CLOSE_WAIT有关使用keycloak-spring-security-adapter的更多信息

时间:2019-01-31 05:09:32

标签: spring-boot tcp httpclient keycloak

在我的spring-boot应用程序上运行负载测试时,我可以看到在CLOSE_WAIT条件下堆积了更多端口。进一步深入了解,我发现CLOSE_WAIT位于绑定到密钥库的端口上。

我正在使用

  

keycloak-spring-security-adapter版本3.4.3最终版

是否有一种方法可以像在HttpClient中那样在密钥斗篷适配器中设置keepalive超时。

我尝试从本地主机上运行keycloak和应用程序,并捕获了netstat输出并在此处提供了

  

docker exec spanugo_api netstat -tan | grep CLOSE_WAIT   tcp 32 0 172.20.0.6:50276 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:33204 34.235.253.108:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50228 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50232 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50286 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:33182 34.235.253.108:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50224 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50234 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:33192 34.235.253.108:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50282 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:33186 34.235.253.108:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50236 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:33190 34.235.253.108:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50218 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50220 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50230 54.81.249.191:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:33194 34.235.253.108:11006 CLOSE_WAIT
  tcp 32 0 172.20.0.6:50278 54.81.249.191:11006 CLOSE_WAIT

对于CLOSE_WAIT上的一个端口,线束输出也在下面

enter image description here

我扩展了“ KeycloakWebSecurityConfigurerAdapter

我可以理解,添加ConnectionKeepAliveStrategy可以解决问题,但无法获得与添加httpclient对象相同的句柄。

1 个答案:

答案 0 :(得分:0)

我创建了一个简单的解决方案,将连接限制为一个。 

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {

    @Value("${keycloak.json.path:classpath:keycloak.json}")
    private Resource keycloakJSON;

    /**
     * Registers the KeycloakAuthenticationProvider with the authentication manager.
     */
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(keycloakAuthenticationProvider());
    }

    /**
     * Defines the session authentication strategy.
     */
    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new NullAuthenticatedSessionStrategy();
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        super.configure(http);
        //...
    }

    @Bean
    public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean(KeycloakAuthenticationProcessingFilter filter) {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
        registrationBean.setEnabled(false);
        return registrationBean;
    }

    @Bean
    public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean(KeycloakPreAuthActionsFilter filter) {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
        registrationBean.setEnabled(false);
        return registrationBean;
    }

    @Bean
    public KeycloakConfigResolver keycloakConfigResolver() {
        return new KeycloakConfigResolver() {

            private KeycloakDeployment keycloakDeployment;

            @Override
            public KeycloakDeployment resolve(HttpFacade.Request facade) {
                try {
                    // here is an important part!!!!
                    if (keycloakDeployment == null) {
                        keycloakDeployment = KeycloakDeploymentBuilder.build(keycloakJSON.getInputStream());
                    }
                } catch (IOException e) {
                    e.printStackTrace();
                }

                return keycloakDeployment;
            }
        };
    }

}
相关问题
最新问题