Sharing an LDAP connection between classes - best practices?
https://stackoverflow.com/questions/8225300
-
06-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What I need to do is connect to an LDAP, and then pass this connection to several classes, which do various steps of processing.
The problem I face is if I should pass the connection to these classes via the constructor, or if every class should manage his own connection.
The problem I see with the first approach is that the caller may not know that he is responsible for closing the stream by itself. The second approach also doesn't seem appropriate because opening/closing/reopening the connection also makes no sense.
Any ideas on this?
Solution
I don't know why you'd have several classes dealing with an LDAP. Maybe you should consider combining those scattered operations into a single class that has all responsibility for LDAP operations.
If that's not possible, your instincts are correct. The class that opens the connection should close it in a finally block. That should be the interface-based POJO service class that knows about the unit of work for that use case. There should be no doubt about where the responsibility lies. If you don't have such a service, create one.
If the operations aren't part of a single unit of work, then they should be managed by separate services. The comments from the previous paragraph still apply.
Are you pooling your LDAP connections? I hope so.
I'd recommend looking at the Spring LDAP module, especially if you're already a Spring user. It makes dealing with LDAP resources easy, the same way it does JDBC.
OTHER TIPS
It is a poor practice to construct a utility class, or any other class that provides a wide variety of services. Classes should provide a single service or group of tightly controlled services, else you may as well go back to FORTRAN garbage common blocks. To share an LDAP connection between classes, encapsulate the connection (this will also serve the purpose of hiding the API details). Then protect the methods as necessary by authenticating using accounts on the directory server. For example, a close() method should be required to authenticate to an account that has close privileges, or is the member of a close group, or whatever authn/authz you prefer. You should use the UnboundID LDAP SDK for this type of work. See also "LDAP: Programming Practices".
