Update spring-security-adapter.adoc (#1282)
We could confirm a memory leak due to the SessionRegistryImpl not created as a separate bean and thus not processing SessionDestroyedEvents. As described in the linked topic (https://keycloak.discourse.group/t/outofmemory-in-sessionregistryimpl-spring-security-adapter-config/6814) this resulted in sessions never being destroyed until the applications went unresponsive because the heap was full.
This commit is contained in:
AT
GitHub
parent
cb730556a7
commit
43a457e332
1 changed files with 6 additions and 1 deletions
|
|
@ -72,7 +72,12 @@ public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
|
||||||
@Bean
|
@Bean
|
||||||
@Override
|
@Override
|
||||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||||
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
|
return new RegisterSessionAuthenticationStrategy(buildSessionRegistry());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
protected SessionRegistry buildSessionRegistry() {
|
||||||
|
return new SessionRegistryImpl();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue