[jetty-users] Jetty 7.2.2 persitent connection and authorization managem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Jetty 7.2.2 persitent connection and authorization management.

From: Koojon <koojon2@xxxxxxxxxx>
Date: Fri, 25 Feb 2011 13:30:42 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hi everyone!

After migration to jetty 7.2.2 (from jetty 6.1.24) I have encountered a problem with persistent connection and authorization management in my project.

Overview:

System consist of server which serves devices working on TR-069 protocol and devices that communicate to it. HTTP is used to carry SOAP messages between server and clients (devices).
Server use Digest http auth.

In jetty 6.1.24 flow of communication look like :

1. Device comes with request to server with no credentials.
2. Server starts new TCP connection and responds with 401 Unauthorized to device with access challenge. 
3. Device comes with right credentials, server authorizes it and sets Cookie.
4. Server responds with proper SOAP.
5. Device comes with next request but WITHOUT credentials.
6. Server responds with 401 Unauthorized !!! but does not close TCP connection !!!.
7. Device comes with right credentials and request.
8. Server responds with proper SOAP. 
9. Points from 5 to 8 are done many times. Every request is sent twice - with and without credentials but on one TCP connection.

My problem is that jetty 7.2.2 closes TCP connection every time communication flow is in point 6, so when device comes with proper credentials server starts TCP connection from scratch.
It is generating too much load and also makes Wireshark debug really ugly - I can not use Follow TCP Stream function to track whole communication.

Is there any way to force jetty to keep connection persistent on 401 as it was in jetty 6? 


I have done some reasearch and I found these lines in org.eclipse.jetty.server.HttpConnection:

if (!_generator.isCommitted()) {
            _generator.setResponse(_response.getStatus(), _response.getReason());
            try {
                // If the client was expecting 100 continues, but we sent something
                // else, then we need to close the connection
                if (isExpecting100Continues() && _response.getStatus() != 100 )
                    _generator.setPersistent(false);  <---- TCP is closed due to this flag value
                _generator.completeHeader(_responseFields, last);

I tried changing   if (isExpecting100Continues() && _response.getStatus() != 100 )  -->  if (isExpecting100Continues() && _response.getStatus() != 100   && _response.getStatus() != 401) . 
After that change jetty kept TCP connection alive but no further request were processed so I think jetty may have some other flag that idicates connection end. 

Maybe Apache client has bug in implementation and Expect: 100-Continue header should not be involved in request? But it worked fine with jetty 6...


Here is some Wireshark 'Follow TCP Stream' log (from unmodified version) with fake device (software mock)

DEVICE:
POST /server/ HTTP/1.1

Content-Length: 1069

Host: localhost:10301

Connection: Keep-Alive

User-Agent: Apache-HttpClient/4.0.1 (java 1.5)

Expect: 100-Continue



SERVER:
HTTP/1.1 401 Unauthorized

WWW-Authenticate: Digest realm="server", domain="/server", nonce="O/55XC4BAADiVGIxZvikD8YbXGGR80hC", algorithm=MD5, qop="auth"

Cache-Control: must-revalidate,no-cache,no-store

Content-Type: text/html;charset=ISO-8859-1

Content-Length: 1277

Connection: close

Server: Jetty(7.2.2.v20101205)



<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Unauthorized</title>
</head>
<body>
<h2>HTTP ERROR: 401</h2>
<p>Problem accessing /server/. Reason:
<pre>    Unauthorized</pre></p>
<hr /><i><small>Powered by Jetty://</small></i>
                                                
TCP FIN here                               
                                                
 New TCP connection

DEVICE:
POST /server/ HTTP/1.1

Content-Length: 1069

Host: localhost:10301

Connection: Keep-Alive

User-Agent: Apache-HttpClient/4.0.1 (java 1.5)

Expect: 100-Continue

Authorization: Digest username="002AC3-0002", realm="server", nonce="O/55XC4BAADiVGIxZvikD8YbXGGR80hC", uri="/server/", response="73fc354fef48b282f6a84f8a52f887e4", qop=auth, nc=00000001, cnonce="eb4f7f0099755694d8428fd83b754991", algorithm="MD5"



SERVER:
HTTP/1.1 100 Continue



DEVICE:
<soap:Envelope xmlns:soap> XXXXX Content</soap:Envelope>

SERVER:
HTTP/1.1 200 OK

Set-Cookie: JSESSIONID=158g5t43xyqztmluhf2einisr;Path=/server

Expires: Thu, 01-Jan-1970 00:00:00 GMT

Content-Type: text/xml

Content-Length: 453

Server: Jetty(7.2.2.v20101205)



<soap:Envelop> XXXXXX Content</soap:Envelope>


DEVICE:

POST /server/ HTTP/1.1

Content-Length: 0

Host: localhost:10301

Connection: Keep-Alive

User-Agent: Apache-HttpClient/4.0.1 (java 1.5)

Cookie: JSESSIONID=158g5t43xyqztmluhf2einisr

Cookie2: $Version=1



SERVER:
HTTP/1.1 401 Unauthorized

Content-Type: text/html;charset=ISO-8859-1

WWW-Authenticate: Digest realm="server", domain="/server", nonce="uP95XC4BAACTxt724tPAA/1PDg2nbk2q", algorithm=MD5, qop="auth"

Cache-Control: must-revalidate,no-cache,no-store

Content-Length: 1277

Server: Jetty(7.2.2.v20101205)



<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Unauthorized</title>
</head>
<body>
<h2>HTTP ERROR: 401</h2>
<p>Problem accessing /server/. Reason:
<pre>    Unauthorized</pre></p>
<hr /><i><small>Powered by Jetty://</small></i>
                            
</body>
</html>

DEVICE:
POST /server/ HTTP/1.1

Content-Length: 0

Host: localhost:10301

Connection: Keep-Alive

User-Agent: Apache-HttpClient/4.0.1 (java 1.5)

Cookie: JSESSIONID=158g5t43xyqztmluhf2einisr

Cookie2: $Version=1

Authorization: Digest username="002AC3-0002", realm="server", nonce="uP95XC4BAACTxt724tPAA/1PDg2nbk2q", uri="/server/", response="891deae47cf495d009ca8ff44ad07593", qop=auth, nc=00000001, cnonce="c57de2be842c51ec40217c10b49fd21d", algorithm="MD5"


SERVER:
HTTP/1.1 200 OK

Content-Type: text/xml

Content-Length: 807

Server: Jetty(7.2.2.v20101205)



<soap:Envelope > XXXXX Content</soap:Envelope>


DEVICE:
POST /server/ HTTP/1.1

Content-Length: 445

Host: localhost:10301

Connection: Keep-Alive

User-Agent: Apache-HttpClient/4.0.1 (java 1.5)

Expect: 100-Continue

Cookie: JSESSIONID=158g5t43xyqztmluhf2einisr

Cookie2: $Version=1


SERVER:
HTTP/1.1 401 Unauthorized

Content-Type: text/html;charset=ISO-8859-1

WWW-Authenticate: Digest realm="server", domain="/server", nonce="2P95XC4BAACw3g0I7/BAUaLiXv8yJeO1", algorithm=MD5, qop="auth"

Cache-Control: must-revalidate,no-cache,no-store

Content-Length: 1277

Connection: close

Server: Jetty(7.2.2.v20101205)

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Unauthorized</title>
</head>
<body>
<h2>HTTP ERROR: 401</h2>
<p>Problem accessing /server/. Reason:
<pre>    Unauthorized</pre></p>
<hr /><i><small>Powered by Jetty://</small></i>
 </body>
</html>                                                
</body>
</html>


Regards,

Adam Majcher

----------------------------------------------------------------
Bardzo tanie mieszkanie!
Sprawdź >> http://linkint.pl/f2911

Prev by Date: Re: [jetty-users] Not able to point to keystore file in embedded jetty
Next by Date: Re: [jetty-users] javax.servlet.UnavailableException: No class for Servlet or Filter
Previous by thread: [jetty-users] Not able to point to keystore file in embedded jetty
Next by thread: [jetty-users] Convert context.xml resource from Tomcat to Jetty
Index(es):
- Date
- Thread

Breadcrumbs