8292044: HttpClient doesn't handle 102 or 103 properly

[jaikiran]

Can I please get a review of this change which proposes to fix https://bugs.openjdk.org/browse/JDK-8292044?

The linked JBS issue notes two parts to fixing this. Part one is to (internally) ignore the intermediate 1xx informational responses, in the client and wait for subsequent final response from the server. Part two is to introduce newer APIs to let applications using HttpClient, to have access to these intermediate response (codes). This commit (only) addresses part one. Part two is out of scope of this change and a separate issue will be opened to address it (at a later time).

The commit in this PR introduces a check to see if the returned response is an informational response (as defined by RFC-2616 https://www.rfc-editor.org/rfc/rfc2616#page-58). If the response code is between 102 and 199 (inclusive), then this change ignores that response and keeps waiting for a subsequent final response from the server.

The request timeout (if set) will not be reset when a intermediate informational response is received (and we ignore it). The request timeout handling continues to be the same as what it is currently and will span from the request start till the final response is received. If no final response is received within the duration of request timeout (if set) then the application will continue to receive a request timeout exception.

A new test class has been introduced to reproduce the issue and test the fix. The test tests both HTTP/1.1 and HTTP2.

tier1, tier2 and tier3 testing is in progress.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8292044: HttpClient doesn't handle 102 or 103 properly

Reviewers

• @reschke (no known github.com user name / role) ⚠️ Review applies to 394ac932
• Daniel Fuchs (@dfuch - Reviewer)
• Chris Hegarty (@ChrisHegarty - Reviewer) ⚠️ Review applies to fda47d20
• Michael McMahon (@Michael-Mc-Mahon - Reviewer) ⚠️ Review applies to fda47d20

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/10169/head:pull/10169
$ git checkout pull/10169

Update a local copy of the PR:
$ git checkout pull/10169
$ git pull https://git.openjdk.org/jdk pull/10169/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 10169

View PR using the GUI difftool:
$ git pr show -t 10169

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/10169.diff

[bridgekeeper]

👋 Welcome back jpai! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@jaikiran The following label will be automatically applied to this pull request:

• net

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 12: Full - Incremental (508287a1)
• 11: Full - Incremental (29334d9b)
• 10: Full - Incremental (d3e5e245)
• 09: Full - Incremental (a675fc9f)
• 08: Full - Incremental (56036eaa)
• 07: Full - Incremental (5a67c202)
• 06: Full - Incremental (fda47d20)
• 05: Full - Incremental (f7df1d39)
• 04: Full - Incremental (394ac932)
• 03: Full - Incremental (ab85171c)
• 02: Full - Incremental (0030dce1)
• 01: Full - Incremental (cfc4b666)
• 00: Full (696a6bfc)

[dfuch]

We should probably log that using one of the Log.xxx methods too ?
Have the response headers in Response already been logged (using Log) by the time we reach here? If not we need to log them.

[jaikiran]

Hello Daniel,

We should probably log that using one of the Log.xxx methods too ?

I've now updated the PR to add the Log.logTrace call too.

Have the response headers in Response already been logged (using Log) by the time we reach here?

Yes, both for HTTP1 and HTTP2 the response headers get logged as soon as a Response instance is created here https://github.com/openjdk/jdk/blob/master/src/java.net.http/share/classes/jdk/internal/net/http/Http1Response.java#L209 and here https://github.com/openjdk/jdk/blob/master/src/java.net.http/share/classes/jdk/internal/net/http/Stream.java#L516. So by the time, the control reaches here those response headers will already be logged. Do note that the spec doesn't mandate any response headers for these informational responses. So there may not be any response headers.

[jaikiran]

The PR has been updated to include a new test to verify that the request timeout isn't impacted when informational responses are involved and the application receives the timeout exception if the server doesn't respond with a final response, within the timeout duration.

tier1, tier2 and tier3 testing passed with the changes in this PR.

[Michael-Mc-Mahon]

We probably should consider how a future API change would work, which allows an application to receive the intermediate responses and make sure this change doesn't cause any problems for that. Though, I don't see an issue currently. Regarding a new API, maybe a method could be added to HttpResponse.BodyHandler to supply intermediate responses?

[jaikiran]

A new JBS issue (https://bugs.openjdk.org/browse/JDK-8293574) got reported for this same bug. The reporter there provided test cases to reproduce the issue. Those tests helped identify an additional fix that was needed in this PR.

Specifically, the RFC states that if the request is configured for "Expect-Continue" and if the server still sends a 100 response, then the client should ignore it and wait for a final response. This wasn't being done in this proposed patch. I've now updated this PR to handle that case and have also updated the test case to cover this scenario.

[jaikiran]

Specifically, the RFC states that if the request is configured for "Expect-Continue" and if the server still sends a 100 response....

That should read "the RFC states that if the request is not configured for "Expect-Continue" ..."

[reschke]

Left a few comments regarding which RFCs are relevant.

[reschke]

RFC 2616 is irrelevant. You need to look at RFC 9110 and 9112.

[jaikiran]

Thank you Julian for those references. I've cleaned up this comment in the updated version of this PR.

I see that RFC 9110 was published as recently as June 2022 and obsoletes RFC 7231. However, in context of what we are doing in this PR, the 1xx informational handling continues to be the same, so referring to this spec in the comment, I think is fine.

[reschke]

So is RFC 7231.

[reschke]

This is not specific for version 1.1 of HTTP. See RFC 9110.

[jaikiran]

Hello Michael,

Regarding a new API, maybe a method could be added to HttpResponse.BodyHandler to supply intermediate responses?

I had a look at the HttpClient API and as you note, we could add a new method on BodyHandler to provide the application with these interim responses. Something like:

/**
 * Invoked when the client receives an interim informational (1xx) response for
 * a request.
 * @param responseInfo The interim response
 */
default void applyInterim(ResponseInfo responseInfo) {
    // do nothing by default
}

I plan to experiment with this in a separate JBS issue.

[reschke]

I'd rephrase that as "clients *can' ignore them if they choose to"

[dfuch]

This will not work if the address is the IPv6 loopback. I suggest using the test URIBuilder to build the URI.

[jaikiran]

You are right - I hadn't taken that aspect into account. I have now updated the PR to use the URIBuilder test library. Manual testing by passing -Djava.net.preferIPv6Addresses=true to this test, with and without this URIBuilder reproduced the URI related failures and verified that this change works.

[reschke]

FWIW, it would be awesome if an equivalent fix could be applied to HTTPURLConnection.

[jaikiran]

FWIW, it would be awesome if an equivalent fix could be applied to HTTPURLConnection.

A brief look at the code in that area suggests that it might be relatively straightforward to fix that too. I'll check it out in more detail.

[openjdk]

@jaikiran This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8292044: HttpClient doesn't handle 102 or 103 properly

Reviewed-by: dfuchs, chegar, michaelm

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 10 new commits pushed to the master branch:

• df8ec09: 8294046: Newly added test test/jdk/javax/swing/JTabbedPane/TestNPEStateChgListener.java fails in macos
• 09af637: 8294012: RISC-V: get/put_native_u8 missing the case when address&7 is 6
• 584de68: 8294058: Early use of lambda introduced in JDK-8285263 cause startup regressions in 20-b02
• bb422f5: 8293595: tstrings::any() is missing an overload
• 0f28cb0: 8294014: Remove redundant UseCompiler conditions
• 84ee1a2: 8293781: RISC-V: Clarify types of calls
• 1b49606: 8293922: Extend barrier-less Java thread transitions to native transitions
• a07902b: 8293976: Use unsigned integers in Assembler/CodeBuffer::emit_int*
• fe541f0: 8293989: [JVMCI] re-use cleared oop handles
• 0fa7d9e: 8278863: Add method ClassDesc::ofInternalName

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[ChrisHegarty]

LGTM.

[Michael-Mc-Mahon]

Looks good.

[jaikiran]

In #10229 Daniel raised a valid question about how we deal with a 101 response when the request didn't ask for an Upgrade. I've updated this PR to ignore such a response too (as allowed by the spec) and updated the test to include this scenario. Test fails without the change and passes with the change.

[reschke]

A 101 response implies that the wire protocol is switching to the protocol specified in the "Upgrade" header field. I don't think it would be wise to ignore that, unless the protocol actually stays the same.

Note that this is indeed an edge case because it implies that the server is misbehaving. Thus, I'd rather raise an exception instead of making assumptions that will likely be incorrect.

[dfuch]

A 101 response implies that the wire protocol is switching to the protocol specified in the "Upgrade" header field. I don't think it would be wise to ignore that, unless the protocol actually stays the same.

Note that this is indeed an edge case because it implies that the server is misbehaving. Thus, I'd rather raise an exception instead of making assumptions that will likely be incorrect.

I agree with Julian - if we didn't ask for an upgrade we should probably consider that as a protocol violation and close the connection.

[jaikiran]

Thank you Julian and Daniel for that input. I've now updated this PR to take into account that receiving an unexpected 101 should be considered a protocol error and subsequently necessary action be taken in the client.

New tests have been added to test this scenario.

[jaikiran]

I decided to intentionally ignore any exceptions here because I couldn't think of anything different that we could do here, would there?

[dfuch]

I agree. But I believe you should create the exception outside of the try and pass it both to the exchangeImpl and the returned failed future. The concrete implementation of onProtocolError should end up calling cancelImpl on the concrete subclass in both cases. Calling cancelImpl should take care of proper exception recording and take care of operation ref counting too.

[dfuch]

I believe this should take an IOException or ProtocolException as parameter and call cancelImpl(IOException).
It should take care of resetting the stream if needed, and properly account for the ref counting of inflight operation.

[dfuch]

Should take the IOException/ProtocolException as parameter and call cancelImpl(IOException). cancelImpl should do the right thing.

[dfuch]

I agree. But I believe you should create the exception outside of the try and pass it both to the exchangeImpl and the returned failed future. The concrete implementation of onProtocolError should end up calling cancelImpl on the concrete subclass in both cases. Calling cancelImpl should take care of proper exception recording and take care of operation ref counting too.

[dfuch]

can we remove the outer class from the declaration?

[dfuch]

same here?

[dfuch]

This test should probably use a final ReferenceTracker TRACKER = ReferenceTracker.INSTANCE now, to double check that all clients have properly terminated without any dangling operations at the end of the test.

You can grep TRACKER in existing HttpClient tests to see how this is used.
The TRACKER can be used to track created clients, and invoked at the end of the test to verify that all resources have been properly reclaimed.

[dfuch]

LGTM

[jaikiran]

Thank you everyone for the inputs and the reviews.

[jaikiran]

/integrate

[openjdk]

Going to push as commit 800e68d.
Since your change was applied there have been 44 commits pushed to the master branch:

• 83abfa5: 8255670: Improve C2's detection of modified nodes
• 5652030: 8292376: A few Swing methods use inheritDoc on exceptions which are not inherited
• 03f287d: 8293995: Problem list sun/tools/jstatd/TestJstatdRmiPort.java on all platforms because of 8293577
• d5bee4a: 8294086: RISC-V: Cleanup InstructionMark usages in the backend
• 47f233a: 8292202: modules_do is called without Module_lock
• 742bc04: 8294100: RISC-V: Move rt_call and xxx_move from SharedRuntime to MacroAssembler
• 2283c32: 8294149: JMH 1.34 and later requires jopt-simple 5.0.4
• 9f90eb0: 8294062: Improve parsing performance of j.l.c.MethodTypeDesc
• c6be2cd: 8293156: Dcmd VM.classloaders fails to print the full hierarchy
• 711e252: 8294039: Remove "Classpath" exception from java/awt tests
• ... and 34 more: https://git.openjdk.org/jdk/compare/4020ed53dd6e45cafa1d86432274700f0d4a67ca...master

Your commit was automatically rebased without conflicts.

[openjdk]

@jaikiran Pushed as commit 800e68d.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

[reschke]

Tested in https://github.com/greenbytes/java-http-1xx-tests and found to be working as advertised. Thanks!

[reschke]

We probably should consider how a future API change would work, which allows an application to receive the intermediate responses and make sure this change doesn't cause any problems for that. Though, I don't see an issue currently. Regarding a new API, maybe a method could be added to HttpResponse.BodyHandler to supply intermediate responses?

It would be great if a new ticket would be opened for tracking this enhancement request.

[jaikiran]

Tested in https://github.com/greenbytes/java-http-1xx-tests and found to be working as advertised. Thanks!

Thank you Julian for running those tests.

We probably should consider how a future API change would work, which allows an application to receive the intermediate responses and make sure this change doesn't cause any problems for that. Though, I don't see an issue currently. Regarding a new API, maybe a method could be added to HttpResponse.BodyHandler to supply intermediate responses?

It would be great if a new ticket would be opened for tracking this enhancement request.

That is being tracked in https://bugs.openjdk.org/browse/JDK-8294196