remove org json dependency & fix instance profile credential fetcher concurrent bug

Author: Shallwewu

pom.xml

@@ -11,7 +11,7 @@
 
     <groupId>com.aliyun.oss</groupId>
     <artifactId>aliyun-sdk-oss</artifactId>
-    <version>3.4.0</version>
+    <version>3.4.1</version>
     <packaging>jar</packaging>
     <name>Aliyun OSS SDK for Java</name>
     <description>The Aliyun OSS SDK for Java used for accessing Aliyun Object Storage Service</description>
@@ -37,6 +37,12 @@
             <groupId>com.aliyun</groupId>
             <artifactId>aliyun-java-sdk-core</artifactId>
             <version>3.4.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.json</groupId>
+                    <artifactId>json</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>com.aliyun</groupId>

src/main/java/com/aliyun/oss/common/auth/InstanceProfileCredentialsProvider.java

@@ -19,12 +19,12 @@
 
 package com.aliyun.oss.common.auth;
 
-import com.aliyun.oss.common.auth.Credentials;
-import com.aliyun.oss.common.auth.CredentialsProvider;
 import com.aliyun.oss.common.utils.AuthUtils;
 import com.aliyun.oss.common.utils.LogUtils;
 import com.aliyuncs.exceptions.ClientException;
 
+import java.util.concurrent.locks.ReentrantLock;
+
 /**
  * Credentials provider implementation that loads credentials from the Ali Cloud
  * ECS Instance Metadata Service.
@@ -52,29 +52,40 @@ public void setCredentials(Credentials creds) {
 
     @Override
     public InstanceProfileCredentials getCredentials() {
-        if (credentials == null || credentials.isExpired()) {
-            try {
-                credentials = (InstanceProfileCredentials) fetcher.fetch(maxRetryTimes);
-            } catch (ClientException e) {
-                LogUtils.logException("EcsInstanceCredentialsFetcher.fetch Exception:", e);
-                return null;
-            }
-        } else if (credentials.willSoonExpire() && credentials.shouldRefresh()) {
-            try {
-                credentials = (InstanceProfileCredentials) fetcher.fetch();
-            } catch (ClientException e) {
-                // Use the current expiring session token and wait for next round
-                credentials.setLastFailedRefreshTime();
-                LogUtils.logException("EcsInstanceCredentialsFetcher.fetch Exception:", e);
+        try {
+            if (credentials == null || credentials.isExpired()) {
+                lock.lock();
+                if (credentials == null || credentials.isExpired()) {
+                    try {
+                        credentials = (InstanceProfileCredentials) fetcher.fetch(maxRetryTimes);
+                    } catch (ClientException e) {
+                        LogUtils.logException("EcsInstanceCredentialsFetcher.fetch Exception:", e);
+                        return null;
+                    }
+                }
+            } else if (credentials.willSoonExpire() && credentials.shouldRefresh()) {
+                lock.lock();
+                if (credentials.willSoonExpire() && credentials.shouldRefresh()) {
+                    try {
+                        credentials = (InstanceProfileCredentials) fetcher.fetch();
+                    } catch (ClientException e) {
+                        // Use the current expiring session token and wait for next round
+                        credentials.setLastFailedRefreshTime();
+                        LogUtils.logException("EcsInstanceCredentialsFetcher.fetch Exception:", e);
+                    }
+                }
             }
+            return credentials;
+        } finally {
+            lock.unlock();
         }
-        return credentials;
     }
 
     private final String roleName;
     private InstanceProfileCredentials credentials;
     private InstanceProfileCredentialsFetcher fetcher;
 
     private int maxRetryTimes = AuthUtils.MAX_ECS_METADATA_FETCH_RETRY_TIMES;
+    private ReentrantLock lock = new ReentrantLock();
 
 }

src/main/java/com/aliyun/oss/common/parser/JAXBResponseParser.java

@@ -42,7 +42,7 @@
  */
 public class JAXBResponseParser implements ResponseParser<Object> {
 
-    private static final SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
+    private static final SAXParserFactory saxParserFactory = SAXParserFactory.newInstance("com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl",null);
 
     // It allows to specify the class type, if the class type is specified,
     // the contextPath will be ignored.

src/main/java/com/aliyun/oss/model/ObjectMetadata.java

@@ -129,7 +129,12 @@ public void setLastModified(Date lastModified) {
      *             The value is not in the Rfc822 format.
      */
     public Date getExpirationTime() throws ParseException {
-        return DateUtil.parseRfc822Date((String) metadata.get(OSSHeaders.EXPIRES));
+        String expires = (String) metadata.get(OSSHeaders.EXPIRES);
+
+        if (expires != null)
+            return DateUtil.parseRfc822Date((String) metadata.get(OSSHeaders.EXPIRES));
+
+        return null;
     }
 
     /**

src/test/java/com/aliyun/oss/common/utils/VersionUtilTest.java

@@ -28,7 +28,7 @@ public class VersionUtilTest {
     @Test
     public void testGetDefaultUserAgent() { 
         String userAgent = VersionInfoUtils.getDefaultUserAgent();
-        assertTrue(userAgent.startsWith("aliyun-sdk-java/3.4.0("));
+        assertTrue(userAgent.startsWith("aliyun-sdk-java/3.4.1("));
         assertEquals(userAgent.split("/").length, 4);
         assertEquals(userAgent.split(";").length, 2);
         assertEquals(userAgent.split("\\(").length, 2);