[
https://issues.apache.org/jira/browse/AMQ-9627?focusedWorklogId=946274&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-946274
]
ASF GitHub Bot logged work on AMQ-9627:
---------------------------------------
Author: ASF GitHub Bot
Created on: 02/Dec/24 05:22
Start Date: 02/Dec/24 05:22
Worklog Time Spent: 10m
Work Description: kenliao94 commented on code in PR #1358:
URL: https://github.com/apache/activemq/pull/1358#discussion_r1865242625
##########
activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java:
##########
@@ -936,7 +936,11 @@ public void namingExceptionThrown(NamingExceptionEvent
namingExceptionEvent) {
// Init / Destroy
public void afterPropertiesSet() throws Exception {
- query();
+ try {
+ query();
+ } catch (Exception e) {
+ LOG.error("Error updating authorization map. Partial policy may
be applied until the next successful update.", e);
Review Comment:
I would also include a string that suggest ways for the user to mitigate it.
Something like "The LDAP server might not be reachable, check ..." even tho the
root cause can be many reason. Because "authorization map" is an internal
concept, user might not get it and they don't know how to get themselves
unstuck. However, It needs to be phrase in such a way that this is one possible
root cause, but not necessarily THE root cause.
Issue Time Tracking
-------------------
Worklog Id: (was: 946274)
Time Spent: 0.5h (was: 20m)
> Broker will not start if cachedLDAPAuthorizationMap is used and LDAP server
> is unavailable
> -------------------------------------------------------------------------------------------
>
> Key: AMQ-9627
> URL: https://issues.apache.org/jira/browse/AMQ-9627
> Project: ActiveMQ Classic
> Issue Type: Bug
> Reporter: Nikita Shupletsov
> Priority: Minor
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> When cachedLDAPAuthorizationMap is used and LDAP is down, the broker will not
> start and fail with the following exception:
>
> {{org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in
> class path resource
> [org/apache/activemq/security/activemq-ldap-cached-map.xml]: Cannot create
> inner bean 'authorizationPlugin#674658f7' of type
> [org.apache.activemq.security.AuthorizationPlugin] while setting bean
> property 'plugins' with key [1]}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.lambda$resolveValueIfNecessary$0(BeanDefinitionValueResolver.java:149)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:262)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:148)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:460)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:191)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1705)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1454)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:599)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522)}}
> {{ at
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:337)}}
> {{ at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)}}
> {{ at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:335)}}
> {{ at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200)}}
> {{ at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:975)}}
> {{ at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:971)}}
> {{ at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:625)}}
> {{ at
> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)}}
> {{ at
> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)}}
> {{ at
> org.apache.activemq.xbean.XBeanBrokerFactory$1.<init>(XBeanBrokerFactory.java:104)}}
> {{ at
> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:104)}}
> {{ at
> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:67)}}
> {{ at
> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)}}
> {{ at
> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)}}
> {{ at
> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:85)}}
> {{ at
> org.apache.activemq.security.LdapCachedLDAPAuthorizationMapTest.testStartBrokerWhenLdapServerIsUnreachable(LdapCachedLDAPAuthorizationMapTest.java:21)}}
> {{ at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)}}
> {{ at java.base/java.lang.reflect.Method.invoke(Method.java:580)}}
> {{ at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)}}
> {{ at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)}}
> {{ at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)}}
> {{ at
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)}}
> {{ at
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)}}
> {{ at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)}}
> {{ at
> org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)}}
> {{ at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)}}
> {{ at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)}}
> {{ at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)}}
> {{ at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)}}
> {{ at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)}}
> {{ at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)}}
> {{ at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)}}
> {{ at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)}}
> {{ at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)}}
> {{ at org.junit.runners.ParentRunner.run(ParentRunner.java:413)}}
> {{ at
> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:316)}}
> {{ at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:240)}}
> {{ at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:214)}}
> {{ at
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:155)}}
> {{ at
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:385)}}
> {{ at
> org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:162)}}
> {{ at
> org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:507)}}
> {{ at
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:495)}}
> {{Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'authorizationPlugin#674658f7' defined in class path
> resource [org/apache/activemq/security/activemq-ldap-cached-map.xml]: Cannot
> create inner bean '(inner bean)#68ace111' of type
> [org.apache.activemq.security.CachedLDAPAuthorizationMap] while setting
> constructor argument}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.lambda$resolveValueIfNecessary$1(BeanDefinitionValueResolver.java:153)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:262)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:152)}}
> {{ at
> org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:682)}}
> {{ at
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:203)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1375)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1212)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:562)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:407)}}
> {{ ... 52 more}}
> {{Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name '(inner bean)#68ace111' defined in class path
> resource [org/apache/activemq/security/activemq-ldap-cached-map.xml]:
> localhost:1024}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1806)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:600)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522)}}
> {{ at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:407)}}
> {{ ... 62 more}}
> {{Caused by: javax.naming.CommunicationException: localhost:1024 [Root
> exception is java.net.ConnectException: Connection refused]}}
> {{ at
> java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:253)}}
> {{ at
> java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:141)}}
> {{ at
> java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1620)}}
> {{ at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2848)}}
> {{ at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:349)}}
> {{ at
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229)}}
> {{ at
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)}}
> {{ at
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247)}}
> {{ at
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)}}
> {{ at
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)}}
> {{ at
> java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:520)}}
> {{ at
> java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)}}
> {{ at
> java.naming/javax.naming.InitialContext.init(InitialContext.java:236)}}
> {{ at
> java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)}}
> {{ at
> java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:130)}}
> {{ at
> org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.createContext(SimpleCachedLDAPAuthorizationMap.java:142)}}
> {{ at
> org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.open(SimpleCachedLDAPAuthorizationMap.java:172)}}
> {{ at
> org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.query(SimpleCachedLDAPAuthorizationMap.java:227)}}
> {{ at
> org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.afterPropertiesSet(SimpleCachedLDAPAuthorizationMap.java:939)}}
> {{ at
> org.apache.activemq.security.CachedLDAPAuthorizationMap.afterPropertiesSet(CachedLDAPAuthorizationMap.java:34)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1853)}}
> {{ at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1802)}}
> {{ ... 65 more}}
> {{Caused by: java.net.ConnectException: Connection refused}}
> {{ at java.base/sun.nio.ch.Net.connect0(Native Method)}}
> {{ at java.base/sun.nio.ch.Net.connect(Net.java:589)}}
> {{ at java.base/sun.nio.ch.Net.connect(Net.java:578)}}
> {{ at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:583)}}
> {{ at
> java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)}}
> {{ at java.base/java.net.Socket.connect(Socket.java:751)}}
> {{ at java.base/java.net.Socket.connect(Socket.java:686)}}
> {{ at java.base/java.net.Socket.<init>(Socket.java:555)}}
> {{ at java.base/java.net.Socket.<init>(Socket.java:324)}}
> {{ at
> java.base/javax.net.DefaultSocketFactory.createSocket(SocketFactory.java:267)}}
> {{ at
> java.naming/com.sun.jndi.ldap.Connection.createConnectionSocket(Connection.java:341)}}
> {{ at
> java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:285)}}
> {{ at
> java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:232)}}
> {{ ... 86 more}}
>
> it's rather inconvenient, as cachedLDAPAuthorizationMap is usually used to
> avoid issues with the LDAP server being not always available
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
