[
https://issues.apache.org/jira/browse/HTTPCLIENT-2165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17372853#comment-17372853
]
Oleg Kalnichevski commented on HTTPCLIENT-2165:
-----------------------------------------------
> I don't use user token
[~jbug] No wonder connections do not get re-used. Please make sure there is a
way for HttpClient to know user or security context specific connections are
being used by the same user or share the same security context. Alternatively
you may just choose to disable connection state tracking if all requests
executed by the same HttpClient share the same security context.
For details see:
http://hc.apache.org/httpcomponents-client-4.5.x/current/tutorial/html/advanced.html#stateful_conn
Oleg
> TCP connections are never reused when server requires TLS cert auth
> -------------------------------------------------------------------
>
> Key: HTTPCLIENT-2165
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2165
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.13
> Environment: Windows, OpenJDK 11
> Reporter: Jan Peter Stotz
> Priority: Major
> Attachments: hc5_testcode.txt
>
>
> While performing test with an non-public web server serving a REST service I
> noticed that Apapche commons httpclient does not reuse connections in case
> the server requires HTTPS authentication via client certificate.
> This is my code for initializing the ConnectionManager. The used sslContext
> is created using the appropriate trust- and keyStore and
> X509ExtendedKeyManager implementation.
> {{SSLConnectionSocketFactory factory = new
> SSLConnectionSocketFactory(sslContext, hostNameVerifier);}}
> {{Registry<ConnectionSocketFactory> socketFactoryRegistry =
> RegistryBuilder.<ConnectionSocketFactory> create().register("https",
> factory).build();}}
> {{connManager = new
> PoolingHttpClientConnectionManager(socketFactoryRegistry);}}
> {{connManager.setMaxTotal(1000);}}
> {{connManager.setDefaultMaxPerRoute(200);}}
> {{connManager.setValidateAfterInactivity(20000);}}{{SocketConfig socketConfig
> = SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build();}}
> {{connManager.setDefaultSocketConfig(socketConfig);}}
>
> {{The used server is an Undertow instance configured to require SSL client
> authentication: setSocketOption(Options.SSL_CLIENT_AUTH_MODE,
> SslClientAuthMode.REQUIRED)}}
>
> {{If I disable the client auth mode requirement httpclient just opens up one
> TCP connection to the server. If I enable https client authentication
> httpclient opens up to the configured route maximum (200) TCP connections to
> the server. I observed the same behavior using a different web server
> implementation.}}
> {{Enabling logging for PoolingHttpClientConnectionManager I can see that
> httpclient is using the full maximum of 200 connections per route if HTTPS
> client auth is required by the server (log after making ~1000 HTTP
> requests):}}
>
> {{No HTTPS client auth required by server:}}
> {{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request:
> [route: \{s}->https://localhost:9003][total available: 1; route allocated: 1
> of 200; total allocated: 1 of 1000]}}
>
> {{HTTPS Client auth required by server:}}
> {{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request:
> [route: \{s}->https://localhost:9003][total available: 200; route allocated:
> 200 of 200; total allocated: 200 of 1000]}}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
