Connection reset by peer
Tuesday, August 1, 2023 at 08:22amHello,
We're developing an application that's connected to the Onespan Sign Sandbox and we're experiencing the following problem: we're using a token authentication policy when connecting to Onespan, and intermittently, we get a SocketException ("connection reset by peer") when we call the token API at https://sandbox.esignlive.com/apitoken/clientApp/accessToken.
We're developing the application using the Apache Camel 3.20.6 integration framework with Spring Boot version 2.7.11. Here's the point at which we actually call the endpoint:
.to("https://{{onespan.token-host}}/{{onespan.token-endpoint}}" + "?bridgeEndpoint=true" + "&throwExceptionOnFailure=false" + "&proxyAuthScheme=http")
where onespan.token-host and onespan.tolen-endpoint are set to the appropiate values in the application files. What is confusing about this issue is that it happens very inconsistently so we're having a hard time troubleshooting it. Has some else face a similar issue (I know of this post https://community.onespan.com/forum/whitelist but the problem doesn't seem related as our code works most of the time)?
Please find attached the stack trace of the exception.
Best,
Pedro
Reply to: Connection reset by peer
Tuesday, August 1, 2023 at 02:28pmHi Pedro,
Thanks for your post! I don't have too many experience with Apache Camel, but I managed to invoke an external HTTPS call with below code (I get it triggered with a timer). Somehow I can't reproduce the "connection reset by peer" error so far:
@Component
public class OssRestRouteBuilder extends RouteBuilder {
public void configure() throws Exception {
from("timer:mytimer?repeatCount=10")
.to("direct:clientApp-accessToken");
from("direct:clientApp-accessToken")
.log("POST /apitoken/clientApp/accessToken")
.setHeader("Accept", constant("application/json"))
.setHeader("Content-Type", constant("application/json"))
.setBody(simple("{\n"
+ " \"clientId\": \"189b23xxxxad92\",\n"
+ " \"secret\": \"687964xxxx974dbc2bfad49f\",\n"
+ " \"type\": \"OWNER\"\n"
+ "}"))
.to("https://sandbox.esignlive.com/apitoken/clientApp/accessToken" + "?bridgeEndpoint=true" + "&throwExceptionOnFailure=false" + "&proxyAuthScheme=http"+ "&httpMethod=POST")
.log("Response: ${body}");
}
}
Duo
Reply to: Connection reset by peer
Wednesday, August 2, 2023 at 03:34amHi Duo,
Many thanks for the answer - unfortunately our Camel route does work around 95% of the times, but from time to time it throws the SocketException (connection reset by peer) so I was wondering if there's any particular configuration we have to set up like SSL, TSL, etc that you guys might be aware of?
Best,
Pedro
Reply to: Connection reset by peer
Wednesday, August 2, 2023 at 05:49amWe're filtering out the header "keep-alive" before we send the request - do you think this might have something to do with it?
Pedro
Reply to: Connection reset by peer
Wednesday, August 2, 2023 at 09:46amHi Pedro,
In terms of TLS, OneSpan Sign APIs only support TLS 1.2 and 1.3 of these cipher suites.
You mentioned about filtering keep-alive, did your code use custom SocketConfig (any similar code around below line) where you may have set the connection timeout?
SocketConfig.custom() .setSoTimeout(httpClientSettings.getSoTimeout() * 1000) .setSoKeepAlive(false) .setSoReuseAddress(false) .build();
Duo
Reply to: Connection reset by peer
Wednesday, August 2, 2023 at 10:29amHi Duo,
We don't have a custom socket configuration; in fact, we call the endpoint in a very similar fashion to your first response.
We've tried not filtering out the "keep-alive" header but the problem persist. The only pattern we see is that when we haven't made any requests in some time (for example around 20 minutes), then we make a new request it'll throw the exception. It's almost as if the connection is closed whenever there's no traffic and when we try to open it again we get the connection closed by peer exception. Is there a way to bypass this?
Pedro
Reply to: Connection reset by peer
Wednesday, August 2, 2023 at 01:20pmHi Pedro,
Here are some of my findings - Again, I don't know too much about Apache Camel so I am not sure if I am doing this correctly, but I exposed an API endpoint where I made external call to OSS API (I attached the code at the end).
I can consistently reproduce the same connection reset error if my spring boot application stays idle for a while (no requests are made to http://localhost:8080/servlet/api/bean for more than 10 minutes), the first call to the external endpoint (https://sandbox.esignlive.com/apitoken/clientApp/accessToken) fails with a Connection reset error, but subsequent calls work fine.
This makes me think that the Connection Reset error didn't happen between the Apache Camel and OSS, but might between the end user and the Apache Camel.
Duo
@Component
public class OssRestRouteBuilder extends RouteBuilder {
public void configure() throws Exception {
// Configuring REST DSL
restConfiguration()
.component("servlet")
.contextPath("/servlet")
.host("localhost")
.port(8080);
// Defining the REST endpoint
rest("/api")
.description("Teste REST Service")
.id("api-route")
.get("/bean")
.route()
.to("direct:clientApp-accessToken");
from("direct:clientApp-accessToken")
.log("POST /apitoken/clientApp/accessToken")
.setHeader("Accept", constant("application/json"))
.setHeader("Content-Type", constant("application/json"))
.setBody(simple("{\n"
+ " \"clientId\": \"189b2xxx120dad92\",\n"
+ " \"secret\": \"687964726188xxx974dbc2bfad49f\",\n"
+ " \"type\": \"OWNER\"\n"
+ "}"))
.to("https://sandbox.esignlive.com/apitoken/clientApp/accessToken" + "?bridgeEndpoint=true" + "&throwExceptionOnFailure=false" + "&proxyAuthScheme=http"+ "&httpMethod=POST")
.log("Response: ${body}");
}
}
Reply to: Connection reset by peer
Thursday, August 3, 2023 at 03:50amHi Duo,
Many thanks for your continuous effort!
Our situation is indeed very similar to your last example, and it's slightly reassuring that you're able to reproduce it. The flow at the moment looks like
So is your suggestion that the issue could lie in User -> Spring Boot and not in Spring Boot -> OSS?
Pedro
Reply to: Connection reset by peer
Thursday, August 3, 2023 at 03:50amHi Duo,
Many thanks for your continuous effort!
Our situation is indeed very similar to your last example, and it's slightly reassuring that you're able to reproduce it. The flow at the moment looks like
So is your suggestion that the issue could lie in User -> Spring Boot and not in Spring Boot -> OSS?
Pedro
Reply to: Connection reset by peer
Thursday, August 3, 2023 at 05:17amThe issue with the above suggestion is that in the logs it seems the exception is thrown at the Spring Boot -> OSS step. We're going to try to call OSS with a Spring bean instead of the .to(...) Camel component.
Best,
Pedro