6750362: Very large LDAP requests throw a OOM on LDAP servers which aren't...

6750362: Very large LDAP requests throw a OOM on LDAP servers which aren't aware of Paged Results Controls 6748156: add an new JNDI property to control the boolean flag WaitForReply Reviewed-by: vinnie, robm

6750362: Very large LDAP requests throw a OOM on LDAP servers which aren't...
6750362: Very large LDAP requests throw a OOM on LDAP servers which aren't aware of Paged Results Controls 6748156: add an new JNDI property to control the boolean flag WaitForReply Reviewed-by: vinnie, robm
d5de8b7a · coffeys · 6f11d120 · d5de8b7a · d5de8b7a · d5de8b7a
5 changed file
--- a/src/share/classes/com/sun/jndi/ldap/Connection.java
+++ b/src/share/classes/com/sun/jndi/ldap/Connection.java
 /*
- * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -380,13 +380,19 @@ public final class Connection implements Runnable {
    }

    LdapRequest writeRequest(BerEncoder ber, int msgId) throws IOException {
-        return writeRequest(ber, msgId, false /* pauseAfterReceipt */);
+        return writeRequest(ber, msgId, false /* pauseAfterReceipt */, -1);
    }

-    LdapRequest writeRequest(BerEncoder ber, int msgId, boolean pauseAfterReceipt)
-        throws IOException {
+    LdapRequest writeRequest(BerEncoder ber, int msgId,
+        boolean pauseAfterReceipt) throws IOException {
+        return writeRequest(ber, msgId, pauseAfterReceipt, -1);
+    }
+
+    LdapRequest writeRequest(BerEncoder ber, int msgId,
+        boolean pauseAfterReceipt, int replyQueueCapacity) throws IOException {

-        LdapRequest req = new LdapRequest(msgId, pauseAfterReceipt);
+        LdapRequest req =
+            new LdapRequest(msgId, pauseAfterReceipt, replyQueueCapacity);
        addRequest(req);

        if (traceFile != null) {

--- a/src/share/classes/com/sun/jndi/ldap/LdapClient.java
+++ b/src/share/classes/com/sun/jndi/ldap/LdapClient.java
 /*
- * Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -516,7 +516,8 @@ public final class LdapClient implements PooledConnection {
    LdapResult search(String dn, int scope, int deref, int sizeLimit,
                      int timeLimit, boolean attrsOnly, String attrs[],
                      String filter, int batchSize, Control[] reqCtls,
-                      Hashtable binaryAttrs, boolean waitFirstReply)
+                      Hashtable binaryAttrs, boolean waitFirstReply,
+                      int replyQueueCapacity)
        throws IOException, NamingException {

        ensureOpen();
@@ -543,7 +544,8 @@ public final class LdapClient implements PooledConnection {
                if (isLdapv3) encodeControls(ber, reqCtls);
            ber.endSeq();

-         LdapRequest req = conn.writeRequest(ber, curMsgId);
+         LdapRequest req =
+                conn.writeRequest(ber, curMsgId, false, replyQueueCapacity);

         res.msgId = curMsgId;
         res.status = LdapClient.LDAP_SUCCESS; //optimistic

--- a/src/share/classes/com/sun/jndi/ldap/LdapCtx.java
+++ b/src/share/classes/com/sun/jndi/ldap/LdapCtx.java
 /*
- * Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -191,6 +191,14 @@ final public class LdapCtx extends ComponentDirContext
    // Environment property for the domain name (derived from this context's DN)
    private static final String DOMAIN_NAME = "com.sun.jndi.ldap.domainname";

+    // Block until the first search reply is received
+    private static final String WAIT_FOR_REPLY =
+        "com.sun.jndi.ldap.search.waitForReply";
+
+    // Size of the queue of unprocessed search replies
+    private static final String REPLY_QUEUE_SIZE =
+        "com.sun.jndi.ldap.search.replyQueueSize";
+
    // ----------------- Fields that don't change -----------------------
    private static final NameParser parser = new LdapNameParser();

@@ -246,6 +254,8 @@ final public class LdapCtx extends ComponentDirContext
    private Hashtable binaryAttrs = null;    // attr values returned as byte[]
    private int connectTimeout = -1;         // no timeout value
    private int readTimeout = -1;            // no timeout value
+    private boolean waitForReply = true;     // wait for search response
+    private int replyQueueSize  = -1;        // unlimited queue size
    private boolean useSsl = false;          // true if SSL protocol is active
    private boolean useDefaultPortNumber = false; // no port number was supplied

@@ -1759,8 +1769,8 @@ final public class LdapCtx extends ComponentDirContext
                                         SearchControls cons,
                                         Continuation cont)
            throws NamingException {
-        return searchAux(name, filter, cloneSearchControls(cons), true, true,
-                         cont);
+        return searchAux(name, filter, cloneSearchControls(cons), true,
+                 waitForReply, cont);
    }

    protected NamingEnumeration c_search(Name name,
@@ -1928,7 +1938,7 @@ final public class LdapCtx extends ComponentDirContext
    }

    private LdapResult doSearch(Name name, String filter, SearchControls cons,
-        boolean relative, boolean waitFirstReply) throws NamingException {
+        boolean relative, boolean waitForReply) throws NamingException {
            ensureOpen();
            try {
                int scope;
@@ -1984,7 +1994,8 @@ final public class LdapCtx extends ComponentDirContext
                        batchSize,
                        reqCtls,
                        binaryAttrs,
-                        waitFirstReply);
+                        waitForReply,
+                        replyQueueSize);
                respCtls = answer.resControls; // retrieve response controls
                return answer;

@@ -2170,6 +2181,10 @@ final public class LdapCtx extends ComponentDirContext
            connectTimeout = -1;
        } else if (propName.equals(READ_TIMEOUT)) {
            readTimeout = -1;
+        } else if (propName.equals(WAIT_FOR_REPLY)) {
+            waitForReply = true;
+        } else if (propName.equals(REPLY_QUEUE_SIZE)) {
+            replyQueueSize = -1;

 // The following properties affect the connection

@@ -2225,6 +2240,11 @@ final public class LdapCtx extends ComponentDirContext
                setConnectTimeout((String)propVal);
            } else if (propName.equals(READ_TIMEOUT)) {
                setReadTimeout((String)propVal);
+            } else if (propName.equals(WAIT_FOR_REPLY)) {
+                setWaitForReply((String)propVal);
+            } else if (propName.equals(REPLY_QUEUE_SIZE)) {
+                setReplyQueueSize((String)propVal);
+
 // The following properties affect the connection

            } else if (propName.equals(Context.SECURITY_PROTOCOL)) {
@@ -2312,6 +2332,13 @@ final public class LdapCtx extends ComponentDirContext
        // Set the read timeout
        setReadTimeout((String)envprops.get(READ_TIMEOUT));

+        // Set the flag that controls whether to block until the first reply
+        // is received
+        setWaitForReply((String)envprops.get(WAIT_FOR_REPLY));
+
+        // Set the size of the queue of unprocessed search replies
+        setReplyQueueSize((String)envprops.get(REPLY_QUEUE_SIZE));
+
        // When connection is created, it will use these and other
        // properties from the environment
    }
@@ -2441,6 +2468,34 @@ final public class LdapCtx extends ComponentDirContext
        }
    }

+    /**
+     * Sets the size of the queue of unprocessed search replies
+     */
+    private void setReplyQueueSize(String replyQueueSizeProp) {
+        if (replyQueueSizeProp != null) {
+           replyQueueSize = Integer.parseInt(replyQueueSizeProp);
+            // disallow an empty queue
+            if (replyQueueSize <= 0) {
+                replyQueueSize = -1;    // unlimited
+            }
+        } else {
+            replyQueueSize = -1;        // unlimited
+        }
+    }
+
+    /**
+     * Sets the flag that controls whether to block until the first search
+     * reply is received
+     */
+    private void setWaitForReply(String waitForReplyProp) {
+        if (waitForReplyProp != null &&
+            (waitForReplyProp.equalsIgnoreCase("false"))) {
+            waitForReply = false;
+        } else {
+            waitForReply = true;
+        }
+    }
+
    /**
     * Sets the read timeout value
     */

--- a/src/share/classes/com/sun/jndi/ldap/LdapRequest.java
+++ b/src/share/classes/com/sun/jndi/ldap/LdapRequest.java
 /*
- * Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,8 @@
 package com.sun.jndi.ldap;

 import java.io.IOException;
-import java.util.Vector;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingQueue;
 import javax.naming.CommunicationException;

 final class LdapRequest {
@@ -35,14 +36,26 @@ final class LdapRequest {
    int msgId;          // read-only

    private int gotten = 0;
-    private Vector replies = new Vector(3);
+    private BlockingQueue<BerDecoder> replies;
+    private int highWatermark = -1;
    private boolean cancelled = false;
    private boolean pauseAfterReceipt = false;
    private boolean completed = false;

    LdapRequest(int msgId, boolean pause) {
+        this(msgId, pause, -1);
+    }
+
+    LdapRequest(int msgId, boolean pause, int replyQueueCapacity) {
        this.msgId = msgId;
        this.pauseAfterReceipt = pause;
+        if (replyQueueCapacity == -1) {
+            this.replies = new LinkedBlockingQueue<BerDecoder>();
+        } else {
+            this.replies =
+                new LinkedBlockingQueue<BerDecoder>(replyQueueCapacity);
+            highWatermark = (replyQueueCapacity * 80) / 100; // 80% capacity
+        }
    }

    synchronized void cancel() {
@@ -57,7 +70,13 @@ final class LdapRequest {
        if (cancelled) {
            return false;
        }
-        replies.addElement(ber);
+
+        // Add a new reply to the queue of unprocessed replies.
+        try {
+            replies.put(ber);
+        } catch (InterruptedException e) {
+            // ignore
+        }

        // peek at the BER buffer to check if it is a SearchResultDone PDU
        try {
@@ -70,6 +89,14 @@ final class LdapRequest {
        ber.reset();

        notify(); // notify anyone waiting for reply
+        /*
+         * If a queue capacity has been set then trigger a pause when the
+         * queue has filled to 80% capacity. Later, when the queue has drained
+         * then the reader gets unpaused.
+         */
+        if (highWatermark != -1 && replies.size() >= highWatermark) {
+            return true; // trigger the pause
+        }
        return pauseAfterReceipt;
    }

@@ -79,14 +106,12 @@ final class LdapRequest {
                " cancelled");
        }

-        if (gotten < replies.size()) {
-            BerDecoder answer = (BerDecoder)replies.elementAt(gotten);
-            replies.setElementAt(null, gotten); // remove reference
-            ++gotten; // skip to next
-            return answer;
-        } else {
-            return null;
-        }
+        /*
+         * Remove a reply if the queue is not empty.
+         * poll returns null if queue is empty.
+         */
+        BerDecoder reply = replies.poll();
+        return reply;
    }

    synchronized boolean hasSearchCompleted() {

--- a/test/com/sun/jndi/ldap/NoWaitForReplyTest.java
+++ b/test/com/sun/jndi/ldap/NoWaitForReplyTest.java
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 6748156
+ * @summary add an new JNDI property to control the boolean flag WaitForReply
+ */
+
+import java.net.Socket;
+import java.net.ServerSocket;
+import java.io.*;
+import javax.naming.*;
+import javax.naming.directory.*;
+import java.util.Hashtable;
+
+public class NoWaitForReplyTest {
+
+    public static void main(String[] args) throws Exception {
+
+    boolean passed = false;
+
+    // Set up the environment for creating the initial context
+    Hashtable env = new Hashtable(11);
+        env.put(Context.PROVIDER_URL, "ldap://localhost:22001");
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
+        "com.sun.jndi.ldap.LdapCtxFactory");
+
+    // Wait up to 10 seconds for a response from the LDAP server
+    env.put("com.sun.jndi.ldap.read.timeout", "10000");
+
+    // Don't wait until the first search reply is received
+    env.put("com.sun.jndi.ldap.search.waitForReply", "false");
+
+    // Send the LDAP search request without first authenticating (no bind)
+    env.put("java.naming.ldap.version", "3");
+
+    DummyServer ldapServer = new DummyServer();
+
+    try {
+
+        // start the LDAP server
+        ldapServer.start();
+
+        // Create initial context
+        System.out.println("Client: connecting to the server");
+        DirContext ctx = new InitialDirContext(env);
+
+        SearchControls scl = new SearchControls();
+        scl.setSearchScope(SearchControls.SUBTREE_SCOPE);
+        System.out.println("Client: performing search");
+        NamingEnumeration answer =
+        ctx.search("ou=People,o=JNDITutorial", "(objectClass=*)", scl);
+
+        // Server will never reply: either we waited in the call above until
+        // the timeout (fail) or we did not wait and reached here (pass).
+        passed = true;
+        System.out.println("Client: did not wait until first reply");
+
+        // Close the context when we're done
+        ctx.close();
+
+    } catch (NamingException e) {
+        // timeout (ignore)
+    }
+    ldapServer.interrupt();
+
+    if (!passed) {
+        throw new Exception(
+        "Test FAILED: should not have waited until first search reply");
+    }
+    System.out.println("Test PASSED");
+    }
+
+    static class DummyServer extends Thread {
+
+        static int serverPort = 22001;
+
+    DummyServer() {
+    }
+
+    public void run() {
+        try {
+        ServerSocket serverSock = new ServerSocket(serverPort);
+                Socket socket = serverSock.accept();
+                System.out.println("Server: accepted a connection");
+                BufferedInputStream bin =
+            new BufferedInputStream(socket.getInputStream());
+
+                while (true) {
+                    bin.read();
+                }
+        } catch (IOException e) {
+        // ignore
+        }
+    }
+}
+}