hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SV: SV: Slow to open connection after an hour or so
Date Thu, 05 Jan 2006 13:08:43 GMT
On Thu, Jan 05, 2006 at 01:51:24PM +0100, Kim B. Andersen wrote:
> Oleg,
> 
> The ssl certification is self signen, so I'm not interessed in checking
> the certification. I use EasySSLProtocolSocketFactory( you properly know
> the code ) :) , the only thing that I have changed is making an internal
> class (SecureManager) instead of using EasyX509TrustManager.
> SecureManager does nothing. I thought that I did need to log this and
> that it would be faster when doing nothing - maybee I was wrong. As you
> can see I'm a newbiee when it comes to http communication, so I have
> taken most of it from the web.


Kim,

(1) Are you re-using the instance of HttpClient along with all the
connections it may hold open? 

(2) Try turning off the stale connection check

http://jakarta.apache.org/commons/httpclient/performance.html#Stale%20connection%20check

(3) Try running your app with SSL debugging on to see if the SSL
handshake is indeed the culprit

http://www.onjava.com/pub/a/onjava/excerpt/java_security_ch1/?page=5

Hope this helps

Oleg

> 
> import java.io.IOException;
> import java.net.InetAddress;
> import java.net.Socket;
> import java.net.UnknownHostException;
> import java.security.cert.X509Certificate;
> 
> import org.apache.commons.httpclient.ConnectTimeoutException;
> import org.apache.commons.httpclient.HttpClientError;
> import org.apache.commons.httpclient.params.HttpConnectionParams;
> import
> org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
> import
> org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
> 
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.TrustManager;
> import javax.net.ssl.X509TrustManager;
> 
> /**
>  * <p>
>  * EasySSLProtocolSocketFactory can be used to creats SSL {@link
> Socket}s
>  * that accept self-signed certificates.
>  * </p>
>  * <p>
>  * This socket factory SHOULD NOT be used for productive systems
>  * due to security reasons, unless it is a concious decision and
>  * you are perfectly aware of security implications of accepting
>  * self-signed certificates
>  * </p>
>  *
>  * <p>
>  * Example of using custom protocol socket factory for a specific host:
>  *     <pre>
>  *     Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
>  *
>  *     HttpClient client = new HttpClient();
>  *     client.getHostConfiguration().setHost("localhost", 443,
> easyhttps);
>  *     // use relative url only
>  *     GetMethod httpget = new GetMethod("/");
>  *     client.executeMethod(httpget);
>  *     </pre>
>  * </p>
>  * <p>
>  * Example of using custom protocol socket factory per default instead
> of the standard one:
>  *     <pre>
>  *     Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
>  *     Protocol.registerProtocol("https", easyhttps);
>  *
>  *     HttpClient client = new HttpClient();
>  *     GetMethod httpget = new GetMethod("https://localhost/");
>  *     client.executeMethod(httpget);
>  *     </pre>
>  * </p>
>  *
>  * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
>  *
>  * <p>
>  * DISCLAIMER: HttpClient developers DO NOT actively support this
> component.
>  * The component is provided as a reference material, which may be
> inappropriate
>  * for use without additional customization.
>  * </p>
>  */
> 
> public class EasySSLProtocolSocketFactory implements
> SecureProtocolSocketFactory {
> 
>     /** Log object for this class. */
>     private static final Log LOG =
> LogFactory.getLog(EasySSLProtocolSocketFactory.class);
> 
>     private SSLContext sslcontext = null;
> 
>     /**
>      * Constructor for EasySSLProtocolSocketFactory.
>      */
>     public EasySSLProtocolSocketFactory() {
>         super();
>     }
> 
>     private SSLContext createEasySSLContext() {
>         try {
>             SSLContext context = SSLContext.getInstance("SSL");
>             context.init(null, new TrustManager[] {new
> EasySSLProtocolSocketFactory.SecureManager()}, null);
>             return context;
>         } catch (Exception e) {
>             LOG.error(e.getMessage(), e);
>             throw new HttpClientError(e.toString());
>         }
>     }
> 
>     private SSLContext getSSLContext() {
>         if (this.sslcontext == null) {
>             this.sslcontext = createEasySSLContext();
>         }
>         return this.sslcontext;
>     }
> 
>     /**
>      * @see
> SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.I
> netAddress,int)
>      */
>     public Socket createSocket(String host, int port, InetAddress
> clientHost, int clientPort) throws IOException, UnknownHostException {
>         return getSSLContext().getSocketFactory().createSocket(host,
> port, clientHost, clientPort);
>     }
> 
>     /**
>      * Attempts to get a new socket connection to the given host within
> the given time limit.
>      * <p>
>      * To circumvent the limitations of older JREs that do not support
> connect timeout a
>      * controller thread is executed. The controller thread attempts to
> create a new socket
>      * within the given limit of time. If socket constructor does not
> return until the
>      * timeout expires, the controller terminates and throws an {@link
> ConnectTimeoutException}
>      * </p>
>      *
>      * @param host the host name/IP
>      * @param port the port on the host
>      * @param clientHost the local host name/IP to bind the socket to
>      * @param clientPort the port on the local machine
>      * @param params {@link HttpConnectionParams Http connection
> parameters}
>      *
>      * @return Socket a new socket
>      *
>      * @throws IOException if an I/O error occurs while creating the
> socket
>      * @throws UnknownHostException if the IP address of the host cannot
> be
>      * determined
>      */
>     public Socket createSocket( final String host, final int port, final
> InetAddress localAddress, final int localPort, final
> HttpConnectionParams params) throws IOException, UnknownHostException,
> ConnectTimeoutException {
>         if (params == null) {
>             throw new IllegalArgumentException("Parameters may not be
> null");
>         }
>         int timeout = params.getConnectionTimeout();
>         if (timeout == 0) {
>             return createSocket(host, port, localAddress, localPort);
>         } else {
>             // To be eventually deprecated when migrated to Java 1.4 or
> above
>             return ControllerThreadSocketFactory.createSocket(
>                     this, host, port, localAddress, localPort, timeout);
>         }
>     }
> 
>     /**
>      * @see
> SecureProtocolSocketFactory#createSocket(java.lang.String,int)
>      */
>     public Socket createSocket(String host, int port) throws
> IOException, UnknownHostException {
>         return getSSLContext().getSocketFactory().createSocket( host,
> port );
>     }
> 
>     /**
>      * @see
> SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.Strin
> g,int,boolean)
>      */
>     public Socket createSocket(Socket socket, String host, int port,
> boolean autoClose) throws IOException, UnknownHostException {
>         return getSSLContext().getSocketFactory().createSocket( socket,
> host, port, autoClose );
>     }
> 
>     public boolean equals(Object obj) {
>         return ((obj != null) &&
> obj.getClass().equals(EasySSLProtocolSocketFactory.class));
>     }
> 
>     public int hashCode() {
>         return EasySSLProtocolSocketFactory.class.hashCode();
>     }
> 
>     //Inner class
>     class SecureManager implements X509TrustManager {
> 
>         public X509Certificate[] getAcceptedIssuers() { return null; }
> 
>         public void checkClientTrusted( X509Certificate[] certs, String
> authType) {}
> 
>         public void checkServerTrusted(X509Certificate[] certs, String
> authType) {}
> 
>     }
> }
> 
> 
> 
> 
> -----Oprindelig meddelelse-----
> Fra: Oleg Kalnichevski [mailto:olegk@apache.org] 
> Sendt: 5. januar 2006 13:29
> Til: httpclient-dev@jakarta.apache.org
> Emne: Re: SV: Slow to open connection after an hour or so
> 
> 
> On Thu, Jan 05, 2006 at 08:38:11AM +0100, Kim B. Andersen wrote:
> > Hi
> > 
> > hope it's readable
> > 
> > First hour
> > 
> > 2006/01/03 14:46:49:926 CET [DEBUG] HttpConnection - Open connection
> to fastnetselvbetjening.tdconline.dk:443
> > 2006/01/03 14:46:50:038 CET [DEBUG] header - >> "GET
> /Krump/Alivetest.do?ws HTTP/1.1[\r][\n]"
> > 
> > After the first hour
> > 
> > 2006/01/04 07:58:50:230 CET [DEBUG] HttpConnection - Open connection
> to fastnetselvbetjening.tdconline.dk:443
> > 2006/01/04 07:58:59:230 CET [DEBUG] header - >> "GET
> /Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]"
> > 
> 
> Kim,
> 
> Apparently the 9sec delay is caused by the SSL related stuff. Most
> likely for some reason the SSL handshake takes some time. How do you
> configure the SSL context on the clietn side?
> 
> Oleg
> 
> 
> > Kim Andersen
> > -----Oprindelig meddelelse-----
> > Fra: Ortwin Gl?ck [mailto:odi@odi.ch] 
> > Sendt: 4. januar 2006 17:19
> > Til: HttpClient Project
> > Emne: Re: Slow to open connection after an hour or so
> > 
> > 
> > My ideas:
> > * Anything in the logs?
> > * Is there a chance that you are exhausting the connection pool by
> never 
> > returning your connections? New connection requests would then block 
> > until one gets available
> > * Maybe attach a debugger / profiler or use jconsole
> > 
> > Hell, it would be nice if HttpClient had some JMX beans to provide 
> > information about pools etc. at runtime. I'll add that as a
> requirement 
> > for 4.0.
> > 
> > Odi
> > 
> > Kim B. Andersen wrote:
> > > Hi
> > > 
> > > I'm devolping a program which grabs webpage every 5min and measure
> the
> > > time it takes. I have succesful used httpclient to get the pages and
> it
> > > works fine:). The problem is opening of connection in httpclient get
> > > very slow after and hour or so.The first hour opening a connection
> takes
> > > 50ms at max and after an hour it takes 10 seconds. Opening of
> connection
> > > gets fast if I restarte the program. Any Ideas what the problem
> could
> > > be?
> > > 
> > > I have tried the following/uses:
> > > 
> > > jvm version: 	1.5.0_6/1.4.2_05
> > > httpclient:	3.0 rc4/ 3.0 rc4
> > > I have tried both with proxy and out
> > > I have tried both MultiThreadedHttpConnectionManager and simple
> > > 
> > > Hope you can help me
> > > 
> > > /Kim Andersen
> > > 
> > 
> > -- 
> > [web]  http://www.odi.ch/
> > [blog] http://www.odi.ch/weblog/
> > [pgp]  key 0x81CF3416
> >         finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF 3416
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message