diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/StaxParserUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/StaxParserUtil.java
index 6e37558..1b06e9d 100755
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/StaxParserUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/StaxParserUtil.java
@@ -239,15 +239,10 @@ public class StaxParserUtil {
* @return
*/
public static XMLEventReader getXMLEventReader(InputStream is) {
- XMLInputFactory xmlInputFactory = null;
+ XMLInputFactory xmlInputFactory;
XMLEventReader xmlEventReader = null;
try {
- xmlInputFactory = getXMLInputFactory();
- xmlInputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.TRUE);
- xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
- xmlInputFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
- xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);
-
+ xmlInputFactory = XML_INPUT_FACTORY.get();
xmlEventReader = xmlInputFactory.createXMLEventReader(is);
} catch (Exception ex) {
throw new RuntimeException(ex);
@@ -518,6 +513,13 @@ public class StaxParserUtil {
throw new RuntimeException(logger.parserExpectedEndTag("</" + tag + ">. Found </" + elementTag + ">"));
}
+ private static final ThreadLocal<XMLInputFactory> XML_INPUT_FACTORY = new ThreadLocal<XMLInputFactory>() {
+ @Override
+ protected XMLInputFactory initialValue() {
+ return getXMLInputFactory();
+ }
+ };
+
private static XMLInputFactory getXMLInputFactory() {
boolean tccl_jaxp = SystemPropertiesUtil.getSystemProperty(GeneralConstants.TCCL_JAXP, "false")
.equalsIgnoreCase("true");
@@ -526,7 +528,14 @@ public class StaxParserUtil {
if (tccl_jaxp) {
SecurityActions.setTCCL(StaxParserUtil.class.getClassLoader());
}
- return XMLInputFactory.newInstance();
+ XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+
+ xmlInputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.TRUE);
+ xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
+ xmlInputFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
+ xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);
+
+ return xmlInputFactory;
} finally {
if (tccl_jaxp) {
SecurityActions.setTCCL(prevTCCL);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/ConcurrentAuthnRequestTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/ConcurrentAuthnRequestTest.java
new file mode 100644
index 0000000..b207c04
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/ConcurrentAuthnRequestTest.java
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2017 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.saml;
+
+import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
+import org.keycloak.protocol.saml.SamlProtocol;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
+import org.keycloak.services.resources.RealmsResource;
+import org.keycloak.testsuite.AbstractAuthTest;
+import org.keycloak.testsuite.util.SamlClient;
+
+import java.io.IOException;
+import java.net.URI;
+import java.util.Collection;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriBuilderException;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.util.EntityUtils;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.w3c.dom.Document;
+
+import static org.keycloak.testsuite.util.SamlClient.*;
+import static org.keycloak.testsuite.util.IOUtil.loadRealm;
+
+/**
+ *
+ * @author hmlnarik
+ */
+@Ignore
+public class ConcurrentAuthnRequestTest extends AbstractAuthTest {
+
+ private static final String REALM_NAME = "demo";
+
+ private static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST = "http://localhost:8080/sales-post/";
+ private static final String SAML_CLIENT_ID_SALES_POST = "http://localhost:8081/sales-post/";
+
+ public static final int ITERATIONS = 10000;
+ public static final int CONCURRENT_THREADS = 5;
+
+ private static void loginRepeatedly(UserRepresentation user, URI samlEndpoint,
+ Document samlRequest, String relayState, Binding requestBinding) {
+ CloseableHttpResponse response = null;
+ SamlClient.RedirectStrategyWithSwitchableFollowRedirect strategy = new SamlClient.RedirectStrategyWithSwitchableFollowRedirect();
+ ExecutorService threadPool = Executors.newFixedThreadPool(CONCURRENT_THREADS);
+
+ try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(strategy).build()) {
+ HttpUriRequest post = requestBinding.createSamlRequest(samlEndpoint, relayState, samlRequest);
+
+ Collection<Callable<Void>> futures = new LinkedList<>();
+ for (int i = 0; i < ITERATIONS; i ++) {
+ final int j = i;
+ Callable<Void> f = () -> {
+ performLogin(post, samlEndpoint, relayState, samlRequest, response, client, user, strategy);
+ return null;
+ };
+ futures.add(f);
+ }
+
+ threadPool.invokeAll(futures);
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+ }
+
+ public static void performLogin(HttpUriRequest post, URI samlEndpoint, String relayState,
+ Document samlRequest, CloseableHttpResponse response, final CloseableHttpClient client,
+ UserRepresentation user,
+ RedirectStrategyWithSwitchableFollowRedirect strategy) {
+ try {
+ HttpClientContext context = HttpClientContext.create();
+ response = client.execute(post, context);
+
+ String loginPageText = EntityUtils.toString(response.getEntity(), "UTF-8");
+ response.close();
+
+ HttpUriRequest loginRequest = handleLoginPage(user, loginPageText);
+
+ strategy.setRedirectable(false);
+ response = client.execute(loginRequest, context);
+ response.close();
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ } finally {
+ if (response != null) {
+ EntityUtils.consumeQuietly(response.getEntity());
+ try { response.close(); } catch (IOException ex) { }
+ }
+ }
+ }
+
+ @Override
+ public void addTestRealms(List<RealmRepresentation> testRealms) {
+ testRealms.add(loadRealm("/adapter-test/keycloak-saml/testsaml.json"));
+ }
+
+ public AuthnRequestType createLoginRequestDocument(String issuer, String assertionConsumerURL, String realmName) {
+ return SamlClient.createLoginRequestDocument(issuer, assertionConsumerURL, getAuthServerSamlEndpoint(realmName));
+ }
+
+ private URI getAuthServerSamlEndpoint(String realm) throws IllegalArgumentException, UriBuilderException {
+ return RealmsResource
+ .protocolUrl(UriBuilder.fromUri(getAuthServerRoot()))
+ .build(realm, SamlProtocol.LOGIN_PROTOCOL);
+ }
+
+ private void testLogin(Binding requestBinding) throws Exception {
+ AuthnRequestType loginRep = createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, REALM_NAME);
+ Document samlRequest = SAML2Request.convert(loginRep);
+ loginRepeatedly(bburkeUser, getAuthServerSamlEndpoint(REALM_NAME), samlRequest, null, requestBinding);
+ }
+
+ @Test
+ public void testConcurrentPostLogins() throws Exception {
+ testLogin(Binding.POST);
+ }
+}
