Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Thread safety issue with Services class / ServiceLoader #873

Closed
gavanore opened this issue Nov 17, 2023 · 8 comments · Fixed by #892
Closed

Thread safety issue with Services class / ServiceLoader #873

gavanore opened this issue Nov 17, 2023 · 8 comments · Fixed by #892
Milestone
0.12.4

Comments

@gavanore
Copy link

gavanore commented Nov 17, 2023
edited
Loading

Describe the bug
I am integrating jjwt 0.12.3 into some software, and have discovered what I think to be a possible threading issue in how the Services class interacts with ServiceLoader. I'm using parallel JUnit5 tests and I spuriously (haven't isolated a reliable repro) get NoSuchElementException coming out of java.util.ServiceLoader. The documentation for this class says it's not thread safe, and this is usually the answer given when people query about NoSuchElementException coming out of the service loader, like so:

java.util.NoSuchElementException
	at java.base/java.util.ServiceLoader$2.next(ServiceLoader.java:1318)
	at java.base/java.util.ServiceLoader$2.next(ServiceLoader.java:1306)
	at java.base/java.util.ServiceLoader$3.next(ServiceLoader.java:1403)
	at io.jsonwebtoken.impl.lang.Services.loadFirst(Services.java:98)
	at io.jsonwebtoken.impl.DefaultJwtBuilder.compact(DefaultJwtBuilder.java:511)

Various ways to solve the issue - a ThreadLocal cache of service loaders, or synchronize loadFirst/loadAll, or wrap the usage of each service loader in a scoped synchronized block, maybe something like

    public static <T> T loadFirst(Class<T> spi) {
        Assert.notNull(spi, "Parameter 'spi' must not be null.");

        ServiceLoader<T> serviceLoader = serviceLoader(spi);
        if (serviceLoader != null) {
            synchronized(serviceLoader) {
                return serviceLoader.iterator().next();
            }
        }

        throw new UnavailableImplementationException(spi);
    }

It looks like you cache the loaded service for potential re-use in the Builders, but that's an instance variable and since you use a new builder for each token, it's effectively re-searched on the classpath. Another way to solve this issue would be to load service implementations (i.e. the Serializer, Deserializer, CompressionAlgorithm, etc.) once where it makes sense to do so, potentially in a static initializer somewhere, which the JVM would guarantee in a single thread and therefore be safe. It should also be logically OK since this is all classpath stuff that should never change after program start. Something like this would also be good since you won't have a situation where a large number of request threads needing token validation are synchronizing on JJWT internals unwittingly.

So if possible, I'd go for a non-synchronized solution.

To Reproduce
Generate tokens in parallel. I'm using jjwt-jackson as my serializer.

Expected behavior
NoSuchElement is not thrown spuriously during normal operations.

Screenshots
Provided text log above

Workaround
Specify the Serializer when using the builder to have the build method skip service lookup.

Update: I have noticed that DefaultJwtParserBuilder has a subsequent build step that probably steps around this issue by passing resolved services from the ParserBuilder to the Parser. You could do the same for the Builder.
@lhazlewood
Copy link
Contributor

@gavanore excellent catch! Thank you so much for creating this issue. The work for the 0.12.0 release ensured that the ServiceLoader lookup and subsequent cache was thread-safe, but not iteration of the ServiceLoader instance itself. We'll use this issue to track the work for making that thread-safe as well. cc @bdemers

@gavanore
Copy link
Author

Glad to be of use. Thank you for creating this library.

@vojkny
Copy link

vojkny commented Nov 28, 2023

We just stumbled into the same issue, will appreciate the fix as well!

@bdemers
Copy link
Member

bdemers commented Nov 28, 2023

We are looking into a fix, in the short term you can set the instance of the service, this will cause the ServiceLoader to NOT be used automatically

@lhazlewood
Copy link
Contributor

As @bdemers said, at least until we have a longer term solution for this, you can disable dynamic lookup by explicitly setting the respective service instance as JwtBuilder and JwtParserBuilder properties per https://github.com/jwtk/jjwt#custom-json-processor

When they are explicitly provided, the builders don't need to perform dynamic lookup using ServiceLoader.

@sjiwon sjiwon mentioned this issue Dec 28, 2023
Merged
@icecreamhead
Copy link

Hi, are there any updates on this issue? We're also encountering the problem.

@lhazlewood
Copy link
Contributor

@icecreamhead not just yet, but we've started other work for a follow-up 0.12.4 release, and we can add this to that release. In the meantime, the solution in my #873 (comment) works.

@lhazlewood lhazlewood added this to the 0.12.4 milestone Jan 16, 2024
@lhazlewood
Copy link
Contributor

Just to be clear, that looks like this (using Jackson for example):

Jwts.builder().json(new JacksonSerializer())...

or:

Jwts.parser().json(new JacksonDeserializer())...

@lhazlewood lhazlewood mentioned this issue Jan 17, 2024
Merged
lhazlewood added a commit that referenced this issue Jan 17, 2024
@lhazlewood
Thread-safe ServiceLoader usage
d878404 
Blend of pre-0.11.0 behavior that cached implementation instances and post-0.11.0 behavior using the JDK ServiceLoader to find/create instances of an SPI interface.  This change:

- Reinstates the <= 0.10.x behavior of caching application singleton service implementation instances in a thread-safe reference (previously an AtomicReference, but in this change, a ConcurrentMap).  If an app singleton instance is cached and found, it is returned to be (re)used immediately when requested.  This is ok for JJWT's purposes because all service implementations instances must be thread-safe application singletons by API contract/design, so caching them for repeated use is fine.

- Ensures that only if a service implementation instance is not in the app singleton cache, a new instance is located/created using a new JDK ServiceLoader instance, which doesn't require thread-safe considerations since it is used only in a single-threaded model for the short time it is used to discover a service implementation.  This PR/change removes the post-0.11.0 concurrent cache of ServiceLoader instances since they themselves are not designed to be thread-safe.

- Ensures that if a ServiceLoader discovers an implementation and returns a new instance, that instance is then cached as an application singleton in the aforementioned ConcurrentMap for continued reuse.

- Renames Services#loadFirst to Services#get to more accurately reflect calling expectations:  The fact that any 'loading' via the ServiceLoader may occur is not important for Services callers, and the previous method name was unnecessarily exposing internal implementation concepts.  This is safe to do in a point release (0.12.3 -> 0.12.4) because the Services class and its methods, while public, are in the `impl` module, only to be used internally for JJWT's purpose and never intended to be used by application developers.

- Updates all test methods to use the renamed method accordingly.

Fixes #873
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.12.4
Development

Successfully merging a pull request may close this issue.

Thread-safe ServiceLoader usage jwtk/jjwt
5 participants
@bdemers @lhazlewood @vojkny @icecreamhead @gavanore