[jbossws-issues] [JBoss JIRA] Issue Comment Edited: (JBWS-3202) JBossWS does not reuse SSL sessions
Richard Opalka (JIRA)
jira-events at lists.jboss.org
Mon Jan 24 09:46:50 EST 2011
[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12577472#comment-12577472 ]
Richard Opalka edited comment on JBWS-3202 at 1/24/11 9:45 AM:
---------------------------------------------------------------
Remoting transport have been removed years ago from JBossWS trunk (community). We're using JBoss Netty nowadays.
Regarding this issue (after exhaustive debugging) here's my conclusion:
There's no way to reuse SSL connections when using remoting API.
I first thought we're using remoting API in wrong way but this wasn't the case.
We're using remoting the following way:
HTTPRemotingConnection.invoke() {
...
org.jboss.remoting.Client client = new Client(locator, "jbossws", clientConfig);
client.connect();
client.setMarshaller(marshaller);
client.setUnMarshaller(unmarshaller);
Object resMessage = client.invoke(reqMessage, metadata);
// MicroRemoteClientInvoker.invoke() {
// ...
// String sessionId = invocationReq.getSessionId();
// returnValue = transport(sessionId, payload, metadata, marshaller, unmarshaller);
// HTTPClientInvoker.transport() {
// ...
// final HttpURLConnection conn = createURLConnection(validatedUrl, metadata);
// HTTPSClientInvoker.createURLConnection() {
// HttpURLConnection conn = super.createURLConnection(url, metadata);
// HTTPClientInvoker.createURLConnection() {
// ...
// return new URL(url).openConnection();
// ...
// }
// ...
// HttpsURLConnection sconn = (HttpsURLConnection) conn;
// sconn.setSSLSocketFactory(sslSocketFactory);
// setHostnameVerifier(sconn, metadata);
// ...
// }
// ...
// OutputStream stream = getOutputStream(conn);
// marshaller.write(invocation, stream);
// ...
// InputStream is = (responseCode < 400) ? conn.getInputStream() : conn.getErrorStream();
// result = unmarshaller.read(is, map);
// ...
// // Here leaks conn object - known issue
// }
// ...
// }
client.disconnect();
...
return resMessage;
}
In short we're doing whole this procedure on each invocation.
I first thought that reusing remoting Client (pooling) could solve this problem.
But after investigation of remoting code base
remoting is always calling new URL(targetURL).openConnection()
and there's no way to reuse this created connection outside of remoting.
I copied/pasted relevant bits of remoting code base above (in form of comments)
so you can see what's happening inside of remoting2.
was (Author: richard.opalka at jboss.com):
Remoting transport have been removed years ago from JBossWS trunk (community). We're using JBoss Netty nowadays.
Regarding this issue (after exhaustive debugging) here's my conclusion:
There's no way to reuse SSL connections when using remoting API.
I first thought we're using remoting API in wrong way but this wasn't the case.
We're using remoting the following way:
HTTPRemotingConnection.invoke() {
...
org.jboss.remoting.Client client = new Client(locator, "jbossws", clientConfig);
client.connect();
client.setMarshaller(marshaller);
client.setUnMarshaller(unmarshaller);
Object resMessage = client.invoke(reqMessage, metadata);
// MicroRemoteClientInvoker.invoke() {
// ...
// String sessionId = invocationReq.getSessionId();
// returnValue = transport(sessionId, payload, metadata, marshaller, unmarshaller);
// HTTPClientInvoker.transport() {
// ...
// final HttpURLConnection conn = createURLConnection(validatedUrl, metadata);
// HTTPSClientInvoker.createURLConnection() {
// HttpURLConnection conn = super.createURLConnection(url, metadata);
// HTTPClientInvoker.createURLConnection() {
// ...
// return new URL(url).openConnection();
// ...
// }
// ...
// HttpsURLConnection sconn = (HttpsURLConnection) conn;
// sconn.setSSLSocketFactory(sslSocketFactory);
// setHostnameVerifier(sconn, metadata);
// ...
// }
// ...
// OutputStream stream = getOutputStream(conn); // generates SSL handshake
// marshaller.write(invocation, stream);
// ...
// InputStream is = (responseCode < 400) ? conn.getInputStream() : conn.getErrorStream();
// result = unmarshaller.read(is, map);
// ...
// // Here leaks conn object - known issue
// }
// ...
// }
client.disconnect();
...
return resMessage;
}
In short we're doing whole this procedure on each invocation.
I first thought that reusing remoting Client (pooling) could solve this problem.
But after investigation of remoting code base
remoting is always calling new URL(targetURL).openConnection()
and there's no way to reuse this created connection outside of remoting.
I copied/pasted relevant bits of remoting code base above (in form of comments)
so you can see what's happening inside of remoting2.
> JBossWS does not reuse SSL sessions
> -----------------------------------
>
> Key: JBWS-3202
> URL: https://issues.jboss.org/browse/JBWS-3202
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: jbossws-native
> Affects Versions: jbossws-native-3.1.2
> Environment: JBoss Enterprise Application Platform 5.x
> JBossWS 3.1.2
> Reporter: Mustafa Musaji
> Assignee: Richard Opalka
> Attachments: example.zip
>
>
> When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request.
> SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made.
> JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list