Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8032832

Applet/browser deadlocks, when IIS integrated authentication is used

    Details

    • Subcomponent:
    • Resolved In Build:
      b12
    • OS:
      windows

      Backports

        Description

        FULL PRODUCT VERSION :
        JDK 7, JDK 8, JDK 9

        ADDITIONAL OS VERSION INFORMATION :
        MS Windows OS

        A DESCRIPTION OF THE PROBLEM :
        Loading of an applet leads to a deadlock of Internet Explorer process on Windows OS with JDK 7u15, JDK 7u25, if the applet is deployed on IIS web server with the enabled Windows Authentication configured to use "Negotiate" security support provider.

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        The file "ThreadDumpOfHang.txt" which contains a full thread dump of the original deadlock is attached to this bug record. However, call stacks of 2 threads from this file which block each other are presented below.

        "Image Fetcher 0" daemon prio=4 tid=0x0508e400 nid=0x1a34 waiting for monitor entry [0x0827e000]
           java.lang.Thread.State: BLOCKED (on object monitor)
               at java.lang.Class.forName0(Native Method)
               at java.lang.Class.forName(Unknown Source)
               at com.sun.naming.internal.VersionHelper12.loadClass(Unknown Source)
               at com.sun.naming.internal.ResourceManager.getFactory(Unknown Source)
               - locked <0x24d562c8> (a java.util.HashMap)
               at javax.naming.spi.NamingManager.getURLObject(Unknown Source)
               at javax.naming.spi.NamingManager.getURLContext(Unknown Source)
               at sun.security.krb5.KrbServiceLocator.getKerberosService(Unknown Source)
               at sun.security.krb5.Config.checkRealm(Unknown Source)
               at sun.security.krb5.Config.getRealmFromDNS(Unknown Source)
               at sun.security.krb5.Config.getDefaultRealm(Unknown Source)
               at sun.security.krb5.PrincipalName.<init>(Unknown Source)
               at sun.security.krb5.ServiceName.<init>(Unknown Source)
               at sun.security.jgss.krb5.Krb5NameElement.getInstance(Unknown Source)
               at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Unknown Source)
               at sun.security.jgss.GSSManagerImpl.getNameElement(Unknown Source)
               at sun.security.jgss.GSSNameImpl.getElement(Unknown Source)
               - locked <0x24d4c850> (a sun.security.jgss.GSSNameImpl)
               at sun.security.jgss.GSSNameImpl.init(Unknown Source)
               at sun.security.jgss.GSSNameImpl.<init>(Unknown Source)
               at sun.security.jgss.GSSNameImpl.<init>(Unknown Source)
               at sun.security.jgss.GSSManagerImpl.createName(Unknown Source)
               at sun.net.www.protocol.http.spnego.NegotiatorImpl.init(Unknown Source)
               at sun.net.www.protocol.http.spnego.NegotiatorImpl.&lt;init&gt;(Unknown Source)
               at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
               at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
               at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
               at java.lang.reflect.Constructor.newInstance(Unknown Source)
               at sun.net.www.protocol.http.Negotiator.getNegotiator(Unknown Source)
               at sun.net.www.protocol.http.NegotiateAuthentication.isSupported(Unknown Source)
               - locked <0x24be4980> (a java.lang.Class for sun.net.www.protocol.http.NegotiateAuthentication)
               at sun.net.www.protocol.http.AuthenticationHeader.parse(Unknown Source)
               at sun.net.www.protocol.http.AuthenticationHeader.&lt;init&gt;(Unknown Source)
               at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
               - locked <0x24bb1098> (a sun.net.www.protocol.http.HttpURLConnection)
               at sun.awt.image.URLImageSource.getDecoder(Unknown Source)
               at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
               at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
               at sun.awt.image.ImageFetcher.run(Unknown Source)

        "thread applet-net.indx.browserclient.BrowserClient.class-1" prio=4 tid=0x0508d000 nid=0x61c waiting for monitor entry [0x07efd000]
           java.lang.Thread.State: BLOCKED (on object monitor)
               at sun.net.www.protocol.http.NegotiateAuthentication.isSupported(Unknown Source)
               - waiting to lock <0x24be4980> (a java.lang.Class for sun.net.www.protocol.http.NegotiateAuthentication)
               at sun.net.www.protocol.http.AuthenticationHeader.parse(Unknown Source)
               at sun.net.www.protocol.http.AuthenticationHeader.&lt;init&gt;(Unknown Source)
               at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
               - locked <0x24b8f6e8> (a sun.net.www.protocol.http.HttpURLConnection)
               at sun.plugin.PluginURLJarFileCallBack.downloadJAR(Unknown Source)
               at sun.plugin.PluginURLJarFileCallBack.access$000(Unknown Source)
               at sun.plugin.PluginURLJarFileCallBack$1.run(Unknown Source)
               at java.security.AccessController.doPrivileged(Native Method)
               at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
               at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
               at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
               at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
               at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
               at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
               at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
               - locked <0x24b85ba0> (a sun.plugin.net.protocol.jar.CachedJarURLConnection)
               at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
               - locked <0x24b85ba0> (a sun.plugin.net.protocol.jar.CachedJarURLConnection)
               at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
               at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
               at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
               at java.security.AccessController.doPrivileged(Native Method)
               at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
               at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
               at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
               at java.security.AccessController.doPrivileged(Native Method)
               at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
               at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
               - locked <0x2a040b80> (a com.sun.deploy.security.DeployURLClassPath)
               at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
               at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
               at java.security.AccessController.doPrivileged(Native Method)
               at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
               at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
               at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
               at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
               - locked <0x24fda008> (a sun.plugin2.applet.Applet2ClassLoader)
               at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
               at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
               - locked <0x24f92fa8> (a sun.plugin2.applet.Applet2ClassLoader)
               at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
               - locked <0x24f92fa8> (a sun.plugin2.applet.Applet2ClassLoader)
               at java.lang.ClassLoader.loadClass(Unknown Source)
               at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
               at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
               at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
               at java.lang.Thread.run(Unknown Source)

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        1. Set up IIS 7.5 web server and configure it to use Windows Authentication with "Negotiate" security support provider.
        2. Upload all the contents of the attached archive file "NegotiateAuthenticationDeadlock.zip" to the same directory on IIS web server.
        3. Install the testable JDK 7 or JDK 8 or JDK 9.
        4. Compile the test case "NegotiateAuthenticationDeadlock.java" from "NegotiateAuthenticationDeadlock.zip" archive by executing the next command.

        <JDK_HOME_DIRECTORY>\bin\javac NegotiateAuthenticationDeadlock.java

        5. Run the test case.

        <JDK_HOME_DIRECTORY>\bin\java NegotiateAuthenticationDeadlock "<TESTCASE_DIRECTORY_URL_ON_IIS>"

        6. Observe the deadlock, enter "Ctrl" + "Break" to generate a thread dump. Please note that the deadlock can be not reproducible stably on every host, therefore it may be required to run the test case up to 10 times in a row to reproduce the deadlock.

          Attachments

          1. ThreadDumpOfHang.txt
            23 kB
            Anton Litvinov

            Issue Links

              Activity

                People

                • Assignee:
                  alitvinov Anton Litvinov
                  Reporter:
                  asaha Abhijit Saha
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  10 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: