Access JBoss MSC service from ServletExtension
by Harris, Carl
I made a ServletExtension that adds an AuthenticationMethod to an Undertow servlet deployment. I have a basic mock up of the authentication method working.
In order to move beyond the mock up, my authentication mechanism needs to use a service that my Wildfly extension puts into the (JBoss MSC) service registry. I’m not seeing how to put the pieces together to get a reference to the service registry so I can locate my service.
Does someone have an example that I could reference or tips on how I might go about this?
Thanks,
Carl
—
Carl Harris
Chief Technology Architect
Virginia Tech
9 years, 11 months
occasional 502 from Apache HTTP Proxy
by Edgar Espina
Hi,
I've an Undertow application behind apache reverse proxy, trying to load a
page displays error 502 proxy error.
Still couldn't find why so I wonder if any of you find a similar problem
with Undertow and Apache.
Please note this is our first app on top of Undertow, existing apps
running on Tomcat/Jetty are OK.
Appreciate any help.
Thanks
--
edgar
9 years, 11 months
Help, please: Observing low Undertow throughput under heavy loads
by Matt Clarkson
Hi Undertow Team,
We recently deployed a large platform for processing high-frequency http
signals from around the Internet. We are using undertow as our embedded
http server and are experiencing some serious throughput issues. Hoping
you can help us to remedy them. Here are our findings so far.
-When we dump thread stacks using jstack for a loaded server, we observe
that the I/O threads (1/core) are all blockng at
sun.nio.ch.EPollArrayWrapper.epollWait(Native Method).
-At the same time we see large numbers of TCP Timeouts, TCP Listen Drops,
and TCP Overflows, which would seem to imply that we are not processing
connections fast enough
-There are large numbers of sockets int TIME_WAIT status
-TaskWorker threads are underutilized and most are in WAITING state sitting
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:186)
We've observed this situation even against a no-op end point which
basically dispatches a handler, so we've eliminated almost all of our code
from the equation. We also removed HTTPS traffic to take SSL out of the
equation. CPU utilization on the boxes is very low and memory is fine as
well. Disk I/O is also not an issue... we don't write to disk when hitting
the no-op endpoint
We're currently runnning on c2-xlarge EC2 instances (8 gb ram/4 cores) in 7
amazon regions. We've tried tuning keepalive, IO thread count (currently
set to 4) and core/max task worker count (40) to no avail. We decided to
move our compute instances behind haproxy, which has improved the tcp
failure rates but we are still seeing very low throughput (roughly 200-300
request/sec max)
We are using 1.1.0-Final version of undertow. We tried 1.2.0-Beta 6 but
after deploying our servers froze after about 10 minutes so we had to roll
back.
Do you have any tips on other things we can look at ?
Thanks in advance,
Matt C.
9 years, 11 months
web socket timeout
by Edgar Espina
Hi,
I would like to set a timeout to wait before closing an idle websocket.
How can I do this?
Thanks.
--
edgar
9 years, 11 months
Multipart File Upload on Rewritten URL
by Cody Lerum
I'm encountering an issue with JSF file uploads and ocpsoft Rewrite
where a native JSF 2.1 h:inputFile will not work if the URL it is
posting to is a rewritten URL.
This is somewhat known behavior per
http://www.ocpsoft.org/rewrite/docs/faq Which says:
"According to the Servlet spec HttpServletRequest.getParameter*() and
HttpServletRequest.getPart*() can only be called from special Servlets
for multipart/form-data request. Using these methods outside of such
Servlets results in undefined behavior."
The Rewrite FAQ suggests a setting in Tomcat that allows "Casual
Multipart Parsing" allowCasualMultipartParsing="true"
http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Common_Attrib...
Is there a similar option for Undertow, or is this just a case where
multipart/form-data requests will not work on a rewritten URL?
Thanks
-C
9 years, 11 months
Closing an UndertowOutputStream on broken pipe
by Toby Crawley
I'm streaming data by writing it to an UndertowOutputStream in chunks,
and when the the client disconnects before the data is fully sent, I
get a Broken pipe IOException when calling .write() (which is
expected). I catch that error, then call .close() on the
UndertowOutputStream, which throws "java.io.IOException: UT000029:
Channel was closed mid chunk, if you have attempted to write chunked
data you cannot shutdown the channel until after it has all been
written."
Is this expected behavior? It seems like it wouldn't be, since none of
that pending data can be written.
Do I even need to close the OutputStream in this case? Would not doing
so leak any resources?
Currently, I'm catching and ignoring the IOException thrown by .close().
The full stack traces of the two errors are available at:
https://gist.github.com/21d111980352d04816c7
- Toby
9 years, 11 months
invalidate session
by Kovacs Lajos
Hidevelopers!
I recently changed to WildFly so to undertowtoo. Unfortunately I got an issue and I hopethis dev list is the right place to questions regarding undertow. The issue occurs when there are two sessionsand I want to invalidate from one session A the anotherone B. The session B is invalidated but unfortunately a new request fromsession A will create a new session C and Session A will remain in the memory.Digging alittle bit in the source code, I found that when the session B is invalidated, HttpSessionImpl.invalidate()function is called, where the 'exchange' object is got and passed to thesession.invalidate:
ServletRequestContextcurrent = SecurityActions.currentServletRequestContext();
if (current == null) {
session.invalidate(null);
} else {
session.invalidate(current.getOriginalRequest().getExchange());
}
Then the session B instance InMemorySessionManager.invalidate () line 415 the following is called:
if(exchange != null) {
sessionCookieConfig.clearSession(exchange, this.getId());
}
where theold session's (Session B) id what was removed, destroyed is placed as cookie with expired date onto the exchange(the response) Cookie cookie = new CookieImpl(cookieName, sessionId)
... exchange.setResponseCookie(cookie);
So the nextrequest will not contain the right cookie so the session will not be found anda new session will be created (ServletContextImpl.getSession()). That's the main cause what I see.
I checkedissue UNDERTOW-261 what is sounds very similar, but this is not the casebecause the session remains active in the memory but a new one still created.
Usedundertow 1.1.x branch for sources, as WildFly 8.2.0 with undertow 1.1.0.Final.
I’m doingsomething wrong or it is a bug? Any feedback is appreciated. Thanks in advance!
Best Regards,lalo
9 years, 11 months
Authentication layer in Undertow + Resteasy
by Antoine Girard
Dear fellow developers,
I am building a small web framework based on Jax-rs (Resteasy) and undertow
(with undertow-servlet) and I am having interrogations about authenticating
requests...
First of all, I know I shouldn't re-invent the wheel and build another
framework from scratch, but I am doing it purely for educational purposes
(my education!)
The setup is very simple: an embedded servlet container (undertow),
bootstrapping one single jax-rs servlet (resteasy), with little glue around
all of this et voilà! The user (person using the framework) only has to
focus on his jax-rs resources.
The servlet api already specifies how authentication should be done, and
undertow implements it and I am not here to question that.
However, what I want to achieve is to delegate all the authentication logic
to the Jax-rs layer.
I see two advantages in this:
- The user has full control over the login / user management system,
without having to tweak the servlet deployment... He can decide to do
logins against a DB, a remote web service etc... all programatically.
- Use the Jax-rs "DynamicFeature" feature.. to control what resources have
to be secured. To illustrate it, here is a code sample of how I intend to
use the DynamicFeature:
*@Provider*
*public class AuthenticationNeededFeature implements DynamicFeature {*
* @Inject*
* private AuthenticationFilter authenticationFilter;*
* @Override*
* public void configure(ResourceInfo resourceInfo, FeatureContext context)
{*
* /* If resource is not public then we add the authentication filter */*
* if
(!resourceInfo.getResourceMethod().isAnnotationPresent(Public.class)) {*
* context.register(authenticationFilter);*
* }*
* }*
*}*
This simply checks if the targeted resource method has the annotation
Public on it (custom annotation). If not, the resource must then be
authenticated and a ContainerRequestFilter is registered, to apply the
authentication logic.
The user can do anything he wants to authenticate the request inside the
filter:
- Look in a custom Authorization header for a bearer token
- Validate the token against a db or a cache
- Play with cookies
And more importantly, the securityContext, can be set here, as the Request
object is available.
The user can manufacture a securityContext containing the current user's
principal and roles (after a successful authentication of the request) and
therefore enable the role based access control in the resources
(@RolesAllowed).
I had a little try with adding a ServletExtension into the deployment, with
a custom AuthenticationMechanism, but I couldn't achieve what is described
above, as it is really jax-rs specific.
I haven't seen a lot of people on the internet doing what I have described
above... that's why I am not that confident! I am indeed bypassing all the
security layer already available in Undertow. I feel I am missing the
elephant in the room...
What do you think about that approach?
Thank you all in advance.
Best regards,
Antoine
9 years, 11 months
HttpServerExchange post data
by Mike Stefaniak
I can't figure out how to get the content of post data
My server start
Undertow.builder()
.addHttpListener(8080, "0.0.0.0")
.setHandler(Handlers.routing().post("/bid", new BidHandler()))
.build()
.start();
And the handler class
public final class BidHandler implements HttpHandler {
@Override
public void handleRequest(final HttpServerExchange exchange) throws
Exception {
........
}
}
If I make a curl request like so
curl -H "Content-Type: application/json" -X POST -i -d '{"some": "value"}'
http://127.0.0.1:8080/bid
It gets to the handler, but I can't figure out to access the post data from
the request
Thanks
9 years, 11 months