From 559f387e669414a6b5984c36f1030858afc39224 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=97=BA=E9=98=B3?= <qingwli@cisco.com>
Date: Wed, 22 Jun 2022 14:34:41 +0800
Subject: [PATCH] [Fix-10274]Close InitialLDAPContext In LDAP (#10532)

* add finally close ctx in ldap log

* fix code style
---
 .../api/security/impl/ldap/LdapService.java   | 20 ++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
index 6dac2f71d2..180c7d0005 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
@@ -87,9 +87,10 @@ public class LdapService {
      */
     public String ldapLogin(String userId, String userPwd) {
         Properties searchEnv = getManagerLdapEnv();
+        LdapContext ctx = null;
         try {
             //Connect to the LDAP server and Authenticate with a service user of whom we know the DN and credentials
-            LdapContext ctx = new InitialLdapContext(searchEnv, null);
+            ctx = new InitialLdapContext(searchEnv, null);
             SearchControls sc = new SearchControls();
             sc.setReturningAttributes(new String[]{ldapEmailAttribute});
             sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -99,7 +100,7 @@ public class LdapService {
             if (results.hasMore()) {
                 // get the users DN (distinguishedName) from the result
                 SearchResult result = results.next();
-                NamingEnumeration attrs = result.getAttributes().getAll();
+                NamingEnumeration<? extends Attribute> attrs = result.getAttributes().getAll();
                 while (attrs.hasMore()) {
                     //Open another connection to the LDAP server with the found DN and the password
                     searchEnv.put(Context.SECURITY_PRINCIPAL, result.getNameInNamespace());
@@ -110,7 +111,7 @@ public class LdapService {
                         logger.warn("invalid ldap credentials or ldap search error", e);
                         return null;
                     }
-                    Attribute attr = (Attribute) attrs.next();
+                    Attribute attr = attrs.next();
                     if (attr.getID().equals(ldapEmailAttribute)) {
                         return (String) attr.get();
                     }
@@ -119,7 +120,16 @@ public class LdapService {
         } catch (NamingException e) {
             logger.error("ldap search error", e);
             return null;
+        } finally {
+            try {
+                if (ctx != null) {
+                    ctx.close();
+                }
+            } catch (NamingException e) {
+                logger.error("ldap context close error", e);
+            }
         }
+
         return null;
     }
 
@@ -137,7 +147,7 @@ public class LdapService {
         return env;
     }
 
-    public LdapUserNotExistActionType getLdapUserNotExistAction(){
+    public LdapUserNotExistActionType getLdapUserNotExistAction() {
         if (StringUtils.isBlank(ldapUserNotExistAction)) {
             logger.info("security.authentication.ldap.user.not.exist.action configuration is empty, the default value 'CREATE'");
             return LdapUserNotExistActionType.CREATE;
@@ -146,7 +156,7 @@ public class LdapService {
         return LdapUserNotExistActionType.valueOf(ldapUserNotExistAction);
     }
 
-    public boolean createIfUserNotExists(){
+    public boolean createIfUserNotExists() {
         return getLdapUserNotExistAction() == LdapUserNotExistActionType.CREATE;
     }
 }