Fixes #27091: Close SAML FileInputStream and HttpURLConnection resources

[hyspacex]

Describe your changes:

Fixes #27091

Addresses two of the three resource leaks reported in the issue:

Bug 1 — SamlSettingsHolder.initDefaultSettings leaked a FileInputStream.
The keystore stream was created inline in keyStore.load(new FileInputStream(path), password) and the reference was lost immediately, so it could never be closed. Wrapped it in try-with-resources.

Bug 2 — SamlValidator.validateIdpConnectivity leaked an HttpURLConnection, and readResponseSnippet leaked the response InputStream.
Lifted conn above the try block and added a finally { if (conn != null) conn.disconnect(); }. Wrapped the response stream in readResponseSnippet in try-with-resources.

Bug 3 — IndexResource was already fixed in #27269 (CSP nonce handling) — the current IndexResource.java now reads /assets/index.html once into a static final field inside a try-with-resources block with a null check. Nothing to do here.

Tests

• SamlValidatorTest: added readResponseSnippetClosesReadableStreams and validateIdpConnectivityDisconnectsConnections, plus a mock URLStreamHandler for the mock:// protocol so we can inject a tracking HttpURLConnection without real network I/O.
• SamlSettingsHolderTest (new): writes a real empty JKS to @TempDir and asserts the keystore loads into samlData[KEYSTORE_KEY]. Proves the fix end-to-end without mocking FileInputStream construction.
• Local run: 63/63 tests pass across SamlValidatorTest + SamlSettingsHolderTest. mvn spotless:apply reports no changes needed.

Type of change:

• Bug fix

Checklist:

• I have read the CONTRIBUTING document.
• My PR title is Fixes <issue-number>: <short explanation>
• I have commented on my code, particularly in hard-to-understand areas.
• For JSON Schema changes: I updated the migration scripts or explained why it is not needed. (no schema changes)
• I have added a test that covers the exact scenario we are fixing.

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[gitar-bot]

Code Review ✅ Approved

Explicitly closes SAML FileInputStream and HttpURLConnection resources to prevent potential memory leaks. No issues found.

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact

gitar display:verbose

_{Was this helpful? React with 👍 / 👎 | Gitar}