This closes #2527

2019-01-29 23:09:20 -05:00 · 2019-01-29 23:09:20 -05:00 · 43a1cc2822
parent f4436a9f72 4d2eae2686
commit 43a1cc2822
1 changed files with 28 additions and 15 deletions
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
@ -303,6 +303,13 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {

      securityRoles = new HashMap<>();
      try {
+         if (logger.isDebugEnabled()) {
+            logger.debug(new StringBuilder().append("Performing LDAP search: ").append(destinationBase)
+                                            .append("\tfilter: ").append(filter)
+                                            .append("\tcontrols:")
+                                            .append("\t\treturningAttributes: ").append(roleAttribute)
+                                            .append("\t\tsearchScope: SUBTREE_SCOPE"));
+         }
         NamingEnumeration<SearchResult> searchResults = context.search(destinationBase, filter, searchControls);
         while (searchResults.hasMore()) {
            processSearchResult(securityRoles, searchResults.next());
@ -321,50 +328,52 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {

   private void processSearchResult(Map<String, Set<Role>> securityRoles,
                                    SearchResult searchResult) throws NamingException {
+      LdapName searchResultLdapName = new LdapName(searchResult.getName());
      Attributes attrs = searchResult.getAttributes();
      if (attrs == null || attrs.size() == 0) {
+         if (logger.isDebugEnabled()) {
+            logger.debug("Skipping LDAP search result \"" + searchResultLdapName + "\" with " + (attrs == null ? "null" : attrs.size()) + " attributes");
+         }
         return;
      }
-      LdapName searchResultLdapName = new LdapName(searchResult.getName());
-      if (logger.isDebugEnabled()) {
-         logger.debug("LDAP search result : " + searchResultLdapName);
-      }
-      String permissionType = null;
-      String destination = null;
-      String destinationType = "unknown";
      List<Rdn> rdns = searchResultLdapName.getRdns();
      if (rdns.size() < 3) {
         if (logger.isDebugEnabled()) {
-            logger.debug("\tSkipping unexpected search result with " + rdns.size() + " RDNs.");
+            logger.debug("\tSkipping LDAP search result \"" + searchResultLdapName + "\" with " + rdns.size() + " RDNs.");
         }
         return;
      }
+      StringBuilder logMessage = new StringBuilder();
+      if (logger.isDebugEnabled()) {
+         logMessage.append("LDAP search result: ").append(searchResultLdapName);
+      }
      // we can count on the RNDs being in order from right to left
      Rdn rdn = rdns.get(rdns.size() - 3);
      String rawDestinationType = rdn.getValue().toString();
+      String destinationType = "unknown";
      if (rawDestinationType.toLowerCase().contains("queue")) {
         destinationType = "queue";
      } else if (rawDestinationType.toLowerCase().contains("topic")) {
         destinationType = "topic";
      }
      if (logger.isDebugEnabled()) {
-         logger.debug("\tDestination type: " + destinationType);
+         logMessage.append("\tDestination type: ").append(destinationType);
      }

      rdn = rdns.get(rdns.size() - 2);
      if (logger.isDebugEnabled()) {
-         logger.debug("\tDestination name: " + rdn.getValue());
+         logMessage.append("\tDestination name: ").append(rdn.getValue());
      }
-      destination = rdn.getValue().toString();
+      String destination = rdn.getValue().toString();

      rdn = rdns.get(rdns.size() - 1);
      if (logger.isDebugEnabled()) {
-         logger.debug("\tPermission type: " + rdn.getValue());
+         logMessage.append("\tPermission type: ").append(rdn.getValue());
      }
-      permissionType = rdn.getValue().toString();
+      String permissionType = rdn.getValue().toString();

      if (logger.isDebugEnabled()) {
-         logger.debug("\tAttributes: " + attrs);
+         logMessage.append("\tAttributes: ").append(attrs);
      }
      Attribute attr = attrs.get(roleAttribute);
      NamingEnumeration<?> e = attr.getAll();
@ -382,7 +391,7 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
         rdn = ldapname.getRdn(ldapname.size() - 1);
         String roleName = rdn.getValue().toString();
         if (logger.isDebugEnabled()) {
-            logger.debug("\tRole name: " + roleName);
+            logMessage.append("\tRole name: ").append(roleName);
         }
         Role role = new Role(roleName,
                              permissionType.equalsIgnoreCase(writePermissionValue), // send
@ -399,6 +408,10 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
         roles.add(role);
      }

+      if (logger.isDebugEnabled()) {
+         logger.debug(logMessage);
+      }
+
      if (!exists) {
         securityRoles.put(destination, roles);
      }