Fix memory leak in LDAP
The caching in LDAP stores and reuses the session at the time of creating `LDAPIdentityStore`. On top of that, there is not much cached, since apart from the session which must not be part of long-lived cache, only config is cached in the objects which is anyway always recomputed. The cache for the LDAP still retains the LDAPConfig to keep the `logLDAPConfig` call upon config change. Closes: #19396
This commit is contained in:
parent
615dc89e13
commit
6014070431
1 changed files with 6 additions and 21 deletions
|
@ -35,11 +35,9 @@ public class LDAPIdentityStoreRegistry {
|
|||
|
||||
private static final Logger logger = Logger.getLogger(LDAPIdentityStoreRegistry.class);
|
||||
|
||||
private Map<String, LDAPIdentityStoreContext> ldapStores = new ConcurrentHashMap<>();
|
||||
private final Map<String, LDAPConfig> ldapStores = new ConcurrentHashMap<>();
|
||||
|
||||
public LDAPIdentityStore getLdapStore(KeycloakSession session, ComponentModel ldapModel, Map<ComponentModel, LDAPConfigDecorator> configDecorators) {
|
||||
LDAPIdentityStoreContext context = ldapStores.get(ldapModel.getId());
|
||||
|
||||
// Ldap config might have changed for the realm. In this case, we must re-initialize
|
||||
MultivaluedHashMap<String, String> configModel = ldapModel.getConfig();
|
||||
LDAPConfig ldapConfig = new LDAPConfig(configModel);
|
||||
|
@ -50,14 +48,13 @@ public class LDAPIdentityStoreRegistry {
|
|||
decorator.updateLDAPConfig(ldapConfig, mapperModel);
|
||||
}
|
||||
|
||||
if (context == null || !ldapConfig.equals(context.config)) {
|
||||
LDAPConfig cachedConfig = ldapStores.get(ldapModel.getId());
|
||||
if (cachedConfig == null || !ldapConfig.equals(cachedConfig)) {
|
||||
logLDAPConfig(session, ldapModel, ldapConfig);
|
||||
|
||||
LDAPIdentityStore store = createLdapIdentityStore(session, ldapConfig);
|
||||
context = new LDAPIdentityStoreContext(ldapConfig, store);
|
||||
ldapStores.put(ldapModel.getId(), context);
|
||||
ldapStores.put(ldapModel.getId(), ldapConfig);
|
||||
}
|
||||
return context.store;
|
||||
|
||||
return createLdapIdentityStore(session, ldapConfig);
|
||||
}
|
||||
|
||||
// Don't log LDAP password
|
||||
|
@ -97,16 +94,4 @@ public class LDAPIdentityStoreRegistry {
|
|||
}
|
||||
System.setProperty(name, value);
|
||||
}
|
||||
|
||||
|
||||
private static class LDAPIdentityStoreContext {
|
||||
|
||||
private LDAPIdentityStoreContext(LDAPConfig config, LDAPIdentityStore store) {
|
||||
this.config = config;
|
||||
this.store = store;
|
||||
}
|
||||
|
||||
private LDAPConfig config;
|
||||
private LDAPIdentityStore store;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue