Re: Multiple Topologies with LDAP Cache Managers

[Alan Miller]

I have this issue too and would be interested in a solution that allows
multiple CacheManagers  in the same gateway, OR
a common CacheManager across topologies.

Currently I have caching disabled.

I tried different values for cacheManagerConfigFile (with different paths for 
diskStore)
and different values for main.securityManager.cacheManager


Topology 1 Snippet:

<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            …….. LDAP Stuff for Customer 1 ……..
            <param name="main.cacheManager1" 
value="org.apache.shiro.cache.ehcache.EhCacheManager" />
            <param name="main.cacheManager1.cacheManagerConfigFile" 
value="classpath:ehcache-CUSTOMER1.xml" />
            <param name="main.securityManager.cacheManager" 
value="$cacheManager1" />
            <param name="main.ldapRealm.authenticationCachingEnabled" 
value="true" />
        </provider>
    </gateway>
     ……..
</topology>

Topology 2 Snippet:

<param name="main.ldapRealm.authenticationCachingEnabled" value="true" />
<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            …….. LDAP Stuff for Customer 2 ……..
            <param name="main.cacheManage2r" 
value="org.apache.shiro.cache.ehcache.EhCacheManager" />
            <param name="main.cacheManager2.cacheManagerConfigFile" 
value="classpath:ehcache-CUSTOMER2.xml" />
            <param name="main.securityManager.cacheManager" 
value="$cacheManager2" />
            <param name="main.ldapRealm.authenticationCachingEnabled" 
value="true" />        </provider>
    </gateway>
     ……..
</topology>


--
Alan


From: Sumit Gupta <sumit.gu...@hortonworks.com>
Reply-To: "user@knox.apache.org" <user@knox.apache.org>
Date: Tuesday, November 22, 2016 at 7:26 AM
To: "user@knox.apache.org" <user@knox.apache.org>
Subject: Re: Multiple Topologies with LDAP Cache Managers

Hi Benjamin,

I have heard of this error before but never been able to reproduce this myself, 
even with two topologies. Please file a bug for this and I believe I can 
provide a patch that should work. It would be great if you could provide exact 
steps to reproduce on a vanilla Knox installation so that the fix can be 
validated.

Thanks!
Sumit



From: "Ruland, Benjamin" 
<benjamin.rul...@computacenter.com<mailto:benjamin.rul...@computacenter.com>>
Reply-To: "user@knox.apache.org<mailto:user@knox.apache.org>" 
<user@knox.apache.org<mailto:user@knox.apache.org>>
Date: Tuesday, November 22, 2016 at 9:31 AM
To: "user@knox.apache.org<mailto:user@knox.apache.org>" 
<user@knox.apache.org<mailto:user@knox.apache.org>>
Subject: Multiple Topologies with LDAP Cache Managers

Hi Knox community,

I am having some problems with a Knox instance that hosts two Knox topologies.

In each topology, an LDAP connection is configured. After enabling caching 
using the following attributes, this error occurs when using one of the two 
topologies. The other one works fine:

WARN  webapp.WebAppContext (WebAppContext.java:doStart(514)) - Failed startup 
of context 
o.e.j.w.WebAppContext@514646ef{/gateway/dev,file:/var/lib/knox/data-2.5.0.0-1245/deployments/dev.topo.1588c20be90/%252F/,STARTING}{/usr/hdp/2.5.0.0-1245/knox/bin/../data/deployments/dev.topo.1588c20be90/%2F}
org.apache.shiro.cache.CacheException: net.sf.ehcache.CacheException: Another 
unnamed CacheManager already exists in the same VM. Please provide unique names 
for each CacheManager in the config or do one of following:
1. Use one of the CacheManager.create() static factory methods to reuse same 
CacheManager with same name or create one if necessary
2. Shutdown the earlier cacheManager before creating new one with same name.
The source of the existing CacheManager is: InputStreamConfigurationSource 
[stream=sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream@78a287ed]

The config extract is:

      <!-- The following three options enable LDAP caching -->
      <param>
        <name>main.cacheManager</name>
        <value>org.apache.shiro.cache.ehcache.EhCacheManager</value>
      </param>
      <param>
        <name>main.securityManager.cacheManager</name>
        <value>$cacheManager</value>
      </param>
      <param>
        <name>main.ldapRealm.authenticationCachingEnabled</name>
        <value>true</value>
      </param>
    </provider>


Is there a way to use two non-conflicting cache providers? Maybe by naming them?

Or otherwise: Is the cache provider shared by all topologies?

Best regards and thanks for your help,
Benjamin


-----------------------------------
Computacenter AG & Co. oHG, mit Sitz in Kerpen
(Amtsgericht Köln HRA 18096)
Vertretungsberechtigte Gesellschafter:
Computacenter Aktiengesellschaft, mit Sitz in Köln (Amtsgericht Köln HRB 28384)
Vorstand: Tony Conophy
Aufsichtsrat: Michael Norris (Vorsitzender)
Computacenter Management GmbH, mit Sitz in Köln (Amtsgericht Köln HRB 28284)
Geschäftsführer: Dr. Karsten Freihube, Dr. Thomas Kottmann, Reiner Louis, 
Thomas Jescheck
Visit us on the Internet: 
http://www.computacenter.de<http://www.computacenter.de/>
Visit our Online-Shop: 
https://shop.computacenter.de<https://shop.computacenter.de/>

This email is confidential. If you are not the intended recipient, you must not 
disclose or use the information contained in it. If you have received this mail 
in error, please tell us immediately by return email and delete the document.
-----------------------------------