[exo-jcr-commits] exo-jcr SVN: r4899 - in core/trunk: exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap and 1 other directory.
do-not-reply at jboss.org
do-not-reply at jboss.org
Tue Sep 13 03:04:43 EDT 2011
Author: tolusha
Date: 2011-09-13 03:04:41 -0400 (Tue, 13 Sep 2011)
New Revision: 4899
Modified:
core/trunk/exo.core.component.ldap/src/main/java/org/exoplatform/services/ldap/impl/LDAPServiceImpl.java
core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/ADUserDAOImpl.java
core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/MembershipDAOImpl.java
core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/OrganizationLdapInitializer.java
Log:
EXOJCR-1530: Connections leaks in LDAP OrganizationService
Modified: core/trunk/exo.core.component.ldap/src/main/java/org/exoplatform/services/ldap/impl/LDAPServiceImpl.java
===================================================================
--- core/trunk/exo.core.component.ldap/src/main/java/org/exoplatform/services/ldap/impl/LDAPServiceImpl.java 2011-09-13 06:47:47 UTC (rev 4898)
+++ core/trunk/exo.core.component.ldap/src/main/java/org/exoplatform/services/ldap/impl/LDAPServiceImpl.java 2011-09-13 07:04:41 UTC (rev 4899)
@@ -84,9 +84,9 @@
env.put(Context.SECURITY_AUTHENTICATION, config.getAuthenticationType());
env.put(Context.SECURITY_PRINCIPAL, config.getRootDN());
env.put(Context.SECURITY_CREDENTIALS, config.getPassword());
- // TODO move it in configuration ?
- env.put("com.sun.jndi.ldap.connect.timeout", "60000");
+ PrivilegedSystemHelper.setProperty("com.sun.jndi.ldap.connect.timeout", "60000");
+
if (config.getMinConnection() > 0)
{
PrivilegedSystemHelper.setProperty("com.sun.jndi.ldap.connect.pool.initsize",
@@ -252,13 +252,19 @@
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
NamingEnumeration<SearchResult> results = ctx.search(name, "(objectclass=*)", constraints);
- while (results.hasMore())
+ try
{
- SearchResult sr = results.next();
- unbind(ctx, sr.getNameInNamespace());
+ while (results.hasMore())
+ {
+ SearchResult sr = results.next();
+ unbind(ctx, sr.getNameInNamespace());
+ }
+ // close search results enumeration
}
- // close search results enumeration
- results.close();
+ finally
+ {
+ results.close();
+ }
ctx.unbind(name);
}
Modified: core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/ADUserDAOImpl.java
===================================================================
--- core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/ADUserDAOImpl.java 2011-09-13 06:47:47 UTC (rev 4898)
+++ core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/ADUserDAOImpl.java 2011-09-13 07:04:41 UTC (rev 4899)
@@ -123,24 +123,24 @@
@Override
protected void saveUserPassword(User user, String userDN) throws Exception
{
- Object v = ldapService.getLdapContext().getEnvironment().get(Context.SECURITY_PROTOCOL);
- if (v == null)
- return;
- String security = String.valueOf(v);
- if (!security.equalsIgnoreCase("ssl"))
- return;
- String newQuotedPassword = "\"" + user.getPassword() + "\"";
- byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
- ModificationItem[] mods = new ModificationItem[2];
- mods[0] =
- new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(ldapAttrMapping.userPassword,
- newUnicodePassword));
- mods[1] =
- new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl", Integer
- .toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
LdapContext ctx = ldapService.getLdapContext();
try
{
+ Object v = ctx.getEnvironment().get(Context.SECURITY_PROTOCOL);
+ if (v == null)
+ return;
+ String security = String.valueOf(v);
+ if (!security.equalsIgnoreCase("ssl"))
+ return;
+ String newQuotedPassword = "\"" + user.getPassword() + "\"";
+ byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
+ ModificationItem[] mods = new ModificationItem[2];
+ mods[0] =
+ new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(ldapAttrMapping.userPassword,
+ newUnicodePassword));
+ mods[1] =
+ new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",
+ Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
for (int err = 0;; err++)
{
try
Modified: core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/MembershipDAOImpl.java
===================================================================
--- core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/MembershipDAOImpl.java 2011-09-13 06:47:47 UTC (rev 4898)
+++ core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/MembershipDAOImpl.java 2011-09-13 07:04:41 UTC (rev 4899)
@@ -432,15 +432,23 @@
+ ldapAttrMapping.membershipTypeMemberValue + "=" + userDN + "))";
NamingEnumeration<SearchResult> results = findMembershipsInGroup(ctx, groupId, filter);
- if (results.hasMoreElements())
+ try
{
- // SearchResult sr = results.next();
- // if (haveUser(sr.getAttributes(), userDN)) {
- // membership = createMembershipObject(userName, groupId, type);
- // }
- membership = createMembershipObject(userName, groupId, type);
+ if (results.hasMoreElements())
+ {
+ // SearchResult sr = results.next();
+ // if (haveUser(sr.getAttributes(), userDN)) {
+ // membership = createMembershipObject(userName, groupId, type);
+ // }
+ membership = createMembershipObject(userName, groupId, type);
+ }
}
+ finally
+ {
+ results.close();
+ }
+
if (membership != null)
{
cacheHandler.put(cacheHandler.getMembershipKey(membership), membership, CacheType.MEMBERSHIP);
Modified: core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/OrganizationLdapInitializer.java
===================================================================
--- core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/OrganizationLdapInitializer.java 2011-09-13 06:47:47 UTC (rev 4898)
+++ core/trunk/exo.core.component.organization.ldap/src/main/java/org/exoplatform/services/organization/ldap/OrganizationLdapInitializer.java 2011-09-13 07:04:41 UTC (rev 4899)
@@ -27,7 +27,10 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.naming.NamingEnumeration;
import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
/**
@@ -67,36 +70,57 @@
Matcher matcher = pattern.matcher(dn);
dn = matcher.replaceAll("=");
LdapContext context = baseHandler.ldapService.getLdapContext();
- String[] explodeDN = baseHandler.explodeDN(dn, false);
- if (explodeDN.length < 1)
- return;
- dn = explodeDN[explodeDN.length - 1];
- int i = explodeDN.length - 2;
- for (; i > -1; i--)
+ try
{
- if (!explodeDN[i].toLowerCase().startsWith("dc="))
- break;
- dn = explodeDN[i] + "," + dn;
+ String[] explodeDN = baseHandler.explodeDN(dn, false);
+ if (explodeDN.length < 1)
+ return;
+ dn = explodeDN[explodeDN.length - 1];
+ int i = explodeDN.length - 2;
+ for (; i > -1; i--)
+ {
+ if (!explodeDN[i].toLowerCase().startsWith("dc="))
+ break;
+ dn = explodeDN[i] + "," + dn;
+ }
+ createDN(dn, context);
+ for (; i > -1; i--)
+ {
+ dn = explodeDN[i] + "," + dn;
+ createDN(dn, context);
+ }
}
- createDN(dn, context);
- for (; i > -1; i--)
+ finally
{
- dn = explodeDN[i] + "," + dn;
- createDN(dn, context);
+ baseHandler.ldapService.release(context);
}
}
private void createDN(String dn, LdapContext context) throws Exception
{
+ NamingEnumeration<SearchResult> results = null;
try
{
- Object obj = context.lookupLink(dn);
- if (obj != null)
+ SearchControls control = new SearchControls();
+ control.setSearchScope(SearchControls.OBJECT_SCOPE);
+ results = context.search(dn, "(objectClass=*)", control);
+
+ if (results.hasMoreElements())
+ {
return;
+ }
}
catch (Exception exp)
{
}
+ finally
+ {
+ if (results != null)
+ {
+ results.close();
+ }
+ }
+
String nameValue = dn.substring(dn.indexOf("=") + 1, dn.indexOf(","));
BasicAttributes attrs = new BasicAttributes();
if (dn.toLowerCase().startsWith("ou="))
@@ -139,33 +163,40 @@
LdapContext context = baseHandler.ldapService.getLdapContext();
- String[] edn = baseHandler.explodeDN(dn, false);
- String[] ebasedn = baseHandler.explodeDN(basedn, false);
+ try
+ {
+ String[] edn = baseHandler.explodeDN(dn, false);
+ String[] ebasedn = baseHandler.explodeDN(basedn, false);
- if (edn.length < 1)
- throw new IllegalArgumentException("Zerro DN length, [" + dn + "]");
- if (ebasedn.length < 1)
- throw new IllegalArgumentException("Zerro Base DN length, [" + basedn + "]");
- if (edn.length < ebasedn.length)
- throw new IllegalArgumentException("DN length smaller Base DN [" + dn + " >= " + basedn + "]");
+ if (edn.length < 1)
+ throw new IllegalArgumentException("Zerro DN length, [" + dn + "]");
+ if (ebasedn.length < 1)
+ throw new IllegalArgumentException("Zerro Base DN length, [" + basedn + "]");
+ if (edn.length < ebasedn.length)
+ throw new IllegalArgumentException("DN length smaller Base DN [" + dn + " >= " + basedn + "]");
- String rdn = basedn;
- for (int i = 1; i <= edn.length; i++)
- {
- // for (int i=edn.length - 1; i>=0; i--) {
- String n = edn[edn.length - i];
- if (i <= ebasedn.length)
+ String rdn = basedn;
+ for (int i = 1; i <= edn.length; i++)
{
- String bn = ebasedn[ebasedn.length - i];
- if (!n.equals(bn))
- throw new IllegalArgumentException("DN does not starts with Base DN [" + dn + " != " + basedn + "]");
+ // for (int i=edn.length - 1; i>=0; i--) {
+ String n = edn[edn.length - i];
+ if (i <= ebasedn.length)
+ {
+ String bn = ebasedn[ebasedn.length - i];
+ if (!n.equals(bn))
+ throw new IllegalArgumentException("DN does not starts with Base DN [" + dn + " != " + basedn + "]");
+ }
+ else
+ {
+ // create RDN elem
+ rdn = n + "," + rdn;
+ createDN(rdn, context);
+ }
}
- else
- {
- // create RDN elem
- rdn = n + "," + rdn;
- createDN(rdn, context);
- }
}
+ finally
+ {
+ baseHandler.ldapService.release(context);
+ }
}
}
More information about the exo-jcr-commits
mailing list