From d3c5e8188d0e6ab693be4ff681c143b0bdcd7828 Mon Sep 17 00:00:00 2001 From: Daniel Kulp Date: Wed, 7 Dec 2016 14:27:33 -0500 Subject: [PATCH] [AMQ-6529] Make sure the LDAP ACL's are definitely loaded when needed. --- .../SimpleCachedLDAPAuthorizationMap.java | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java index 9f888b9b58..44c23f6dad 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java @@ -27,6 +27,7 @@ import java.util.concurrent.ThreadFactory; import java.util.concurrent.ThreadPoolExecutor; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicReference; +import java.util.concurrent.locks.ReentrantReadWriteLock; import javax.naming.Binding; import javax.naming.Context; @@ -93,7 +94,7 @@ public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap { protected String groupClass = DefaultAuthorizationMap.DEFAULT_GROUP_CLASS; // Internal State - private long lastUpdated; + private long lastUpdated = -1; private static String ANY_DESCENDANT = "\\$"; @@ -222,8 +223,9 @@ public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap { * if there is an unrecoverable error processing the directory contents */ @SuppressWarnings("rawtypes") - protected void query() throws Exception { + protected synchronized void query() throws Exception { DirContext currentContext = open(); + entries.clear(); final SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); @@ -668,11 +670,20 @@ public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap { * refresh interval has elapsed. */ protected void checkForUpdates() { + if (lastUpdated == -1) { + //ACL's have never been queried, but we need them NOW as we're being asked for them. + try { + query(); + return; + } catch (Exception e) { + LOG.error("Error updating authorization map. Partial policy may be applied until the next successful update.", e); + } + } if (context != null && refreshDisabled) { return; } - + if (context == null || (!refreshDisabled && (refreshInterval != -1 && System.currentTimeMillis() >= lastUpdated + refreshInterval))) { this.updaterService.execute(new Runnable() { @Override @@ -691,8 +702,6 @@ public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap { } } - entries.clear(); - LOG.debug("Updating authorization map!"); try { query();