commit f83bfef6e3252071184e2d3d80a33c294f012e2b
author Daniel Kulp <dkulp@apache.org> Wed Dec 07 14:27:33 2016 -0500
committer Daniel Kulp <dkulp@apache.org> Wed Dec 14 10:33:45 2016 -0500
tree 0a5e0858b172522583f51e9ef9d6e516613f47f2
parent e16ed242b2319523608f6ff7e572668b36e6c813

[AMQ-6529] Make sure the LDAP ACL's are definitely loaded when needed.

activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java

diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java
index 9f888b9..44c23f6 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.java
@@ -27,6 +27,7 @@
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
 
 import javax.naming.Binding;
 import javax.naming.Context;
@@ -93,7 +94,7 @@
     protected String groupClass = DefaultAuthorizationMap.DEFAULT_GROUP_CLASS;
 
     // Internal State
-    private long lastUpdated;
+    private long lastUpdated = -1;
 
     private static String ANY_DESCENDANT = "\\$";
 
@@ -222,8 +223,9 @@
      *             if there is an unrecoverable error processing the directory contents
      */
     @SuppressWarnings("rawtypes")
-    protected void query() throws Exception {
+    protected synchronized void query() throws Exception {
         DirContext currentContext = open();
+        entries.clear();
 
         final SearchControls constraints = new SearchControls();
         constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -668,11 +670,20 @@
      * refresh interval has elapsed.
      */
     protected void checkForUpdates() {
+        if (lastUpdated == -1) {
+            //ACL's have never been queried, but we need them NOW as we're being asked for them. 
+            try {
+                query();
+                return;
+            } catch (Exception e) {
+                LOG.error("Error updating authorization map.  Partial policy may be applied until the next successful update.", e);
+            }
+        }
 
         if (context != null && refreshDisabled) {
             return;
         }
-
+        
         if (context == null || (!refreshDisabled && (refreshInterval != -1 && System.currentTimeMillis() >= lastUpdated + refreshInterval))) {
             this.updaterService.execute(new Runnable() {
                 @Override
@@ -691,8 +702,6 @@
                             }
                         }
 
-                        entries.clear();
-
                         LOG.debug("Updating authorization map!");
                         try {
                             query();