Issue with Undertow Client and SSL
by Thomas Segismont
Hi,
Openshift Origin uses Hawkular Metrics to store node and container data. In
this scenario, Hawkular Metrics calls the Kubernetes master server over
HTTPS to validate the client identity. This is implemented with Undertow
Client, as part of a ServletExtension (inside Wildfly 10) [1]. Works fine
in development and testing.
Now the Openshit team sees errors in the logs [2][3]. I couldn't reproduce
yet. Errors come in pair, first the "UT005001: An exception occurred
processing the request: java.lang.IllegalStateException: XNIO000017: Buffer
was already freed", and just after "XNIO001007: A channel event listener
threw an exception: java.lang.NullPointerException".
Does that ring a bell? I haven't been able to find a starting point by
looking into the source the code.
Thanks
--
Thomas Segismont
JBoss ON Engineering Team
[1] https://git.io/vrNyP
[2] https://issues.jboss.org/browse/HWKMETRICS-408
[3] https://issues.jboss.org/secure/attachment/12405779/hawkular.log
2 months, 2 weeks
Correctly shutting down a websocket handler
by Robin Anil
When a client disconnects, I see that onClose is not being fired. The only
way this seems to be firing if client sents a close frame.
Is there any way to detect disconnection and immediately close all the
opened resources.
Robin
Robin Anil | Software Engineer
2 years, 8 months
Access control examples
by Brad Wood
Hi, I'm looking for some examples of locking down access to certain
directories, similar to how IIS has "hidden segments". For instance, I'd
like all URLs starting with /CFIDE to be blocked, or perhaps only access to
a certain range of IPs
I swear I had looked at some examples of this about a year ago, but after
quite a lot of Googling today I was coming up empty handed. I found some
basic information on the access control handlers, but couldn't find a
single example of using them.
Thanks!
~Brad
*Developer Advocate*
*Ortus Solutions, Corp *
E-mail: brad(a)coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com
7 years, 8 months
Request header order
by Ilpo Ruotsalainen
Hi,
A project we're working on has recently ran into a need to access the HTTP
request headers in order they were received. This does not seem currently
possible as HeaderMap is just a hash table.
One way I see to get this functionality would be to make HeaderMap
non-final and provide a mechanism for configuring the class used for
request headers, but I don't particularly like this as the HeaderMap API is
fairly wide and some of the methods are semantically tricky for this
particular purpose.
Obviously we'd prefer a solution where the modifications to Undertow itself
are acceptable for upstreaming so we don't have to maintain a custom fork
of it. Any suggestions would be appreciated.
7 years, 8 months
Unable to concurrently use all available IO Threads under load on Red Hat
by R. Matt Barnett
Hello,
I'm experiencing an Undertow performance issue I fail to understand. I
am able to reproduce the issue with the code linked bellow. The problem
is that on Red Hat (and not Windows) I'm unable to concurrently process
more than 4 overlapping requests even with 8 configured IO Threads.
For example, if I run the following program (1 file, 55 lines):
https://gist.github.com/rmbarnett-rice/668db6b4e9f8f8da7093a3659b6ae2b5
... on Red Hat and then send requests to the server using Apache
Benchmark...
> ab -n 1000 -c 8 localhost:8080/
I see the following output from the Undertow process:
Server started on port 8080
1
2
3
4
I believe this demonstrates that only 4 requests are ever processed in
parallel. I would expect 8. In fact, when I run the same experiment on
Windows I see the expected output of
Server started on port 8080
1
2
3
4
5
6
7
8
Any thoughts as to what might explain this behavior?
Best,
Matt
7 years, 9 months
comma separators in cookie headers
by Brian R Wallis
Are commas allowed as a separator of multiple cookies in a cookie header?
I am running an application in wildfly-11.0.0.Final and another application is making a request with two cookies, JSESSIONID and JSESSIONIDSSO. It is sending these as
JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID=lDA5h47Pk_jrnIwAshNsQ7Ot269XyVSTR1mwYNEL.localhost
which then seems to be parsed into a single cookie
JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID
which of course does not work for the authentication so the request fails. This seems to be a failure in parsing the original cookie string. There is a bit of confusion in this area in the RFCs as the earlier ones allowed comma as a separator but the most recent, RFC-6265, does not. Undertow should probably allow a comma separator for backward compatibility with older implementations.
Thanks
brian wallis…
The full dump from the undertow request dumper is
18:33:29,249 INFO [io.undertow.request.dump] (Unknown)
----------------------------REQUEST---------------------------
URI=/infoapi/user/profile
characterEncoding=null
contentLength=-1
contentType=[none]
cookie=JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID
header=Connection=Keep-Alive
header=Orbeon-Token=5b4085e06896f374e8dec7a22f9e411a2b0d2105
header=Accept-Encoding=gzip,deflate
header=Content-Type=none
header=Cookie=JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID=lDA5h47Pk_jrnIwAshNsQ7Ot269XyVSTR1mwYNEL.localhost
header=Cookie2=$Version=1
header=Host=localhost
locale=[]
method=GET
protocol=HTTP/1.1
queryString=
remoteAddr=/127.0.0.1:55984
remoteHost=localhost
scheme=http
host=localhost
serverPort=80
--------------------------RESPONSE--------------------------
contentLength=71
contentType=text/html;charset=UTF-8
cookie=JSESSIONIDSSO=null; domain=null; path=/
header=Expires=0
header=Cache-Control=no-cache, no-store, must-revalidate
header=X-Powered-By=Undertow/1
header=Set-Cookie=JSESSIONIDSSO=""; path=/; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT
header=Server=WildFly/11
header=Pragma=no-cache
header=Date=Fri, 03 Aug 2018 08:33:29 GMT
header=WWW-Authenticate=Basic realm="REST API authentication module"
header=Content-Type=text/html;charset=UTF-8
header=Content-Length=71
status=401
7 years, 9 months
