AMQ-9627 Don't fail on start if cachedLDAPAuthorizationMap is used and the LDAP server is not available.

Author: NikitaShupletsov

activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java

@@ -936,7 +936,11 @@ public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
 
     // Init / Destroy
     public void afterPropertiesSet() throws Exception {
-        query();
+        try {
+            query();
+        } catch (Exception e) {
+            LOG.error("Error updating authorization map.  Partial policy may be applied until the next successful update.", e);
+        }
     }
 
     public void destroy() throws Exception {

activemq-unit-tests/src/test/java/org/apache/activemq/security/LdapCachedLDAPAuthorizationMapTest.java

@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import org.apache.activemq.broker.BrokerFactory;
+import org.apache.activemq.broker.BrokerService;
+import org.junit.After;
+import org.junit.Test;
+
+public class LdapCachedLDAPAuthorizationMapTest {
+
+    private BrokerService broker;
+
+    @After
+    public void shutdown() throws Exception {
+        if (broker != null) {
+            broker.stop();
+            broker.waitUntilStopped();
+        }
+    }
+    @Test
+    public void testStartBrokerWhenLdapServerIsUnreachable() throws Exception {
+        broker = BrokerFactory.createBroker("xbean:org/apache/activemq/security/activemq-ldap-cached-map.xml");
+        broker.start();
+        broker.waitUntilStarted();
+    }
+}

activemq-unit-tests/src/test/resources/login.config

@@ -84,4 +84,23 @@ LDAPLogin {
         roleSearchMatching="(uid={1})"
         roleSearchSubtree=true
         ;
+};
+
+UnreachableLDAPLogin {
+    org.apache.activemq.jaas.LDAPLoginModule required
+        debug=true
+        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+        connectionURL="ldap://test.ldap:636"
+        connectionUsername="uid=admin,ou=system"
+        connectionPassword=secret
+        connectionProtocol=s
+        authentication=simple
+        userBase="ou=User,ou=ActiveMQ,ou=system"
+        userSearchMatching="(uid={0})"
+        userSearchSubtree=false
+        roleBase="ou=Group,ou=ActiveMQ,ou=system"
+        roleName=cn
+        roleSearchMatching="(uid={1})"
+        roleSearchSubtree=true
+        ;
 };

activemq-unit-tests/src/test/resources/org/apache/activemq/security/activemq-ldap-cached-map.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<!-- START SNIPPET: xbean -->
+<beans
+        xmlns="http://www.springframework.org/schema/beans"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+  <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+  <broker useJmx="false"  xmlns="http://activemq.apache.org/schema/core" persistent="false">
+
+      <destinations>
+         <queue physicalName="ADMIN.FOO" />
+      </destinations>
+
+      <plugins>
+          <jaasAuthenticationPlugin configuration="UnreachableLDAPLogin"/>
+          <authorizationPlugin>
+              <map>
+                  <cachedLDAPAuthorizationMap
+                          queueSearchBase="ou=Queue,ou=Destination,ou=corp,dc=corp,dc=example,dc=com"
+                          topicSearchBase="ou=Topic,ou=Destination,ou=corp,dc=corp,dc=example,dc=com"
+                          tempSearchBase="ou=Temp,ou=Destination,ou=corp,dc=corp,dc=example,dc=com"
+                          refreshInterval="300000"
+                          legacyGroupMapping="false"
+                          connectionPassword="test"
+                  />
+              </map>
+          </authorizationPlugin>
+      </plugins>
+
+
+    <transportConnectors>
+      <transportConnector uri="tcp://localhost:61616"/>
+    </transportConnectors>
+
+  </broker>
+
+</beans>
+<!-- END SNIPPET: xbean -->