[
https://issues.apache.org/jira/browse/QPID-4463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13806327#comment-13806327
]
Robbie Gemmell commented on QPID-4463:
--------------------------------------
General:
========
Documentation probably needs updated....I see you just beat me to that comment
though, ill take a look ;)
SimpleLDAPAuthenticationManager.java:
=====================================
We need to update the TrustStore deletion process to enforce that it isnt in
use by a SimpleLDAPAuthenticationManager when requesting its deletion.
Currently this is in TrustStoreAdapter#setState(State, State). Such checks
could do with being more general for all the ConfiguredObjects, but thats a far
bigger change, just adding a basic check for the
SimpleLDAPAuthenticationManager is all I'm suggesting now.
Typo in createInitialDirContentEnvironment method name? (presumably
createInitialDirContextEnvironment?)
For clarity I would change the method name from createSslSocketFactoryOverride
to createSslSocketFactoryOverrideClass
I'm not sure whether the code that ultimately processes the URL would accept
either of these things but just in case it would...to be safe I would probably
trim() and toLowerCase() the String before doing the ldaps check:
{noformat}
+ private InitialDirContext createInitialDirContext(Hashtable<String,
Object> env) throws NamingException
+ {
+ ClassLoader existingContextClassloader = null;
+
+ boolean isLdaps =
((String)env.get(Context.PROVIDER_URL)).startsWith("ldaps:");
{noformat}
Missing a _logger.isDebugEnabled() check:
{noformat}
_logger.debug("Connection to Directory will use custom SSL socket factory : " +
clazz);
{noformat}
bcel-5.2.xml
============
The BCEL dependency stub added for the Ant build doesn't include the same
exclusion that the changes to the broker-core pom.xml for the new maven build
do. You can just add exclusions into the dep.
{noformat}
+<dep>
+ <groupId>org.apache.bcel</groupId>
+ <artifactId>bcel</artifactId>
+ <version>5.2</version>
+</dep>
{noformat}
vs
{noformat}
+ <dependency>
+ <groupId>org.apache.bcel</groupId>
+ <artifactId>bcel</artifactId>
+ <version>5.2</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Qpid doesn't require BCEL InstructionFinder, so does not need
jakarta-regexp. -->
+ <artifactId>jakarta-regexp</artifactId>
+ <groupId>jakarta-regexp</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
{noformat}
> SimpleLDAPAuthenticationManager should accept truststore and truststore
> password configuration
> ----------------------------------------------------------------------------------------------
>
> Key: QPID-4463
> URL: https://issues.apache.org/jira/browse/QPID-4463
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Affects Versions: 0.21
> Reporter: Keith Wall
> Assignee: Robbie Gemmell
> Fix For: 0.25
>
> Attachments:
> 0001-QPID-4463-Java-Broker-Change-SimpleLDAPAuthManager-t.patch,
> 0002-QPID-4463-Java-Broker-SimpleLDAPAuthenticationManage.patch,
> AbstractLDAPSSLSocketFactory.java
>
>
> To better support use cases where the Broker is required to authenticate
> against a Directory protected by SSL, the Java Broker should accept
> truststore and truststore password via configuration.
> Currently the user is required to pass the JVM system properties
> javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword (which are
> effectively globals).
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
