[Geoserver-devel] spring security & ldap

Hi,

I believe there is an issue with the LDAP tests in geoserver, although it may depend on platform. Each test an LDAP server is set up locally on port 10389 and automatically shut down at the end. After a few tests it randomly occurs that it takes a while (perhaps about half a minute) to shut the server down, without apparent reason (but the stopping method ends immediately). After that all other ldap are skipped because the port is still busy (an "assume" command is used to test whether the server can be set up on the port). If all the tests are skipped, we may miss changes that break tests and that defeats their purpose.

I have found no way to solve this issue, apart from actively waiting at the end of each test in a loop until the port has been released. This works and solved the problem temporary for me locally. Problem with that is that the build will randomly stop and wait for a while a few times during the ldap tests. Perhaps we could even risk creating an endless loop.

I have found a message on a forum about this online http://forum.spring.io/forum/spring-projects/data/ldap/101924-occasional-error-binding-to-ldap-port-when-using-testcontextsourcefactorybean

They say these kind of problems are solved in spring security 1.3.2. We use 1.3.1, and I was wondering if we could perhaps upgrade.

Regards
Niels

On Sat, Feb 21, 2015 at 5:46 PM, Niels Charlier <niels@anonymised.com> wrote:

Hi,

I believe there is an issue with the LDAP tests in geoserver, although
it may depend on platform. Each test an LDAP server is set up locally on
port 10389 and automatically shut down at the end. After a few tests it
randomly occurs that it takes a while (perhaps about half a minute) to
shut the server down, without apparent reason (but the stopping method
ends immediately). After that all other ldap are skipped because the
port is still busy (an "assume" command is used to test whether the
server can be set up on the port). If all the tests are skipped, we may
miss changes that break tests and that defeats their purpose.

I have found no way to solve this issue, apart from actively waiting at
the end of each test in a loop until the port has been released. This
works and solved the problem temporary for me locally. Problem with that
is that the build will randomly stop and wait for a while a few times
during the ldap tests. Perhaps we could even risk creating an endless loop.

I have found a message on a forum about this online

http://forum.spring.io/forum/spring-projects/data/ldap/101924-occasional-error-binding-to-ldap-port-when-using-testcontextsourcefactorybean

They say these kind of problems are solved in spring security 1.3.2. We
use 1.3.1, and I was wondering if we could perhaps upgrade.

You mean upgrading the version of the ldap test lib? Or both?
It seems that for the non test jar we are getting it via a transitive
dependency towards org.springframework.security:spring-security-ldap:

[INFO] +-
org.springframework.security:spring-security-ldap:jar:3.1.0.RELEASE:compile
[INFO] | +- org.springframework:spring-tx:jar:3.1.4.RELEASE:compile
*[INFO] | \-
org.springframework.ldap:spring-ldap-core:jar:1.3.1.RELEASE:compile*
*[INFO] +- org.springframework.ldap:spring-ldap-test:jar:1.3.1.RELEASE:test*

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------

Hi Niels,

···

2015-02-21 17:46 GMT+01:00 Niels Charlier <niels@anonymised.com>:

I have found a message on a forum about this online http://forum.spring.io/forum/spring-projects/data/ldap/101924-occasional-error-binding-to-ldap-port-when-using-testcontextsourcefactorybean

They say these kind of problems are solved in spring security 1.3.2. We use 1.3.1, and I was wondering if we could perhaps upgrade.

I would say: can you test if upgrading solves the issue? I am +1 for upgrading if this is the case.
Thank for looking into this, it is a long standing issue, but I haven’t found an easy fix, so far.

Regards,
Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

I just tested it seems possible to upgrade the spring ldap test module to 1.3.2 just for the tests, while leaving all the other spring security dependencies how they are. I did have to upgrade apache commons-lang from 2.1 to 2.4 to get it to work. Regards Niels

···

On 21-02-15 19:36, Andrea Aime wrote:

You mean upgrading the version of the ldap test lib? Or both?
It seems that for the non test jar we are getting it via a transitive dependency towards org.springframework.security:spring-security-ldap:

[INFO] ± org.springframework.security:spring-security-ldap:jar:3.1.0.RELEASE:compile
[INFO] | ± org.springframework:spring-tx:jar:3.1.4.RELEASE:compile
[INFO] | - org.springframework.ldap:spring-ldap-core:jar:1.3.1.RELEASE:compile
[INFO] ± org.springframework.ldap:spring-ldap-test:jar:1.3.1.RELEASE:test

It appears to fix the problem. But some changes are required in our own LDAPTestUtils class and the ldif files. Regards Niels

···

On 22-02-15 09:18, Mauro Bartolomeoli wrote:

Hi Niels,

2015-02-21 17:46 GMT+01:00 Niels Charlier <niels@anonymised.com>:

I have found a message on a forum about this online http://forum.spring.io/forum/spring-projects/data/ldap/101924-occasional-error-binding-to-ldap-port-when-using-testcontextsourcefactorybean

They say these kind of problems are solved in spring security 1.3.2. We use 1.3.1, and I was wondering if we could perhaps upgrade.

I would say: can you test if upgrading solves the issue? I am +1 for upgrading if this is the case.
Thank for looking into this, it is a long standing issue, but I haven’t found an easy fix, so far.

On Sun, Feb 22, 2015 at 5:10 PM, Niels Charlier <niels@anonymised.com> wrote:

On 21-02-15 19:36, Andrea Aime wrote:

You mean upgrading the version of the ldap test lib? Or both?
It seems that for the non test jar we are getting it via a transitive
dependency towards org.springframework.security:spring-security-ldap:

[INFO] +-
org.springframework.security:spring-security-ldap:jar:3.1.0.RELEASE:compile
[INFO] | +- org.springframework:spring-tx:jar:3.1.4.RELEASE:compile
*[INFO] | \-
org.springframework.ldap:spring-ldap-core:jar:1.3.1.RELEASE:compile*
*[INFO] +-
org.springframework.ldap:spring-ldap-test:jar:1.3.1.RELEASE:test*

  I just tested it seems possible to upgrade the spring ldap test module
to 1.3.2 just for the tests, while leaving all the other spring security
dependencies how they are. I did have to upgrade apache commons-lang from
2.1 to 2.4 to get it to work.

commons-lang is used in other of places, upgrading it might require going
as deep as geotools to check the change is safe for all modules

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------

It appears in the meantime somebody has already upgraded commons-lang to 2.6 now anyway:
https://github.com/geoserver/geoserver/commit/f89b34a3d7be25d05d053a8d875cf1c2a87504ff#diff-96d5825f70d1b151527c8384ab158bce
so that is one problem solved.

I've made a patch to upgrade the LDAP tests to 1.3.2, which fixes the busy port skipping test issue:

https://github.com/geoserver/geoserver/pull/969

Kind Regards
Niels

On 22-02-15 17:28, Andrea Aime wrote:

On Sun, Feb 22, 2015 at 5:10 PM, Niels Charlier <niels@anonymised.com <mailto:niels@anonymised.com>> wrote:

    On 21-02-15 19:36, Andrea Aime wrote:

    You mean upgrading the version of the ldap test lib? Or both?
    It seems that for the non test jar we are getting it via a
    transitive dependency towards
    org.springframework.security:spring-security-ldap:

    [INFO] +-
    org.springframework.security:spring-security-ldap:jar:3.1.0.RELEASE:compile
    [INFO] | +- org.springframework:spring-tx:jar:3.1.4.RELEASE:compile
    *[INFO] | \-
    org.springframework.ldap:spring-ldap-core:jar:1.3.1.RELEASE:compile*
    *[INFO] +-
    org.springframework.ldap:spring-ldap-test:jar:1.3.1.RELEASE:test*

    I just tested it seems possible to upgrade the spring ldap test
    module to 1.3.2 just for the tests, while leaving all the other
    spring security dependencies how they are. I did have to upgrade
    apache commons-lang from 2.1 to 2.4 to get it to work.

commons-lang is used in other of places, upgrading it might require going as deep as geotools to check the change is safe for all modules

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

-------------------------------------------------------

Perfect!

Thanks Niels.

Mauro

···

2015-03-11 12:19 GMT+01:00 Niels Charlier <niels@anonymised.com>:

It appears in the meantime somebody has already upgraded commons-lang to 2.6 now anyway:
https://github.com/geoserver/geoserver/commit/f89b34a3d7be25d05d053a8d875cf1c2a87504ff#diff-96d5825f70d1b151527c8384ab158bce
so that is one problem solved.

I’ve made a patch to upgrade the LDAP tests to 1.3.2, which fixes the busy port skipping test issue:

https://github.com/geoserver/geoserver/pull/969

Kind Regards
Niels

On 22-02-15 17:28, Andrea Aime wrote:

On Sun, Feb 22, 2015 at 5:10 PM, Niels Charlier <niels@anonymised.com> wrote:

On 21-02-15 19:36, Andrea Aime wrote:

I just tested it seems possible to upgrade the spring ldap test module to 1.3.2 just for the tests, while leaving all the other spring security dependencies how they are. I did have to upgrade apache commons-lang from 2.1 to 2.4 to get it to work.

commons-lang is used in other of places, upgrading it might require going as deep as geotools to check the change is safe for all modules

Cheers
Andrea

==

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

==

Ing. Andrea Aime

@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


You mean upgrading the version of the ldap test lib? Or both?
It seems that for the non test jar we are getting it via a transitive dependency towards org.springframework.security:spring-security-ldap:

[INFO] ± org.springframework.security:spring-security-ldap:jar:3.1.0.RELEASE:compile
[INFO] | ± org.springframework:spring-tx:jar:3.1.4.RELEASE:compile
[INFO] | - org.springframework.ldap:spring-ldap-core:jar:1.3.1.RELEASE:compile
[INFO] ± org.springframework.ldap:spring-ldap-test:jar:1.3.1.RELEASE:test

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.