Spring security CustomLdapAuthoritiesPopulator连接未关闭_Spring Security_Spring Ldap

Spring security CustomLdapAuthoritiesPopulator连接未关闭

spring-security

Spring security CustomLdapAuthoritiesPopulator连接未关闭,spring-security,spring-ldap,Spring Security,Spring Ldap,我使用ldap spring安全性来验证用户。身份验证没有问题。由于复杂的权限，我们创建了CustomLdapAuthoritiesPopulator，请参见下面的程序。一切正常，但连接没有关闭。每个登录的用户在执行以下命令时都会创建一个新连接 List<String> appGroupUsersList = ldapTemplate.search(query, new AppGroupUsersListContextMapper()); 列出appGroupUsersList=l

我使用ldap spring安全性来验证用户。身份验证没有问题。由于复杂的权限，我们创建了CustomLdapAuthoritiesPopulator，请参见下面的程序。一切正常，但连接没有关闭。每个登录的用户在执行以下命令时都会创建一个新连接

List<String> appGroupUsersList = ldapTemplate.search(query, new AppGroupUsersListContextMapper());

列出appGroupUsersList=ldapTemplate.search（查询，新的AppGroupUsersListContextMapper（））；

从ldap获得权限后，如何关闭连接

public class CustomLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
    private static final Logger logger = LoggerFactory.getLogger(CustomLdapAuthoritiesPopulator.class);

    private final LdapTemplate ldapTemplate;
    private String groupSearchBase;

    public AblLdapAuthoritiesPopulator(ContextSource contextSource, String groupSearchBase) {
        this.ldapTemplate = new LdapTemplate(contextSource);
        this.groupSearchBase = groupSearchBase;
    }

    @Override
    public final Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations user, String username) {
        if (groupSearchBase == null) {
            return new HashSet<GrantedAuthority>();
        }

        logger.debug("Getting authorities for user " + user.getNameInNamespace());

        LdapQuery query = query().base(groupSearchBase)
                .where("cn").is("UsersList")
                .and("objectclass").is("groupOfUniqueNames")
                .and("uniqueMember").is(user.getNameInNamespace());

        logger.debug("query: " + query.toString());

        List<String> appGroupUsersList = ldapTemplate.search(query, new AppGroupUsersListContextMapper());
        logger.debug("appGroupUsersList: " + appGroupUsersList.toString());
        if(appGroupUsersList.size() == 0) {
            throw new BadCredentialsException("Unauthorized Access");
        }

        List<String[]> functionsList = new LinkedList<String[]>();
        for (String appGroup : appGroupUsersList) {
            query = query().base("ou="+appGroup+","+groupSearchBase)
                    .where("cn").is("FunctionsList");

            List<String[]> appGroupFunctionsList = ldapTemplate.search(query, new AppGroupFunctionsListContextMapper());
            functionsList.addAll(appGroupFunctionsList);
        }

        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        for (String[] roles : functionsList) {
            for (String role : roles) {
                authorities.add(new SimpleGrantedAuthority(role));
            }
        }
        logger.debug("authorities: " + authorities.size());

        return authorities;
    }

    private static class AppGroupUsersListContextMapper extends AbstractContextMapper<String> {
        public String doMapFromContext(DirContextOperations context) {
            String usersList = null;
            Name dn = context.getDn();
            if (!dn.isEmpty()) {
                if (dn.size() > 3) {
                    usersList = (dn.get(2).split("="))[1];
                }
            }
            return usersList;
        }
    }

    private static class AppGroupFunctionsListContextMapper extends AbstractContextMapper<String[]> {
        public String[] doMapFromContext(DirContextOperations context) {
            String[] functionNames = null;
            String[] functionsList = context.getStringAttributes("uniqueMember");
            if (functionsList != null) {
                functionNames = new String[functionsList.length];
                for (int i = 0; i < functionsList.length; i++) {
                    String[] attributes = functionsList[i].split(",");
                    for (int j = 0; j < attributes.length; j++) {
                        String[] keyValue = attributes[j].split("=");
                        if ("cn".equalsIgnoreCase(keyValue[0])) {
                            functionNames[i] = keyValue[1];
                        }
                    }
                }
            }
            return functionNames;
        }
    }
}

公共类CustomLdapAuthoritiesPopulator实现了LdapAuthoritiesPopulator{
私有静态最终记录器Logger=LoggerFactory.getLogger（CustomLdapAuthoritiesPopulator.class）；
私人最终LdapTemplate LdapTemplate；
私有字符串groupSearchBase；
public AblLdapAuthoritiesPopulator（ContextSource ContextSource、String groupSearchBase）{
this.ldapTemplate=新的ldapTemplate（contextSource）；
this.groupSearchBase=groupSearchBase；
}
@凌驾
公共最终集合GetGrantedAuthories（DirContextOperations用户，字符串用户名）{
if（groupSearchBase==null）{
返回新的HashSet（）；
}
debug（“获取用户权限”+user.getNameInNamespace（））；
LdapQuery query=query（）.base（groupSearchBase）
其中（“cn”）为（“用户列表”）
和（“对象类”）是（“groupOfUniqueNames”）
.and（“uniqueMember”）.is（user.getNameInNamespace（））；
debug（“query:+query.toString（））；
列出appGroupUsersList=ldapTemplate.search（查询，新的AppGroupUsersListContextMapper（））；
debug（“appGroupUsersList:+appGroupUsersList.toString（））；
如果（appGroupUsersList.size（）==0）{
抛出新的BadCredentialsException（“未授权访问”）；
}
列表函数列表=新建链接列表（）；
for（字符串appGroup:appGroupUsersList）{
query=query（）.base（“ou=“+appGroup+”，“+groupSearchBase”）
其中（“cn”）为（“功能列表”）；
List appGroupFunctionsList=ldapTemplate.search（查询，新AppGroupFunctionsListContextMapper（））；
functionsList.addAll（appGroupFunctionsList）；
}
Set authorities=new HashSet（）；
对于（字符串[]角色：函数列表）{
for（字符串角色：角色）{
添加（新的SimpleGrantedAuthority（角色））；
}
}
logger.debug（“authorities:+authorities.size（））；
返回当局；
}
私有静态类AppGroupUsersListContextMapper扩展了AbstractContextMapper{
公共字符串doMapFromContext（DirContextOperations上下文）{
字符串usersList=null；
Name dn=context.getDn（）；
如果（！dn.isEmpty（））{
如果（dn.size（）>3）{
usersList=（dn.get（2.split（“=”）[1]；
}
}
返回用户列表；
}
}
私有静态类AppGroupFunctionsListContextMapper扩展了AbstractContextMapper{
公共字符串[]doMapFromContext（DirContextOperations上下文）{
字符串[]functionNames=null；
String[]functionsList=context.getStringAttributes（“uniqueMember”）；
如果（函数列表！=null）{
functionNames=新字符串[functionsList.length]；
for（int i=0；i

我在DefaultSpringSecurityContextSource中添加了pooled=false之后，问题就解决了。以下是我的xml配置

<bean class="org.springframework.security.ldap.DefaultSpringSecurityContextSource" id="contextSource">
        <constructor-arg value="${ldap.url}"/>
        <property name="pooled" value="false" />
        <property name="userDn" value="${ldap.managerUser}"/>
        <property name="password" value="${ldap.managerPassword}"/>
    </bean>

<ldap:ldap-template id="ldapTemplate" ignore-name-not-found="true" context-source-ref="contextSource"/>

<authentication-manager alias="authenticationManager">
        <authentication-provider ref="customLdapAuthProvider"/>
    </authentication-manager>

    <beans:bean class="com.xxx.web.security.CustomLdapAuthenticationProvider" id="customLdapAuthProvider"/>

    <beans:bean class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider" id="ldapAuthProvider">
        <beans:constructor-arg ref="ldapBindAuthenticator"/>
        <beans:constructor-arg ref="LdapAuthoritiesPopulator"/>
        <beans:property name="userDetailsContextMapper" ref="ldapUserDetailsContextMapper"/>
    </beans:bean>

    <beans:bean class="com.xxx.web.security.CustomBindAuthenticator" id="ldapBindAuthenticator">
        <beans:constructor-arg ref="contextSource"/>
        <beans:property name="userSearch" ref="ldapSearchBean"/>
    </beans:bean>

    <beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch" id="ldapSearchBean">
        <beans:constructor-arg value="${ldap.userSearchBase}"/>
        <beans:constructor-arg value="${ldap.userAttribute}"/>
        <beans:constructor-arg ref="contextSource"/>
    </beans:bean>

    <beans:bean class="com.xxx.web.security.CustomLdapAuthoritiesPopulator" id="LdapAuthoritiesPopulator">
        <beans:constructor-arg ref="contextSource" />
        <beans:constructor-arg value="${ldap.groupSearchBase}"/>
    </beans:bean>