泽西岛客户端 HTTPS 性能问题

2022-09-03 16:15:26

我正在使用测试 来测试在 上运行。我的一个呼叫在每次阻止后挂起10秒。等效代码在几毫秒内运行。如果我切换模式,问题就会消失。JUnitJERSEY Client + HTTPSsecure web serviceJettywr.get( ClientResponse.class)9-10 requestsApache clientJetty to HTTP

我正在使用Jersey bundle & client 1.14 and Jetty 6.1.26



Apache客户端的工作原理

@Test
public void testApacheClient() throws Exception
{
  HttpClient client = new HttpClient();
  ProtocolSocketFactory socketFactory = new EasySSLProtocolSocketFactory();
  Protocol https = new Protocol( "https", socketFactory, 443 );
  Protocol.registerProtocol( "https", https );

  //Finishes in < 1 second
  for ( int i = 0; i < 30; i++ )
  {
    GetMethod getMethod = new GetMethod( "https://localhost:8443/home" );
    client.executeMethod( getMethod );
    String entity = getMethod.getResponseBodyAsString();
    getMethod.releaseConnection();
  }
}



泽西岛客户挂起

@Test
public void testJerseyClient() throws Exception

  HostnameVerifier hv = getHostnameVerifier();
  ClientConfig config = new DefaultClientConfig();
  SSLContext ctx = getSslContext();
  config.getProperties().put( HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
      new HTTPSProperties( hv, ctx ) );

  Client jerseyClient = Client.create( config );

  //Finishes in < 1 second
  for ( int i = 0; i < 30; i++ )
  {
    WebResource wr = jerseyClient.resource( "https://www.google.com" );
    ClientResponse cr = wr.get( ClientResponse.class );
    String entity = cr.getEntity( String.class );
    cr.close();
  }

  /* Pauses for 10 seconds after the 10th request, and subsequently after every 9th request.
     Debugging shows waiting at line 'ClientResponse cr = ...'
   */
  for ( int i = 0; i < 30; i++ )
  {
    WebResource wr = jerseyClient.resource( "https://localhost:8443/home" );
    ClientResponse cr = wr.get( ClientResponse.class );  //10 second pause after requests 9, 18, 27
    String entity = cr.getEntity( String.class ); //This is triggering the problem
    cr.close();
  }

  //Finishes in < 1 second
  for ( int i = 0; i < 30; i++ )
  {
    WebResource wr = jerseyClient.resource( "https://localhost:8443/home" );
    ClientResponse cr = wr.get( ClientResponse.class );
    cr.close();
  }
}

从中检索实体似乎会触发问题,但只能在模式下运行并针对我的Web服务器运行(不是)。我已经运行了,并且两者都出现问题。我还在我的不同计算机上运行Web服务器,并从多台计算机进行单元测试。ClientResponseHTTPSgoogle, facebook, etcJersey ServletContainer and Struts ActionServletJettysubnet



泽西岛 HTTPS 类

private HostnameVerifier getHostnameVerifier() {
  HostnameVerifier hv = new HostnameVerifier() {
    public boolean verify( String arg0, SSLSession arg1 ) { return true; }
  };
  return hv;
}

private SSLContext getSslContext() throws Exception {      
  private final SSLContext sslContext = SSLContext.getInstance( "SSL" );
  sslContext.init( null, new TrustManager[] { new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }
        public void checkClientTrusted( X509Certificate[] certs, String authType ) {}
        public void checkServerTrusted( X509Certificate[] certs, String authType ) {}
      }
    }, new SecureRandom()
  );
  return sslContext;
}



Jetty SSL 连接器。如果我使用SelectChannelConnector和带有HTTP的单元测试,问题就会消失。

<Call name="addConnector">
  <Arg>
    <New class="org.mortbay.jetty.security.SslSocketConnector">
      <Set name="allowRenegotiate">true</Set>
      <Set name="Port">8443</Set>
      <Set name="reuseAddress">true</Set>
      <Set name="Host">mgmt-int</Set>
      <Set name="maxIdleTime">30000</Set>
      <Set name="handshakeTimeout">2000</Set>
      <Set name="keystore"><SystemProperty name="jetty.home" default="/usr/app/web-app"/>/conf/keystore.jetty</Set>
      <Set name="password">OBF:1vaaaaaaaaaaaaaaaaaaaa111111111v</Set>
      <Set name="keyPassword">OBF:1vaaaaaaaaaaaaaaaaaaaa111111111v</Set>
    </New>
  </Arg>
</Call>

答案 1

它们在什么操作系统上运行?

只是一个猜测,但它可能与缓慢的实现有关(通过 )。/dev/randomSecureRandom

相关讨论在这里:

如何使用Java SecureRandom解决性能问题?

由于我不能总是控制Web应用程序中的JVM参数,因此我一直将此用作解决方法:

static {
    System.setProperty("java.security.egd", "file:///dev/urandom");
}

不知道这是否严格意义上的推荐(但它为我解决了问题)。


答案 2

尝试稍微修改一下 trustManager 实现:

TrustManager[] trustAllCerts = new TrustManager[] {
        new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {
                // Trust always
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {
                // Trust always
            }
        }
    };

另外,不要忘记在getSSLContext()方法的末尾调用HttpsURLConnection.setDefaultSocketFactory:

HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());