Index: modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java =================================================================== --- modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java (revision 1199093) +++ modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java (working copy) @@ -25,6 +25,7 @@ import javax.naming.Context; import javax.naming.NamingEnumeration; +import javax.naming.NamingException; import javax.naming.directory.*; import javax.net.ssl.SSLSocketFactory; import javax.security.auth.Subject; @@ -168,9 +169,10 @@ } logger.debug("Get the user DN."); String userDN; + DirContext context1 = null; try { logger.debug("Initialize the JNDI LDAP Dir Context."); - DirContext context = new InitialDirContext(env); + context1 = new InitialDirContext(env); logger.debug("Define the subtree scope search control."); SearchControls controls = new SearchControls(); if (userSearchSubtree) { @@ -182,7 +184,7 @@ logger.debug(" base DN: " + userBaseDN); userFilter = userFilter.replaceAll("%u", user); logger.debug(" filter: " + userFilter); - NamingEnumeration namingEnumeration = context.search(userBaseDN, userFilter, controls); + NamingEnumeration namingEnumeration = context1.search(userBaseDN, userFilter, controls); if (!namingEnumeration.hasMore()) { logger.warn("User " + user + " not found in LDAP."); return false; @@ -190,10 +192,20 @@ logger.debug("Get the user DN."); SearchResult result = (SearchResult) namingEnumeration.next(); userDN = (String) result.getName(); + namingEnumeration.close(); } catch (Exception e) { throw new LoginException("Can't connect to the LDAP server: " + e.getMessage()); + } finally { + if (context1 != null) { + try { + context1.close(); + } catch (NamingException e) { + throw new LoginException("System error closing context: " + e.getMessage()); + } + } } // step 2: bind the user using the DN + DirContext context2 = null; try { logger.debug("Bind user (authentication)."); env.put(Context.SECURITY_AUTHENTICATION, authentication); @@ -201,18 +213,19 @@ env.put(Context.SECURITY_PRINCIPAL, userDN + "," + userBaseDN); env.put(Context.SECURITY_CREDENTIALS, password); logger.debug("Binding the user."); - DirContext context = new InitialDirContext(env); + context2 = new InitialDirContext(env); logger.debug("User " + user + " successfully bound."); - context.close(); + context2.close(); } catch (Exception e) { logger.warn("User " + user + " authentication failed.", e); return false; } principals.add(new UserPrincipal(user)); // step 3: retrieving user roles + DirContext context3 = null; try { logger.debug("Get user roles."); - DirContext context = new InitialDirContext(env); + context3 = new InitialDirContext(env); SearchControls controls = new SearchControls(); if (roleSearchSubtree) { controls.setSearchScope(SearchControls.SUBTREE_SCOPE); @@ -224,7 +237,7 @@ logger.debug(" base DN: " + roleBaseDN); roleFilter = roleFilter.replaceAll("%u", user); logger.debug(" filter: " + roleFilter); - NamingEnumeration namingEnumeration = context.search(roleBaseDN, roleFilter, controls); + NamingEnumeration namingEnumeration = context3.search(roleBaseDN, roleFilter, controls); while (namingEnumeration.hasMore()) { SearchResult result = (SearchResult) namingEnumeration.next(); Attributes attributes = result.getAttributes(); @@ -235,6 +248,14 @@ } } catch (Exception e) { throw new LoginException("Can't get user " + user + " roles: " + e.getMessage()); + } finally { + if (context3 != null) { + try { + context3.close(); + } catch (NamingException e) { + throw new LoginException("System error closing context: " + e.getMessage()); + } + } } return true; }