axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ladislav Lencucha (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AXIS2-5440) Tomcat using 100% CPU when application/json (JSONMessageFormatter) is used
Date Sun, 28 Oct 2012 07:03:13 GMT

    [ https://issues.apache.org/jira/browse/AXIS2-5440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485583#comment-13485583
] 

Ladislav Lencucha commented on AXIS2-5440:
------------------------------------------

Hi,

ok. So what now?

1.  haven't tested with tcpmon, but in Chrome and Firefox debug console I clearly see:
Request URL:http://localhost:8080/SuiteConsoleServer/services/rest/getAgent?agent=0223938
Request Method:GET
2. I need to call the webservice from within web browser (as you can see using jquery), do
I have an option to force GET when you say it is in fact OPTION? (note that I don't believe
it is sending OPTION)
3. I don't have a problem with content type mapping - I was able to generate request header
with the same cpu consuming result as above that contains:
Accept:application/json, text/javascript, */*; q=0.01
4. Yes, I am and always was able to generate the xml file, if the content type is e.g. application/xml.
The only problem is with application/json where it hangs (and therefore I think it is not
a problem of GET vs OPTION), because it is called within the same web browser with only different
Accept header.

Anyway, I find it a very easy way for a potentiall attacker to deplete the cpu and do some
kind of dos easier.

Br,
Ladislav
                
> Tomcat using 100% CPU when application/json (JSONMessageFormatter) is used
> --------------------------------------------------------------------------
>
>                 Key: AXIS2-5440
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5440
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.6.0, 1.6.2
>         Environment: Apache Tomcat/6.0.35	1.6.0_21-b07	Sun Microsystems Inc.	Windows
7	6.1	x86
>            Reporter: Ladislav Lencucha
>              Labels: JSON
>         Attachments: axis2.xml, ConsoleServer.aar, ws.zip
>
>
> I am trying to connect to my webservice using GET + JSON.
> I've added JSONMessageFormatter and JSONOMBuilder for "application/json" content type.
> When I try to call the webservice using jQuery and HTTP GET with content type "application/xml"
I receive the response almost immediately (note that there is a jQuery error raised afterwards,
because Xml cannot be parsed as JSON).
> When I try to call the webservice using the same code but with content type "application/json"
there is no response and Tomcat uses 100% of CPU (there are also some messages in log file
mentioning that it should have ended).
> See my aar file and jQuery example attached. Also see my axis2.xml configuration.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message