Skip to content

Commit

Permalink
Experiment with failFast flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@alechenninger
alechenninger committed Jan 7, 2018
1 parent c20307e commit fee195e
Showing 1 changed file with 56 additions and 25 deletions.
81 changes: 56 additions & 25 deletions cert-ldap-login-module-common/src/main/java/org/esbtools/auth/ldap/LdapRolesProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
import org.slf4j.LoggerFactory;

import javax.net.ssl.SSLSocketFactory;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
Expand Down Expand Up @@ -68,20 +69,38 @@ public class LdapRolesProvider implements RolesProvider {
// Connection pool needs to be a singleton
private LDAPConnectionPool connectionPool;

private final SSLSocketFactory socketFactory;
private final LDAPConnectionOptions options;

public LdapRolesProvider(String searchBase, LdapConfiguration ldapConfiguration) throws Exception {
this(searchBase, ldapConfiguration, true);
}

public LdapRolesProvider(String searchBase, LdapConfiguration ldapConfiguration,
boolean failFast) throws Exception {
LOGGER.debug("Creating esbtoolsLdapRoleProvider");

Objects.requireNonNull(searchBase);
Objects.requireNonNull(ldapConfiguration);

this.searchBase = searchBase;
this.ldapConfiguration = ldapConfiguration;
this.options = getConnectionOptions(ldapConfiguration);
this.socketFactory = getSocketFactory();

try {
this.connectionPool = connectAndStartPool();
} catch (LDAPException e) {
if (failFast) {
throw e;
}

initializeFromConfiguration();
LOGGER.error("Initial connection to LDAP failed, will attempt to reconnect");
}
}

private void initializeFromConfiguration() throws Exception {

private static LDAPConnectionOptions getConnectionOptions(LdapConfiguration ldapConfiguration) {
LDAPConnectionOptions options = new LDAPConnectionOptions();
if (ldapConfiguration.isDebug()) {
// bridge java.util.Logger output to log4j
System.setProperty("java.util.logging.manager", "org.apache.logging.log4j.jul.LogManager");
Expand All @@ -92,44 +111,46 @@ private void initializeFromConfiguration() throws Exception {
System.setProperty("com.unboundid.ldap.sdk.debug.type", DebugType.getTypeNameList());
}

LDAPConnection ldapConnection;

LDAPConnectionOptions options = new LDAPConnectionOptions();

// A value which specifies the maximum length of time in milliseconds that an attempt to establish a connection should be allowed to block before failing. By default, a timeout of 60,000 milliseconds (1 minute) will be used.
options.setConnectTimeoutMillis(ldapConfiguration.getConnectionTimeoutMS());
// A value which specifies the default timeout in milliseconds that the SDK should wait for a response from the server before failing. By default, a timeout of 300,000 milliseconds (5 minutes) will be used.
options.setResponseTimeoutMillis(ldapConfiguration.getResponseTimeoutMS());
// A flag that indicates whether to use the SO_KEEPALIVE socket option to attempt to more quickly detect when idle TCP connections have been lost or to prevent them from being unexpectedly closed by intermediate network hardware. By default, the SO_KEEPALIVE socket option will be used.
options.setUseKeepAlive(ldapConfiguration.isKeepAlive());

return options;
}

private SSLSocketFactory getSocketFactory() throws GeneralSecurityException {
if(ldapConfiguration.getUseSSL()) {
TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(
ldapConfiguration.getTrustStore(),
ldapConfiguration.getTrustStorePassword().toCharArray(),
"JKS",
true);
SSLSocketFactory socketFactory = new SSLUtil(trustStoreTrustManager).createSSLSocketFactory();
ldapConfiguration.getTrustStore(),
ldapConfiguration.getTrustStorePassword().toCharArray(),
"JKS",
true);
return new SSLUtil(trustStoreTrustManager).createSSLSocketFactory();
}

return null;
}

private LDAPConnectionPool connectAndStartPool() throws LDAPException {
LDAPConnection ldapConnection;

if (socketFactory != null && ldapConfiguration.getUseSSL()) {
ldapConnection = new LDAPConnection(
socketFactory,
options,
ldapConfiguration.getServer(),
ldapConfiguration.getPort(),
ldapConfiguration.getBindDn(),
ldapConfiguration.getBindDNPwd()
socketFactory,
options,
ldapConfiguration.getServer(),
ldapConfiguration.getPort()
);
} else {
LOGGER.warn("Not using SSL to connect to ldap. This is very insecure - do not use in prod environments!");

ldapConnection = new LDAPConnection(
options,
ldapConfiguration.getServer(),
ldapConfiguration.getPort(),
ldapConfiguration.getBindDn(),
ldapConfiguration.getBindDNPwd()
);
options,
ldapConfiguration.getServer(),
ldapConfiguration.getPort());
}

BindRequest bindRequest = new SimpleBindRequest(ldapConfiguration.getBindDn(), ldapConfiguration.getBindDNPwd());
Expand All @@ -140,7 +161,7 @@ private void initializeFromConfiguration() throws Exception {
throw new LDAPException(bindResult.getResultCode(), "Error binding to LDAP");
}

connectionPool = new LDAPConnectionPool(
LDAPConnectionPool connectionPool = new LDAPConnectionPool(
ldapConnection,
/* initialConnections */ ldapConfiguration.getPoolSize() / 2,
ldapConfiguration.getPoolSize(),
Expand All @@ -151,10 +172,20 @@ private void initializeFromConfiguration() throws Exception {
LOGGER.info("Initialized LDAPConnectionPool: poolSize={}, poolMaxAge={}, connectionTimeout={}, responseTimeout={}, debug={}, keepAlive={}.",
ldapConfiguration.getPoolSize(), ldapConfiguration.getPoolMaxConnectionAgeMS(), ldapConfiguration.getConnectionTimeoutMS(), ldapConfiguration.getResponseTimeoutMS(),
ldapConfiguration.isDebug(), ldapConfiguration.isKeepAlive());

return connectionPool;
}

@Override
public Set<String> getUserRoles(String username) throws Exception {
if (connectionPool == null) {
synchronized (this) {
if (connectionPool == null) {
connectAndStartPool();
}
}
}

LOGGER.debug("getRoles("+username+")");

Objects.requireNonNull(username);
Expand Down

0 comments on commit fee195e

Please sign in to comment.