Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1520: Enumerator not closed or fully-enumerated #1740

spring-issuemaster opened this Issue Jul 20, 2010 · 1 comment


None yet
1 participant

Marc Batchelor (Migrated from SEC-1520) said:

1- SpringSecurityLdapTemplate.java, in compare (called by the LDAP password authenticator)

NamingEnumeration results = ctx.search(dn, comparisonFilter, new Object[] {value}, ctls);
return Boolean.valueOf(results.hasMore());

-should be more like this-
NamingEnumeration results = ctx.search(dn, comparisonFilter, new Object[] {value}, ctls);
boolean rtn = Boolean.valueOf(results.hasMore());
try {
} catch (NamingException ignored) {
// Ignore naming exception on close.
return rtn;

2- DefaultDirContextValidator.validateDirContext has a similar problem, but I think that class has been refactored or eliminated.

Luke Taylor said:

Thanks, this should be fixed now. NamingEnumerations should be closed automtically when garbage collected, but it should certainly be more efficient to close them as early as possible.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment