Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-1126

Security realm using ldaps hangs forever during SSL handshake, when ldap server is killed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.0.0.DR12
    • 7.0.0.DR9
    • Security
    • None
    • Hide

      1. Configure security realm using ldaps connection
      2. Try to acces to secured http management interface
      3. Ldap server is killed during SSL handshake
      4. Connection to EAP is not timeouted and waits forever

      Show
      1. Configure security realm using ldaps connection 2. Try to acces to secured http management interface 3. Ldap server is killed during SSL handshake 4. Connection to EAP is not timeouted and waits forever

      During failover testing we hit the problem of stuck thread. When ldap server is killed in particular time of ssl handshake EAP hangs and waits forever on response, which will never come. Causing thread to block forever. Same problem can be seen in LdapLoginModule using ldaps without specifying com.sun.jndi.ldap.connect.timeout value.

      Possible solution is to add option to declare com.sun.jndi.ldap.connect.timeout for security realm and provide some default non-empty value, e.g. 15 seconds.

        1. SecurityRealmLDAPSHandshakeHangs.pcap
          1.0 kB
        2. StackTraceConnectTimeoutInLDAPSConnection.txt
          5 kB
        3. StackTraceFromThreadDump.txt
          5 kB

            darran.lofthouse@redhat.com Darran Lofthouse
            mchoma@redhat.com Martin Choma
            Martin Choma Martin Choma
            Martin Choma Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: