Bug 59123 - The JNDIRealm does not close the NamingEnumeration
Summary: The JNDIRealm does not close the NamingEnumeration
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: unspecified
Hardware: PC Mac OS X 10.4
: P2 normal (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-05 10:57 UTC by Emmanuel L
Modified: 2016-03-07 23:07 UTC (History)
0 users



Attachments
Explicitly close NamingEnumerations after usage (5.04 KB, patch)
2016-03-05 18:11 UTC, Felix Schumacher
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Emmanuel L 2016-03-05 10:57:56 UTC
The JNDIRealm does not close any of the NamingEnumeration it uses in the following methods :

- getUserBySearch, line 1685
- getRoles, line 1974
- addAttributeValues, line 2125

(this is from trunk, I saw the same issue in Tomcat 8, I suspect the problem is the same for all the tomcat versions)

The problem is that if a NamingEnumeration is not close, then the associated DirContext won't be closed, even if a DirContext.close() is explicitly called, leving the DirContext opened until it times out. The consequence is that if this DirContext is taken from a Pool of connection, you pretty quickly exhaust this pool, as the connction will be back into the available connections only when they timeout (an dthe default timeout is 30s, from the top of my head).

This is explicitely said on https://docs.oracle.com/javase/tutorial/jndi/ldap/close.html :

"You invoke Context.close() on a Context instance to indicate that you no longer need to use it. If the Context instance being closed is using a dedicated connection, the connection is also closed. If the Context instance is sharing a connection with other Context and unterminated NamingEnumeration instances, the connection will not be closed until close() has been invoked on all such Context and NamingEnumeration instances."

or in https://blogs.oracle.com/moazam/entry/jndi_connections_not_closing_remember
Comment 1 Felix Schumacher 2016-03-05 18:11:21 UTC
Created attachment 33625 [details]
Explicitly close NamingEnumerations after usage
Comment 2 Mark Thomas 2016-03-07 16:37:32 UTC
Thanks for the report.

I've applied Felix's patch to 9.0.x (for 9.0.0.M4 onwards), 8.0.x (for 8.0.33 onwards) and 7.0.x (for 7.0.69 onwards). It has also been back-ported to 6.0.x for 6.0.46 onwards.
Comment 3 Emmanuel L 2016-03-07 23:07:04 UTC
Sounds good to me. Thanks for the patch and sorry for having been lazy and not have provided it...