Severe resource leak in TrustedHttpClientImpl

Steps to reproduce

The TrustedHttpClientImpl suffers from a major resource leak. The TrustedHttpClient API requires its clients to call #close(HttpResponse) after they have finished
reading from the response to close all underlying resources but this call of close
never closes anything simply because the resources cannot be retrieved anymore.
Here's why:

The implementation uses a hash map (HttpResponse -> HttpClient) to save
references to the HttpClient. HttpClient is used to close the resources. But
once an HttpClient is put into that map it can't be get back anymore. It's just
buried in the map and stays there forever. This is because
a) the HttpClient returns instances of java.lang.reflect.Proxy
b) HttpResponse does not implement equals and hashcode so Object#equals is defined
in terms of object identity

In more detail: When putting an HttpClient into the map the hash code of the
HttpResponse object is calculated and the client is put into the respective bucket.
On retrieval the HttpResponse's hashcode is calculated again which yields the
same hash code so the bucket can be found. But then the map needs to do an
equality comparison which always fails since comparing two Proxy instances
always fails when thrown back to object identity.

Never use objects as keys in hash based data structures that do not
explicitly implement equals and hashcode.
Talking of equals and hashcode: Never implement them in terms
of mutable state.


Christoph Driessen


Christoph Driessen


Non Functioning

Tags (folksonomy)


Fix versions

Affects versions