Re: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

Fri, 22 Mar 2024 11:36:43 -0700 

Rick,

On 3/22/24 13:33, Rick Noel wrote:

I do not want to replicate customer because that class does not
implement  serializable

I was looking for someway that the Manager would NOT try to replicate
it

This is an allow-list which is much more secure than a deny-list.
It's a regular expression, so you can feel free to get super-creative with the expression if you want to effectively create a deny-list with one item.
Honestly, this is probably some technical dept worth paying off at this point.
Another option would be to store the object in a wrapper in the session that *is* serializable but it doesn't actually try to serialize the object it wraps.
I did one of these ages ago for similar reasons: I didn't want to go change all those classes to be Serializable. Here it is: 

public class TransientObjectWrapper<T>
    implements Serializable
{
    private static final long serialVersionUID = -4694896879363833304L;

    private transient final T _o;

    public TransientObjectWrapper(T o) { _o = o; }

    public T getWrappedObject() { return _o; }
}
Using this plus a craftily-written Filter, HttpServletRequestWrapper, and HttpSession implementation would allow you to do this kind of thing without any failures.
Or you could just configure Tomcat's already flexible allow-list for session attribute names. 

-chris


-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: Friday, March 22, 2024 1:27 PM
To: users@tomcat.apache.org
Subject: Re: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

On 22/03/2024 15:43, Rick Noel wrote:

Mark,

So if my customer object is failing to get set in the session
replication, I could add this to the config snippet?

sessionAttributeNameFilter="customer"


You set that to the attributes you DO want to replicate, not the ones you don't.

Mark



so like this?...........


<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
                                           channelSendOptions="6">

                                    <Manager 
className="org.apache.catalina.ha.session.DeltaManager"
                                             expireSessionsOnShutdown="false"
                                             notifyListenersOnReplication="true"
                                             maxActiveSessions="8192"
                                                                
sessionAttributeNameFilter="customer"
                                             />

                                    <Channel 
className="org.apache.catalina.tribes.group.GroupChannel">
                                      <Membership 
className="org.apache.catalina.tribes.membership.McastService"
                                                  address="228.0.0.4"
                                                  port="45564"
                                                  frequency="500"
                                                  dropTime="3000"/>
                                      <Receiver 
className="org.apache.catalina.tribes.transport.nio.NioReceiver"
                                                address="auto"
                                                port="5000"
                                                selectorTimeout="100"
                                                maxThreads="6"/>

                                      <Sender 
className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
                                        <Transport 
className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
                                      </Sender>
                                      <Interceptor 
className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
                                      <Interceptor 
className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
                                      <Interceptor 
className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/>
                                    </Channel>

                                    <Valve 
className="org.apache.catalina.ha.tcp.ReplicationValve"
filter=".*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.c 
ss|.*\.txt"/>


                                    <ClusterListener 
className="org.apache.catalina.ha.session.ClusterSessionListener"/>
                           </Cluster>





Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com

-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: Friday, March 22, 2024 11:32 AM
To: users@tomcat.apache.org
Subject: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

On 22/03/2024 15:15, Rick Noel wrote:

Is there a way to configure DeltaManager or the Cluster element so it does not 
cause my application to throw this error.....

22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5]
org.apache.catalina.core.StandardWrapperValve.invoke
Servlet.service() for servlet [jsp] in context with path [##0001]
threw exception [An exception occurred processing
[/services/include/properties.jsp] at line [196]

193:
194:        session.setAttribute( "format", stationFormat );
195:        session.setAttribute( "employee_id", employeeId );
196:        session.setAttribute( "customer", customer );
197:        session.setAttribute( "customer_id", customerId );
198:        session.setAttribute( "nonidentifier_call_letters", 
nonIdentifierCallLetters );
199:        session.setAttribute( "call_letters", callLetters );


Stacktrace:] with root cause
                  java.lang.IllegalArgumentException: setAttribute:
Non-serializable attribute [customer]


I know why the error, it is because the  customer object was never written to 
be serialiazable.
The old application I am working on has a lot of such non serialized
objects and I do not want to search out change them all to implement
serialiazable

I am hoping there is a way to configure Tomcat to just not try and
replication sessions all object which are not serialiazable


https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftomc
at.apache.org%2Ftomcat-10.1-doc%2Fconfig%2Fmanager.html&data=05%7C02%7
CRNoel%40westwoodone.com%7C1b723f1052ef4e59bf0808dc4a959af2%7Ce5d6709f
becf4b058cee37f5a62617c4%7C0%7C0%7C638467253633727340%7CUnknown%7CTWFp
bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
0%3D%7C0%7C%7C%7C&sdata=o5SvJv%2FM4QtRYM%2BEk18%2For7R81deb1g%2BW7N7XS
rMwuM%3D&reserved=0

Search for sessionAttributeNameFilter

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you know the sender and you are sure the 
content is safe. Please report the message using the Report Message feature in 
your email client if you believe the email is suspicious.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to