java Azure密钥库警告okhttp3。OkHttpClient:连接泄漏
我们正在Spring boot应用程序中使用Azure Key Vault Provider加密SQL Server DB列,一切正常。但是,我们看到正在记录“连接泄漏”警告消息,如下所示:
2019-12-04 16:26:26.332 WARN 1 --- [ ConnectionPool] okhttp3.OkHttpClient : A connection to https://xxxxx.vault.azure.net/ was leaked. Did you forget to close a response body? java.lang.Throwable: response.body().close()
at okhttp3.internal.platform.Platform.getStackTraceForCloseable(Platform.java:148)
at okhttp3.RealCall.captureCallStackTrace(RealCall.java:89)
at okhttp3.RealCall.execute(RealCall.java:73)
at retrofit2.OkHttpCall.execute(OkHttpCall.java:180)
at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:40)
at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:24)
at rx.Observable.unsafeSubscribe(Observable.java:10327)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.Observable.subscribe(Observable.java:10423)
at rx.Observable.subscribe(Observable.java:10390)
at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
at com.microsoft.azure.keyvault.implementation.KeyVaultClientBaseImpl.getKey(KeyVaultClientBaseImpl.java:1390)
at com.microsoft.azure.keyvault.implementation.KeyVaultClientCustomImpl.getKey(KeyVaultClientCustomImpl.java:627)
at com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider.getAKVKeySize(SQLServerColumnEncryptionAzureKeyVaultProvider.java:565)
at com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider.decryptColumnEncryptionKey(SQLServerColumnEncryptionAzureKeyVaultProvider.java:165)
at com.microsoft.sqlserver.jdbc.SQLServerSymmetricKeyCache.getKey(SQLServerSymmetricKeyCache.java:157)
at com.microsoft.sqlserver.jdbc.SQLServerSecurityUtility.decryptSymmetricKey(SQLServerSecurityUtility.java:136)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.getParameterEncryptionMetadata(SQLServerPreparedStatement.java:940)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement(SQLServerPreparedStatement.java:562)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement$PrepStmtExecCmd.doExecute(SQLServerPreparedStatement.java:522)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7194)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2935)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand(SQLServerStatement.java:248)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement(SQLServerStatement.java:223)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.executeUpdate(SQLServerPreparedStatement.java:471)
下面是我们与Azure Key Vault建立连接以启动DB列加密的代码
public void setupEncryption() throws Exception {
if (alwaysOnEncryptionEnabled) {
SQLServerColumnEncryptionAzureKeyVaultProvider akvProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(this.alwaysOnEncryptionClientId, this.alwaysOnEncryptionClientSecret);
Map<String, SQLServerColumnEncryptionKeyStoreProvider> keyStoreMap = new HashMap<>();
keyStoreMap.put(akvProvider.getName(), akvProvider);
SQLServerConnection.registerColumnEncryptionKeyStoreProviders(keyStoreMap);
}
}
似乎Azure密钥库中的代码连接未正确关闭
请帮助我处理此警告消息
我们希望处理此消息,因为我们使用Azure Key vault的应用程序非常关键,不希望存在任何漏洞
还想知道如果我们无法处理此连接泄漏会产生什么影响
# 1 楼答案
您可以尝试在代码中添加此行:
Here是一个与您的类似的问题,供您参考