This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 91217ef Place data holder rather than CrawlerSessionManagerValve in
session
91217ef is described below
commit 91217ef2a9c57bb947bbc2201f50d44cd4e87aef
Author: Mark Thomas <[email protected]>
AuthorDate: Wed May 1 11:43:03 2019 +0100
Place data holder rather than CrawlerSessionManagerValve in session
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63324
Refactor the CrawlerSessionManagerValve so that the object placed in the
session is compatible with session serialization with mem-cached.
Patch provided by Martin Lemanski.
---
.../valves/CrawlerSessionManagerValve.java | 33 ++++++++++------
.../valves/TestCrawlerSessionManagerValve.java | 46 +++++++++++++++++++++-
webapps/docs/changelog.xml | 6 +++
3 files changed, 73 insertions(+), 12 deletions(-)
diff --git a/java/org/apache/catalina/valves/CrawlerSessionManagerValve.java
b/java/org/apache/catalina/valves/CrawlerSessionManagerValve.java
index aab1caf..1bef60c 100644
--- a/java/org/apache/catalina/valves/CrawlerSessionManagerValve.java
+++ b/java/org/apache/catalina/valves/CrawlerSessionManagerValve.java
@@ -17,6 +17,7 @@
package org.apache.catalina.valves;
import java.io.IOException;
+import java.io.Serializable;
import java.util.Enumeration;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@@ -42,7 +43,7 @@ import org.apache.juli.logging.LogFactory;
* users - regardless of whether or not they provide a session token with their
* requests.
*/
-public class CrawlerSessionManagerValve extends ValveBase implements
HttpSessionBindingListener {
+public class CrawlerSessionManagerValve extends ValveBase {
private static final Log log =
LogFactory.getLog(CrawlerSessionManagerValve.class);
@@ -241,7 +242,8 @@ public class CrawlerSessionManagerValve extends ValveBase
implements HttpSession
clientIdSessionId.put(clientIdentifier, s.getId());
sessionIdClientId.put(s.getId(), clientIdentifier);
// #valueUnbound() will be called on session expiration
- s.setAttribute(this.getClass().getName(), this);
+ s.setAttribute(this.getClass().getName(),
+ new
CrawlerHttpSessionBindingListener(clientIdSessionId, clientIdentifier));
s.setMaxInactiveInterval(sessionInactiveInterval);
if (log.isDebugEnabled()) {
@@ -269,18 +271,27 @@ public class CrawlerSessionManagerValve extends ValveBase
implements HttpSession
return result.toString();
}
+ private static class CrawlerHttpSessionBindingListener implements
HttpSessionBindingListener, Serializable {
+ private static final long serialVersionUID = 1L;
- @Override
- public void valueBound(HttpSessionBindingEvent event) {
- // NOOP
- }
+ private final transient Map<String, String> clientIdSessionId;
+ private final transient String clientIdentifier;
+ private CrawlerHttpSessionBindingListener(Map<String, String>
clientIdSessionId, String clientIdentifier) {
+ this.clientIdSessionId = clientIdSessionId;
+ this.clientIdentifier = clientIdentifier;
+ }
- @Override
- public void valueUnbound(HttpSessionBindingEvent event) {
- String clientIdentifier =
sessionIdClientId.remove(event.getSession().getId());
- if (clientIdentifier != null) {
- clientIdSessionId.remove(clientIdentifier);
+ @Override
+ public void valueBound(HttpSessionBindingEvent event) {
+ // NO-OP
+ }
+
+ @Override
+ public void valueUnbound(HttpSessionBindingEvent event) {
+ if (clientIdentifier != null && clientIdSessionId != null) {
+ clientIdSessionId.remove(clientIdentifier);
+ }
}
}
}
diff --git
a/test/org/apache/catalina/valves/TestCrawlerSessionManagerValve.java
b/test/org/apache/catalina/valves/TestCrawlerSessionManagerValve.java
index 759a248..ec783d8 100644
--- a/test/org/apache/catalina/valves/TestCrawlerSessionManagerValve.java
+++ b/test/org/apache/catalina/valves/TestCrawlerSessionManagerValve.java
@@ -22,19 +22,37 @@ import java.util.Collections;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionBindingListener;
+import org.hamcrest.CoreMatchers;
+import org.hamcrest.MatcherAssert;
+
+import org.junit.Assert;
import org.junit.Test;
import org.apache.catalina.Context;
import org.apache.catalina.Host;
+import org.apache.catalina.Manager;
import org.apache.catalina.Valve;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
+import org.apache.catalina.core.StandardContext;
+import org.apache.catalina.session.StandardManager;
+import org.apache.catalina.session.StandardSession;
import org.easymock.EasyMock;
import org.easymock.IExpectationSetters;
public class TestCrawlerSessionManagerValve {
+ private static final Manager TEST_MANAGER;
+
+ static {
+ TEST_MANAGER = new StandardManager();
+ TEST_MANAGER.setContext(new StandardContext());
+ }
+
+
+
@Test
public void testCrawlerIpsPositive() throws Exception {
CrawlerSessionManagerValve valve = new CrawlerSessionManagerValve();
@@ -79,6 +97,32 @@ public class TestCrawlerSessionManagerValve {
verifyCrawlingLocalhost(valve, "example.invalid");
}
+ @Test
+ public void testCrawlersSessionIdIsRemovedAfterSessionExpiry() throws
IOException, ServletException {
+ CrawlerSessionManagerValve valve = new CrawlerSessionManagerValve();
+ valve.setCrawlerIps("216\\.58\\.206\\.174");
+ valve.setCrawlerUserAgents(valve.getCrawlerUserAgents());
+ valve.setNext(EasyMock.createMock(Valve.class));
+ valve.setSessionInactiveInterval(0);
+ StandardSession session = new StandardSession(TEST_MANAGER);
+ session.setId("id");
+ session.setValid(true);
+
+ Request request = createRequestExpectations("216.58.206.174", session,
true);
+
+ EasyMock.replay(request);
+
+ valve.invoke(request, EasyMock.createMock(Response.class));
+
+ EasyMock.verify(request);
+
+ MatcherAssert.assertThat(valve.getClientIpSessionId().values(),
CoreMatchers.hasItem("id"));
+
+ session.expire();
+
+ Assert.assertEquals(0, valve.getClientIpSessionId().values().size());
+ }
+
private void verifyCrawlingLocalhost(CrawlerSessionManagerValve valve,
String hostname)
throws IOException, ServletException {
@@ -97,7 +141,7 @@ public class TestCrawlerSessionManagerValve {
HttpSession session = EasyMock.createMock(HttpSession.class);
if (isBot) {
EasyMock.expect(session.getId()).andReturn("id").times(2);
- session.setAttribute(valve.getClass().getName(), valve);
+ session.setAttribute(EasyMock.eq(valve.getClass().getName()),
EasyMock.anyObject(HttpSessionBindingListener.class));
EasyMock.expectLastCall();
session.setMaxInactiveInterval(60);
EasyMock.expectLastCall();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 586104b..fff45a8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -90,6 +90,12 @@
the optional <code>path</code>. (markt)
</fix>
<fix>
+ <bug>63324</bug>: Refactor the <code>CrawlerSessionManagerValve</code>
+ so that the object placed in the session is compatible with session
+ serialization with mem-cached. Patch provided by Martin Lemanski.
+ (markt)
+ </fix>
+ <fix>
<bug>63333</bug>: Override the <code>isAvailable()</code> method in the
<code>JAASRealm</code> so that only login failures caused by invalid
credentials trigger account lock out when the <code>LockOutRealm</code>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
