Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This closes #2527

This commit is contained in:
Clebert Suconic 2019-01-29 23:09:20 -05:00
parent f4436a9f72 4d2eae2686
commit 43a1cc2822
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java
View File

@ -303,6 +303,13 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
securityRoles = new HashMap<>(); securityRoles = new HashMap<>();
try { try {
if (logger.isDebugEnabled()) {
logger.debug(new StringBuilder().append("Performing LDAP search: ").append(destinationBase)
.append("\tfilter: ").append(filter)
.append("\tcontrols:")
.append("\t\treturningAttributes: ").append(roleAttribute)
.append("\t\tsearchScope: SUBTREE_SCOPE"));
}
NamingEnumeration<SearchResult> searchResults = context.search(destinationBase, filter, searchControls); NamingEnumeration<SearchResult> searchResults = context.search(destinationBase, filter, searchControls);
while (searchResults.hasMore()) { while (searchResults.hasMore()) {
processSearchResult(securityRoles, searchResults.next()); processSearchResult(securityRoles, searchResults.next());
@ -321,50 +328,52 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
private void processSearchResult(Map<String, Set<Role>> securityRoles, private void processSearchResult(Map<String, Set<Role>> securityRoles,
SearchResult searchResult) throws NamingException { SearchResult searchResult) throws NamingException {
LdapName searchResultLdapName = new LdapName(searchResult.getName());
Attributes attrs = searchResult.getAttributes(); Attributes attrs = searchResult.getAttributes();
if (attrs == null || attrs.size() == 0) { if (attrs == null || attrs.size() == 0) {
if (logger.isDebugEnabled()) {
logger.debug("Skipping LDAP search result \"" + searchResultLdapName + "\" with " + (attrs == null ? "null" : attrs.size()) + " attributes");
}
return; return;
} }
LdapName searchResultLdapName = new LdapName(searchResult.getName());
if (logger.isDebugEnabled()) {
logger.debug("LDAP search result : " + searchResultLdapName);
}
String permissionType = null;
String destination = null;
String destinationType = "unknown";
List<Rdn> rdns = searchResultLdapName.getRdns(); List<Rdn> rdns = searchResultLdapName.getRdns();
if (rdns.size() < 3) { if (rdns.size() < 3) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("\tSkipping unexpected search result with " + rdns.size() + " RDNs."); logger.debug("\tSkipping LDAP search result \"" + searchResultLdapName + "\" with " + rdns.size() + " RDNs.");
} }
return; return;
} }
StringBuilder logMessage = new StringBuilder();
if (logger.isDebugEnabled()) {
logMessage.append("LDAP search result: ").append(searchResultLdapName);
}
// we can count on the RNDs being in order from right to left // we can count on the RNDs being in order from right to left
Rdn rdn = rdns.get(rdns.size() - 3); Rdn rdn = rdns.get(rdns.size() - 3);
String rawDestinationType = rdn.getValue().toString(); String rawDestinationType = rdn.getValue().toString();
String destinationType = "unknown";
if (rawDestinationType.toLowerCase().contains("queue")) { if (rawDestinationType.toLowerCase().contains("queue")) {
destinationType = "queue"; destinationType = "queue";
} else if (rawDestinationType.toLowerCase().contains("topic")) { } else if (rawDestinationType.toLowerCase().contains("topic")) {
destinationType = "topic"; destinationType = "topic";
} }
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("\tDestination type: " + destinationType); logMessage.append("\tDestination type: ").append(destinationType);
} }
rdn = rdns.get(rdns.size() - 2); rdn = rdns.get(rdns.size() - 2);
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("\tDestination name: " + rdn.getValue()); logMessage.append("\tDestination name: ").append(rdn.getValue());
} }
destination = rdn.getValue().toString(); String destination = rdn.getValue().toString();
rdn = rdns.get(rdns.size() - 1); rdn = rdns.get(rdns.size() - 1);
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("\tPermission type: " + rdn.getValue()); logMessage.append("\tPermission type: ").append(rdn.getValue());
} }
permissionType = rdn.getValue().toString(); String permissionType = rdn.getValue().toString();
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("\tAttributes: " + attrs); logMessage.append("\tAttributes: ").append(attrs);
} }
Attribute attr = attrs.get(roleAttribute); Attribute attr = attrs.get(roleAttribute);
NamingEnumeration<?> e = attr.getAll(); NamingEnumeration<?> e = attr.getAll();
@ -382,7 +391,7 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
rdn = ldapname.getRdn(ldapname.size() - 1); rdn = ldapname.getRdn(ldapname.size() - 1);
String roleName = rdn.getValue().toString(); String roleName = rdn.getValue().toString();
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("\tRole name: " + roleName); logMessage.append("\tRole name: ").append(roleName);
} }
Role role = new Role(roleName, Role role = new Role(roleName,
permissionType.equalsIgnoreCase(writePermissionValue), // send permissionType.equalsIgnoreCase(writePermissionValue), // send
@ -399,6 +408,10 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
roles.add(role); roles.add(role);
} }
if (logger.isDebugEnabled()) {
logger.debug(logMessage);
}
if (!exists) { if (!exists) {
securityRoles.put(destination, roles); securityRoles.put(destination, roles);
} }