Přeskočit na hlavní obsah

Speed-up ApacheDS LDAP server for testing

Using the ApacheDS for unit testing can be painful if you need to restart/reconfigure the server several times. IT'S SOOO SLOOOOW.

The reason is simple. The default configuration creates a nice directory structure and unpacks all the schema files from JAR file to one of the created directories. Then it creates a file based JDBM partition for you. And it loads your LDIF data to it.

It means many, money, many I/O operations even before the LDAP starts.

Nevertheless, ApacheDS has a nice API to resolve this issue. You will need to make your hands dirty little bit, but it's worth it.

Follow these 3 simple steps and it's all:

  1. Create schema partition class, which stores LDAP schema data in-memory only: sample InMemorySchemaPartition.java
  2. Create DirectoryServiceFactory implementation, which will use in-memory AvlPartitions instead of JDBM and as a schema partition it will use class from the first step: sample InMemoryDirectoryServiceFactory.java
  3. use the new DirectoryServiceFactory to create embedded LDAP

Embedded LDAP

There are 2 simple ways, how to create LDAP server in your unit tests. One uses ApacheDS annotations and the second uses API directly. Here are sample code snippets, which show how to enable the custom InMemoryDirectoryServiceFactory for both of the ways.

Annotations
@CreateDS(
 name = "JBossOrgDS",
 factory=InMemoryDirectoryServiceFactory.class,
 partitions = {
  @CreatePartition(
   name = "jbossorg",
   suffix = "dc=jboss,dc=org",
   contextEntry = @ContextEntry(
    entryLdif =
     "dn: dc=jboss,dc=org\n" +
     "dc: jboss\n" +
     "objectClass: top\n" +
     "objectClass: domain\n\n" )
  )
 })
@CreateLdapServer (
 transports = { @CreateTransport( protocol = "LDAP",  port = 10389, address = "0.0.0.0" ) })
public static void createLdapServer() throws Exception {
 DirectoryService directoryService = DSAnnotationProcessor.getDirectoryService();
 final SchemaManager schemaManager = directoryService.getSchemaManager();
 //import your LDIF here
 ServerAnnotationProcessor.instantiateLdapServer((CreateLdapServer) AnnotationUtils.getInstance(CreateLdapServer.class), directoryService).start();
}

API
DirectoryServiceFactory dsf = new InMemoryDirectoryServiceFactory();
dsf.init("JBossOrgDS");
DirectoryService directoryService = dsf.getDirectoryService();
SchemaManager schemaManager = masterDirectoryService.getSchemaManager();

PartitionFactory pf = dsf.getPartitionFactory();
Partition p = pf.createPartition(schemaManager, "jbossorg", "dc=jboss,dc=org", 1000, workingDir);
p.initialize();
directoryService.addPartition(p);

//import LDIF here

LdapServer ldapServer = new LdapServer();
ldapServer.setServiceName("DefaultLDAP");
Transport ldap = new TcpTransport( "0.0.0.0", 10389, 3, 5 );
ldapServer.addTransports(ldap);
ldapServer.setDirectoryService(directoryService);
ldapServer.start();

I bet your ApacheDS startup time falls down at least by 50% with these in-memory settings.
Štítky:

Komentáře

Okomentovat

Populární příspěvky z tohoto blogu

Three ways to redirect HTTP requests to HTTPs in WildFly and JBoss EAP

WildFly application server (and JBoss EAP) supports several simple ways how to redirect the communication from plain HTTP to TLS protected HTTPs. This article presents 3 ways. Two are on the application level and the last one is on the server level valid for requests to all deployments. 1. Request confidentiality in the deployment descriptor The first way is based on the Servlet specification. You need to specify which URLs should be protected in the web.xml deployment descriptor. It's the same approach as the one used for specifying which URLs require authentication/authorization. Just instead of requesting an assigned role, you request a transport-guarantee . Sample content of the WEB-INF/web.xml <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1...
Okomentovat
Další informace

Simple TLS certificates in WildFly 18

It's just 2 weeks when WildFly 18 was released. It includes nice improvements in TLS certificates handling through ACME protocol (Automatic Certificate Management Environment), it greatly simplifies obtaining valid HTTPS certificates. There was already a support for the Let's Encrypt CA in WildFly 14 as Farah Juma described in her blog post last year. New WildFly version allows using other CA-s with ACME protocol support. It also adds new switch --lets-encrypt to interactive mode of security enable-ssl-http-server JBoss CLI commands. Let's try it. Before we jump on WildFly configuration, let's just mention the HTTPs can be used even in the default configuration and a self-signed certificate is generated on the fly. Nevertheless, it's not secure and you should not use it for any other purpose than testing. Use Let's Encrypt signed certificate for HTTPs application interface Start WildFly on a machine with the public IP address. Run it on the defaul...
Okomentovat
Další informace

JSignPKCS11 - when your smartcard is too smart

TL;DR Yes, you can add digital signatures in Java even when you use newer hardware tokens such as Gemalto SafeNet eToken 5110 CC. JSignPKCS11 might help. Maybe you've seen the infamous PKCS11 error message CKR_USER_NOT_LOGGED_IN already. Thrown even when the SunPKCS11 security provider and the keystore settings were properly configured for your hardware token. java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN at jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:685) at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1404) at java.base/java.security.Signature.sign(Signature.java:713) ... Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_Sign(Native Method) at jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:664) ...
Okomentovat
Další informace