Hi Paul- Thanks for the input. Yep, I’m seeing the same thing. There needs to be a class-level lock that operations are synchronized on, and not rely on class-static cache and method synchronization.
I made a JIRA to track: https://issues.apache.org/jira/browse/KARAF-7671 -Matt Pavlovich > On Feb 21, 2023, at 12:01 PM, Paul McCulloch <[email protected]> wrote: > > Matt, > From memory (& less than stellar comments) I believe the issue is in > concurrent access to getCache() & clear() > > public static LDAPCache getCache(LDAPOptions options) { > LDAPCache cache = CACHES.get(options); > if (cache == null) { > CACHES.putIfAbsent(options, new LDAPCache(options)); > cache = CACHES.get(options); > } > return cache; > } > > If clear() is called by another thread between the putIfAbsent() and get() > then null is returned. > > A second issue (and this is just from memory & Karaf code review, so I may be > mistaken) is that the LDAP cache is cleared in LDAPLoginModule.initialize(), > but this method is called every time a user authenticates - so the cache is > never used. > > Paul > > > On Tue, 21 Feb 2023 at 15:27, Matt Pavlovich <[email protected] > <mailto:[email protected]>> wrote: >> Paul- >> >> What issues have you found with the LDAP caching module? Please share, so I >> can open a JIRA and fix it. >> >> Thanks! >> Matt Pavlovich >> >>> On Feb 21, 2023, at 4:42 AM, Paul McCulloch <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> I use a DS component which instantiates an >>> org.apache.karaf.jaas.config.JaasRealm and registers it via >>> org.osgi.framework.BundleContext.registerService(Class<JaasRealm>, >>> JaasRealm, Dictionary<String, ?>). >>> >>> My DS component uses Config Admnin to configure the realm. I wrap the >>> standard Karaf LDAP module in my own caching proxy (as I found concurrency >>> issues with >>> org.apache.karaf.jaas.modules.ldap.LDAPCache.getCache(LDAPOptions)). >>> >>> I can't share the code, but I can answer any questions you have. >>> >>> Paul >>> >>> On Tue, 21 Feb 2023 at 08:09, Maurice Betzel <[email protected] >>> <mailto:[email protected]>> wrote: >>>> Dear community, >>>> >>>> >>>> >>>> I am building a new custom Karaf assembly and would like to avoid >>>> installing aries blueprint just for creating an LDAP login module. >>>> >>>> Does anybody have any experience with alternatives like declarative >>>> services or low-level activator setup willing to share the knowledge? >>>> >>>> >>>> >>>> Met vriendelijke groet / Mit freundlichen Grüßen / Kind regards, >>>> >>>> Maurice Betzel >>>> Principal Software Engineer >>>> >>>> Al onze verrichtingen geschieden op basis van de Algemene voorwaarden der >>>> Expediteurs van België, gepubliceerd in de bijlage tot het Belgisch >>>> Staatsblad dd. 24 juni 2005 onder nr. 0090237. De tekst van deze >>>> voorwaarden wordt op uw verzoek gratis toegezonden. >>>> All our transactions are subject to the General Conditions of the Belgian >>>> Forwarders Association which have been published under nr. 0090237 in the >>>> "Bijlage tot het Belgisch Staatsblad" dated June 24th, 2005, and is >>>> available free of charge upon request. >>>> Toutes nos opérations se font sur base des Conditions Générales des >>>> Expéditeurs de Belgique. Le texte en a été publié dans l' Annexe au >>>> Moniteur Belge du 24 juin 2005 sous le n° 0090237. Ce texte sera vous >>>> envoyé gratuitment sur demande. >>>> Email confidentiality notice: >>>> This email and any files transmitted with it are confidential and intended >>>> only for the use of the recipient. If you have received this email in >>>> error please notify its sender. >>>> >>
