Loading projects/cadcAccessControl-Server/config/LdapConfig.dev.properties +18 −5 Original line number Diff line number Diff line Loading @@ -4,10 +4,23 @@ # is installed in your Java Keystore: # scp gimli2.cadc.dao.nrc.ca:~miscsw/ca.crt /tmp/ca.crt # ${JAVA_HOME}/bin/keytool -importcert -keystore ${JAVA_HOME}/jre/lib/security/cacerts -file /tmp/ca.crt server = proc5-03.cadc.dao.nrc.ca # Read-only connection pool readOnly.servers = proc5-03.cadc.dao.nrc.ca readOnly.poolInitSize = 1 readOnly.poolMaxSize = 1 readOnly.poolPolicy = roundRobin # Read-write connection pool readWrite.servers = proc5-03.cadc.dao.nrc.ca readWrite.poolInitSize = 1 readWrite.poolMaxSize = 1 readWrite.poolPolicy = roundRobin # server configuration -- applies to all servers dbrcHost = devLdap port = 636 proxyUser = testproxy usersDn = ou=Users,ou=ds,dc=testcanfar proxyUser = uid=testproxy,ou=SpecialUsers,dc=testcanfar usersDN = ou=Users,ou=ds,dc=testcanfar userRequestsDN = ou=UserRequests,ou=ds,dc=testcanfar groupsDn = ou=Groups,ou=ds,dc=testcanfar adminGroupsDn = ou=adminGroups,ou=ds,dc=testcanfar No newline at end of file groupsDN = ou=Groups,ou=ds,dc=testcanfar adminGroupsDN = ou=adminGroups,ou=ds,dc=testcanfar No newline at end of file projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConnectionPool.java +4 −5 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ package ca.nrc.cadc.ac.server.ldap; import org.apache.log4j.Logger; import org.seleniumhq.jetty7.util.log.Log; import ca.nrc.cadc.ac.server.ldap.LdapConfig.LdapPool; import ca.nrc.cadc.ac.server.ldap.LdapConfig.PoolPolicy; Loading Loading @@ -166,6 +167,7 @@ public class LdapConnectionPool if (timeToCheckPool()) { // check to see if the configuration has changed logger.debug("checking for ldap config change"); LdapConfig newConfig = LdapConfig.getLdapConfig(); if (!newConfig.equals(currentConfig)) { Loading @@ -189,7 +191,7 @@ public class LdapConnectionPool return System.currentTimeMillis() - lastPoolCheck > POOL_CHECK_INTERVAL_MILLESCONDS; } private LDAPReadWriteConnectionPool createPool(LdapConfig config) static LDAPReadWriteConnectionPool createPool(LdapConfig config) { LDAPConnectionPool ro = createPool(config.getReadOnlyPool(), config); LDAPConnectionPool rw = createPool(config.getReadOnlyPool(), config); Loading @@ -197,7 +199,7 @@ public class LdapConnectionPool return pool; } private LDAPConnectionPool createPool(LdapPool pool, LdapConfig config) private static LDAPConnectionPool createPool(LdapPool pool, LdapConfig config) { try { Loading @@ -213,12 +215,10 @@ public class LdapConnectionPool if (pool.getPolicy().equals(PoolPolicy.roundRobin)) { serverSet = new RoundRobinServerSet(hosts, ports, LdapDAO.getSocketFactory(config)); profiler.checkpoint("Create round robin server set"); } else if (pool.getPolicy().equals(PoolPolicy.fewestConnections)) { serverSet = new FewestConnectionsServerSet(hosts, ports, LdapDAO.getSocketFactory(config)); profiler.checkpoint("Create fewest connections server set"); } else { Loading @@ -228,7 +228,6 @@ public class LdapConnectionPool SimpleBindRequest bindRequest = new SimpleBindRequest(config.getAdminUserDN(), config.getAdminPasswd()); LDAPConnectionPool connectionPool = new LDAPConnectionPool( serverSet, bindRequest, pool.getInitSize(), pool.getMaxSize()); profiler.checkpoint("Create connection pool"); return connectionPool; } Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConnections.java +142 −32 Original line number Diff line number Diff line /* ************************************************************************ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * * (c) 2014. (c) 2014. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 * All rights reserved Tous droits réservés * * NRC disclaims any warranties, Le CNRC dénie toute garantie * expressed, implied, or énoncée, implicite ou légale, * statutory, of any kind with de quelque nature que ce * respect to the software, soit, concernant le logiciel, * including without limitation y compris sans restriction * any warranty of merchantability toute garantie de valeur * or fitness for a particular marchande ou de pertinence * purpose. NRC shall not be pour un usage particulier. * liable in any event for any Le CNRC ne pourra en aucun cas * damages, whether direct or être tenu responsable de tout * indirect, special or general, dommage, direct ou indirect, * consequential or incidental, particulier ou général, * arising from the use of the accessoire ou fortuit, résultant * software. Neither the name de l'utilisation du logiciel. Ni * of the National Research le nom du Conseil National de * Council of Canada nor the Recherches du Canada ni les noms * names of its contributors may de ses participants ne peuvent * be used to endorse or promote être utilisés pour approuver ou * products derived from this promouvoir les produits dérivés * software without specific prior de ce logiciel sans autorisation * written permission. préalable et particulière * par écrit. * * This file is part of the Ce fichier fait partie du projet * OpenCADC project. OpenCADC. * * OpenCADC is free software: OpenCADC est un logiciel libre ; * you can redistribute it and/or vous pouvez le redistribuer ou le * modify it under the terms of modifier suivant les termes de * the GNU Affero General Public la “GNU Affero General Public * License as published by the License” telle que publiée * Free Software Foundation, par la Free Software Foundation * either version 3 of the : soit la version 3 de cette * License, or (at your option) licence, soit (à votre gré) * any later version. toute version ultérieure. * * OpenCADC is distributed in the OpenCADC est distribué * hope that it will be useful, dans l’espoir qu’il vous * but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE * without even the implied GARANTIE : sans même la garantie * warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ * or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF * PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence * General Public License for Générale Publique GNU Affero * more details. pour plus de détails. * * You should have received Vous devriez avoir reçu une * a copy of the GNU Affero copie de la Licence Générale * General Public License along Publique GNU Affero avec * with OpenCADC. If not, see OpenCADC ; si ce n’est * <http://www.gnu.org/licenses/>. pas le cas, consultez : * <http://www.gnu.org/licenses/>. * * $Revision: 4 $ * ************************************************************************ */ package ca.nrc.cadc.ac.server.ldap; import org.apache.log4j.Logger; import ca.nrc.cadc.profiler.Profiler; import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.LDAPInterface; import com.unboundid.ldap.sdk.LDAPReadWriteConnectionPool; /** * This class in the means by which the DAO classes obtain * connections to LDAP. The connections are either manual (if config is * provided) or automatic and with a connection pool if a persistence * object is provided. * * This class is not thread-safe but does not need to be since new * instances of the DAO classes are always created. * * @author majorb */ class LdapConnections { private final static Logger log = Logger.getLogger(LdapConnections.class); Profiler profiler = new Profiler(LdapPersistence.class); private LdapPersistence persistence; private LDAPConnection readOnlyConn; private LDAPConnection readWriteConn; private LDAPConnection autoConfigReadOnlyConn; private LDAPConnection autoConfigReadWriteConn; private LdapConfig config; private LDAPConnection nonPooledConn; private LDAPReadWriteConnectionPool manualConfigPool; private LDAPConnection manualConfigReadOnlyConn; private LDAPConnection manualConfigReadWriteConn; LdapConnections(LdapPersistence persistence) { Loading @@ -33,20 +119,26 @@ class LdapConnections { if (persistence != null) { if (readOnlyConn == null) log.debug("Obtaining auto config read only connection."); if (autoConfigReadOnlyConn == null) { readOnlyConn = persistence.getReadOnlyConnection(); autoConfigReadOnlyConn = persistence.getReadOnlyConnection(); profiler.checkpoint("Get read only connection"); } return readOnlyConn; return autoConfigReadOnlyConn; } else { if (nonPooledConn == null) log.debug("Obtaining manual config read only connection."); if (manualConfigPool == null) { manualConfigPool = LdapConnectionPool.createPool(config); } if (manualConfigReadOnlyConn == null) { nonPooledConn = getConnection(config); manualConfigReadOnlyConn = manualConfigPool.getReadConnection(); } return nonPooledConn; return manualConfigReadOnlyConn; } } Loading @@ -54,20 +146,26 @@ class LdapConnections { if (persistence != null) { if (readWriteConn == null) log.debug("Obtaining auto config read write connection."); if (autoConfigReadWriteConn == null) { readWriteConn = persistence.getReadWriteConnection(); autoConfigReadWriteConn = persistence.getReadWriteConnection(); profiler.checkpoint("Get read write connection"); } return readWriteConn; return autoConfigReadWriteConn; } else { if (nonPooledConn == null) log.debug("Obtaining manual config read write connection."); if (manualConfigPool == null) { nonPooledConn = getConnection(config); manualConfigPool = LdapConnectionPool.createPool(config); } return nonPooledConn; if (manualConfigReadWriteConn == null) { manualConfigReadWriteConn = manualConfigPool.getReadConnection(); } return manualConfigReadWriteConn; } } Loading @@ -75,21 +173,42 @@ class LdapConnections { if (persistence != null) { if (readOnlyConn != null) log.debug("Releasing auto config connections."); if (autoConfigReadOnlyConn != null) { persistence.releaseReadOnlyConnection(readOnlyConn); persistence.releaseReadOnlyConnection(autoConfigReadOnlyConn); profiler.checkpoint("Release read only connection"); } if (readWriteConn != null) if (autoConfigReadWriteConn != null) { persistence.releaseReadWriteConnection(readWriteConn); persistence.releaseReadWriteConnection(autoConfigReadWriteConn); profiler.checkpoint("Release read write connection"); } } if (nonPooledConn != null) else { nonPooledConn.close(); profiler.checkpoint("Close non-pooled connection"); log.debug("Releasing manual config connections."); if (manualConfigReadOnlyConn != null) { manualConfigPool.releaseReadConnection(manualConfigReadOnlyConn); } if (manualConfigReadWriteConn != null) { manualConfigPool.releaseWriteConnection(manualConfigReadWriteConn); } } } /** * Best-effort manual pool shutdown. */ @Override public void finalize() { log.debug("Closing manual config connection pool"); if (manualConfigPool != null) { manualConfigPool.close(); } } Loading @@ -99,16 +218,7 @@ class LdapConnections return persistence.getCurrentConfig(); else return config; } private static LDAPConnection getConnection(LdapConfig config) throws LDAPException { LDAPConnection conn = new LDAPConnection( LdapDAO.getSocketFactory(config), config.getReadWritePool().getServers().get(0), config.getPort()); conn.bind(config.getAdminUserDN(), config.getAdminPasswd()); return conn; } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java +5 −4 Original line number Diff line number Diff line Loading @@ -90,6 +90,7 @@ import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.GroupDetailSelector; import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.ldap.LdapGroupPersistence; import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence; Loading Loading @@ -128,10 +129,10 @@ public class LoginServlet<T extends Principal> extends HttpServlet this.nonImpersonGroup = config.getInitParameter(LoginServlet.class.getName() + ".nonImpersonGroup"); log.debug("nonImpersonGroup: " + nonImpersonGroup); userPersistence = (UserPersistence<T>) config.getServletContext().getAttribute(UserServlet.USER_PERSISTENCE_REF); groupPersistence = (GroupPersistence<HttpPrincipal>) config.getServletContext().getAttribute(GroupServlet.GROUP_PERSISTENCE_REF); PluginFactory pluginFactory = new PluginFactory(); userPersistence = pluginFactory.createUserPersistence(); groupPersistence = pluginFactory.createGroupPersistence(); } catch(Exception ex) { Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/PasswordServlet.java +17 −3 Original line number Diff line number Diff line Loading @@ -70,6 +70,8 @@ package ca.nrc.cadc.ac.server.web; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.log.ServletLogInfo; Loading @@ -77,6 +79,8 @@ import ca.nrc.cadc.util.StringUtil; import org.apache.log4j.Logger; import javax.security.auth.Subject; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; Loading @@ -98,6 +102,17 @@ public class PasswordServlet extends HttpServlet { private static final Logger log = Logger.getLogger(PasswordServlet.class); UserPersistence userPersistence; @Override public void init(final ServletConfig config) throws ServletException { super.init(config); PluginFactory pluginFactory = new PluginFactory(); userPersistence = pluginFactory.createUserPersistence(); } /** * Attempt to change password. * Loading Loading @@ -126,11 +141,10 @@ public class PasswordServlet extends HttpServlet { public Object run() throws Exception { LdapUserPersistence<Principal> dao = new LdapUserPersistence<Principal>(); User<Principal> user; try { user = dao.getUser(subject.getPrincipals().iterator().next()); user = userPersistence.getUser(subject.getPrincipals().iterator().next()); } catch (UserNotFoundException e) { Loading @@ -148,7 +162,7 @@ public class PasswordServlet extends HttpServlet { if (StringUtil.hasText(newPassword)) { dao.setPassword(user, oldPassword, newPassword); userPersistence.setPassword(user, oldPassword, newPassword); } else { Loading Loading
projects/cadcAccessControl-Server/config/LdapConfig.dev.properties +18 −5 Original line number Diff line number Diff line Loading @@ -4,10 +4,23 @@ # is installed in your Java Keystore: # scp gimli2.cadc.dao.nrc.ca:~miscsw/ca.crt /tmp/ca.crt # ${JAVA_HOME}/bin/keytool -importcert -keystore ${JAVA_HOME}/jre/lib/security/cacerts -file /tmp/ca.crt server = proc5-03.cadc.dao.nrc.ca # Read-only connection pool readOnly.servers = proc5-03.cadc.dao.nrc.ca readOnly.poolInitSize = 1 readOnly.poolMaxSize = 1 readOnly.poolPolicy = roundRobin # Read-write connection pool readWrite.servers = proc5-03.cadc.dao.nrc.ca readWrite.poolInitSize = 1 readWrite.poolMaxSize = 1 readWrite.poolPolicy = roundRobin # server configuration -- applies to all servers dbrcHost = devLdap port = 636 proxyUser = testproxy usersDn = ou=Users,ou=ds,dc=testcanfar proxyUser = uid=testproxy,ou=SpecialUsers,dc=testcanfar usersDN = ou=Users,ou=ds,dc=testcanfar userRequestsDN = ou=UserRequests,ou=ds,dc=testcanfar groupsDn = ou=Groups,ou=ds,dc=testcanfar adminGroupsDn = ou=adminGroups,ou=ds,dc=testcanfar No newline at end of file groupsDN = ou=Groups,ou=ds,dc=testcanfar adminGroupsDN = ou=adminGroups,ou=ds,dc=testcanfar No newline at end of file
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConnectionPool.java +4 −5 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ package ca.nrc.cadc.ac.server.ldap; import org.apache.log4j.Logger; import org.seleniumhq.jetty7.util.log.Log; import ca.nrc.cadc.ac.server.ldap.LdapConfig.LdapPool; import ca.nrc.cadc.ac.server.ldap.LdapConfig.PoolPolicy; Loading Loading @@ -166,6 +167,7 @@ public class LdapConnectionPool if (timeToCheckPool()) { // check to see if the configuration has changed logger.debug("checking for ldap config change"); LdapConfig newConfig = LdapConfig.getLdapConfig(); if (!newConfig.equals(currentConfig)) { Loading @@ -189,7 +191,7 @@ public class LdapConnectionPool return System.currentTimeMillis() - lastPoolCheck > POOL_CHECK_INTERVAL_MILLESCONDS; } private LDAPReadWriteConnectionPool createPool(LdapConfig config) static LDAPReadWriteConnectionPool createPool(LdapConfig config) { LDAPConnectionPool ro = createPool(config.getReadOnlyPool(), config); LDAPConnectionPool rw = createPool(config.getReadOnlyPool(), config); Loading @@ -197,7 +199,7 @@ public class LdapConnectionPool return pool; } private LDAPConnectionPool createPool(LdapPool pool, LdapConfig config) private static LDAPConnectionPool createPool(LdapPool pool, LdapConfig config) { try { Loading @@ -213,12 +215,10 @@ public class LdapConnectionPool if (pool.getPolicy().equals(PoolPolicy.roundRobin)) { serverSet = new RoundRobinServerSet(hosts, ports, LdapDAO.getSocketFactory(config)); profiler.checkpoint("Create round robin server set"); } else if (pool.getPolicy().equals(PoolPolicy.fewestConnections)) { serverSet = new FewestConnectionsServerSet(hosts, ports, LdapDAO.getSocketFactory(config)); profiler.checkpoint("Create fewest connections server set"); } else { Loading @@ -228,7 +228,6 @@ public class LdapConnectionPool SimpleBindRequest bindRequest = new SimpleBindRequest(config.getAdminUserDN(), config.getAdminPasswd()); LDAPConnectionPool connectionPool = new LDAPConnectionPool( serverSet, bindRequest, pool.getInitSize(), pool.getMaxSize()); profiler.checkpoint("Create connection pool"); return connectionPool; } Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConnections.java +142 −32 Original line number Diff line number Diff line /* ************************************************************************ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * * (c) 2014. (c) 2014. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 * All rights reserved Tous droits réservés * * NRC disclaims any warranties, Le CNRC dénie toute garantie * expressed, implied, or énoncée, implicite ou légale, * statutory, of any kind with de quelque nature que ce * respect to the software, soit, concernant le logiciel, * including without limitation y compris sans restriction * any warranty of merchantability toute garantie de valeur * or fitness for a particular marchande ou de pertinence * purpose. NRC shall not be pour un usage particulier. * liable in any event for any Le CNRC ne pourra en aucun cas * damages, whether direct or être tenu responsable de tout * indirect, special or general, dommage, direct ou indirect, * consequential or incidental, particulier ou général, * arising from the use of the accessoire ou fortuit, résultant * software. Neither the name de l'utilisation du logiciel. Ni * of the National Research le nom du Conseil National de * Council of Canada nor the Recherches du Canada ni les noms * names of its contributors may de ses participants ne peuvent * be used to endorse or promote être utilisés pour approuver ou * products derived from this promouvoir les produits dérivés * software without specific prior de ce logiciel sans autorisation * written permission. préalable et particulière * par écrit. * * This file is part of the Ce fichier fait partie du projet * OpenCADC project. OpenCADC. * * OpenCADC is free software: OpenCADC est un logiciel libre ; * you can redistribute it and/or vous pouvez le redistribuer ou le * modify it under the terms of modifier suivant les termes de * the GNU Affero General Public la “GNU Affero General Public * License as published by the License” telle que publiée * Free Software Foundation, par la Free Software Foundation * either version 3 of the : soit la version 3 de cette * License, or (at your option) licence, soit (à votre gré) * any later version. toute version ultérieure. * * OpenCADC is distributed in the OpenCADC est distribué * hope that it will be useful, dans l’espoir qu’il vous * but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE * without even the implied GARANTIE : sans même la garantie * warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ * or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF * PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence * General Public License for Générale Publique GNU Affero * more details. pour plus de détails. * * You should have received Vous devriez avoir reçu une * a copy of the GNU Affero copie de la Licence Générale * General Public License along Publique GNU Affero avec * with OpenCADC. If not, see OpenCADC ; si ce n’est * <http://www.gnu.org/licenses/>. pas le cas, consultez : * <http://www.gnu.org/licenses/>. * * $Revision: 4 $ * ************************************************************************ */ package ca.nrc.cadc.ac.server.ldap; import org.apache.log4j.Logger; import ca.nrc.cadc.profiler.Profiler; import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.LDAPInterface; import com.unboundid.ldap.sdk.LDAPReadWriteConnectionPool; /** * This class in the means by which the DAO classes obtain * connections to LDAP. The connections are either manual (if config is * provided) or automatic and with a connection pool if a persistence * object is provided. * * This class is not thread-safe but does not need to be since new * instances of the DAO classes are always created. * * @author majorb */ class LdapConnections { private final static Logger log = Logger.getLogger(LdapConnections.class); Profiler profiler = new Profiler(LdapPersistence.class); private LdapPersistence persistence; private LDAPConnection readOnlyConn; private LDAPConnection readWriteConn; private LDAPConnection autoConfigReadOnlyConn; private LDAPConnection autoConfigReadWriteConn; private LdapConfig config; private LDAPConnection nonPooledConn; private LDAPReadWriteConnectionPool manualConfigPool; private LDAPConnection manualConfigReadOnlyConn; private LDAPConnection manualConfigReadWriteConn; LdapConnections(LdapPersistence persistence) { Loading @@ -33,20 +119,26 @@ class LdapConnections { if (persistence != null) { if (readOnlyConn == null) log.debug("Obtaining auto config read only connection."); if (autoConfigReadOnlyConn == null) { readOnlyConn = persistence.getReadOnlyConnection(); autoConfigReadOnlyConn = persistence.getReadOnlyConnection(); profiler.checkpoint("Get read only connection"); } return readOnlyConn; return autoConfigReadOnlyConn; } else { if (nonPooledConn == null) log.debug("Obtaining manual config read only connection."); if (manualConfigPool == null) { manualConfigPool = LdapConnectionPool.createPool(config); } if (manualConfigReadOnlyConn == null) { nonPooledConn = getConnection(config); manualConfigReadOnlyConn = manualConfigPool.getReadConnection(); } return nonPooledConn; return manualConfigReadOnlyConn; } } Loading @@ -54,20 +146,26 @@ class LdapConnections { if (persistence != null) { if (readWriteConn == null) log.debug("Obtaining auto config read write connection."); if (autoConfigReadWriteConn == null) { readWriteConn = persistence.getReadWriteConnection(); autoConfigReadWriteConn = persistence.getReadWriteConnection(); profiler.checkpoint("Get read write connection"); } return readWriteConn; return autoConfigReadWriteConn; } else { if (nonPooledConn == null) log.debug("Obtaining manual config read write connection."); if (manualConfigPool == null) { nonPooledConn = getConnection(config); manualConfigPool = LdapConnectionPool.createPool(config); } return nonPooledConn; if (manualConfigReadWriteConn == null) { manualConfigReadWriteConn = manualConfigPool.getReadConnection(); } return manualConfigReadWriteConn; } } Loading @@ -75,21 +173,42 @@ class LdapConnections { if (persistence != null) { if (readOnlyConn != null) log.debug("Releasing auto config connections."); if (autoConfigReadOnlyConn != null) { persistence.releaseReadOnlyConnection(readOnlyConn); persistence.releaseReadOnlyConnection(autoConfigReadOnlyConn); profiler.checkpoint("Release read only connection"); } if (readWriteConn != null) if (autoConfigReadWriteConn != null) { persistence.releaseReadWriteConnection(readWriteConn); persistence.releaseReadWriteConnection(autoConfigReadWriteConn); profiler.checkpoint("Release read write connection"); } } if (nonPooledConn != null) else { nonPooledConn.close(); profiler.checkpoint("Close non-pooled connection"); log.debug("Releasing manual config connections."); if (manualConfigReadOnlyConn != null) { manualConfigPool.releaseReadConnection(manualConfigReadOnlyConn); } if (manualConfigReadWriteConn != null) { manualConfigPool.releaseWriteConnection(manualConfigReadWriteConn); } } } /** * Best-effort manual pool shutdown. */ @Override public void finalize() { log.debug("Closing manual config connection pool"); if (manualConfigPool != null) { manualConfigPool.close(); } } Loading @@ -99,16 +218,7 @@ class LdapConnections return persistence.getCurrentConfig(); else return config; } private static LDAPConnection getConnection(LdapConfig config) throws LDAPException { LDAPConnection conn = new LDAPConnection( LdapDAO.getSocketFactory(config), config.getReadWritePool().getServers().get(0), config.getPort()); conn.bind(config.getAdminUserDN(), config.getAdminPasswd()); return conn; } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java +5 −4 Original line number Diff line number Diff line Loading @@ -90,6 +90,7 @@ import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.GroupDetailSelector; import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.ldap.LdapGroupPersistence; import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence; Loading Loading @@ -128,10 +129,10 @@ public class LoginServlet<T extends Principal> extends HttpServlet this.nonImpersonGroup = config.getInitParameter(LoginServlet.class.getName() + ".nonImpersonGroup"); log.debug("nonImpersonGroup: " + nonImpersonGroup); userPersistence = (UserPersistence<T>) config.getServletContext().getAttribute(UserServlet.USER_PERSISTENCE_REF); groupPersistence = (GroupPersistence<HttpPrincipal>) config.getServletContext().getAttribute(GroupServlet.GROUP_PERSISTENCE_REF); PluginFactory pluginFactory = new PluginFactory(); userPersistence = pluginFactory.createUserPersistence(); groupPersistence = pluginFactory.createGroupPersistence(); } catch(Exception ex) { Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/PasswordServlet.java +17 −3 Original line number Diff line number Diff line Loading @@ -70,6 +70,8 @@ package ca.nrc.cadc.ac.server.web; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.log.ServletLogInfo; Loading @@ -77,6 +79,8 @@ import ca.nrc.cadc.util.StringUtil; import org.apache.log4j.Logger; import javax.security.auth.Subject; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; Loading @@ -98,6 +102,17 @@ public class PasswordServlet extends HttpServlet { private static final Logger log = Logger.getLogger(PasswordServlet.class); UserPersistence userPersistence; @Override public void init(final ServletConfig config) throws ServletException { super.init(config); PluginFactory pluginFactory = new PluginFactory(); userPersistence = pluginFactory.createUserPersistence(); } /** * Attempt to change password. * Loading Loading @@ -126,11 +141,10 @@ public class PasswordServlet extends HttpServlet { public Object run() throws Exception { LdapUserPersistence<Principal> dao = new LdapUserPersistence<Principal>(); User<Principal> user; try { user = dao.getUser(subject.getPrincipals().iterator().next()); user = userPersistence.getUser(subject.getPrincipals().iterator().next()); } catch (UserNotFoundException e) { Loading @@ -148,7 +162,7 @@ public class PasswordServlet extends HttpServlet { if (StringUtil.hasText(newPassword)) { dao.setPassword(user, oldPassword, newPassword); userPersistence.setPassword(user, oldPassword, newPassword); } else { Loading
