Skip to content
Advertisement

Access Redis connection pool using Spring Data Redis without Reflection API

Please help me here with the solution. I want to monitor and periodically log information about the Redis Connection Pool usage in my application. I am using use Redis via spring-data-redis RedisTemplate object. I know that we can access pool through Reflection API as below. Since the pool is accessing through Reflection, during SAST scan we will be getting ‘Access Specifier Manipulation‘ along with the description as:

The AccessibleObject API allows the programmer to get around the access control checks provided by Java access specifiers. In particular it enables the programmer to allow a reflected object to bypass Java access controls and in turn change the value of private fields or invoke private methods, behaviors that are normally disallowed. In this case the dangerous method you are using is setAccessible()

@Autowired
private RedisConnectionFactory redisConnectionFactory;
private void logData(HttpServletRequest request, Exception e) {
        try {
            HttpSession session = request.getSession();
            JedisConnectionFactory factory = (JedisConnectionFactory)redisConnectionFactory;
            if(factory != null){
                Field poolField = JedisConnectionFactory.class.getDeclaredField("pool");
                if(poolField != null){
                    poolField.setAccessible(true);
                    Pool<Jedis> jedisPool = (Pool<Jedis>)poolField.get(factory);
                    if(jedisPool!=null){
                        int activeNum = jedisPool.getNumActive();
                        int idleNum = jedisPool.getNumIdle();
                        int waitNum = jedisPool.getNumWaiters();
                        long maxBorrowWaitMs = jedisPool.getMaxBorrowWaitTimeMillis();
                        long meanBorrowWaitMs = jedisPool.getMeanBorrowWaitTimeMillis();
                        redisMonitorDetails = redisMonitorDetails+ "getNumActive="+activeNum + " NumIdle="+idleNum+ " NumWaiters="+waitNum + " MaxBorrowWaitTimeMillis="+maxBorrowWaitMs
                                +" MeanBorrowWaitTimeMillis="+meanBorrowWaitMs;
                    }                     
                }
            }
        } catch (Exception exe) {
            loggingService.error("Exception during logging in ExceptionHandlerController: " + exe);
        }
    }

Advertisement

Answer

Updated the code using Apache FieldUtils as below. Now, SAST scan is not reporting this issue.

Pool<Jedis> jedisPool = (Pool<Jedis>) FieldUtils.readField(JedisConnectionFactory.class, "pool", true);
User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement