Details
-
Bug
-
Resolution: Fixed
-
Medium
-
3.7.2, 4.0.5, 4.2.2, 4.1.8
-
None
-
1
-
Severity 3 - Minor
-
1
-
Description
Issue Summary
Remote Crowd directory does not timeout when using SSL tunnel via forward proxy.
Requests that do not timeout (have infinite timeout):
- HTTP CONNECT request from Crowd to forward proxy
- SSL/TLS handshake after tunnel has been created
Steps to Reproduce
These are steps for HTTP CONNECT request as it's simpler to reproduce:
- Run `nc -k -l 8881` to simulate not responding forward proxy on port 8881
- Add Remote Crowd directory with the following config:
- URL: https://localhost - It's crucial that it's HTTP*S* so that Crowd will try to open a SSL tunnel via proxy. Host name doesn't matter as we won't make any request to this host anyways because proxy is being simulated
- Application name: anything
- Application password: anything
- Proxy host: localhost (the host on which we're running netcat)
- Proxy port: 8881
- Click Test connection
Expected Results
Request testing connection will eventually timeout.
Actual Results
Request never times out. Getting thread dump of Crowd java process shows that the thread is stuck at socketRead within createTunnelToTarget or createLayeredSocket and startHandshake
"http-nio-8095-exec-1" #108 daemon prio=5 os_prio=31 tid=0x00007fc0bfc35000 nid=0xd503 runnable [0x000070000914d000] java.lang.Thread.State: RUNNABLE at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:171) at java.net.SocketInputStream.read(SocketInputStream.java:141) at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:280) at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:138) at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56) at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163) at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:157) at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) at org.apache.http.impl.execchain.MainClientExec.createTunnelToTarget(MainClientExec.java:485) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:410) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.client.cache.CachingExec.callBackend(CachingExec.java:592) at org.apache.http.impl.client.cache.CachingExec.execute(CachingExec.java:269) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.executeCrowdServiceMethod(RestExecutor.java:498) at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:370) at com.atlassian.crowd.integration.rest.service.RestCrowdClient.searchUsers(RestCrowdClient.java:514) at com.atlassian.crowd.integration.rest.service.RestCrowdClient.testConnection(RestCrowdClient.java:504) at com.atlassian.crowd.directory.RemoteCrowdDirectory.testConnection(RemoteCrowdDirectory.java:616) at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:88)
This thread will be stuck forever.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
Attachments
Issue Links
- causes
-
BAM-21195 No read timeout for socket operations such as CONNECT and SSL handshake when communicating with Crowd can cause long running HTTP threads
- Closed
- is related to
-
CWD-5709 Crowd directory does not timeout when using SSL tunnel via forward proxy unless Connection Timeout is explicitly configured
- Closed
- is duplicated by
-
KRAK-4013 Loading...
- mentioned in
-
Page Loading...