This is an automated email from the ASF dual-hosted git repository. brusdev pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push: new 15aafe0b70 ARTEMIS-4293 add mngmnt ops to clear authn/z caches 15aafe0b70 is described below commit 15aafe0b70f59c0edc255bb648cc4007e9a29811 Author: Justin Bertram <jbert...@apache.org> AuthorDate: Thu May 25 18:07:33 2023 -0500 ARTEMIS-4293 add mngmnt ops to clear authn/z caches --- .../apache/activemq/artemis/logs/AuditLogger.java | 14 ++++++++++++ .../api/core/management/ActiveMQServerControl.java | 6 +++++ .../management/impl/ActiveMQServerControlImpl.java | 16 +++++++++++++ .../core/security/impl/SecurityStoreImpl.java | 2 -- .../management/ActiveMQServerControlTest.java | 26 ++++++++++++++++++++++ .../ActiveMQServerControlUsingCoreTest.java | 10 +++++++++ 6 files changed, 72 insertions(+), 2 deletions(-) diff --git a/artemis-commons/src/main/java/org/apache/activemq/artemis/logs/AuditLogger.java b/artemis-commons/src/main/java/org/apache/activemq/artemis/logs/AuditLogger.java index 2f02c7d4f7..9af9075ea9 100644 --- a/artemis-commons/src/main/java/org/apache/activemq/artemis/logs/AuditLogger.java +++ b/artemis-commons/src/main/java/org/apache/activemq/artemis/logs/AuditLogger.java @@ -2653,4 +2653,18 @@ public interface AuditLogger { @LogMessage(id = 601768, value = "{} connection {} for user {} destroyed", level = LogMessage.Level.INFO) void destroyedConnection(String protocol, String connectionID, String user); + + static void clearAuthenticationCache(Object source) { + BASE_LOGGER.clearAuthenticationCache(getCaller(), source); + } + + @LogMessage(id = 601769, value = "User {} is clearing authentication cache on target resource: {}", level = LogMessage.Level.INFO) + void clearAuthenticationCache(String user, Object source); + + static void clearAuthorizationCache(Object source) { + BASE_LOGGER.clearAuthorizationCache(getCaller(), source); + } + + @LogMessage(id = 601770, value = "User {} is clearing authorization cache on target resource: {}", level = LogMessage.Level.INFO) + void clearAuthorizationCache(String user, Object source); } diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java index 2229abfee5..0c4289fb52 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ActiveMQServerControl.java @@ -2006,5 +2006,11 @@ public interface ActiveMQServerControl { @Attribute(desc = "Scan all paged destinations to rebuild the page counters") void rebuildPageCounters() throws Exception; + + @Operation(desc = "Clear the authentication cache", impact = MBeanOperationInfo.ACTION) + void clearAuthenticationCache() throws Exception; + + @Operation(desc = "Clear the authorization cache", impact = MBeanOperationInfo.ACTION) + void clearAuthorizationCache() throws Exception; } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java index eb147349b4..1096ebee4f 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/management/impl/ActiveMQServerControlImpl.java @@ -4664,5 +4664,21 @@ public class ActiveMQServerControlImpl extends AbstractControl implements Active } throw ActiveMQMessageBundle.BUNDLE.embeddedWebServerNotFound(); } + + @Override + public void clearAuthenticationCache() { + if (AuditLogger.isBaseLoggingEnabled()) { + AuditLogger.clearAuthenticationCache(this.server); + } + ((SecurityStoreImpl)server.getSecurityStore()).invalidateAuthenticationCache(); + } + + @Override + public void clearAuthorizationCache() { + if (AuditLogger.isBaseLoggingEnabled()) { + AuditLogger.clearAuthorizationCache(this.server); + } + ((SecurityStoreImpl)server.getSecurityStore()).invalidateAuthorizationCache(); + } } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java index 7f770d9711..14c393d032 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java @@ -424,12 +424,10 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC logger.debug("Skipping authentication cache due to exception: {}", e.getMessage()); } - // public for testing purposes public void invalidateAuthorizationCache() { authorizationCache.invalidateAll(); } - // public for testing purposes public void invalidateAuthenticationCache() { authenticationCache.invalidateAll(); } diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java index d758fb62f8..b6585dbcc4 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java @@ -257,6 +257,32 @@ public class ActiveMQServerControlTest extends ManagementTestBase { Wait.assertEquals(usingCore() ? 8 : 1, () -> serverControl.getAuthorizationCacheSize()); } + @Test + public void testClearingSecurityCaches() throws Exception { + ActiveMQServerControl serverControl = createManagementControl(); + + ServerLocator loc = createInVMNonHALocator(); + ClientSessionFactory csf = createSessionFactory(loc); + ClientSession session = csf.createSession("myUser", "myPass", false, true, false, false, 0); + session.start(); + + final String address = "ADDRESS"; + serverControl.createAddress(address, "MULTICAST"); + ClientProducer producer = session.createProducer(address); + ClientMessage m = session.createMessage(true); + m.putStringProperty("hello", "world"); + producer.send(m); + + Assert.assertTrue(serverControl.getAuthenticationCacheSize() > 0); + Wait.assertTrue(() -> serverControl.getAuthorizationCacheSize() > 0); + + serverControl.clearAuthenticationCache(); + serverControl.clearAuthorizationCache(); + + Assert.assertEquals(usingCore() ? 1 : 0, serverControl.getAuthenticationCacheSize()); + Assert.assertEquals(usingCore() ? 7 : 0, serverControl.getAuthorizationCacheSize()); + } + @Test public void testGetConnectors() throws Exception { ActiveMQServerControl serverControl = createManagementControl(); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java index 5cb2cc98d6..fd1fee8be2 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlUsingCoreTest.java @@ -1754,6 +1754,16 @@ public class ActiveMQServerControlUsingCoreTest extends ActiveMQServerControlTes public void rebuildPageCounters() throws Exception { proxy.invokeOperation("rebuildPageCounters"); } + + @Override + public void clearAuthenticationCache() throws Exception { + proxy.invokeOperation("clearAuthenticationCache"); + } + + @Override + public void clearAuthorizationCache() throws Exception { + proxy.invokeOperation("clearAuthorizationCache"); + } }; }