libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Update spring-security-adapter.adoc (#1282)

Browse source 
We could confirm a memory leak due to the SessionRegistryImpl not created as a separate bean and thus not processing SessionDestroyedEvents. As described in the linked topic (https://keycloak.discourse.group/t/outofmemory-in-sessionregistryimpl-spring-security-adapter-config/6814) this resulted in sessions never being destroyed until the applications went unresponsive because the heap was full.
This commit is contained in:
AT 2021-11-10 12:57:52 +01:00 committed by GitHub
parent cb730556a7
commit 43a457e332
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
securing_apps/topics/oidc/java/spring-security-adapter.adoc
View file

@ -72,7 +72,12 @@ public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
return new RegisterSessionAuthenticationStrategy(buildSessionRegistry());
}
@Bean
protected SessionRegistry buildSessionRegistry() {
return new SessionRegistryImpl();
}
@Override