Author: tripod
Date: Wed May 13 17:36:43 2015
New Revision: 1679249
URL: http://svn.apache.org/r1679249
Log:
OAK-2783 Make LDAP connection pool 'testOnBorrow' configurable
Added:
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/OakPoolableLdapConnectionFactory.java
Modified:
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
Modified:
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1679249&r1=1679248&r2=1679249&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
(original)
+++
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Wed May 13 17:36:43 2015
@@ -51,7 +51,6 @@ import org.apache.directory.ldap.client.
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapConnectionPool;
import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
-import org.apache.directory.ldap.client.api.PoolableLdapConnectionFactory;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
@@ -100,7 +99,7 @@ public class LdapIdentityProvider implem
/**
* admin connection factory
*/
- private PoolableLdapConnectionFactory adminConnectionFactory;
+ private OakPoolableLdapConnectionFactory adminConnectionFactory;
/**
* the connection pool with unbound connections
@@ -483,8 +482,8 @@ public class LdapIdentityProvider implem
cc.setName(bindDN);
cc.setCredentials(config.getBindPassword());
}
- adminConnectionFactory = new PoolableLdapConnectionFactory(cc);
-
+ adminConnectionFactory = new OakPoolableLdapConnectionFactory(cc);
+
adminConnectionFactory.setLookupOnValidate(config.getAdminPoolConfig().lookupOnValidate());
if (config.getAdminPoolConfig().getMaxActive() != 0) {
adminPool = new LdapConnectionPool(adminConnectionFactory);
adminPool.setTestOnBorrow(true);
@@ -496,6 +495,7 @@ public class LdapIdentityProvider implem
cc = createConnectionConfig();
userConnectionFactory = new PoolableUnboundConnectionFactory(cc);
+
userConnectionFactory.setLookupOnValidate(config.getUserPoolConfig().lookupOnValidate());
if (config.getUserPoolConfig().getMaxActive() != 0) {
userPool = new UnboundLdapConnectionPool(userConnectionFactory);
userPool.setTestOnBorrow(true);
Modified:
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java?rev=1679249&r1=1679248&r2=1679249&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
(original)
+++
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
Wed May 13 17:36:43 2015
@@ -189,6 +189,21 @@ public class LdapProviderConfig {
public static final String PARAM_ADMIN_POOL_MAX_ACTIVE =
"adminPool.maxActive";
/**
+ * @see PoolConfig#lookupOnValidate()
+ */
+ public static final boolean PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT =
true;
+
+ /**
+ * @see PoolConfig#lookupOnValidate()
+ */
+ @Property(
+ label = "Admin pool lookup on validate",
+ description = "Indicates an ROOT DSE lookup is performed to test
if the connection is still valid when taking it out of the pool.",
+ boolValue = PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT
+ )
+ public static final String PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE =
"adminPool.lookupOnValidate";
+
+ /**
* @see PoolConfig#getMaxActive()
*/
public static final int PARAM_USER_POOL_MAX_ACTIVE_DEFAULT = 8;
@@ -204,6 +219,21 @@ public class LdapProviderConfig {
public static final String PARAM_USER_POOL_MAX_ACTIVE =
"userPool.maxActive";
/**
+ * @see PoolConfig#lookupOnValidate()
+ */
+ public static final boolean PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT =
true;
+
+ /**
+ * @see PoolConfig#lookupOnValidate()
+ */
+ @Property(
+ label = "User pool lookup on validate",
+ description = "Indicates an ROOT DSE lookup is performed to test
if the connection is still valid when taking it out of the pool.",
+ boolValue = PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT
+ )
+ public static final String PARAM_USER_POOL_LOOKUP_ON_VALIDATE =
"userPool.lookupOnValidate";
+
+ /**
* @see Identity#getBaseDN()
*/
public static final String PARAM_USER_BASE_DN_DEFAULT =
"ou=people,o=example,dc=com";
@@ -561,6 +591,8 @@ public class LdapProviderConfig {
private int maxActiveSize;
+ private boolean lookupOnValidate;
+
/**
* Returns the maximum number of objects that can be allocated by the
pool
* (checked out to clients, or idle awaiting checkout) at a given time.
@@ -580,15 +612,40 @@ public class LdapProviderConfig {
* @see #getMaxActive
* @return this
*/
+ @Nonnull
public PoolConfig setMaxActive(int maxActive) {
this.maxActiveSize = maxActive;
return this;
}
+ /**
+ * Defines if the lookup on validate flag is enabled. If enable a
connection that taken from the
+ * pool are validated before used. currently this is done by
performing a lookup to the ROOT DSE, which
+ * might not be allowed on all LDAP servers.
+
+ * @return {@code true} if the flag is enabled.
+ */
+ public boolean lookupOnValidate() {
+ return lookupOnValidate;
+ }
+
+ /**
+ * Sets the lookup on validate flag.
+ *
+ * @see #lookupOnValidate()
+ * @return this
+ */
+ @Nonnull
+ public PoolConfig setLookupOnValidate(boolean lookupOnValidate) {
+ this.lookupOnValidate = lookupOnValidate;
+ return this;
+ }
+
@Override
public String toString() {
final StringBuilder sb = new StringBuilder("PoolConfig{");
sb.append("maxActiveSize=").append(maxActiveSize);
+ sb.append(", lookupOnValidate=").append(lookupOnValidate);
sb.append('}');
return sb.toString();
}
@@ -632,9 +689,11 @@ public class LdapProviderConfig {
.setMakeDnPath(params.getConfigValue(PARAM_GROUP_MAKE_DN_PATH,
PARAM_GROUP_MAKE_DN_PATH_DEFAULT));
cfg.getAdminPoolConfig()
+
.setLookupOnValidate(params.getConfigValue(PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE,
PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT))
.setMaxActive(params.getConfigValue(PARAM_ADMIN_POOL_MAX_ACTIVE,
PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT));
cfg.getUserPoolConfig()
+
.setLookupOnValidate(params.getConfigValue(PARAM_USER_POOL_LOOKUP_ON_VALIDATE,
PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT))
.setMaxActive(params.getConfigValue(PARAM_USER_POOL_MAX_ACTIVE,
PARAM_USER_POOL_MAX_ACTIVE_DEFAULT));
return cfg;
Added:
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/OakPoolableLdapConnectionFactory.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/OakPoolableLdapConnectionFactory.java?rev=1679249&view=auto
==============================================================================
---
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/OakPoolableLdapConnectionFactory.java
(added)
+++
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/OakPoolableLdapConnectionFactory.java
Wed May 13 17:36:43 2015
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
+
+
+import org.apache.directory.api.ldap.model.constants.SchemaConstants;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapConnectionConfig;
+import org.apache.directory.ldap.client.api.PoolableLdapConnectionFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * A factory for creating LdapConnection objects managed by LdapConnectionPool.
+ *
+ * @author <a href="mailto:[email protected]";>Apache Directory
Project</a>
+ */
+public class OakPoolableLdapConnectionFactory extends
PoolableLdapConnectionFactory {
+
+ /**
+ * the logger
+ */
+ private static final Logger log =
LoggerFactory.getLogger(OakPoolableLdapConnectionFactory.class);
+
+ /**
+ * flag controlling the validation behavior
+ */
+ private boolean lookupOnValidate;
+
+ public OakPoolableLdapConnectionFactory(LdapConnectionConfig config) {
+ super(config);
+ }
+
+ /**
+ * Checks if a lookup is performed during {@link
#validateObject(LdapConnection)}.
+ * @return {@code true} if a lookup is performed.
+ */
+ public boolean getLookupOnValidate() {
+ return lookupOnValidate;
+ }
+
+ /**
+ * @see #getLookupOnValidate()
+ */
+ public void setLookupOnValidate(boolean lookupOnValidate) {
+ this.lookupOnValidate = lookupOnValidate;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean validateObject(LdapConnection connection) {
+ boolean valid = false;
+ if (connection.isConnected()) {
+ if (lookupOnValidate) {
+ try {
+ valid = connection.lookup(Dn.ROOT_DSE,
SchemaConstants.NO_ATTRIBUTE) != null;
+ } catch (LdapException le) {
+ log.debug("error during connection validation: {}",
le.toString());
+ }
+ }
+ }
+ log.debug("validating connection {}: {}", connection, valid);
+ return valid;
+ }
+}
Modified:
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java?rev=1679249&r1=1679248&r2=1679249&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
(original)
+++
jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
Wed May 13 17:36:43 2015
@@ -45,6 +45,11 @@ public class PoolableUnboundConnectionFa
private LdapConnectionConfig config;
/**
+ * flag controlling the validation behavior
+ */
+ private boolean lookupOnValidate;
+
+ /**
* Creates a new instance of PoolableUnboundConnectionFactory
*
* @param config the configuration for creating LdapConnections
@@ -53,6 +58,20 @@ public class PoolableUnboundConnectionFa
this.config = config;
}
+ /**
+ * Checks if a lookup is performed during {@link
#validateObject(LdapConnection)}.
+ * @return {@code true} if a lookup is performed.
+ */
+ public boolean getLookupOnValidate() {
+ return lookupOnValidate;
+ }
+
+ /**
+ * @see #getLookupOnValidate()
+ */
+ public void setLookupOnValidate(boolean lookupOnValidate) {
+ this.lookupOnValidate = lookupOnValidate;
+ }
/**
* {@inheritDoc}
@@ -98,10 +117,12 @@ public class PoolableUnboundConnectionFa
public boolean validateObject(LdapConnection connection) {
boolean valid = false;
if (connection.isConnected()) {
- try {
- valid = connection.lookup(Dn.ROOT_DSE,
SchemaConstants.NO_ATTRIBUTE) != null;
- } catch (LdapException le) {
- log.debug("error during connection validation: {}",
le.toString());
+ if (lookupOnValidate) {
+ try {
+ valid = connection.lookup(Dn.ROOT_DSE,
SchemaConstants.NO_ATTRIBUTE) != null;
+ } catch (LdapException le) {
+ log.debug("error during connection validation: {}",
le.toString());
+ }
}
}
log.debug("validating connection {}: {}", connection, valid);
