Servlet thread Security Issue Analysis

 

Compared with ASP and PHP, Servlet/jsp has a high execution efficiency due to its multi-threaded operation. Servlet/JSP is executed in multi-thread mode by default. Therefore, you must carefully consider the security of multiple threads when writing code. However, many developers have not noticed the multi-thread security issue when writing Servlet/jsp programs, which often causes no problems when a few users access the program, when the number of concurrent users reaches a certain value, some unknown problems often occur.
Multi-thread mechanism of Servlet
The servlet architecture is built on the Java multithreading mechanism, and its lifecycle is the responsibility of Web containers.When the client requests a servlet for the first time, the servlet container will instantiate the servlet class according to the Web. xml configuration file. When a new client requests the servlet, the servlet class is generally not instantiated,That is, multiple threads are using this instance. Servlet containers automatically Use thread pools and other technologies to support system running, as shown in figure 1.

Figure 1 servlet Thread Pool

In this way, when two or more threads access the same servlet at the same time, multiple threads may access the same resource at the same time, and the data may become inconsistent. Therefore, if you do not pay attention to thread security issues when using Servlet to build Web applications, the servlet program will be hard to find errors.

Servlet thread security problems are mainly caused by improper use of instance variables. Here is a realistic example.

Import javax. servlet .*; Import javax. servlet. http .*; Import Java.Io.*; Public class Concurrent Test extends httpservlet { Printwriter output; Public void Service (httpservletrequest request, Httpservletresponse response) throws servletexception, ioexception {string username; Response. setcontenttype ("text/html; charset = gb2312 "); Username = request. getparameter ("username "); Output = response. getwriter (); Try {thread. Sleep (5000); // to highlight concurrency issues, set a latency here } Catch (interrupted exception e ){} Output. println ("username:" + username + "<br> "); } }

The servlet defines an instance variable output, which is assigned to the user output in the service method. When a user accesses the servlet, the program runs normally, but when multiple users access the servlet concurrently, the information of other users may be displayed on the browsers of other users. This is a serious problem. To highlight concurrency issues and facilitate testing and observation, we performed a delayed operation when returning user information. Assume that. the servlet is registered in the XML configuration file. Currently, two users a and B can access the servlet at the same time (two ie browsers can be started or accessed simultaneously on both machines ), enter:
A: http: // localhost: 8080/servlet/concurrenttest? Username =
B: http: // localhost: 8080/servlet/concurrenttest? Username = B

Java Memory Model jmm (Java
Memory
Model) Jmm is mainly used to specify the relationship between threads and memory. According to the jmm design, the system has a main memory (main memory). All instance variables in Java are stored in the main memory, and all threads are shared. Each thread has its own working memory. The working memory is composed of two parts: the cache and the stack. The cache stores copies of variables in the main memory, the cache may not always synchronize the primary memory, that is, the modifications to the variables in the cache may not be immediately written to the primary memory; the stack stores the local variables of the thread, threads cannot directly access the variables in the stack.

 

Design a thread-safe Servlet

Through the above analysis, we know that incorrect use of instance variables is the main cause of servlet thread insecurity. The following three solutions are provided for this problem and some reference suggestions are provided for the selection of solutions.
1. Implement the singlethreadmodel Interface
This interface specifies how the system handles calls to the same servlet. If a servlet is specified by this interface, no two threads will be executed simultaneously in the service method of this servlet. Of course, there is no thread security problem. In this method, you only need to change the Class header definition of the previous concurrent test class:

Public class Concurrent Test extends httpservlet implements singlethreadmodel { ............ }

2. Synchronize operations on shared data
The synchronized keyword ensures that only one thread can access the protected segment at a time. In this paper, the servlet can guarantee thread security through synchronous block operations. The code after synchronization is as follows:

............ Public class Concurrent Test extends httpservlet {............ Username = request. getparameter ("username "); Synchronized (this ){ Output = response. getwriter (); Try { Thread. Sleep (5000 ); } Catch (interrupted exception e ){} Output. println ("username:" + username + "<br> "); } } }

3. Avoid using instance variables
Thread security issues in this instance are caused by instance variables. As long as instance variables are not used in any method in the servlet, the servlet is thread-safe.
Modify the servlet code above,Change instance variables to local variables to implement the same function,The Code is as follows:

...... Public class Concurrent Test extends httpservlet {public void Service (httpservletrequest request, httpservletresponse Response) throws servletexception, ioexception { Print Writer output; String username; Response. setcontenttype ("text/html; charset = gb2312 "); ...... } }

The above three methods can be tested to show that all of them can be used to design thread-safe servlet programs. However, if a servlet implements the singlethreadmodel interface, the servlet engine will create a separate servlet instance for each new request, which will cause a large amount of system overhead. Singlethreadmodel is no longer recommended in servlet2.4. If synchronization is used in a program to protect the shared data to be used, the system performance will be greatly reduced. This is because the synchronized code block can only be executed by one thread at a time, reducing the throughput for simultaneously processing customer requests and blocking many customers. In addition, to ensure data consistency between the main memory and the working memory of the thread, the cache should be refreshed frequently, which will greatly affect the system performance. Therefore, in actual development, we should also avoid or minimize
Synchronous Code in servlet; avoiding using instance variables in serlet is the best choice to ensure servlet thread security. We can also know from the Java memory model that the temporary variables in the method allocate space on the stack, and each thread has its own private stack space, so they do not affect thread security.

　　Summary
Servlet thread security issues are only apparent when a large number of concurrent accesses are made, and are difficult to find. Therefore, pay special attention to this issue when writing servlet programs. Thread security problems are mainly caused by instance variables. Therefore, you should avoid using instance variables in servlet. If the application is designed to avoid using instance variables, use synchronization to protect the instance variables to be used. To ensure the optimal performance of the system, the code path with the minimum availability should be synchronized. The struts1 action is designed to be thread unsafe, so this problem is also involved, so the same method is used to solve it! Struts2 generates an instance for each request, so this problem will not occur.