我正在使用JUnit测试JERSEY Client + HTTPS来测试secure web service上运行的Jetty。在wr.get( ClientResponse.class)的每个块之后,我对9-10 requests的一次调用会挂起10秒钟。等效的Apache client代码在几毫秒内运行。如果我切换Jetty to HTTP模式,问题就会消失。
我正在使用Jersey bundle & client 1.14 and Jetty 6.1.26
apache客户端工作
@Test
public void testApacheClient() throws Exception
{
HttpClient client = new HttpClient();
ProtocolSocketFactory socketFactory = new EasySSLProtocolSocketFactory();
Protocol https = new Protocol( "https", socketFactory, 443 );
Protocol.registerProtocol( "https", https );
//Finishes in < 1 second
for ( int i = 0; i < 30; i++ )
{
GetMethod getMethod = new GetMethod( "https://localhost:8443/home" );
client.executeMethod( getMethod );
String entity = getMethod.getResponseBodyAsString();
getMethod.releaseConnection();
}
}
泽西岛客户端挂起
@Test
public void testJerseyClient() throws Exception
HostnameVerifier hv = getHostnameVerifier();
ClientConfig config = new DefaultClientConfig();
SSLContext ctx = getSslContext();
config.getProperties().put( HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
new HTTPSProperties( hv, ctx ) );
Client jerseyClient = Client.create( config );
//Finishes in < 1 second
for ( int i = 0; i < 30; i++ )
{
WebResource wr = jerseyClient.resource( "https://www.google.com" );
ClientResponse cr = wr.get( ClientResponse.class );
String entity = cr.getEntity( String.class );
cr.close();
}
/* Pauses for 10 seconds after the 10th request, and subsequently after every 9th request.
Debugging shows waiting at line 'ClientResponse cr = ...'
*/
for ( int i = 0; i < 30; i++ )
{
WebResource wr = jerseyClient.resource( "https://localhost:8443/home" );
ClientResponse cr = wr.get( ClientResponse.class ); //10 second pause after requests 9, 18, 27
String entity = cr.getEntity( String.class ); //This is triggering the problem
cr.close();
}
//Finishes in < 1 second
for ( int i = 0; i < 30; i++ )
{
WebResource wr = jerseyClient.resource( "https://localhost:8443/home" );
ClientResponse cr = wr.get( ClientResponse.class );
cr.close();
}
}
从ClientResponse检索实体似乎会触发此问题,但仅限于HTTPS模式并针对我的网络服务器(而不是google, facebook, etc)运行。我在Jersey ServletContainer and Struts ActionServlet上运行Jetty,两者都出现了问题。我还在subnet上的不同机器上运行Web服务器,并从多台机器上测试单元。
泽西HTTPS类
private HostnameVerifier getHostnameVerifier() {
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify( String arg0, SSLSession arg1 ) { return true; }
};
return hv;
}
private SSLContext getSslContext() throws Exception {
private final SSLContext sslContext = SSLContext.getInstance( "SSL" );
sslContext.init( null, new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }
public void checkClientTrusted( X509Certificate[] certs, String authType ) {}
public void checkServerTrusted( X509Certificate[] certs, String authType ) {}
}
}, new SecureRandom()
);
return sslContext;
}
Jetty SSL连接器。如果我使用SelectChannelConnector并使用HTTP进行单元测试,则问题就会消失。
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSocketConnector">
<Set name="allowRenegotiate">true</Set>
<Set name="Port">8443</Set>
<Set name="reuseAddress">true</Set>
<Set name="Host">mgmt-int</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="handshakeTimeout">2000</Set>
<Set name="keystore"><SystemProperty name="jetty.home" default="/usr/app/web-app"/>/conf/keystore.jetty</Set>
<Set name="password">OBF:1vaaaaaaaaaaaaaaaaaaaa111111111v</Set>
<Set name="keyPassword">OBF:1vaaaaaaaaaaaaaaaaaaaa111111111v</Set>
</New>
</Arg>
</Call>
答案 0 :(得分:1)
这些运行的操作系统是什么?
只是一个猜测,但它可能与缓慢的/dev/random实施(通过SecureRandom)有关。
此处相关讨论:
How to solve performance problem with Java SecureRandom?
由于我无法始终在Web应用程序中控制JVM参数,因此我一直在使用此作为解决方法:
static {
System.setProperty("java.security.egd", "file:///dev/urandom");
}
不知道是否严格意义上这是推荐的(但它解决了我的问题)。
答案 1 :(得分:0)
尝试稍微修改您的trustManager实现:
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
// Trust always
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
// Trust always
}
}
};
另外,不要忘记在getSSLContext()方法结束时调用HttpsURLConnection.setDefaultSocketFactory:
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());