Skip to content

Commit

Permalink
Patch for client connection leak when using digest authentication
Browse files Browse the repository at this point in the history
Signed-off-by: agherardi <[email protected]>
  • Loading branch information
agherardi authored and alessandro.gherardi committed Jun 20, 2018
1 parent 02f2cb6 commit 5f4755c
Show file tree
Hide file tree
Showing 3 changed files with 113 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
Expand Down Expand Up @@ -144,6 +145,19 @@ public String getFilter(@Context HttpHeaders h) {
return "GET";
}

@GET
@Path("digest")
public String getDigest(@Context HttpHeaders h) {
String value = h.getRequestHeaders().getFirst("Authorization");
if (value == null) {
throw new WebApplicationException(
Response.status(401).header("WWW-Authenticate", "Digest realm=\"WallyWorld\"")
.entity("Forbidden").build());
}

return "GET";
}

@POST
public String post(@Context HttpHeaders h, String e) {
requestCount++;
Expand Down Expand Up @@ -254,6 +268,24 @@ public void testAuthGetWithClientFilter() {
assertEquals("GET", r.request().get(String.class));
}

@Test
public void testAuthGetWithDigestFilter() {
ClientConfig cc = new ClientConfig();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager();
cc.connectorProvider(new ApacheConnectorProvider());
cc.property(ApacheClientProperties.CONNECTION_MANAGER, cm);
Client client = ClientBuilder.newClient(cc);
client.register(HttpAuthenticationFeature.universal("name", "password"));
WebTarget r = client.target(getBaseUri()).path("test/digest");

assertEquals("GET", r.request().get(String.class));

// Verify the connection that was used for the request is available for reuse
// and no connections are leased
assertEquals(cm.getTotalStats().getAvailable(), 1);
assertEquals(cm.getTotalStats().getLeased(), 0);
}

@Test
@Ignore("JERSEY-1750: Cannot retry request with a non-repeatable request entity. How to buffer the entity?"
+ " Allow repeatable write in jersey?")
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/

package org.glassfish.jersey.client.authentication;

import java.io.IOException;
import java.io.InputStream;

import javax.ws.rs.client.ClientRequestContext;

/**
* Common authentication utilities
*/
class AuthenticationUtil {
static void discardInputAndClose(InputStream is) {
byte[] buf = new byte[4096];
try {
while (true) {
if (is.read(buf) <= 0) {
break;
}
}
} catch (IOException ex) {
// ignore
} finally {
try {
is.close();
} catch (IOException ex) {
// ignore
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,9 @@
import java.util.List;
import java.util.Map;

import javax.annotation.Priority;
import javax.ws.rs.Priorities;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.client.ClientResponseContext;
Expand All @@ -42,8 +42,6 @@
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;

import javax.annotation.Priority;

import org.glassfish.jersey.client.ClientProperties;
import org.glassfish.jersey.client.internal.LocalizationMessages;

Expand Down Expand Up @@ -270,8 +268,16 @@ private void updateCache(ClientRequestContext request, boolean success, Type ope
* {@code false} otherwise).
*/
static boolean repeatRequest(ClientRequestContext request, ClientResponseContext response, String newAuthorizationHeader) {
Client client = request.getClient();
// If the failed response has an entity stream, close it. We must do this to avoid leaking a connection
// when we replace the entity stream of the failed response with that of the repeated response (see below).
// Notice that by closing the entity stream before sending the repeated request we allow the connection allocated
// to the failed request to be reused, if possible, for the repeated request.
if (response.hasEntity()) {
AuthenticationUtil.discardInputAndClose(response.getEntityStream());
response.setEntityStream(null);
}

Client client = request.getClient();
String method = request.getMethod();
MediaType mediaType = request.getMediaType();
URI lUri = request.getUri();
Expand All @@ -294,6 +300,12 @@ static boolean repeatRequest(ClientRequestContext request, ClientResponseContext

builder.property(REQUEST_PROPERTY_FILTER_REUSED, "true");

// Copy other properties, if any, from the original request
for (String propertyName : request.getPropertyNames()) {
Object propertyValue = request.getProperty(propertyName);
builder.property(propertyName, propertyValue);
}

Invocation invocation;
if (request.getEntity() == null) {
invocation = builder.build(method);
Expand Down Expand Up @@ -419,4 +431,23 @@ static Credentials getCredentials(ClientRequestContext request, Credentials defa
return specificCredentials != null ? specificCredentials : defaultCredentials;
}
}

private static void discardInputAndClose(InputStream is) {
byte[] buf = new byte[4096];
try {
while (true) {
if (is.read(buf) <= 0) {
break;
}
}
} catch (IOException ex) {
// ignore
} finally {
try {
is.close();
} catch (IOException ex) {
// ignore
}
}
}
}

0 comments on commit 5f4755c

Please sign in to comment.