infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-16 13:25:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

6750362: Very large LDAP requests throw a OOM on LDAP servers which aren't aware of Paged Results Controls

Browse Source 
6748156: add an new JNDI property to control the boolean flag WaitForReply

Reviewed-by: vinnie, robm
This commit is contained in:
Sean Coffey 2011-03-03 16:51:03 +00:00
parent 340701d021
commit 75bd2accd3
5 changed files with 231 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
jdk/src/share/classes/com/sun/jndi/ldap/Connection.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -380,13 +380,19 @@ public final class Connection implements Runnable {
}
LdapRequest writeRequest(BerEncoder ber, int msgId) throws IOException {
return writeRequest(ber, msgId, false /* pauseAfterReceipt */);
return writeRequest(ber, msgId, false /* pauseAfterReceipt */, -1);
}
LdapRequest writeRequest(BerEncoder ber, int msgId, boolean pauseAfterReceipt)
throws IOException {
LdapRequest writeRequest(BerEncoder ber, int msgId,
boolean pauseAfterReceipt) throws IOException {
return writeRequest(ber, msgId, pauseAfterReceipt, -1);
}
LdapRequest req = new LdapRequest(msgId, pauseAfterReceipt);
LdapRequest writeRequest(BerEncoder ber, int msgId,
boolean pauseAfterReceipt, int replyQueueCapacity) throws IOException {
LdapRequest req =
new LdapRequest(msgId, pauseAfterReceipt, replyQueueCapacity);
addRequest(req);
if (traceFile != null) {

8
jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -516,7 +516,8 @@ public final class LdapClient implements PooledConnection {
LdapResult search(String dn, int scope, int deref, int sizeLimit,
int timeLimit, boolean attrsOnly, String attrs[],
String filter, int batchSize, Control[] reqCtls,
Hashtable binaryAttrs, boolean waitFirstReply)
Hashtable binaryAttrs, boolean waitFirstReply,
int replyQueueCapacity)
throws IOException, NamingException {
ensureOpen();
@ -543,7 +544,8 @@ public final class LdapClient implements PooledConnection {
if (isLdapv3) encodeControls(ber, reqCtls);
ber.endSeq();
LdapRequest req = conn.writeRequest(ber, curMsgId);
LdapRequest req =
conn.writeRequest(ber, curMsgId, false, replyQueueCapacity);
res.msgId = curMsgId;
res.status = LdapClient.LDAP_SUCCESS; //optimistic

65
jdk/src/share/classes/com/sun/jndi/ldap/LdapCtx.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -191,6 +191,14 @@ final public class LdapCtx extends ComponentDirContext
// Environment property for the domain name (derived from this context's DN)
private static final String DOMAIN_NAME = "com.sun.jndi.ldap.domainname";
// Block until the first search reply is received
private static final String WAIT_FOR_REPLY =
"com.sun.jndi.ldap.search.waitForReply";
// Size of the queue of unprocessed search replies
private static final String REPLY_QUEUE_SIZE =
"com.sun.jndi.ldap.search.replyQueueSize";
// ----------------- Fields that don't change -----------------------
private static final NameParser parser = new LdapNameParser();
@ -246,6 +254,8 @@ final public class LdapCtx extends ComponentDirContext
private Hashtable binaryAttrs = null; // attr values returned as byte[]
private int connectTimeout = -1; // no timeout value
private int readTimeout = -1; // no timeout value
private boolean waitForReply = true; // wait for search response
private int replyQueueSize = -1; // unlimited queue size
private boolean useSsl = false; // true if SSL protocol is active
private boolean useDefaultPortNumber = false; // no port number was supplied
@ -1759,8 +1769,8 @@ final public class LdapCtx extends ComponentDirContext
SearchControls cons,
Continuation cont)
throws NamingException {
return searchAux(name, filter, cloneSearchControls(cons), true, true,
cont);
return searchAux(name, filter, cloneSearchControls(cons), true,
waitForReply, cont);
}
protected NamingEnumeration c_search(Name name,
@ -1928,7 +1938,7 @@ final public class LdapCtx extends ComponentDirContext
}
private LdapResult doSearch(Name name, String filter, SearchControls cons,
boolean relative, boolean waitFirstReply) throws NamingException {
boolean relative, boolean waitForReply) throws NamingException {
ensureOpen();
try {
int scope;
@ -1984,7 +1994,8 @@ final public class LdapCtx extends ComponentDirContext
batchSize,
reqCtls,
binaryAttrs,
waitFirstReply);
waitForReply,
replyQueueSize);
respCtls = answer.resControls; // retrieve response controls
return answer;
@ -2170,6 +2181,10 @@ final public class LdapCtx extends ComponentDirContext
connectTimeout = -1;
} else if (propName.equals(READ_TIMEOUT)) {
readTimeout = -1;
} else if (propName.equals(WAIT_FOR_REPLY)) {
waitForReply = true;
} else if (propName.equals(REPLY_QUEUE_SIZE)) {
replyQueueSize = -1;
// The following properties affect the connection
@ -2225,6 +2240,11 @@ final public class LdapCtx extends ComponentDirContext
setConnectTimeout((String)propVal);
} else if (propName.equals(READ_TIMEOUT)) {
setReadTimeout((String)propVal);
} else if (propName.equals(WAIT_FOR_REPLY)) {
setWaitForReply((String)propVal);
} else if (propName.equals(REPLY_QUEUE_SIZE)) {
setReplyQueueSize((String)propVal);
// The following properties affect the connection
} else if (propName.equals(Context.SECURITY_PROTOCOL)) {
@ -2312,6 +2332,13 @@ final public class LdapCtx extends ComponentDirContext
// Set the read timeout
setReadTimeout((String)envprops.get(READ_TIMEOUT));
// Set the flag that controls whether to block until the first reply
// is received
setWaitForReply((String)envprops.get(WAIT_FOR_REPLY));
// Set the size of the queue of unprocessed search replies
setReplyQueueSize((String)envprops.get(REPLY_QUEUE_SIZE));
// When connection is created, it will use these and other
// properties from the environment
}
@ -2441,6 +2468,34 @@ final public class LdapCtx extends ComponentDirContext
}
}
/**
* Sets the size of the queue of unprocessed search replies
*/
private void setReplyQueueSize(String replyQueueSizeProp) {
if (replyQueueSizeProp != null) {
replyQueueSize = Integer.parseInt(replyQueueSizeProp);
// disallow an empty queue
if (replyQueueSize <= 0) {
replyQueueSize = -1; // unlimited
}
} else {
replyQueueSize = -1; // unlimited
}
}
/**
* Sets the flag that controls whether to block until the first search
* reply is received
*/
private void setWaitForReply(String waitForReplyProp) {
if (waitForReplyProp != null &&
(waitForReplyProp.equalsIgnoreCase("false"))) {
waitForReply = false;
} else {
waitForReply = true;
}
}
/**
* Sets the read timeout value
*/

49
jdk/src/share/classes/com/sun/jndi/ldap/LdapRequest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,7 +26,8 @@
package com.sun.jndi.ldap;
import java.io.IOException;
import java.util.Vector;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import javax.naming.CommunicationException;
final class LdapRequest {
@ -35,14 +36,26 @@ final class LdapRequest {
int msgId; // read-only
private int gotten = 0;
private Vector replies = new Vector(3);
private BlockingQueue<BerDecoder> replies;
private int highWatermark = -1;
private boolean cancelled = false;
private boolean pauseAfterReceipt = false;
private boolean completed = false;
LdapRequest(int msgId, boolean pause) {
this(msgId, pause, -1);
}
LdapRequest(int msgId, boolean pause, int replyQueueCapacity) {
this.msgId = msgId;
this.pauseAfterReceipt = pause;
if (replyQueueCapacity == -1) {
this.replies = new LinkedBlockingQueue<BerDecoder>();
} else {
this.replies =
new LinkedBlockingQueue<BerDecoder>(replyQueueCapacity);
highWatermark = (replyQueueCapacity * 80) / 100; // 80% capacity
}
}
synchronized void cancel() {
@ -57,7 +70,13 @@ final class LdapRequest {
if (cancelled) {
return false;
}
replies.addElement(ber);
// Add a new reply to the queue of unprocessed replies.
try {
replies.put(ber);
} catch (InterruptedException e) {
// ignore
}
// peek at the BER buffer to check if it is a SearchResultDone PDU
try {
@ -70,6 +89,14 @@ final class LdapRequest {
ber.reset();
notify(); // notify anyone waiting for reply
/*
* If a queue capacity has been set then trigger a pause when the
* queue has filled to 80% capacity. Later, when the queue has drained
* then the reader gets unpaused.
*/
if (highWatermark != -1 && replies.size() >= highWatermark) {
return true; // trigger the pause
}
return pauseAfterReceipt;
}
@ -79,14 +106,12 @@ final class LdapRequest {
" cancelled");
}
if (gotten < replies.size()) {
BerDecoder answer = (BerDecoder)replies.elementAt(gotten);
replies.setElementAt(null, gotten); // remove reference
++gotten; // skip to next
return answer;
} else {
return null;
}
/*
* Remove a reply if the queue is not empty.
* poll returns null if queue is empty.
*/
BerDecoder reply = replies.poll();
return reply;
}
synchronized boolean hasSearchCompleted() {

118
jdk/test/com/sun/jndi/ldap/NoWaitForReplyTest.java Normal file
View File

@ -0,0 +1,118 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 6748156
* @summary add an new JNDI property to control the boolean flag WaitForReply
*/
import java.net.Socket;
import java.net.ServerSocket;
import java.io.*;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class NoWaitForReplyTest {
public static void main(String[] args) throws Exception {
boolean passed = false;
// Set up the environment for creating the initial context
Hashtable env = new Hashtable(11);
env.put(Context.PROVIDER_URL, "ldap://localhost:22001");
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
// Wait up to 10 seconds for a response from the LDAP server
env.put("com.sun.jndi.ldap.read.timeout", "10000");
// Don't wait until the first search reply is received
env.put("com.sun.jndi.ldap.search.waitForReply", "false");
// Send the LDAP search request without first authenticating (no bind)
env.put("java.naming.ldap.version", "3");
DummyServer ldapServer = new DummyServer();
try {
// start the LDAP server
ldapServer.start();
// Create initial context
System.out.println("Client: connecting to the server");
DirContext ctx = new InitialDirContext(env);
SearchControls scl = new SearchControls();
scl.setSearchScope(SearchControls.SUBTREE_SCOPE);
System.out.println("Client: performing search");
NamingEnumeration answer =
ctx.search("ou=People,o=JNDITutorial", "(objectClass=*)", scl);
// Server will never reply: either we waited in the call above until
// the timeout (fail) or we did not wait and reached here (pass).
passed = true;
System.out.println("Client: did not wait until first reply");
// Close the context when we're done
ctx.close();
} catch (NamingException e) {
// timeout (ignore)
}
ldapServer.interrupt();
if (!passed) {
throw new Exception(
"Test FAILED: should not have waited until first search reply");
}
System.out.println("Test PASSED");
}
static class DummyServer extends Thread {
static int serverPort = 22001;
DummyServer() {
}
public void run() {
try {
ServerSocket serverSock = new ServerSocket(serverPort);
Socket socket = serverSock.accept();
System.out.println("Server: accepted a connection");
BufferedInputStream bin =
new BufferedInputStream(socket.getInputStream());
while (true) {
bin.read();
}
} catch (IOException e) {
// ignore
}
}
}
}