RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
Thank you very much Chris
The classes my app uses should be serialize anyway so I just go that route.
But thanks for that code snippet too
Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com
-Original Message-
From: Christopher Schultz
Sent: Friday, March 22, 2024 2:36 PM
To: Tomcat Users List ; Rick Noel
Subject: Re: [EXT]Re: Tomcat session replication issue -
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
Rick,
On 3/22/24 13:33, Rick Noel wrote:
> I do not want to replicate customer because that class does not
> implement serializable
>
> I was looking for someway that the Manager would NOT try to replicate
> it
This is an allow-list which is much more secure than a deny-list.
It's a regular expression, so you can feel free to get super-creative with the
expression if you want to effectively create a deny-list with one item.
Honestly, this is probably some technical dept worth paying off at this point.
Another option would be to store the object in a wrapper in the session that
*is* serializable but it doesn't actually try to serialize the object it wraps.
I did one of these ages ago for similar reasons: I didn't want to go change all
those classes to be Serializable. Here it is:
public class TransientObjectWrapper
implements Serializable
{
private static final long serialVersionUID = -4694896879363833304L;
private transient final T _o;
public TransientObjectWrapper(T o) { _o = o; }
public T getWrappedObject() { return _o; } }
Using this plus a craftily-written Filter, HttpServletRequestWrapper, and
HttpSession implementation would allow you to do this kind of thing without any
failures.
Or you could just configure Tomcat's already flexible allow-list for session
attribute names.
-chris
> -Original Message-
> From: Mark Thomas
> Sent: Friday, March 22, 2024 1:27 PM
> To: users@tomcat.apache.org
> Subject: Re: [EXT]Re: Tomcat session replication issue -
> java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
>
> On 22/03/2024 15:43, Rick Noel wrote:
>> Mark,
>>
>> So if my customer object is failing to get set in the session
>> replication, I could add this to the config snippet?
>>
>> sessionAttributeNameFilter="customer"
>
> You set that to the attributes you DO want to replicate, not the ones you
> don't.
>
> Mark
>
>>
>> so like this?...
>>
>>
>> >channelSendOptions="6">
>>
>> > className="org.apache.catalina.ha.session.DeltaManager"
>> expireSessionsOnShutdown="false"
>>
>> notifyListenersOnReplication="true"
>> maxActiveSessions="8192"
>>
>> sessionAttributeNameFilter="customer"
>> />
>>
>> > className="org.apache.catalina.tribes.group.GroupChannel">
>> > className="org.apache.catalina.tribes.membership.McastService"
>> address="228.0.0.4"
>> port="45564"
>> frequency="500"
>> dropTime="3000"/>
>> > className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>> address="auto"
>> port="5000"
>> selectorTimeout="100"
>> maxThreads="6"/>
>>
>> > className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>> > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
>>
>> > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
>> > className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
>>
Re: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
Rick,
On 3/22/24 13:33, Rick Noel wrote:
I do not want to replicate customer because that class does not
implement serializable
I was looking for someway that the Manager would NOT try to replicate
it
This is an allow-list which is much more secure than a deny-list.
It's a regular expression, so you can feel free to get super-creative
with the expression if you want to effectively create a deny-list with
one item.
Honestly, this is probably some technical dept worth paying off at this
point.
Another option would be to store the object in a wrapper in the session
that *is* serializable but it doesn't actually try to serialize the
object it wraps.
I did one of these ages ago for similar reasons: I didn't want to go
change all those classes to be Serializable. Here it is:
public class TransientObjectWrapper
implements Serializable
{
private static final long serialVersionUID = -4694896879363833304L;
private transient final T _o;
public TransientObjectWrapper(T o) { _o = o; }
public T getWrappedObject() { return _o; }
}
Using this plus a craftily-written Filter, HttpServletRequestWrapper,
and HttpSession implementation would allow you to do this kind of thing
without any failures.
Or you could just configure Tomcat's already flexible allow-list for
session attribute names.
-chris
-Original Message-
From: Mark Thomas
Sent: Friday, March 22, 2024 1:27 PM
To: users@tomcat.apache.org
Subject: Re: [EXT]Re: Tomcat session replication issue -
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
On 22/03/2024 15:43, Rick Noel wrote:
Mark,
So if my customer object is failing to get set in the session
replication, I could add this to the config snippet?
sessionAttributeNameFilter="customer"
You set that to the attributes you DO want to replicate, not the ones you don't.
Mark
so like this?...
filter=".*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.c
ss|.*\.txt"/>
Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com
-Original Message-
From: Mark Thomas
Sent: Friday, March 22, 2024 11:32 AM
To: users@tomcat.apache.org
Subject: [EXT]Re: Tomcat session replication issue -
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
On 22/03/2024 15:15, Rick Noel wrote:
Is there a way to configure DeltaManager or the Cluster element so it does not
cause my application to throw this error.
22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5]
org.apache.catalina.core.StandardWrapperValve.invoke
Servlet.service() for servlet [jsp] in context with path [##0001]
threw exception [An exception occurred processing
[/services/include/properties.jsp] at line [196]
193:
194:session.setAttribute( "format", stationFormat );
195:session.setAttribute( "employee_id", employeeId );
196:session.setAttribute( "customer", customer );
197:session.setAttribute( "customer_id", customerId );
198:session.setAttribute( "nonidentifier_call_letters",
nonIdentifierCallLetters );
199:session.setAttribute( "call_letters", callLetters );
Stacktrace:] with root cause
java.lang.IllegalArgumentException: setAttribute:
Non-serializable attribute [customer]
I know why the error, it is because the customer object was never written to
be serialiazable.
The old application I am working on has a lot of such non serialized
objects and I do not want to search out change them all to implement
serialiazable
I am hoping there is a way to configure Tomcat to just not try and
replication sessions all object which are not serialiazable
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftomc
at.apache.org%2Ftomcat-10.1-doc%2Fconfig%2Fmanager.html=05%7C02%7
CRNoel%40westwoodone.com%7C1b723f1052ef4e59bf0808dc4a959af2%7Ce5d6709f
becf4b058cee37f5a62617c4%7C0%7C0%7C638467253633727340%7CUnknown%7CTWFp
bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
0%3D%7C0%7C%7C%7C=o5SvJv%2FM4QtRYM%2BEk18%2For7R81deb1g%2BW7N7XS
rMwuM%3D=0
Search for sessionAttributeNameFilter
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tom
RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
I do not want to replicate customer because that class does not implement serializable I was looking for someway that the Manager would NOT try to replicate it Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Mark Thomas Sent: Friday, March 22, 2024 1:27 PM To: users@tomcat.apache.org Subject: Re: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute : On 22/03/2024 15:43, Rick Noel wrote: > Mark, > > So if my customer object is failing to get set in the session > replication, I could add this to the config snippet? > > sessionAttributeNameFilter="customer" You set that to the attributes you DO want to replicate, not the ones you don't. Mark > > so like this?... > > >channelSendOptions="6"> > > className="org.apache.catalina.ha.session.DeltaManager" > expireSessionsOnShutdown="false" > > notifyListenersOnReplication="true" > maxActiveSessions="8192" > > sessionAttributeNameFilter="customer" > /> > > className="org.apache.catalina.tribes.group.GroupChannel"> > className="org.apache.catalina.tribes.membership.McastService" > address="228.0.0.4" > port="45564" > frequency="500" > dropTime="3000"/> > className="org.apache.catalina.tribes.transport.nio.NioReceiver" >address="auto" >port="5000" >selectorTimeout="100" >maxThreads="6"/> > > className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> > > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> > className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/> > className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/> > > > className="org.apache.catalina.ha.tcp.ReplicationValve" > > filter=".*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.c > ss|.*\.txt"/> > > > className="org.apache.catalina.ha.session.ClusterSessionListener"/> > > > > > > > Rick Noel > Systems Programmer | Westwood One > rn...@westwoodone.com > > -Original Message- > From: Mark Thomas > Sent: Friday, March 22, 2024 11:32 AM > To: users@tomcat.apache.org > Subject: [EXT]Re: Tomcat session replication issue - > java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute : > > On 22/03/2024 15:15, Rick Noel wrote: >> Is there a way to configure DeltaManager or the Cluster element so it does >> not cause my application to throw this error. >> >> 22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5] >> org.apache.catalina.core.StandardWrapperValve.invoke >> Servlet.service() for servlet [jsp] in context with path [##0001] >> threw exception [An exception occurred processing >> [/services/include/properties.jsp] at line [196] >> >> 193: >> 194:session.setAttribute( "format", stationFormat ); >> 195:session.setAttribute( "employee_id", employeeId ); >> 196:session.setAttribute( "customer", customer ); >> 197:session.setAttribute( "customer_id", customerId ); >> 198:se
Re: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
On 22/03/2024 15:43, Rick Noel wrote: Mark, So if my customer object is failing to get set in the session replication, I could add this to the config snippet? sessionAttributeNameFilter="customer" You set that to the attributes you DO want to replicate, not the ones you don't. Mark so like this?... Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Mark Thomas Sent: Friday, March 22, 2024 11:32 AM To: users@tomcat.apache.org Subject: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute : On 22/03/2024 15:15, Rick Noel wrote: Is there a way to configure DeltaManager or the Cluster element so it does not cause my application to throw this error. 22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [jsp] in context with path [##0001] threw exception [An exception occurred processing [/services/include/properties.jsp] at line [196] 193: 194:session.setAttribute( "format", stationFormat ); 195:session.setAttribute( "employee_id", employeeId ); 196:session.setAttribute( "customer", customer ); 197:session.setAttribute( "customer_id", customerId ); 198:session.setAttribute( "nonidentifier_call_letters", nonIdentifierCallLetters ); 199:session.setAttribute( "call_letters", callLetters ); Stacktrace:] with root cause java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute [customer] I know why the error, it is because the customer object was never written to be serialiazable. The old application I am working on has a lot of such non serialized objects and I do not want to search out change them all to implement serialiazable I am hoping there is a way to configure Tomcat to just not try and replication sessions all object which are not serialiazable https://tomcat.apache.org/tomcat-10.1-doc/config/manager.html Search for sessionAttributeNameFilter Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you know the sender and you are sure the content is safe. Please report the message using the Report Message feature in your email client if you believe the email is suspicious. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
So setting... sessionAttributeNameFilter="customer" does not work, still getting the error java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute : customer Do I need to set this also? sessionAttributeValueClassNameFilter= "java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|com.radiovoodoo.customer.Customer" I am thinking no config setting can stop this error. I am thinking I must alter my Customer code and make that class implement java.io.Serializable. And that is what I was hoping not to do. (alter the application code itself) Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Rick Noel Sent: Friday, March 22, 2024 11:43 AM To: Tomcat Users List Subject: RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute : Mark, So if my customer object is failing to get set in the session replication, I could add this to the config snippet? sessionAttributeNameFilter="customer" so like this?... Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Mark Thomas Sent: Friday, March 22, 2024 11:32 AM To: users@tomcat.apache.org Subject: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute : On 22/03/2024 15:15, Rick Noel wrote: > Is there a way to configure DeltaManager or the Cluster element so it does > not cause my application to throw this error. > > 22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5] > org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() > for servlet [jsp] in context with path [##0001] threw exception [An > exception occurred processing [/services/include/properties.jsp] at > line [196] > > 193: > 194:session.setAttribute( "format", stationFormat ); > 195:session.setAttribute( "employee_id", employeeId ); > 196:session.setAttribute( "customer", customer ); > 197:session.setAttribute( "customer_id", customerId ); > 198:session.setAttribute( "nonidentifier_call_letters", > nonIdentifierCallLetters ); > 199:session.setAttribute( "call_letters", callLetters ); > > > Stacktrace:] with root cause > java.lang.IllegalArgumentException: setAttribute: > Non-serializable attribute [customer] > > > I know why the error, it is because the customer object was never written to > be serialiazable. > The old application I am working on has a lot of such non serialized > objects and I do not want to search out change them all to implement > serialiazable > > I am hoping there is a way to configure Tomcat to just not try and > replication sessions all object which are not serialiazable https://tomcat.apache.org/tomcat-10.1-doc/config/manager.html Search for sessionAttributeNameFilter Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you know the sender and you are sure the content is safe. Please report the message using the Report Message feature in your email client if you believe the email is suspicious. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
Mark, So if my customer object is failing to get set in the session replication, I could add this to the config snippet? sessionAttributeNameFilter="customer" so like this?... Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Mark Thomas Sent: Friday, March 22, 2024 11:32 AM To: users@tomcat.apache.org Subject: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute : On 22/03/2024 15:15, Rick Noel wrote: > Is there a way to configure DeltaManager or the Cluster element so it does > not cause my application to throw this error. > > 22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5] > org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for > servlet [jsp] in context with path [##0001] threw exception [An exception > occurred processing [/services/include/properties.jsp] at line [196] > > 193: > 194:session.setAttribute( "format", stationFormat ); > 195:session.setAttribute( "employee_id", employeeId ); > 196:session.setAttribute( "customer", customer ); > 197:session.setAttribute( "customer_id", customerId ); > 198:session.setAttribute( "nonidentifier_call_letters", > nonIdentifierCallLetters ); > 199:session.setAttribute( "call_letters", callLetters ); > > > Stacktrace:] with root cause > java.lang.IllegalArgumentException: setAttribute: > Non-serializable attribute [customer] > > > I know why the error, it is because the customer object was never written to > be serialiazable. > The old application I am working on has a lot of such non serialized objects > and I do not want to search out change them all to implement serialiazable > > I am hoping there is a way to configure Tomcat to just not try and > replication sessions all object which are not serialiazable https://tomcat.apache.org/tomcat-10.1-doc/config/manager.html Search for sessionAttributeNameFilter Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you know the sender and you are sure the content is safe. Please report the message using the Report Message feature in your email client if you believe the email is suspicious. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
