tomcat - How do I shutdown spring security ldap gracefully -
i'm having following problem when stopping spring based application on tomcat...
severe: web application [/toolbox] appears have started thread named [thread-8] has failed stop it. create memory leak. i've tracked thread ...
thread: 43 :: thread-8 :: runnable trace: java.net.socketinputstream.socketread0(native method) java.net.socketinputstream.read(socketinputstream.java:129) java.io.bufferedinputstream.fill(bufferedinputstream.java:218) java.io.bufferedinputstream.read1(bufferedinputstream.java:258) java.io.bufferedinputstream.read(bufferedinputstream.java:317) com.sun.jndi.ldap.connection.run(connection.java:834) java.lang.thread.run(thread.java:662) (there 2 threads, thread-7 , thread-8, both ldap)
apparently ldap not exiting gracefully. use spring security authenticate (and grab additional data) active directory server. security xml file follows...
<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:sec="http://www.springframework.org/schema/security" xmlns:security="http://www.springframework.org/schema/security" xsi:schemalocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> <bean id="contextsource" class="org.springframework.ldap.core.support.ldapcontextsource"> <property name="url" value="ldap://ldap.example.example.com:389" /> <property name="base" value="dc=corp,dc=global,dc=example,dc=com" /> <property name="userdn" value="cn=lna.authquery,ou=ldapgroups,ou=northamerica,dc=corp,dc=global,dc=example,dc=com" /> <property name="password" value="${example.password}" /> <property name="pooled" value="true" /> <!-- ad specific setting avoiding partial exception error --> <property name="referral" value="follow" /> </bean> <bean id="ldapauthenticationprovider" class="org.springframework.security.ldap.authentication.ldapauthenticationprovider" > <constructor-arg> <bean class="org.springframework.security.ldap.authentication.bindauthenticator"> <constructor-arg ref="contextsource" /> <property name="usersearch"> <bean id="usersearch" class="org.springframework.security.ldap.search.filterbasedldapusersearch"> <constructor-arg index="0" value="" /> <constructor-arg index="1" value="(samaccountname={0})" /> <constructor-arg index="2" ref="contextsource" /> </bean> </property> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.userdetails.defaultldapauthoritiespopulator"> <constructor-arg ref="contextsource" /> <constructor-arg value="" /> <property name="groupsearchfilter" value="(member={0})" /> <property name="searchsubtree" value="true" /> <!-- settings below convert adds prefix role_ roles returned ad --> </bean> </constructor-arg> <property name="userdetailscontextmapper"> <bean class="com.example.ncc.utilities.customuserdetailscontextmapper" /> </property> </bean> <bean id="authenticationmanager" class="org.springframework.security.authentication.providermanager"> <constructor-arg> <list> <ref local="ldapauthenticationprovider" /> </list> </constructor-arg> </bean> <sec:http pattern="/css/**" security="none"/> <sec:http pattern="/images/**" security="none"/> <sec:http auto-config="true" authentication-manager-ref="authenticationmanager" > <sec:intercept-url pattern="/login.jsp*" requires-channel="https" access="is_authenticated_anonymously"/> <sec:intercept-url pattern="/j_spring_security_check*" requires-channel="https" access="is_authenticated_anonymously"/> <sec:intercept-url pattern="/**" requires-channel="https" access="is_authenticated_fully"/> <sec:form-login login-page='/login.jsp' default-target-url="/home.html" authentication-failure-url="/login.jsp?error=true" /> </sec:http> i've seen references shutdowntlsgracefully parameter on spring documentation site honest, i'm not sure how relevant in case, or how inject parameter under spring security ldap.
how can shutdown ldap gracefully , avoid potential memory leak?
well found source of errant threads. turning off pooling <property name="pooled" value="false" /> removed problem. apparently pooling doesn't play nicely graceful shutdowns.
i'll accept answer because worked , no 1 else responded. if else has better/more elegant answer, feel free respond, , i'll unaccept mine.
Comments
Post a Comment