sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julian Sedding (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SLING-8051) Timing issue in SlingMainServlet
Date Fri, 26 Oct 2018 12:19:00 GMT

     [ https://issues.apache.org/jira/browse/SLING-8051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Julian Sedding updated SLING-8051:
----------------------------------
    Description: 
There seems to be a timing issue in the {{SlingMainServlet}}, which is rooted in the fact
that it is subject to OSGi's DS life-cycle, as well as the {{Servlet}} life-cycle (as implemented
in teh HTTP whiteboard.

In its {{activate}} method the {{SlingMainServlet}} registers itself as a {{Servlet}} via
the HTTP whiteboard. At this point it assumes that the whiteboard immediately calls its {{init()}}
method.

Directly afterwards it registers a {{SlingServletContext}} instance as a {{ServletContext}}
in the service registry, which in turn contains a reference to the {{SlingMainServlet}} instance.

However, it may happen (I have observed this on Tomcat, i.e. not in standalone mode), that
the HTTP whiteboard is only registered after the {{SlingMainServlet}} has been activated.
This leaves a large time window, i.e. between {{SlingMainServlet.activate}} and the registration
of the HTTP whiteboard, which eventually leads to {{SlingMainServlet.init(ServletConfig)}}
being called. Within this time window, other DS components may pick up a reference e.g. to
the {{SlingServletContext}}, which is backed by an activated but uninitialized {{SlingMainServlet}}.


The {{SlingServletResolver}} has a static reference to the {{SlingServletContext}}, and starts
initializing (Sling-)Servlets immediately, passing a {{SlingServletConfig}} backed by the
{{SlingServletContext}} instance to their {{#init(ServletContext)}} method. 

Now any init method that happens to call the wrong method on {{SlingServletConfig}} is prone
to {{NullPointerException}}s because {{SlingServletConfig.getServletContext().getServletConfig()
== null}}.

This was observed with the {{SlingWebDavServlet}} that (via inheritance from Jackrabbit's
{{SimpleWebdavServlet}}) calls {{this.getServletContext().setAttribute()}}. Attached is  [a
stack trace of this scenario|^SLING-8051-stack-trace.txt] .

  was:
There seems to be a timing issue in the {{SlingMainServlet}}, which is rooted in the fact
that it is subject to OSGi's DS life-cycle, as well as the {{Servlet}} life-cycle (as implemented
in teh HTTP whiteboard.

In its {{activate}} method the {{SlingMainServlet}} registers itself as a {{Servlet}} via
the HTTP whiteboard. At this point it assumes that the whiteboard immediately calls its {{init()}}
method.

Directly afterwards it registers a {{SlingServletContext}} instance as a {{ServletContext}}
in the service registry, which in turn contains a reference to the {{SlingMainServlet}} instance.

However, it may happen (I have observed this on Tomcat, i.e. not in standalone mode), that
the HTTP whiteboard is only registered after the {{SlingMainServlet}} has been activated.
This leaves a large time window, i.e. between {{SlingMainServlet.activate}} and the registration
of the HTTP whiteboard, which eventually leads to {{SlingMainServlet.init(ServletConfig)}}
being called. Within this time window, other DS components may pick up a reference e.g. to
the {{SlingServletContext}}, which is backed by an activated but uninitialized {{SlingMainServlet}}.


The {{SlingServletResolver}} has a static reference to the {{SlingServletContext}}, and starts
initializing (Sling-)Servlets immediately, passing a {{SlingServletConfig}} backed by the
{{SlingServletContext}} instance to their {{#init(ServletContext)}} method. 

Now any init method that happens to call the wrong method on {{SlingServletConfig}} is prone
to {{NullPointerException}}s because {{SlingServletConfig.getServletContext().getServletConfig()
== null}}.

This was observed with the {{SlingWebDavServlet}} that (via inheritance from Jackrabbit's
{{SimpleWebdavServlet}}) calls {{this.getServletContext().setAttribute()}}. Attached is a
stack trace of this scenario.


> Timing issue in SlingMainServlet
> --------------------------------
>
>                 Key: SLING-8051
>                 URL: https://issues.apache.org/jira/browse/SLING-8051
>             Project: Sling
>          Issue Type: Improvement
>          Components: Engine
>    Affects Versions: Engine 2.6.14
>            Reporter: Julian Sedding
>            Assignee: Julian Sedding
>            Priority: Major
>         Attachments: SLING-8051-stack-trace.txt
>
>
> There seems to be a timing issue in the {{SlingMainServlet}}, which is rooted in the
fact that it is subject to OSGi's DS life-cycle, as well as the {{Servlet}} life-cycle (as
implemented in teh HTTP whiteboard.
> In its {{activate}} method the {{SlingMainServlet}} registers itself as a {{Servlet}}
via the HTTP whiteboard. At this point it assumes that the whiteboard immediately calls its
{{init()}} method.
> Directly afterwards it registers a {{SlingServletContext}} instance as a {{ServletContext}}
in the service registry, which in turn contains a reference to the {{SlingMainServlet}} instance.
> However, it may happen (I have observed this on Tomcat, i.e. not in standalone mode),
that the HTTP whiteboard is only registered after the {{SlingMainServlet}} has been activated.
This leaves a large time window, i.e. between {{SlingMainServlet.activate}} and the registration
of the HTTP whiteboard, which eventually leads to {{SlingMainServlet.init(ServletConfig)}}
being called. Within this time window, other DS components may pick up a reference e.g. to
the {{SlingServletContext}}, which is backed by an activated but uninitialized {{SlingMainServlet}}.

> The {{SlingServletResolver}} has a static reference to the {{SlingServletContext}}, and
starts initializing (Sling-)Servlets immediately, passing a {{SlingServletConfig}} backed
by the {{SlingServletContext}} instance to their {{#init(ServletContext)}} method. 
> Now any init method that happens to call the wrong method on {{SlingServletConfig}} is
prone to {{NullPointerException}}s because {{SlingServletConfig.getServletContext().getServletConfig()
== null}}.
> This was observed with the {{SlingWebDavServlet}} that (via inheritance from Jackrabbit's
{{SimpleWebdavServlet}}) calls {{this.getServletContext().setAttribute()}}. Attached is  [a
stack trace of this scenario|^SLING-8051-stack-trace.txt] .



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message