个人中心
gpt4 book ai didi

tomcat - 如何优雅地关闭 spring security ldap

转载 作者:行者123 更新时间:2023-11-28 22:21:27 27 4
gpt4 key购买 nike

在 Tomcat 上停止基于 Spring 的应用程序时遇到以下问题...

SEVERE: The web application [/Toolbox] appears to have started a thread named [Thread-8] but has failed to stop it. This is very likely to create a memory leak.

我已经追踪到这个线程是什么......

thread: 43 :: Thread-8 :: RUNNABLE
 Trace: 
java.net.SocketInputStream.socketRead0(Native Method)
java.net.SocketInputStream.read(SocketInputStream.java:129)
java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
java.io.BufferedInputStream.read1(BufferedInputStream.java:258)
java.io.BufferedInputStream.read(BufferedInputStream.java:317)
com.sun.jndi.ldap.Connection.run(Connection.java:834)
java.lang.Thread.run(Thread.java:662)

(真的有2个线程,Thread-7和Thread-8,都是ldap)

显然 ldap 没有正常退出。我使用 Spring Security 从事件目录服务器进行身份验证(并获取其他数据)。我的安全xml文件如下...

<?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/security  http://www.springframework.org/schema/security/spring-security-3.1.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://ldap.example.example.com:389" />
    <property name="base" value="dc=corp,dc=global,dc=example,dc=com" />
    <property name="userDn" value="CN=lna.authquery,OU=LDAPGroups,OU=NorthAmerica,DC=corp,DC=global,DC=example,DC=com" />
    <property name="password" value="${example.password}" />
    <property name="pooled" value="true" />
    <!-- AD Specific Setting for avoiding the partial exception error -->
    <property name="referral" value="follow" />
</bean>

<bean id="ldapAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider" >
    <constructor-arg>
        <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <constructor-arg ref="contextSource" />
            <property name="userSearch">
                <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                    <constructor-arg index="0" value="" />
                    <constructor-arg index="1" value="(sAMAccountName={0})" />
                    <constructor-arg index="2" ref="contextSource" />
                </bean>
            </property>
        </bean>
    </constructor-arg>
    <constructor-arg>
        <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
            <constructor-arg ref="contextSource" />
            <constructor-arg value="" />
            <property name="groupSearchFilter" value="(member={0})" />
            <property name="searchSubtree" value="true" />
            <!-- Settings below convert the adds the prefix ROLE_ to roles returned from AD -->
        </bean>
    </constructor-arg>
    <property name="userDetailsContextMapper">
       <bean class="com.example.ncc.utilities.CustomUserDetailsContextMapper" />
    </property>
</bean>

<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
    <constructor-arg>
        <list>
            <ref local="ldapAuthenticationProvider" />
        </list>
    </constructor-arg>
</bean>

<sec:http pattern="/css/**" security="none"/>
<sec:http pattern="/images/**" security="none"/>
<sec:http auto-config="true" authentication-manager-ref="authenticationManager" >
    <sec:intercept-url pattern="/login.jsp*" requires-channel="https" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:intercept-url pattern="/j_spring_security_check*" requires-channel="https" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:intercept-url pattern="/**" requires-channel="https" access="IS_AUTHENTICATED_FULLY"/>
    <sec:form-login login-page='/login.jsp' 
                    default-target-url="/home.html" 
                    authentication-failure-url="/login.jsp?error=true" />
</sec:http>

我在 spring documentation site 上看到了对 shutdownTlsGracefully 参数的引用但老实说,我不确定这在这种情况下有多相关,或者如何在 spring security ldap 下注入(inject)参数。

如何优雅地关闭 ldap 并避免这种潜在的内存泄漏?

最佳答案

好吧,我找到了错误线程的来源。关闭池 <property name="pooled" value="false" />删除了问题。显然,池不能很好地与正常关闭一起使用。

我会接受这个答案,因为它有效并且没有其他人回应。如果其他人有更好/更优雅的答案,请随时回复,我不会接受我的。

关于tomcat - 如何优雅地关闭 spring security ldap,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16348750/

27 4 0
文章推荐: Spring RequestMapping 头痛
文章推荐: tomcat - 一台tomcat服务器可以同时支持RSA和DSA证书吗?
文章推荐: apache - 如何屏蔽 apache 子域后面的 tomcat 应用程序?
文章推荐: ios - UITableView 不响应 UITableViewCell 的选择
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com