Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[AMQ-6529] Make sure the LDAP ACL's are definitely loaded when needed.

This commit is contained in:
Daniel Kulp 2016-12-07 14:27:33 -05:00
parent 4b3f07e90e
commit 1a2e3eb0c7
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java
View File

@ -27,6 +27,7 @@ import java.util.concurrent.ThreadFactory;
import java.util.concurrent.ThreadPoolExecutor; import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference; import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.naming.Binding; import javax.naming.Binding;
import javax.naming.Context; import javax.naming.Context;
@ -93,7 +94,7 @@ public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap {
protected String groupClass = DefaultAuthorizationMap.DEFAULT_GROUP_CLASS; protected String groupClass = DefaultAuthorizationMap.DEFAULT_GROUP_CLASS;
// Internal State // Internal State
private long lastUpdated; private long lastUpdated = -1;
private static String ANY_DESCENDANT = "\\$"; private static String ANY_DESCENDANT = "\\$";
@ -222,8 +223,9 @@ public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap {
* if there is an unrecoverable error processing the directory contents * if there is an unrecoverable error processing the directory contents
*/ */
@SuppressWarnings("rawtypes") @SuppressWarnings("rawtypes")
protected void query() throws Exception { protected synchronized void query() throws Exception {
DirContext currentContext = open(); DirContext currentContext = open();
entries.clear();
final SearchControls constraints = new SearchControls(); final SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
@ -668,11 +670,20 @@ public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap {
* refresh interval has elapsed. * refresh interval has elapsed.
*/ */
protected void checkForUpdates() { protected void checkForUpdates() {
if (lastUpdated == -1) {
//ACL's have never been queried, but we need them NOW as we're being asked for them.
try {
query();
return;
} catch (Exception e) {
LOG.error("Error updating authorization map. Partial policy may be applied until the next successful update.", e);
}
}
if (context != null && refreshDisabled) { if (context != null && refreshDisabled) {
return; return;
} }
if (context == null || (!refreshDisabled && (refreshInterval != -1 && System.currentTimeMillis() >= lastUpdated + refreshInterval))) { if (context == null || (!refreshDisabled && (refreshInterval != -1 && System.currentTimeMillis() >= lastUpdated + refreshInterval))) {
this.updaterService.execute(new Runnable() { this.updaterService.execute(new Runnable() {
@Override @Override
@ -691,8 +702,6 @@ public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap {
} }
} }
entries.clear();
LOG.debug("Updating authorization map!"); LOG.debug("Updating authorization map!");
try { try {
query(); query();