentityProvider implem
private void disconnect(@Nullable LdapConnection connection) throws ExternalIdentityException {
try {
if (connection != null) {
- if (disableConnectionPooling) {
- connection.close();
+ if (adminPool == null) {
+ adminConnectionFactory.destroyObject(connection);
+ } else {
+ adminPool.releaseConnection(connection);
}
- adminPool.releaseConnection(connection);
}
} catch (Exception e) {
log.warn("Error while disconnecting from the ldap server.", e);
@@ -549,7 +570,11 @@ public class LdapIdentityProvider implem
LdapConnection connection = null;
try {
DebugTimer timer = new DebugTimer();
- connection = userPool.getConnection();
+ if (userPool == null) {
+ connection = userConnectionFactory.makeObject();
+ } else {
+ connection = userPool.getConnection();
+ }
timer.mark("connect");
connection.bind(user.getExternalId().getId(), new String(creds.getPassword()));
timer.mark("bind");
@@ -563,7 +588,11 @@ public class LdapIdentityProvider implem
} finally {
if (connection != null) {
try {
- userPool.releaseConnection(connection);
+ if (userPool == null) {
+ userConnectionFactory.destroyObject(connection);
+ } else {
+ userPool.releaseConnection(connection);
+ }
} catch (Exception e) {
// ignore
}
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java?rev=1632666&r1=1632665&r2=1632666&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java Fri Oct 17 21:06:47 2014
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
+import java.util.Arrays;
+
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -172,6 +174,36 @@ public class LdapProviderConfig {
public static final String PARAM_SEARCH_TIMEOUT = "searchTimeout";
/**
+ * @see PoolConfig#getMaxActive()
+ */
+ public static final int PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT = 8;
+
+ /**
+ * @see PoolConfig#getMaxActive()
+ */
+ @Property(
+ label = "Admin pool max active",
+ description = "The max active size of the admin connection pool.",
+ longValue = PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT
+ )
+ public static final String PARAM_ADMIN_POOL_MAX_ACTIVE = "adminPool.maxActive";
+
+ /**
+ * @see PoolConfig#getMaxActive()
+ */
+ public static final int PARAM_USER_POOL_MAX_ACTIVE_DEFAULT = 8;
+
+ /**
+ * @see PoolConfig#getMaxActive()
+ */
+ @Property(
+ label = "User pool max active",
+ description = "The max active size of the user connection pool.",
+ longValue = PARAM_USER_POOL_MAX_ACTIVE_DEFAULT
+ )
+ public static final String PARAM_USER_POOL_MAX_ACTIVE = "userPool.maxActive";
+
+ /**
* @see Identity#getBaseDN()
*/
public static final String PARAM_USER_BASE_DN_DEFAULT = "ou=people,o=example,dc=com";
@@ -506,6 +538,60 @@ public class LdapProviderConfig {
}
return String.format(filterTemplate, encodeFilterValue(id));
}
+
+ @Override
+ public String toString() {
+ final StringBuilder sb = new StringBuilder("Identity{");
+ sb.append("baseDN='").append(baseDN).append('\'');
+ sb.append(", objectClasses=").append(Arrays.toString(objectClasses));
+ sb.append(", idAttribute='").append(idAttribute).append('\'');
+ sb.append(", extraFilter='").append(extraFilter).append('\'');
+ sb.append(", filterTemplate='").append(filterTemplate).append('\'');
+ sb.append(", makeDnPath=").append(makeDnPath);
+ sb.append('}');
+ return sb.toString();
+ }
+ }
+
+ /**
+ * Defines the configuration of a connection pool. Currently we only define the max size.
+ * (documentation copied from {@link org.apache.commons.pool.impl.GenericObjectPool})
+ */
+ public class PoolConfig {
+
+ private int maxActiveSize;
+
+ /**
+ * Returns the maximum number of objects that can be allocated by the pool
+ * (checked out to clients, or idle awaiting checkout) at a given time.
+ * When non-positive, there is no limit to the number of objects that can
+ * be managed by the pool at one time. A value of 0 disables this pool.
+ *
+ * @return the cap on the total number of object instances managed by the pool.
+ * @see #setMaxActive
+ */
+ public int getMaxActive() {
+ return maxActiveSize;
+ }
+
+ /**
+ * Sets the cap on the number of objects that can be allocated by the pool.
+ *
+ * @see #getMaxActive
+ * @return this
+ */
+ public PoolConfig setMaxActive(int maxActive) {
+ this.maxActiveSize = maxActive;
+ return this;
+ }
+
+ @Override
+ public String toString() {
+ final StringBuilder sb = new StringBuilder("PoolConfig{");
+ sb.append("maxActiveSize=").append(maxActiveSize);
+ sb.append('}');
+ return sb.toString();
+ }
}
/**
@@ -540,6 +626,12 @@ public class LdapProviderConfig {
.setObjectClasses(params.getConfigValue(PARAM_GROUP_OBJECTCLASS, PARAM_GROUP_OBJECTCLASS_DEFAULT))
.setMakeDnPath(params.getConfigValue(PARAM_GROUP_MAKE_DN_PATH, PARAM_GROUP_MAKE_DN_PATH_DEFAULT));
+ cfg.getAdminPoolConfig()
+ .setMaxActive(params.getConfigValue(PARAM_ADMIN_POOL_MAX_ACTIVE, PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT));
+
+ cfg.getUserPoolConfig()
+ .setMaxActive(params.getConfigValue(PARAM_USER_POOL_MAX_ACTIVE, PARAM_USER_POOL_MAX_ACTIVE_DEFAULT));
+
return cfg;
}
@@ -565,6 +657,12 @@ public class LdapProviderConfig {
private String memberOfFilterTemplate;
+ private final PoolConfig adminPoolConfig = new PoolConfig()
+ .setMaxActive(PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT);
+
+ private final PoolConfig userPoolConfig = new PoolConfig()
+ .setMaxActive(PARAM_USER_POOL_MAX_ACTIVE_DEFAULT);
+
private final Identity userConfig = new Identity()
.setBaseDN(PARAM_USER_BASE_DN_DEFAULT)
.setExtraFilter(PARAM_USER_EXTRA_FILTER_DEFAULT)
@@ -853,6 +951,24 @@ public class LdapProviderConfig {
}
/**
+ * Returns the admin connection pool configuration.
+ * @return admin pool config
+ */
+ @Nonnull
+ public PoolConfig getAdminPoolConfig() {
+ return adminPoolConfig;
+ }
+
+ /**
+ * Returns the user connection pool configuration.
+ * @return user pool config
+ */
+ @Nonnull
+ public PoolConfig getUserPoolConfig() {
+ return userPoolConfig;
+ }
+
+ /**
* Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String)
* in order to keep this configuration LDAP client independent.
*
@@ -900,4 +1016,26 @@ public class LdapProviderConfig {
}
return (sb == null ? value : sb.toString());
}
+
+ @Override
+ public String toString() {
+ final StringBuilder sb = new StringBuilder("LdapProviderConfig{");
+ sb.append("name='").append(name).append('\'');
+ sb.append(", hostname='").append(hostname).append('\'');
+ sb.append(", port=").append(port);
+ sb.append(", useSSL=").append(useSSL);
+ sb.append(", useTLS=").append(useTLS);
+ sb.append(", noCertCheck=").append(noCertCheck);
+ sb.append(", bindDN='").append(bindDN).append('\'');
+ sb.append(", bindPassword='***'");
+ sb.append(", searchTimeout=").append(searchTimeout);
+ sb.append(", groupMemberAttribute='").append(groupMemberAttribute).append('\'');
+ sb.append(", memberOfFilterTemplate='").append(memberOfFilterTemplate).append('\'');
+ sb.append(", adminPoolConfig=").append(adminPoolConfig);
+ sb.append(", userPoolConfig=").append(userPoolConfig);
+ sb.append(", userConfig=").append(userConfig);
+ sb.append(", groupConfig=").append(groupConfig);
+ sb.append('}');
+ return sb.toString();
+ }
}
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java?rev=1632666&r1=1632665&r2=1632666&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java Fri Oct 17 21:06:47 2014
@@ -158,9 +158,9 @@ public abstract class LdapLoginTestBase
.setBaseDN(ServerDNConstants.GROUPS_SYSTEM_DN)
.setObjectClasses(InternalLdapServer.GROUP_CLASS_ATTR);
- LdapIdentityProvider ldapIDP = new LdapIdentityProvider(cfg);
- ldapIDP.disableConnectionPooling = true;
- return ldapIDP;
+ cfg.getAdminPoolConfig().setMaxActive(0);
+ cfg.getUserPoolConfig().setMaxActive(0);
+ return new LdapIdentityProvider(cfg);
}
@Override
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1632666&r1=1632665&r2=1632666&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java Fri Oct 17 21:06:47 2014
@@ -109,9 +109,9 @@ public class LdapProviderTest {
.setBaseDN(ServerDNConstants.GROUPS_SYSTEM_DN)
.setObjectClasses("groupOfUniqueNames");
- LdapIdentityProvider ldapIDP = new LdapIdentityProvider(providerConfig);
- ldapIDP.disableConnectionPooling = true;
- return ldapIDP;
+ providerConfig.getAdminPoolConfig().setMaxActive(0);
+ providerConfig.getUserPoolConfig().setMaxActive(0);
+ return new LdapIdentityProvider(providerConfig);
}
protected static void initLdapFixture(InternalLdapServer server) throws Exception {