6648001: Cancelling HTTP authentication causes subsequent deadlocks

Reviewed-by: michaelm
2010-04-06 13:47:59 +01:00 · 2010-04-06 13:47:59 +01:00 · cb7c94da7e
commit cb7c94da7e
parent 9039997db4
3 changed files with 188 additions and 18 deletions
--- a/jdk/src/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java
@ -270,13 +270,17 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone
     * In this case we do not use the path because the protection space
     * is identified by the host:port:realm only
     */
-    static AuthenticationInfo getServerAuth(URL url, String realm, AuthScheme scheme) {
+    static String getServerAuthKey(URL url, String realm, AuthScheme scheme) {
        int port = url.getPort();
        if (port == -1) {
            port = url.getDefaultPort();
        }
        String key = SERVER_AUTHENTICATION + ":" + scheme + ":" + url.getProtocol().toLowerCase()
                     + ":" + url.getHost().toLowerCase() + ":" + port + ":" + realm;
+        return key;
+    }
+
+    static AuthenticationInfo getServerAuth(String key) {
        AuthenticationInfo cached = getAuth(key, null);
        if ((cached == null) && requestIsInProgress (key)) {
            /* check the cache again, it might contain an entry */
@ -314,9 +318,13 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone
     * Used in response to a challenge. Note, the protocol field is always
     * blank for proxies.
     */
-    static AuthenticationInfo getProxyAuth(String host, int port, String realm, AuthScheme scheme) {
+    static String getProxyAuthKey(String host, int port, String realm, AuthScheme scheme) {
        String key = PROXY_AUTHENTICATION + ":" + scheme + "::" + host.toLowerCase()
                        + ":" + port + ":" + realm;
+        return key;
+    }
+
+    static AuthenticationInfo getProxyAuth(String key) {
        AuthenticationInfo cached = (AuthenticationInfo) cache.get(key, null);
        if ((cached == null) && requestIsInProgress (key)) {
            /* check the cache again, it might contain an entry */
@ -330,19 +338,20 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone
     * Add this authentication to the cache
     */
    void addToCache() {
-        cache.put (cacheKey(true), this);
+        String key = cacheKey(true);
+        cache.put(key, this);
        if (supportsPreemptiveAuthorization()) {
-            cache.put (cacheKey(false), this);
+            cache.put(cacheKey(false), this);
        }
-        endAuthRequest();
+        endAuthRequest(key);
    }

-    void endAuthRequest () {
+    static void endAuthRequest (String key) {
        if (!serializeAuth) {
            return;
        }
        synchronized (requests) {
-            requestCompleted (cacheKey(true));
+            requestCompleted(key);
        }
    }

--- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
@ -249,6 +249,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
    boolean isUserServerAuth;
    boolean isUserProxyAuth;

+    String serverAuthKey, proxyAuthKey;
+
    /* Progress source */
    protected ProgressSource pi;

@ -1503,11 +1505,11 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
            }
            throw e;
        } finally {
-            if (respCode == HTTP_PROXY_AUTH && proxyAuthentication != null) {
-                proxyAuthentication.endAuthRequest();
+            if (proxyAuthKey != null) {
+                AuthenticationInfo.endAuthRequest(proxyAuthKey);
            }
-            else if (respCode == HTTP_UNAUTHORIZED && serverAuthentication != null) {
-                serverAuthentication.endAuthRequest();
+            if (serverAuthKey != null) {
+                AuthenticationInfo.endAuthRequest(serverAuthKey);
            }
        }
    }
@ -1720,8 +1722,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
                                      statusLine + "\"");
            }
        } finally  {
-            if (respCode == HTTP_PROXY_AUTH && proxyAuthentication != null) {
-                proxyAuthentication.endAuthRequest();
+            if (proxyAuthKey != null) {
+                AuthenticationInfo.endAuthRequest(proxyAuthKey);
            }
        }

@ -1837,10 +1839,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {

            if (realm == null)
                realm = "";
-            ret = AuthenticationInfo.getProxyAuth(host,
-                                                  port,
-                                                  realm,
-                                                  authScheme);
+            proxyAuthKey = AuthenticationInfo.getProxyAuthKey(host, port, realm, authScheme);
+            ret = AuthenticationInfo.getProxyAuth(proxyAuthKey);
            if (ret == null) {
                switch (authScheme) {
                case BASIC:
@ -1981,7 +1981,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
            domain = p.findValue ("domain");
            if (realm == null)
                realm = "";
-            ret = AuthenticationInfo.getServerAuth(url, realm, authScheme);
+            serverAuthKey = AuthenticationInfo.getServerAuthKey(url, realm, authScheme);
+            ret = AuthenticationInfo.getServerAuth(serverAuthKey);
            InetAddress addr = null;
            if (ret == null) {
                try {
--- a/jdk/test/java/net/Authenticator/Deadlock.java
+++ b/jdk/test/java/net/Authenticator/Deadlock.java
@ -0,0 +1,160 @@
+/*
+ * Copyright 2010 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ * @bug 6648001
+ * @run main/othervm/timeout=20 -ea:sun.net.www.protocol.http.AuthenticationInfo -Dhttp.auth.serializeRequests=true Deadlock
+ * @summary  cancelling HTTP authentication causes deadlock
+ */
+
+import java.util.concurrent.Executors;
+import java.util.concurrent.ExecutorService;
+import java.io.InputStream;
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.InetSocketAddress;
+import java.net.PasswordAuthentication;
+import java.net.URL;
+import com.sun.net.httpserver.BasicAuthenticator;
+import com.sun.net.httpserver.Headers;
+import com.sun.net.httpserver.HttpContext;
+import com.sun.net.httpserver.HttpExchange;
+import com.sun.net.httpserver.HttpHandler;
+import com.sun.net.httpserver.HttpPrincipal;
+import com.sun.net.httpserver.HttpServer;
+
+public class Deadlock {
+
+    public static void main (String[] args) throws Exception {
+        Handler handler = new Handler();
+        InetSocketAddress addr = new InetSocketAddress (0);
+        HttpServer server = HttpServer.create(addr, 0);
+        HttpContext ctx = server.createContext("/test", handler);
+        BasicAuthenticator a = new BasicAuthenticator("foobar@test.realm") {
+            @Override
+            public boolean checkCredentials (String username, String pw) {
+                return "fred".equals(username) && pw.charAt(0) == 'x';
+            }
+        };
+
+        ctx.setAuthenticator(a);
+        ExecutorService executor = Executors.newCachedThreadPool();
+        server.setExecutor(executor);
+        server.start ();
+        java.net.Authenticator.setDefault(new MyAuthenticator());
+
+        System.out.print("Deadlock: " );
+        for (int i=0; i<2; i++) {
+            Runner t = new Runner(server, i);
+            t.start();
+            t.join();
+        }
+        server.stop(2);
+        executor.shutdown();
+        if (error) {
+            throw new RuntimeException("test failed error");
+        }
+
+        if (count != 2) {
+            throw new RuntimeException("test failed count = " + count);
+        }
+        System.out.println("OK");
+
+    }
+
+    static class Runner extends Thread {
+        HttpServer server;
+        int i;
+        Runner(HttpServer s, int i) {
+            server = s;
+            this.i = i;
+        }
+
+        @Override
+        public void run() {
+            URL url;
+            HttpURLConnection urlc;
+            try {
+                url = new URL("http://localhost:"+server.getAddress().getPort()+"/test/foo.html");
+                urlc = (HttpURLConnection)url.openConnection ();
+            } catch (IOException e) {
+                error = true;
+                return;
+            }
+            InputStream is = null;
+            try {
+                is = urlc.getInputStream();
+                while (is.read()!= -1) {}
+            } catch (IOException e) {
+                if (i == 1) error = true;
+            } finally {
+                if (is != null) try { is.close(); } catch (IOException e) {}
+            }
+        }
+    }
+
+    public static boolean error = false;
+    public static int count = 0;
+
+    static class MyAuthenticator extends java.net.Authenticator {
+        @Override
+        public PasswordAuthentication getPasswordAuthentication() {
+            PasswordAuthentication pw;
+            if (!getRequestingPrompt().equals("foobar@test.realm")) {
+                Deadlock.error = true;
+            }
+            if (count == 0) {
+                pw = null;
+            } else {
+                pw = new PasswordAuthentication("fred", "xyz".toCharArray());
+            }
+            count++;
+            return pw;
+        }
+    }
+
+    static class Handler implements HttpHandler {
+        int invocation = 1;
+
+        @Override
+        public void handle (HttpExchange t)
+            throws IOException
+        {
+            InputStream is = t.getRequestBody();
+            Headers map = t.getRequestHeaders();
+            Headers rmap = t.getResponseHeaders();
+            while (is.read() != -1);
+            is.close();
+            t.sendResponseHeaders(200, -1);
+            HttpPrincipal p = t.getPrincipal();
+            if (!p.getUsername().equals("fred")) {
+                error = true;
+            }
+            if (!p.getRealm().equals("foobar@test.realm")) {
+                error = true;
+            }
+            t.close();
+        }
+    }
+}