Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-997

Security realm using ldaps hangs forever during SSL handshake, when ldap server is killed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.0.0.CR7
    • 2.0.0.CR3
    • Security
    • None
    • Hide

      1. Configure security realm using ldaps connection
      2. Try to acces to secured http management interface
      3. Ldap server is killed during SSL handshake
      4. Connection to EAP is not timeouted and waits forever

      Show
      1. Configure security realm using ldaps connection 2. Try to acces to secured http management interface 3. Ldap server is killed during SSL handshake 4. Connection to EAP is not timeouted and waits forever

      During failover testing we hit the problem of stuck thread. When ldap server is killed in particular time of ssl handshake EAP hangs and waits forever on response, which will never come. Causing thread to block forever. Same problem can be seen in LdapLoginModule using ldaps without specifying com.sun.jndi.ldap.connect.timeout value.

      Possible solution is to add option to declare com.sun.jndi.ldap.connect.timeout for security realm and provide some default non-empty value, e.g. 15 seconds.

        1. DeadListener.java
          1 kB
          Darran Lofthouse
        2. SecurityRealmLDAPSHandshakeHangs.pcap
          1.0 kB
          Martin Choma
        3. StackTraceConnectTimeoutInLDAPSConnection.txt
          5 kB
          Martin Choma
        4. StackTraceFromThreadDump.txt
          5 kB
          Martin Choma

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: