[jira] [Work logged] (AMQ-6148) When use LDAP auth, Activemq should not always connect to ldap service to do authentication

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/AMQ-6148?focusedWorklogId=803292&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-803292
 ]

ASF GitHub Bot logged work on AMQ-6148:
---------------------------------------

                Author: ASF GitHub Bot
            Created on: 24/Aug/22 16:40
            Start Date: 24/Aug/22 16:40
    Worklog Time Spent: 10m 
      Work Description: mattrpav commented on code in PR #699:
URL: https://github.com/apache/activemq/pull/699#discussion_r951988296


##########
activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java:
##########
@@ -320,22 +316,17 @@ protected boolean authenticate(String username, String 
password) throws LoginExc
                 throw new FailedLoginException("Password does not match for 
user: " + username);
             }
         } catch (CommunicationException e) {
+            closeContext();

Review Comment:
   Can all the closeContext() calls be moved to a finally {}



##########
activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java:
##########
@@ -187,9 +183,13 @@ public boolean abort() throws LoginException {
         return true;
     }
 
-    protected void close(DirContext context) {
+    protected void closeContext() {
+        if (context == null) {
+            return;
+        }
         try {
             context.close();
+            context = null;

Review Comment:
   The context = null assignment should probably be in a finally {} 





Issue Time Tracking
-------------------

    Worklog Id:     (was: 803292)
    Time Spent: 1h 10m  (was: 1h)

> When use LDAP auth, Activemq should not always connect to ldap service to do 
> authentication
> -------------------------------------------------------------------------------------------
>
>                 Key: AMQ-6148
>                 URL: https://issues.apache.org/jira/browse/AMQ-6148
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.11.1
>            Reporter: JIE CHEN
>            Priority: Critical
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> I am using LDAP service to do authentication for ActiveMQ, and I found 
> everytime ActiveMQ servers try to establish a connection between ActiveMQ 
> client, the ActiveMQ server will create a connection to LDAP server to do 
> authentication. That's is not good, think about there are thousands of 
> ActiveMQ clients are trying to connect to ActiveMQ servers, the ActiveMQ 
> servers will need to create thousands of connections to LDAP servers. And 
> moreover it is not reliable as well because the connection between LDAP 
> servers and ActiveMQ servers could be broken sometimes. We need something 
> similar as Cached LDAP Authorization Module. It is more reasonable that the 
> ActiveMQ will cache the ldap account credential in local memory and refresh 
> in certain interval.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)