[jira] [Work logged] (AMQ-9627) Broker will not start if cachedLDAPAuthorizationMap is used and LDAP server is unavailable

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/AMQ-9627?focusedWorklogId=948344&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-948344
 ]

ASF GitHub Bot logged work on AMQ-9627:
---------------------------------------

                Author: ASF GitHub Bot
            Created on: 13/Dec/24 19:27
            Start Date: 13/Dec/24 19:27
    Worklog Time Spent: 10m 
      Work Description: Nikita-Shupletsov commented on code in PR #1358:
URL: https://github.com/apache/activemq/pull/1358#discussion_r1884389604


##########
activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java:
##########
@@ -936,7 +936,11 @@ public void namingExceptionThrown(NamingExceptionEvent 
namingExceptionEvent) {
 
     // Init / Destroy
     public void afterPropertiesSet() throws Exception {
-        query();
+        try {
+            query();
+        } catch (Exception e) {
+            LOG.error("Error updating authorization map.  Partial policy may 
be applied until the next successful update.", e);

Review Comment:
   the error message will look something like:
   ```
   ERROR | Error updating authorization map.  Partial policy may be applied 
until the next successful update.
   javax.naming.CommunicationException: localhost:1024
   ```
   
   which is exactly the same as the error users will see when the map is trying 
to update the cached values, but the ldap server is unreachable. in my opinion 
it has enough details about what went wrong(the communication exception).
   my concern is more about `Partial policy may be applied until the next 
successful update`, because technically, there is no data, so nothing will be 
applied until the next successful update





Issue Time Tracking
-------------------

    Worklog Id:     (was: 948344)
    Time Spent: 1h  (was: 50m)

> Broker will not start if cachedLDAPAuthorizationMap is used and LDAP server 
> is unavailable 
> -------------------------------------------------------------------------------------------
>
>                 Key: AMQ-9627
>                 URL: https://issues.apache.org/jira/browse/AMQ-9627
>             Project: ActiveMQ Classic
>          Issue Type: Bug
>            Reporter: Nikita Shupletsov
>            Assignee: Jean-Baptiste Onofré
>            Priority: Minor
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> When cachedLDAPAuthorizationMap is used and LDAP is down, the broker will not 
> start and fail with the following exception:
>  
> {{org.springframework.beans.factory.BeanCreationException: Error creating 
> bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in 
> class path resource 
> [org/apache/activemq/security/activemq-ldap-cached-map.xml]: Cannot create 
> inner bean 'authorizationPlugin#674658f7' of type 
> [org.apache.activemq.security.AuthorizationPlugin] while setting bean 
> property 'plugins' with key [1]}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.lambda$resolveValueIfNecessary$0(BeanDefinitionValueResolver.java:149)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:262)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:148)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:460)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:191)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1705)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1454)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:599)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:337)}}
> {{    at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:335)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200)}}
> {{    at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:975)}}
> {{    at 
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:971)}}
> {{    at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:625)}}
> {{    at 
> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)}}
> {{    at 
> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)}}
> {{    at 
> org.apache.activemq.xbean.XBeanBrokerFactory$1.<init>(XBeanBrokerFactory.java:104)}}
> {{    at 
> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:104)}}
> {{    at 
> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:67)}}
> {{    at 
> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)}}
> {{    at 
> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)}}
> {{    at 
> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:85)}}
> {{    at 
> org.apache.activemq.security.LdapCachedLDAPAuthorizationMapTest.testStartBrokerWhenLdapServerIsUnreachable(LdapCachedLDAPAuthorizationMapTest.java:21)}}
> {{    at 
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)}}
> {{    at java.base/java.lang.reflect.Method.invoke(Method.java:580)}}
> {{    at 
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)}}
> {{    at 
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)}}
> {{    at 
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)}}
> {{    at 
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)}}
> {{    at 
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)}}
> {{    at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)}}
> {{    at 
> org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)}}
> {{    at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)}}
> {{    at 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)}}
> {{    at 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)}}
> {{    at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)}}
> {{    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)}}
> {{    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)}}
> {{    at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)}}
> {{    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)}}
> {{    at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)}}
> {{    at org.junit.runners.ParentRunner.run(ParentRunner.java:413)}}
> {{    at 
> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:316)}}
> {{    at 
> org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:240)}}
> {{    at 
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:214)}}
> {{    at 
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:155)}}
> {{    at 
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:385)}}
> {{    at 
> org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:162)}}
> {{    at 
> org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:507)}}
> {{    at 
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:495)}}
> {{Caused by: org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'authorizationPlugin#674658f7' defined in class path 
> resource [org/apache/activemq/security/activemq-ldap-cached-map.xml]: Cannot 
> create inner bean '(inner bean)#68ace111' of type 
> [org.apache.activemq.security.CachedLDAPAuthorizationMap] while setting 
> constructor argument}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.lambda$resolveValueIfNecessary$1(BeanDefinitionValueResolver.java:153)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:262)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:152)}}
> {{    at 
> org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:682)}}
> {{    at 
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:203)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1375)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1212)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:562)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:407)}}
> {{    ... 52 more}}
> {{Caused by: org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name '(inner bean)#68ace111' defined in class path 
> resource [org/apache/activemq/security/activemq-ldap-cached-map.xml]: 
> localhost:1024}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1806)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:600)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522)}}
> {{    at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:407)}}
> {{    ... 62 more}}
> {{Caused by: javax.naming.CommunicationException: localhost:1024 [Root 
> exception is java.net.ConnectException: Connection refused]}}
> {{    at 
> java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:253)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:141)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1620)}}
> {{    at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2848)}}
> {{    at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:349)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)}}
> {{    at 
> java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:520)}}
> {{    at 
> java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)}}
> {{    at 
> java.naming/javax.naming.InitialContext.init(InitialContext.java:236)}}
> {{    at 
> java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)}}
> {{    at 
> java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:130)}}
> {{    at 
> org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.createContext(SimpleCachedLDAPAuthorizationMap.java:142)}}
> {{    at 
> org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.open(SimpleCachedLDAPAuthorizationMap.java:172)}}
> {{    at 
> org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.query(SimpleCachedLDAPAuthorizationMap.java:227)}}
> {{    at 
> org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.afterPropertiesSet(SimpleCachedLDAPAuthorizationMap.java:939)}}
> {{    at 
> org.apache.activemq.security.CachedLDAPAuthorizationMap.afterPropertiesSet(CachedLDAPAuthorizationMap.java:34)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1853)}}
> {{    at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1802)}}
> {{    ... 65 more}}
> {{Caused by: java.net.ConnectException: Connection refused}}
> {{    at java.base/sun.nio.ch.Net.connect0(Native Method)}}
> {{    at java.base/sun.nio.ch.Net.connect(Net.java:589)}}
> {{    at java.base/sun.nio.ch.Net.connect(Net.java:578)}}
> {{    at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:583)}}
> {{    at 
> java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)}}
> {{    at java.base/java.net.Socket.connect(Socket.java:751)}}
> {{    at java.base/java.net.Socket.connect(Socket.java:686)}}
> {{    at java.base/java.net.Socket.<init>(Socket.java:555)}}
> {{    at java.base/java.net.Socket.<init>(Socket.java:324)}}
> {{    at 
> java.base/javax.net.DefaultSocketFactory.createSocket(SocketFactory.java:267)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.Connection.createConnectionSocket(Connection.java:341)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:285)}}
> {{    at 
> java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:232)}}
> {{    ... 86 more}}
>  
> it's rather inconvenient, as cachedLDAPAuthorizationMap is usually used to 
> avoid issues with the LDAP server being not always available
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@activemq.apache.org
For additional commands, e-mail: issues-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact