Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8428

[GSS](7.1.0) GZIPDecodingInterceptor may be registered twice when using JAX-RS and REsteasy client on the same application

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.1.0.DR16
    • 6.4.0.GA
    • REST
    • None
    • Workaround Exists
    • Hide
      • For EAP users, it is possible to try to reject HTTP requests using the following workaround: https://access.redhat.com/solutions/375263 - however, they must configure resteasy for an eager start, like adding resteasy bootstrap listener to web.xml
      • Users of other servers must prevent this by using some other technique to avoid the access to the client at the same time when resteasy is registering the providers.
      Show
      For EAP users, it is possible to try to reject HTTP requests using the following workaround: https://access.redhat.com/solutions/375263 - however, they must configure resteasy for an eager start, like adding resteasy bootstrap listener to web.xml Users of other servers must prevent this by using some other technique to avoid the access to the client at the same time when resteasy is registering the providers.
    • Hide

      You should see the error

      Show
      Build the attached application; Deploy the attached application in JBoss EAP 6.4.7 with some mechanism to stop the server execution at RegisterBuiltin::register method (I used a debugger, but byteman can be used as well); Access the REST endpoint: ** http://localhost:8080/resteasy-provider-threadsafe/rest** While the thread is stuck at the provider registration, access the servlet that uses the resteasy client library: ** http://localhost:8080/resteasy-provider-threadsafe/servlet** You should see the error

    Description

      If we have a web application that has a JAX-RS resource and another interface not related to JAX-RS (servlet or a JAX-WS web service, for example), but using resteasy client, we might have an issue where:

      • If the JAX-RS endpoint is acessed and it is doing the providers registration;
      • At the same time, the other endpoint that uses the client request API is accessed;
      • The GZIPDecodingInterceptor will be registered twice

      The consequence is that two GZIPDecodingInterceptor will try to parse the GZIP requests corrupting the gzipinputstream and leading to the following error everytime we try to use the client again:

      Caused by: java.util.zip.ZipException: Not in GZIP format
    at java.util.zip.GZIPInputStream.readHeader(GZIPInputStream.java:164) [rt.jar:1.7.0_97]
    at java.util.zip.GZIPInputStream.<init>(GZIPInputStream.java:78) [rt.jar:1.7.0_97]
    at java.util.zip.GZIPInputStream.<init>(GZIPInputStream.java:90) [rt.jar:1.7.0_97]
    at org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor$FinishableGZIPInputStream.<init>(GZIPDecodingInterceptor.java:30)
    at org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor.read(GZIPDecodingInterceptor.java:47)
    at org.jboss.resteasy.core.interception.MessageBodyReaderContextImpl.proceed(MessageBodyReaderContextImpl.java:109)
    at org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor.read(GZIPDecodingInterceptor.java:51)
    at org.jboss.resteasy.core.interception.MessageBodyReaderContextImpl.proceed(MessageBodyReaderContextImpl.java:109)

      The issue, as greatly found by our colleague Dennis, is that the client request will try to create a wrapped provider during the other providerfactory provider registration. which means that the following synchronized code block from RegisterBuiltin class won't protect us:

      public class RegisterBuiltin
{

   public static void register(ResteasyProviderFactory factory)
   {
      synchronized (factory)
      {
         if (factory.isBuiltinsRegistered() || !factory.isRegisterBuiltins()) return;
         try
         {
            registerProviders(factory);
         }
         catch (Exception e)
         {
            throw new RuntimeException(e);
         }
         factory.setBuiltinsRegistered(true);
      }
   }

//....
}

      Attachments

        Issue Links

          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-9973 Upgrade RESTEasy to 3.0.22.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          relates to

          Bug - A problem that impairs or prevents the functions of the product. RESTEASY-1623 GZIPDecodingInterceptor may be registered twice when using JAX-RS and REsteasy client on the same application

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-engineering-ema Jim Ma
              rhn-support-wsiqueir William Siqueira
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: