You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2018/07/06 19:29:38 UTC
[1/3] activemq-artemis git commit: ARTEMIS-1970 Clean up LDAP
connection in JAAS login module
Repository: activemq-artemis
Updated Branches:
refs/heads/master a63b0315c -> ae29edf1b
ARTEMIS-1970 Clean up LDAP connection in JAAS login module
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/2ff4faab
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/2ff4faab
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/2ff4faab
Branch: refs/heads/master
Commit: 2ff4faab058c330ee9df1bcaa5e3a37ab60cc714
Parents: a63b031
Author: gtully <ga...@gmail.com>
Authored: Fri Jul 6 12:38:20 2018 -0500
Committer: Justin Bertram <jb...@apache.org>
Committed: Fri Jul 6 13:39:34 2018 -0500
----------------------------------------------------------------------
.../spi/core/security/jaas/LDAPLoginModule.java | 1 +
.../core/security/jaas/LDAPLoginModuleTest.java | 24 ++++++++++++++++++++
2 files changed, 25 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2ff4faab/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
index cc3c824..f8d7db5 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@@ -220,6 +220,7 @@ public class LDAPLoginModule implements LoginModule {
private void clear() {
username = null;
userAuthenticated = false;
+ closeContext();
}
@Override
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/2ff4faab/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
index 4fbd2c8..97be299 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
@@ -45,6 +45,7 @@ import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.jboss.logging.Logger;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -60,6 +61,8 @@ import static org.junit.Assert.fail;
@ApplyLdifFiles("test.ldif")
public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
+ private static final Logger logger = Logger.getLogger(LDAPLoginModuleTest.class);
+
private static final String PRINCIPAL = "uid=admin,ou=system";
private static final String CREDENTIALS = "secret";
@@ -109,6 +112,8 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
@Test
public void testLogin() throws LoginException {
+ logger.info("num session: " + ldapServer.getLdapSessionManager().getSessions().length);
+
LoginContext context = new LoginContext("LDAPLogin", new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
@@ -125,6 +130,24 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
});
context.login();
context.logout();
+
+ assertTrue("no sessions after logout", waitForSessions(0));
+ }
+
+ private boolean waitForSessions(int expected) {
+ final long expiry = System.currentTimeMillis() + 5000;
+ int numSession = ldapServer.getLdapSessionManager().getSessions().length;
+ while (numSession != expected && System.currentTimeMillis() < expiry) {
+ try {
+ TimeUnit.MILLISECONDS.sleep(100);
+ } catch (InterruptedException ok) {
+ break;
+ }
+ numSession = ldapServer.getLdapSessionManager().getSessions().length;
+ logger.info("num session " + numSession);
+
+ }
+ return numSession == expected;
}
@Test
@@ -150,6 +173,7 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
return;
}
fail("Should have failed authenticating");
+ assertTrue("no sessions after logout", waitForSessions(0));
}
@Test
[2/3] activemq-artemis git commit: ARTEMIS-1971 Support connection
pooling in LDAPLoginModule
Posted by jb...@apache.org.
ARTEMIS-1971 Support connection pooling in LDAPLoginModule
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/d54e5a78
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/d54e5a78
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/d54e5a78
Branch: refs/heads/master
Commit: d54e5a786875f7756c61e33092a0cca018426adb
Parents: 2ff4faa
Author: gtully <ga...@gmail.com>
Authored: Fri Jul 6 16:48:13 2018 +0100
Committer: Justin Bertram <jb...@apache.org>
Committed: Fri Jul 6 13:53:29 2018 -0500
----------------------------------------------------------------------
.../spi/core/security/jaas/LDAPLoginModule.java | 12 ++-
.../core/security/jaas/LDAPLoginModuleTest.java | 77 ++++++++++++++++++++
artemis-server/src/test/resources/login.config | 21 ++++++
docs/user-manual/en/security.md | 7 ++
4 files changed, 116 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/d54e5a78/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
index f8d7db5..19194fa 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@@ -85,6 +85,8 @@ public class LDAPLoginModule implements LoginModule {
private static final String AUTHENTICATE_USER = "authenticateUser";
private static final String REFERRAL = "referral";
private static final String PASSWORD_CODEC = "passwordCodec";
+ private static final String CONNECTION_POOL = "connectionPool";
+ private static final String CONNECTION_TIMEOUT = "connectionTimeout";
protected DirContext context;
@@ -128,7 +130,9 @@ public class LDAPLoginModule implements LoginModule {
new LDAPLoginProperty(PASSWORD_CODEC, (String) options.get(PASSWORD_CODEC)),
new LDAPLoginProperty(SASL_LOGIN_CONFIG_SCOPE, (String) options.get(SASL_LOGIN_CONFIG_SCOPE)),
new LDAPLoginProperty(AUTHENTICATE_USER, (String) options.get(AUTHENTICATE_USER)),
- new LDAPLoginProperty(REFERRAL, (String) options.get(REFERRAL))};
+ new LDAPLoginProperty(REFERRAL, (String) options.get(REFERRAL)),
+ new LDAPLoginProperty(CONNECTION_POOL, (String) options.get(CONNECTION_POOL)),
+ new LDAPLoginProperty(CONNECTION_TIMEOUT, (String) options.get(CONNECTION_TIMEOUT))};
if (isLoginPropertySet(AUTHENTICATE_USER)) {
authenticateUser = Boolean.valueOf(getLDAPPropertyValue(AUTHENTICATE_USER));
@@ -580,6 +584,12 @@ public class LDAPLoginModule implements LoginModule {
env.put(Context.SECURITY_PROTOCOL, getLDAPPropertyValue(CONNECTION_PROTOCOL));
env.put(Context.PROVIDER_URL, getLDAPPropertyValue(CONNECTION_URL));
env.put(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(AUTHENTICATION));
+ if (isLoginPropertySet(CONNECTION_POOL)) {
+ env.put("com.sun.jndi.ldap.connect.pool", getLDAPPropertyValue(CONNECTION_POOL));
+ }
+ if (isLoginPropertySet(CONNECTION_TIMEOUT)) {
+ env.put("com.sun.jndi.ldap.connect.timeout", getLDAPPropertyValue(CONNECTION_TIMEOUT));
+ }
// handle LDAP referrals
// valid values are "throw", "ignore" and "follow"
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/d54e5a78/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
index 97be299..d28bd4c 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
@@ -36,6 +36,10 @@ import java.lang.reflect.Modifier;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.TimeUnit;
import org.apache.activemq.artemis.spi.core.security.jaas.JaasCallbackHandler;
import org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule;
@@ -134,6 +138,79 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
assertTrue("no sessions after logout", waitForSessions(0));
}
+ @Test
+ public void testLoginPooled() throws LoginException {
+
+ LoginContext context = new LoginContext("LDAPLoginPooled", new CallbackHandler() {
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof NameCallback) {
+ ((NameCallback) callbacks[i]).setName("first");
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ ((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i]);
+ }
+ }
+ }
+ });
+ context.login();
+ context.logout();
+
+ // again
+
+ context.login();
+ context.logout();
+
+ // new context
+ context = new LoginContext("LDAPLoginPooled", new CallbackHandler() {
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof NameCallback) {
+ ((NameCallback) callbacks[i]).setName("first");
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ ((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i]);
+ }
+ }
+ }
+ });
+ context.login();
+ context.logout();
+
+ Executor pool = Executors.newCachedThreadPool();
+ for (int i = 0; i < 10; i++) {
+ ((ExecutorService) pool).execute(new Runnable() {
+ @Override
+ public void run() {
+ try {
+ LoginContext context = new LoginContext("LDAPLoginPooled", new CallbackHandler() {
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof NameCallback) {
+ ((NameCallback) callbacks[i]).setName("first");
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ ((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i]);
+ }
+ }
+ }
+ });
+ context.login();
+ context.logout();
+ } catch (Exception ignored) {
+ }
+ }
+ });
+ }
+ assertTrue("no sessions after logout", waitForSessions(10));
+ }
+
private boolean waitForSessions(int expected) {
final long expiry = System.currentTimeMillis() + 5000;
int numSession = ldapServer.getLdapSessionManager().getSessions().length;
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/d54e5a78/artemis-server/src/test/resources/login.config
----------------------------------------------------------------------
diff --git a/artemis-server/src/test/resources/login.config b/artemis-server/src/test/resources/login.config
index 8e531ca..26791d9 100644
--- a/artemis-server/src/test/resources/login.config
+++ b/artemis-server/src/test/resources/login.config
@@ -49,6 +49,27 @@ LDAPLogin {
;
};
+LDAPLoginPooled {
+ org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
+ debug=true
+ initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+ connectionURL="ldap://localhost:1024"
+ connectionUsername="uid=admin,ou=system"
+ connectionPassword=secret
+ connectionProtocol=s
+ authentication=simple
+ userBase="ou=system"
+ userSearchMatching="(uid={0})"
+ userSearchSubtree=false
+ roleBase="ou=system"
+ roleName=cn
+ roleSearchMatching="(member=uid={1},ou=system)"
+ roleSearchSubtree=false
+ connectionPool=true
+ connectionTimeout="2000"
+ ;
+};
+
UnAuthenticatedLDAPLogin {
org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
debug=true
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/d54e5a78/docs/user-manual/en/security.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/security.md b/docs/user-manual/en/security.md
index dfd1a41..47fb228 100644
--- a/docs/user-manual/en/security.md
+++ b/docs/user-manual/en/security.md
@@ -587,6 +587,13 @@ system. It is implemented by
for the connection to the directory server. This option must be set explicitly
to an empty string, because it has no default value.
+- `connectionPool`. boolean, enable the ldap connection pool property
+ 'com.sun.jndi.ldap.connect.pool'. Note that the pool is [configured at the jvm level with system properties](https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html).
+
+
+- `connectionTimeout`. String milliseconds, that can time limit a ldap connection
+ attempt. The default is infinite.
+
- `userBase` - selects a particular subtree of the DIT to search for user
entries. The subtree is specified by a DN, which specifes the base node of
the subtree. For example, by setting this option to
[3/3] activemq-artemis git commit: This closes #2173
Posted by jb...@apache.org.
This closes #2173
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/ae29edf1
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/ae29edf1
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/ae29edf1
Branch: refs/heads/master
Commit: ae29edf1bdf22352f8853a39d0d8a20555a077d2
Parents: a63b031 d54e5a7
Author: Justin Bertram <jb...@apache.org>
Authored: Fri Jul 6 14:29:07 2018 -0500
Committer: Justin Bertram <jb...@apache.org>
Committed: Fri Jul 6 14:29:07 2018 -0500
----------------------------------------------------------------------
.../spi/core/security/jaas/LDAPLoginModule.java | 13 ++-
.../core/security/jaas/LDAPLoginModuleTest.java | 101 +++++++++++++++++++
artemis-server/src/test/resources/login.config | 21 ++++
docs/user-manual/en/security.md | 7 ++
4 files changed, 141 insertions(+), 1 deletion(-)
----------------------------------------------------------------------