Thank you very much Chris
The classes my app uses should be serialize anyway so I just go that route.
But thanks for that code snippet too
Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com
-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Friday, March 22, 2024 2:36 PM
To: Tomcat Users List <users@tomcat.apache.org>; Rick Noel
<rn...@westwoodone.com.INVALID>
Subject: Re: [EXT]Re: Tomcat session replication issue -
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
Rick,
On 3/22/24 13:33, Rick Noel wrote:
> I do not want to replicate customer because that class does not
> implement serializable
>
> I was looking for someway that the Manager would NOT try to replicate
> it
This is an allow-list which is much more secure than a deny-list.
It's a regular expression, so you can feel free to get super-creative with the
expression if you want to effectively create a deny-list with one item.
Honestly, this is probably some technical dept worth paying off at this point.
Another option would be to store the object in a wrapper in the session that
*is* serializable but it doesn't actually try to serialize the object it wraps.
I did one of these ages ago for similar reasons: I didn't want to go change all
those classes to be Serializable. Here it is:
public class TransientObjectWrapper<T>
implements Serializable
{
private static final long serialVersionUID = -4694896879363833304L;
private transient final T _o;
public TransientObjectWrapper(T o) { _o = o; }
public T getWrappedObject() { return _o; } }
Using this plus a craftily-written Filter, HttpServletRequestWrapper, and
HttpSession implementation would allow you to do this kind of thing without any
failures.
Or you could just configure Tomcat's already flexible allow-list for session
attribute names.
-chris
> -----Original Message-----
> From: Mark Thomas <ma...@apache.org>
> Sent: Friday, March 22, 2024 1:27 PM
> To: users@tomcat.apache.org
> Subject: Re: [EXT]Re: Tomcat session replication issue -
> java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
>
> On 22/03/2024 15:43, Rick Noel wrote:
>> Mark,
>>
>> So if my customer object is failing to get set in the session
>> replication, I could add this to the config snippet?
>>
>> sessionAttributeNameFilter="customer"
>
> You set that to the attributes you DO want to replicate, not the ones you
> don't.
>
> Mark
>
>>
>> so like this?...........
>>
>>
>> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
>> channelSendOptions="6">
>>
>> <Manager
>> className="org.apache.catalina.ha.session.DeltaManager"
>> expireSessionsOnShutdown="false"
>>
>> notifyListenersOnReplication="true"
>> maxActiveSessions="8192"
>>
>> sessionAttributeNameFilter="customer"
>> />
>>
>> <Channel
>> className="org.apache.catalina.tribes.group.GroupChannel">
>> <Membership
>> className="org.apache.catalina.tribes.membership.McastService"
>> address="228.0.0.4"
>> port="45564"
>> frequency="500"
>> dropTime="3000"/>
>> <Receiver
>> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>> address="auto"
>> port="5000"
>> selectorTimeout="100"
>> maxThreads="6"/>
>>
>> <Sender
>> className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>> <Transport
>> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
>> </Sender>
>> <Interceptor
>> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
>> <Interceptor
>> className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
>> <Interceptor
>> className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/>
>> </Channel>
>>
>> <Valve
>> className="org.apache.catalina.ha.tcp.ReplicationValve"
>>
>> filter=".*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.
>> c
>> ss|.*\.txt"/>
>>
>>
>> <ClusterListener
>> className="org.apache.catalina.ha.session.ClusterSessionListener"/>
>> </Cluster>
>>
>>
>>
>>
>>
>> Rick Noel
>> Systems Programmer | Westwood One
>> rn...@westwoodone.com
>>
>> -----Original Message-----
>> From: Mark Thomas <ma...@apache.org>
>> Sent: Friday, March 22, 2024 11:32 AM
>> To: users@tomcat.apache.org
>> Subject: [EXT]Re: Tomcat session replication issue -
>> java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute
>> :
>>
>> On 22/03/2024 15:15, Rick Noel wrote:
>>> Is there a way to configure DeltaManager or the Cluster element so it does
>>> not cause my application to throw this error.....
>>>
>>> 22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5]
>>> org.apache.catalina.core.StandardWrapperValve.invoke
>>> Servlet.service() for servlet [jsp] in context with path [##0001]
>>> threw exception [An exception occurred processing
>>> [/services/include/properties.jsp] at line [196]
>>>
>>> 193:
>>> 194: session.setAttribute( "format", stationFormat );
>>> 195: session.setAttribute( "employee_id", employeeId );
>>> 196: session.setAttribute( "customer", customer );
>>> 197: session.setAttribute( "customer_id", customerId );
>>> 198: session.setAttribute( "nonidentifier_call_letters",
>>> nonIdentifierCallLetters );
>>> 199: session.setAttribute( "call_letters", callLetters );
>>>
>>>
>>> Stacktrace:] with root cause
>>> java.lang.IllegalArgumentException: setAttribute:
>>> Non-serializable attribute [customer]
>>>
>>>
>>> I know why the error, it is because the customer object was never written
>>> to be serialiazable.
>>> The old application I am working on has a lot of such non serialized
>>> objects and I do not want to search out change them all to implement
>>> serialiazable
>>>
>>> I am hoping there is a way to configure Tomcat to just not try and
>>> replication sessions all object which are not serialiazable
>>
>> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftom
>> c%2F&data=05%7C02%7CRNoel%40westwoodone.com%7C08648b0871b749a1fc5e08d
>> c4a9f08d9%7Ce5d6709fbecf4b058cee37f5a62617c4%7C0%7C0%7C63846729413855
>> 4189%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
>> TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=r7kgKohVqPJ65lcikOm2DNr
>> FYTc%2B2ptG93aAiSW3zaw%3D&reserved=0
>> at.apache.org%2Ftomcat-10.1-doc%2Fconfig%2Fmanager.html&data=05%7C02%
>> 7
>> CRNoel%40westwoodone.com%7C1b723f1052ef4e59bf0808dc4a959af2%7Ce5d6709
>> f
>> becf4b058cee37f5a62617c4%7C0%7C0%7C638467253633727340%7CUnknown%7CTWF
>> p
>> bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6M
>> n
>> 0%3D%7C0%7C%7C%7C&sdata=o5SvJv%2FM4QtRYM%2BEk18%2For7R81deb1g%2BW7N7X
>> S
>> rMwuM%3D&reserved=0
>>
>> Search for sessionAttributeNameFilter
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>> CAUTION: This email originated from outside of the organization. Do not
>> click links or open attachments unless you know the sender and you are sure
>> the content is safe. Please report the message using the Report Message
>> feature in your email client if you believe the email is suspicious.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
