GEODE-10556: Fix race condition in PulseSecurityWithSSLTest

JinwooHwang · JinwooHwang · commit 209debaaadf9 · 2026-02-11T16:30:22.000-05:00
Add multi-stage synchronization with delay to handle JMX authentication backend
initialization on slower CI runners.

Changes:
1. Wait for ManagementService and MemberMXBean initialization
2. Wait for Pulse web application to respond (with proper entity cleanup)
3. Add 2-second delay before authentication to allow backend readiness
4. Add debug logging to diagnose initialization timing

Fixes connection pool exhaustion by properly consuming HTTP response entities
in await loops. Uses a simple delay instead of retry loop to avoid blocking
all available connections.
diff --git a/geode-assembly/src/integrationTest/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java b/geode-assembly/src/integrationTest/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
@@ -36,6 +36,7 @@
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.test.awaitility.GeodeAwaitility.await;
 import static org.apache.geode.test.util.ResourceUtils.createTempFileFromResource;
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -51,6 +52,7 @@
 import org.junit.experimental.categories.Category;
 
 import org.apache.geode.examples.SimpleSecurityManager;
+import org.apache.geode.management.ManagementService;
 import org.apache.geode.security.SecurableCommunicationChannels;
 import org.apache.geode.test.junit.categories.PulseTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
@@ -83,13 +85,53 @@ public void loginWithIncorrectAndThenCorrectPassword() throws Exception {
 
     locator.withSecurityManager(SimpleSecurityManager.class).withProperties(securityProps)
         .startLocator();
-
+    System.out.println("[DEBUG] Locator started on port: " + locator.getHttpPort());
+
+    // Wait for JMX/Management Service to be fully initialized before login attempts
+    // This prevents race conditions on slower CI machines where authentication may fail
+    // if the JMX backend is not ready yet
+    ManagementService service =
+        ManagementService.getExistingManagementService(locator.getLocator().getCache());
+    System.out.println("[DEBUG] ManagementService obtained, waiting for MemberMXBean...");
+    await()
+        .untilAsserted(() -> assertThat(service.getMemberMXBean()).isNotNull());
+    System.out.println("[DEBUG] MemberMXBean is ready: " + service.getMemberMXBean());
+
+    // Additionally wait for Pulse web application to be fully responsive
+    System.out.println("[DEBUG] Waiting for Pulse web app to respond...");
+    await()
+        .untilAsserted(() -> {
+          ClassicHttpResponse loginPageResponse = client.get("/pulse/login.html");
+          try {
+            assertThat(loginPageResponse.getCode()).isEqualTo(200);
+          } finally {
+            // Ensure entity is consumed to return connection to pool
+            if (loginPageResponse.getEntity() != null) {
+              try {
+                loginPageResponse.getEntity().getContent().close();
+              } catch (Exception ignore) {
+              }
+            }
+          }
+        });
+    System.out.println("[DEBUG] Pulse web app is responsive");
+
+    System.out.println("[DEBUG] Attempting login with wrong password...");
     ClassicHttpResponse response = client.loginToPulse("data", "wrongPassword");
+    System.out.println("[DEBUG] Wrong password response: " + response.getCode() + ", Location: "
+        + (response.getFirstHeader("Location") != null
+            ? response.getFirstHeader("Location").getValue() : "null"));
     assertThat(response.getCode()).isEqualTo(302);
     assertThat(response.getFirstHeader("Location").getValue())
         .contains("/pulse/login.html?error=BAD_CREDS");
 
+    // Add small delay to ensure backend is ready before login attempt
+    System.out.println("[DEBUG] Waiting 2 seconds for authentication backend...");
+    Thread.sleep(2000);
+
+    System.out.println("[DEBUG] Attempting login with correct credentials (cluster/cluster)...");
     client.loginToPulseAndVerify("cluster", "cluster");
+    System.out.println("[DEBUG] Login successful!");
 
     // Ensure that the backend JMX connection is working too
     response = client.post("/pulse/pulseUpdate", "pulseData",
@@ -122,8 +164,45 @@ public void loginWithDeprecatedSSLOptions() throws Exception {
 
     locator.withSecurityManager(SimpleSecurityManager.class).withProperties(securityProps)
         .startLocator();
-
+    System.out
+        .println("[DEBUG] Locator started (deprecated SSL) on port: " + locator.getHttpPort());
+
+    // Wait for JMX/Management Service to be fully initialized before login attempts
+    // This prevents race conditions on slower CI machines where authentication may fail
+    // if the JMX backend is not ready yet
+    ManagementService service =
+        ManagementService.getExistingManagementService(locator.getLocator().getCache());
+    System.out.println("[DEBUG] ManagementService obtained, waiting for MemberMXBean...");
+    await()
+        .untilAsserted(() -> assertThat(service.getMemberMXBean()).isNotNull());
+    System.out.println("[DEBUG] MemberMXBean is ready: " + service.getMemberMXBean());
+
+    // Additionally wait for Pulse web application to be fully responsive
+    System.out.println("[DEBUG] Waiting for Pulse web app to respond...");
+    await()
+        .untilAsserted(() -> {
+          ClassicHttpResponse loginPageResponse = client.get("/pulse/login.html");
+          try {
+            assertThat(loginPageResponse.getCode()).isEqualTo(200);
+          } finally {
+            // Ensure entity is consumed to return connection to pool
+            if (loginPageResponse.getEntity() != null) {
+              try {
+                loginPageResponse.getEntity().getContent().close();
+              } catch (Exception ignore) {
+              }
+            }
+          }
+        });
+    System.out.println("[DEBUG] Pulse web app is responsive");
+
+    // Add small delay to ensure backend is ready before login attempt
+    System.out.println("[DEBUG] Waiting 2 seconds for authentication backend...");
+    Thread.sleep(2000);
+
+    System.out.println("[DEBUG] Attempting login with correct credentials (cluster/cluster)...");
     client.loginToPulseAndVerify("cluster", "cluster");
+    System.out.println("[DEBUG] Login successful!");
 
     // Ensure that the backend JMX connection is working too
     ClassicHttpResponse response = client.post("/pulse/pulseUpdate", "pulseData",
