我们有一个应用程序让我们说A(用Java + GWT编写)部署在服务器盒“X”上 从应用程序A可以说我们加载位于服务器框“Y”上的一些报告
每个传入请求的流程如下所示
网络用户(客户) - > apache - > jboss(应用程序A部署在服务器X上) - >服务器框Y,从中提取报告。
请求到达apache后,会话不活动超时设置为30分钟。
当从jboss(服务器X)发出请求时 - >服务器Y来拉报告, 我们确保在25分钟后超时该请求,这样就可以防止apache在服务器Y花费太长时间响应时显示503。
即便如此,20分钟后它也会超时。可能的原因可能是 对于任何处理请求,firefox浏览器可能有20分钟的超时时间。
部分参考代码段
HttpClient httpclient = HttpClientBuilder.create().setDefaultRequestConfig(getRequestConfig()).setRedirectStrategy(new LaxRedirectStrategy()).setSSLSocketFactory(getSSLContext()).build();
HttpClientContext context = HttpClientContext.create();
HttpPost httppost = new HttpPost(urlString); // urlString is reports server url
HttpResponse httpResponse = httpclient.execute(httppost, context);
现在要修复firefox浏览器问题,我们考虑从
更改现有的RequestConfigprivate RequestConfig getRequestConfig() {
return RequestConfig.custom().setSocketTimeout(REPORT_SERVER_READ_TIMEOUT_IN_SECONDS * 1000).build();
}
到
private RequestConfig getRequestConfig() {
return RequestConfig.custom().setConnectTimeout(REPORT_SERVER_READ_TIMEOUT_IN_SECONDS * 1000).setSocketTimeout(REPORT_SERVER_READ_TIMEOUT_IN_SECONDS * 1000).build();
}
REPORT_SERVER_READ_TIMEOUT_IN_SECONDS设置为1100秒。
有了这个更改,它会在1100秒后超时,但我们在浏览器上看到一条错误消息
“页面加载时重置了与服务器的连接”
在服务器日志中,我们将错误日志视为
Exception: : java.io.IOException: Internal TLS error, this could be an attack
at org.bouncycastle.crypto.tls.TlsProtocol.failWithError(Unknown Source) [:1.57.0]
at org.bouncycastle.crypto.tls.TlsProtocol.safeReadRecord(Unknown Source) [:1.57.0]
at org.bouncycastle.crypto.tls.TlsProtocol.readApplicationData(Unknown Source) [:1.57.0]
at org.bouncycastle.crypto.tls.TlsInputStream.read(Unknown Source) [:1.57.0]
at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:136) [:4.0.1]
at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:152) [:4.0.1]
at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:270) [:4.0.1]
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140) [:4.3.6]
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57) [:4.3.6]
at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:260) [:4.0.1]
at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:161) [:4.3.3]
at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:153) [:4.3.6]
at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:271) [:4.0.1]
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123) [:4.0.1]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:254) [:4.3.6]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) [:4.3.6]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) [:4.3.6]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) [:4.3.6]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) [:4.3.6]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [:4.3.6]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) [:4.3.6]
任何人都有关于修复浏览器特定超时的想法吗?
在创建HttpClient时我设置了setSSLSocketFactory。我的设置方式如下:
private SSLConnectionSocketFactory getSSLContext() throws Exception {
return new SSLConnectionSocketFactory(new TLSSocketConnectionFactory(), new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
}
当我查看SSLConnectionSocketFactory
时public SSLConnectionSocketFactory(SSLSocketFactory socketfactory, String supportedProtocols[], String supportedCipherSuites[], X509HostnameVerifier hostnameVerifier)
{
this.socketfactory = (SSLSocketFactory)Args.notNull(socketfactory, "SSL socket factory");
this.supportedProtocols = supportedProtocols;
this.supportedCipherSuites = supportedCipherSuites;
this.hostnameVerifier = hostnameVerifier == null ? BROWSER_COMPATIBLE_HOSTNAME_VERIFIER : hostnameVerifier;
}
不推荐使用SSLSocketFactory。这会导致问题吗?