Spring security CustomLdapAuthoritiesPopulator连接未关闭
我使用ldap spring安全性来验证用户。身份验证没有问题。由于复杂的权限,我们创建了CustomLdapAuthoritiesPopulator,请参见下面的程序。一切正常,但连接没有关闭。每个登录的用户在执行以下命令时都会创建一个新连接Spring security CustomLdapAuthoritiesPopulator连接未关闭,spring-security,spring-ldap,Spring Security,Spring Ldap,我使用ldap spring安全性来验证用户。身份验证没有问题。由于复杂的权限,我们创建了CustomLdapAuthoritiesPopulator,请参见下面的程序。一切正常,但连接没有关闭。每个登录的用户在执行以下命令时都会创建一个新连接 List<String> appGroupUsersList = ldapTemplate.search(query, new AppGroupUsersListContextMapper()); 列出appGroupUsersList=l
List<String> appGroupUsersList = ldapTemplate.search(query, new AppGroupUsersListContextMapper());
列出appGroupUsersList=ldapTemplate.search(查询,新的AppGroupUsersListContextMapper());
从ldap获得权限后,如何关闭连接
public class CustomLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
private static final Logger logger = LoggerFactory.getLogger(CustomLdapAuthoritiesPopulator.class);
private final LdapTemplate ldapTemplate;
private String groupSearchBase;
public AblLdapAuthoritiesPopulator(ContextSource contextSource, String groupSearchBase) {
this.ldapTemplate = new LdapTemplate(contextSource);
this.groupSearchBase = groupSearchBase;
}
@Override
public final Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations user, String username) {
if (groupSearchBase == null) {
return new HashSet<GrantedAuthority>();
}
logger.debug("Getting authorities for user " + user.getNameInNamespace());
LdapQuery query = query().base(groupSearchBase)
.where("cn").is("UsersList")
.and("objectclass").is("groupOfUniqueNames")
.and("uniqueMember").is(user.getNameInNamespace());
logger.debug("query: " + query.toString());
List<String> appGroupUsersList = ldapTemplate.search(query, new AppGroupUsersListContextMapper());
logger.debug("appGroupUsersList: " + appGroupUsersList.toString());
if(appGroupUsersList.size() == 0) {
throw new BadCredentialsException("Unauthorized Access");
}
List<String[]> functionsList = new LinkedList<String[]>();
for (String appGroup : appGroupUsersList) {
query = query().base("ou="+appGroup+","+groupSearchBase)
.where("cn").is("FunctionsList");
List<String[]> appGroupFunctionsList = ldapTemplate.search(query, new AppGroupFunctionsListContextMapper());
functionsList.addAll(appGroupFunctionsList);
}
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String[] roles : functionsList) {
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
}
logger.debug("authorities: " + authorities.size());
return authorities;
}
private static class AppGroupUsersListContextMapper extends AbstractContextMapper<String> {
public String doMapFromContext(DirContextOperations context) {
String usersList = null;
Name dn = context.getDn();
if (!dn.isEmpty()) {
if (dn.size() > 3) {
usersList = (dn.get(2).split("="))[1];
}
}
return usersList;
}
}
private static class AppGroupFunctionsListContextMapper extends AbstractContextMapper<String[]> {
public String[] doMapFromContext(DirContextOperations context) {
String[] functionNames = null;
String[] functionsList = context.getStringAttributes("uniqueMember");
if (functionsList != null) {
functionNames = new String[functionsList.length];
for (int i = 0; i < functionsList.length; i++) {
String[] attributes = functionsList[i].split(",");
for (int j = 0; j < attributes.length; j++) {
String[] keyValue = attributes[j].split("=");
if ("cn".equalsIgnoreCase(keyValue[0])) {
functionNames[i] = keyValue[1];
}
}
}
}
return functionNames;
}
}
}
公共类CustomLdapAuthoritiesPopulator实现了LdapAuthoritiesPopulator{
私有静态最终记录器Logger=LoggerFactory.getLogger(CustomLdapAuthoritiesPopulator.class);
私人最终LdapTemplate LdapTemplate;
私有字符串groupSearchBase;
public AblLdapAuthoritiesPopulator(ContextSource ContextSource、String groupSearchBase){
this.ldapTemplate=新的ldapTemplate(contextSource);
this.groupSearchBase=groupSearchBase;
}
@凌驾
公共最终集合GetGrantedAuthories(DirContextOperations用户,字符串用户名){
if(groupSearchBase==null){
返回新的HashSet();
}
debug(“获取用户权限”+user.getNameInNamespace());
LdapQuery query=query().base(groupSearchBase)
其中(“cn”)为(“用户列表”)
和(“对象类”)是(“groupOfUniqueNames”)
.and(“uniqueMember”).is(user.getNameInNamespace());
debug(“query:+query.toString());
列出appGroupUsersList=ldapTemplate.search(查询,新的AppGroupUsersListContextMapper());
debug(“appGroupUsersList:+appGroupUsersList.toString());
如果(appGroupUsersList.size()==0){
抛出新的BadCredentialsException(“未授权访问”);
}
列表函数列表=新建链接列表();
for(字符串appGroup:appGroupUsersList){
query=query().base(“ou=“+appGroup+”,“+groupSearchBase”)
其中(“cn”)为(“功能列表”);
List appGroupFunctionsList=ldapTemplate.search(查询,新AppGroupFunctionsListContextMapper());
functionsList.addAll(appGroupFunctionsList);
}
Set authorities=new HashSet();
对于(字符串[]角色:函数列表){
for(字符串角色:角色){
添加(新的SimpleGrantedAuthority(角色));
}
}
logger.debug(“authorities:+authorities.size());
返回当局;
}
私有静态类AppGroupUsersListContextMapper扩展了AbstractContextMapper{
公共字符串doMapFromContext(DirContextOperations上下文){
字符串usersList=null;
Name dn=context.getDn();
如果(!dn.isEmpty()){
如果(dn.size()>3){
usersList=(dn.get(2.split(“=”)[1];
}
}
返回用户列表;
}
}
私有静态类AppGroupFunctionsListContextMapper扩展了AbstractContextMapper{
公共字符串[]doMapFromContext(DirContextOperations上下文){
字符串[]functionNames=null;
String[]functionsList=context.getStringAttributes(“uniqueMember”);
如果(函数列表!=null){
functionNames=新字符串[functionsList.length];
for(int i=0;i
我在DefaultSpringSecurityContextSource中添加了pooled=false之后,问题就解决了。以下是我的xml配置
<bean class="org.springframework.security.ldap.DefaultSpringSecurityContextSource" id="contextSource">
<constructor-arg value="${ldap.url}"/>
<property name="pooled" value="false" />
<property name="userDn" value="${ldap.managerUser}"/>
<property name="password" value="${ldap.managerPassword}"/>
</bean>
<ldap:ldap-template id="ldapTemplate" ignore-name-not-found="true" context-source-ref="contextSource"/>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customLdapAuthProvider"/>
</authentication-manager>
<beans:bean class="com.xxx.web.security.CustomLdapAuthenticationProvider" id="customLdapAuthProvider"/>
<beans:bean class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider" id="ldapAuthProvider">
<beans:constructor-arg ref="ldapBindAuthenticator"/>
<beans:constructor-arg ref="LdapAuthoritiesPopulator"/>
<beans:property name="userDetailsContextMapper" ref="ldapUserDetailsContextMapper"/>
</beans:bean>
<beans:bean class="com.xxx.web.security.CustomBindAuthenticator" id="ldapBindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="ldapSearchBean"/>
</beans:bean>
<beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch" id="ldapSearchBean">
<beans:constructor-arg value="${ldap.userSearchBase}"/>
<beans:constructor-arg value="${ldap.userAttribute}"/>
<beans:constructor-arg ref="contextSource"/>
</beans:bean>
<beans:bean class="com.xxx.web.security.CustomLdapAuthoritiesPopulator" id="LdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="${ldap.groupSearchBase}"/>
</beans:bean>