Fix possible resource leak in serialization.

jcoleman · jcoleman · commit c7d48f3cf088 · 2014-10-21T22:09:37.000-04:00
diff --git a/src/main/java/com/orangefunction/tomcat/redissessions/JavaSerializer.java b/src/main/java/com/orangefunction/tomcat/redissessions/JavaSerializer.java
@@ -30,9 +30,15 @@ public byte[] attributesHashFrom(RedisSession session) throws IOException {
       attributes.put(key, session.getAttribute(key));
     }
 
-    ByteArrayOutputStream bos = new ByteArrayOutputStream();
-    try (ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(bos))) {
+    byte[] serialized = null;
+
+    try (
+         ByteArrayOutputStream bos = new ByteArrayOutputStream();
+         ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(bos));
+    ) {
       oos.writeUnshared(attributes);
+
+      serialized = bos.toByteArray();
     }
 
     MessageDigest digester = null;
@@ -41,18 +47,24 @@ public byte[] attributesHashFrom(RedisSession session) throws IOException {
     } catch (NoSuchAlgorithmException e) {
       log.error("Unable to get MessageDigest instance for MD5");
     }
-    return digester.digest(bos.toByteArray());
+    return digester.digest(serialized);
   }
 
   @Override
   public byte[] serializeFrom(RedisSession session, SessionSerializationMetadata metadata) throws IOException {
-    ByteArrayOutputStream bos = new ByteArrayOutputStream();
-    try (ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(bos))) {
+    byte[] serialized = null;
+
+    try (
+         ByteArrayOutputStream bos = new ByteArrayOutputStream();
+         ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(bos));
+    ) {
       oos.writeObject(metadata);
       session.writeObjectData(oos);
+
+      serialized = bos.toByteArray();
     }
 
-    return bos.toByteArray();
+    return serialized;
   }
 
   @Override
