Author: markt
Date: Tue Nov 30 13:15:51 2010
New Revision: 1040511
URL: http://svn.apache.org/viewvc?rev=1040511&view=rev
Log:
Remove direct support for reading random bytes from a file
Add support for specifying SecureRandom algorithm and provider
Modified:
tomcat/trunk/java/org/apache/catalina/ha/session/BackupManager.java
tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java
tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/session/LocalStrings_es.properties
tomcat/trunk/java/org/apache/catalina/session/LocalStrings_fr.properties
tomcat/trunk/java/org/apache/catalina/session/LocalStrings_ja.properties
tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
tomcat/trunk/java/org/apache/catalina/session/PersistentManagerBase.java
tomcat/trunk/java/org/apache/catalina/session/StandardManager.java
tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml
tomcat/trunk/test/org/apache/catalina/session/Benchmarks.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/manager.xml
Modified: tomcat/trunk/java/org/apache/catalina/ha/session/BackupManager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ha/session/BackupManager.java?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/ha/session/BackupManager.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/ha/session/BackupManager.java Tue Nov
30 13:15:51 2010
@@ -202,7 +202,6 @@ public class BackupManager extends Clust
}
cluster.removeManager(this);
- this.randoms.clear();
super.stopInternal();
}
Modified: tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java Tue Nov
30 13:15:51 2010
@@ -961,7 +961,6 @@ public CatalinaCluster getCluster() {
// Require a new random number generator if we are restarted
getCluster().removeManager(this);
- this.randoms.clear();
super.stopInternal();
replicationValve = null;
}
Modified: tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties Tue
Nov 30 13:15:51 2010
@@ -28,12 +28,10 @@ JDBCStore.checkConnectionDBReOpenFail=Th
JDBCStore.checkConnectionSQLException=A SQL exception occurred {0}
JDBCStore.checkConnectionClassNotFoundException=JDBC driver class not found {0}
managerBase.createRandom=Created random number generator for session ID
generation in {0}ms.
-managerBase.createRandomSeed=Created SecureRandom instance to seed random
number generators for session ID generation in {0}ms.
managerBase.createSession.ise=createSession: Too many active sessions
-managerBase.getting=Getting message digest component for algorithm {0}
-managerBase.gotten=Completed getting message digest component
-managerBase.random=Exception initializing random number generator of class
{0}. Falling back to java.util.Random.
-managerBase.seedFailed=Failed to seed random number generator class {0}
+managerBase.random=Exception initializing random number generator of class
[{0}]. Falling back to java.secure.SecureRandom
+managerBase.randomAlgorithm=Exception initializing random number generator
using algorithm [{0}]
+managerBase.randomProviderException initializing random number generator using
provider [{0}]
managerBase.sessionTimeout=Invalid session timeout setting {0}
serverSession.value.iae=null value
standardManager.expireException=processsExpire: Exception during session
expiration
Modified:
tomcat/trunk/java/org/apache/catalina/session/LocalStrings_es.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/LocalStrings_es.properties?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/LocalStrings_es.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/LocalStrings_es.properties
Tue Nov 30 13:15:51 2010
@@ -27,8 +27,6 @@ JDBCStore.checkConnectionDBReOpenFail =
JDBCStore.checkConnectionSQLException = Ha tenido lugar una excepci\u00F3n SQL
{0}
JDBCStore.checkConnectionClassNotFoundException = No se ha hallado la clase
del manejador (driver) JDBC {0}
managerBase.createSession.ise = createSession\: Demasiadas sesiones activas
-managerBase.getting = Obteniendo mensaje de componente de resumen (digest)
para algoritmo {0}
-managerBase.gotten = Completada la obtenci\u00F3n de mensaje de componente de
resumen (digest)
managerBase.random = Excepci\u00F3n inicializando generador de n\u00FAmeros
aleatorios de clase {0}
managerBase.sessionTimeout = Valor inv\u00E1lido de Tiempo Agotado de
sesi\u00F3n {0}
serverSession.value.iae = valor nulo
Modified:
tomcat/trunk/java/org/apache/catalina/session/LocalStrings_fr.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/LocalStrings_fr.properties?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/LocalStrings_fr.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/LocalStrings_fr.properties
Tue Nov 30 13:15:51 2010
@@ -27,8 +27,6 @@ JDBCStore.checkConnectionDBReOpenFail=La
JDBCStore.checkConnectionSQLException=Une exception SQL s''est produite {0}
JDBCStore.checkConnectionClassNotFoundException=La classe du driver JDBC n''a
pas \u00e9t\u00e9 trouv\u00e9e {0}
managerBase.createSession.ise="createSession": Trop de sessions actives
-managerBase.getting=Prise du composant d''algorithme empreinte de message
(message digest) pour l''algorithme {0}
-managerBase.gotten=Prise du composant d''algorithme empreinte de message
(message digest) termin\u00e9e
managerBase.random=Exception durant l''initialisation de la classe du
g\u00e9n\u00e9rateur de nombre al\u00e9atoire {0}
managerBase.sessionTimeout=R\u00e9glage du d\u00e9lai d''inactivit\u00e9
(timeout) de session invalide {0}
serverSession.value.iae=valeur nulle
Modified:
tomcat/trunk/java/org/apache/catalina/session/LocalStrings_ja.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/LocalStrings_ja.properties?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/LocalStrings_ja.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/LocalStrings_ja.properties
Tue Nov 30 13:15:51 2010
@@ -28,8 +28,6 @@ JDBCStore.checkConnectionDBReOpenFail=\u
JDBCStore.checkConnectionSQLException=SQL\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f
{0}
JDBCStore.checkConnectionClassNotFoundException=JDBC\u30c9\u30e9\u30a4\u30d0\u30af\u30e9\u30b9\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093
{0}
managerBase.createSession.ise=createSession:
\u30a2\u30af\u30c6\u30a3\u30d6\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u591a\u3059\u304e\u307e\u3059
-managerBase.getting=\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0 {0}
\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u30c0\u30a4\u30b8\u30a7\u30b9\u30c8\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u53d6\u5f97\u3057\u307e\u3059
-managerBase.gotten=\u30e1\u30c3\u30bb\u30fc\u30b8\u30c0\u30a4\u30b8\u30a7\u30b9\u30c8\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306e\u53d6\u5f97\u3092\u5b8c\u4e86\u3057\u307e\u3057\u305f
managerBase.random=\u30af\u30e9\u30b9 {0}
\u306e\u4e71\u6570\u767a\u751f\u5668\u306e\u521d\u671f\u5316\u306e\u4f8b\u5916\u3067\u3059
managerBase.sessionTimeout=\u7121\u52b9\u306a\u30bb\u30c3\u30b7\u30e7\u30f3\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\u8a2d\u5b9a\u3067\u3059
{0}
serverSession.value.iae=null\u5024\u3067\u3059
Modified: tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java Tue Nov 30
13:15:51 2010
@@ -22,12 +22,9 @@ package org.apache.catalina.session;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
-import java.io.InputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Date;
@@ -46,7 +43,6 @@ import java.util.concurrent.atomic.Atomi
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
-import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Manager;
import org.apache.catalina.Session;
@@ -73,12 +69,6 @@ public abstract class ManagerBase extend
// ----------------------------------------------------- Instance Variables
- protected volatile Queue<InputStream> randomInputStreams =
- new ConcurrentLinkedQueue<InputStream>();
- protected String randomFile = "/dev/urandom";
- protected String randomFileCurrent = null;
- protected volatile boolean randomFileCurrentIsValid = true;
-
/**
* The Container with which this Manager is associated.
*/
@@ -137,6 +127,27 @@ public abstract class ManagerBase extend
protected String secureRandomClass = null;
/**
+ * The name of the algorithm to use to create instances of
+ * {...@link SecureRandom} which are used to generate session IDs. If no
+ * algorithm is specified, SHA1PRNG is used. To use the platform default
+ * (which may be SHA1PRNG), specify the empty string. If an invalid
+ * algorithm and/or provider is specified the {...@link SecureRandom}
instances
+ * will be created using the defaults. If that fails, the {...@link
+ * SecureRandom} instances will be created using platform defaults.
+ */
+ protected String secureRandomAlgorithm = "SHA1PRNG";
+
+ /**
+ * The name of the provider to use to create instances of
+ * {...@link SecureRandom} which are used to generate session IDs. If
+ * no algorithm is specified the of SHA1PRNG default is used. If an invalid
+ * algorithm and/or provider is specified the {...@link SecureRandom}
instances
+ * will be created using the defaults. If that fails, the {...@link
+ * SecureRandom} instances will be created using platform defaults.
+ */
+ protected String secureRandomProvider = null;
+
+ /**
* The longest time (in seconds) that an expired session had been alive.
*/
protected volatile int sessionMaxAliveTime;
@@ -214,37 +225,6 @@ public abstract class ManagerBase extend
protected PropertyChangeSupport support = new PropertyChangeSupport(this);
- // ------------------------------------------------------------- Security
classes
-
-
- private class PrivilegedCreateRandomInputStream
- implements PrivilegedAction<InputStream> {
-
- @Override
- public InputStream run(){
- try {
- File f = new File(randomFileCurrent);
- if (!f.exists()) {
- randomFileCurrentIsValid = false;
- closeRandomInputStreams();
- return null;
- }
- InputStream is = new FileInputStream(f);
- is.read();
- if( log.isDebugEnabled() )
- log.debug( "Opening " + randomFileCurrent );
- randomFileCurrentIsValid = true;
- return is;
- } catch (IOException ex){
- log.warn("Error reading " + randomFileCurrent, ex);
- randomFileCurrentIsValid = false;
- closeRandomInputStreams();
- }
- return null;
- }
- }
-
-
// ------------------------------------------------------------- Properties
/**
@@ -405,95 +385,6 @@ public abstract class ManagerBase extend
}
- /**
- * Use /dev/random-type special device. This is new code, but may reduce
- * the big delay in generating the random.
- *
- * You must specify a path to a random generator file. Use /dev/urandom
- * for linux ( or similar ) systems. Use /dev/random for maximum security
- * ( it may block if not enough "random" exist ). You can also use
- * a pipe that generates random.
- *
- * The code will check if the file exists, and default to java Random
- * if not found. There is a significant performance difference, very
- * visible on the first call to getSession ( like in the first JSP )
- * - so use it if available.
- */
- public void setRandomFile(String s) {
- // as a hack, you can use a static file - and generate the same
- // session ids ( good for strange debugging )
- randomFile = s;
- }
-
- protected InputStream createRandomInputStream() {
- if (Globals.IS_SECURITY_ENABLED){
- return AccessController.doPrivileged(
- new PrivilegedCreateRandomInputStream());
- } else {
- try{
- File f = new File(randomFileCurrent);
- if (!f.exists()) {
- randomFileCurrentIsValid = false;
- closeRandomInputStreams();
- return null;
- }
- InputStream is = new FileInputStream(f);
- is.read();
- if( log.isDebugEnabled() )
- log.debug( "Opening " + randomFileCurrent );
- randomFileCurrentIsValid = true;
- return is;
- } catch( IOException ex ) {
- log.warn("Error reading " + randomFileCurrent, ex);
- randomFileCurrentIsValid = false;
- closeRandomInputStreams();
- }
- return null;
- }
- }
-
-
- /**
- * Obtain the value of the randomFile attribute currently configured for
- * this Manager. Note that this will not return the same value as
- * {...@link #getRandomFileCurrent()} if the value for the randomFile
attribute
- * has been changed since this Manager was started.
- *
- * @return The file currently configured to provide random data for use in
- * generating session IDs
- */
- public String getRandomFile() {
- return randomFile;
- }
-
-
- /**
- * Obtain the value of the randomFile attribute currently being used by
- * this Manager. Note that this will not return the same value as
- * {...@link #getRandomFile()} if the value for the randomFile attribute
has
- * been changed since this Manager was started.
- *
- * @return The file currently being used to provide random data for use in
- * generating session IDs
- */
- public String getRandomFileCurrent() {
- return randomFileCurrent;
- }
-
-
- protected synchronized void closeRandomInputStreams() {
- InputStream is = randomInputStreams.poll();
-
- while (is != null) {
- try {
- is.close();
- } catch (Exception e) {
- log.warn("Failed to close randomInputStream.");
- }
- is = randomInputStreams.poll();
- }
- }
-
/**
* Create a new random number generator instance we should use for
* generating session identifiers.
@@ -509,17 +400,46 @@ public abstract class ManagerBase extend
Class<?> clazz = Class.forName(secureRandomClass);
result = (SecureRandom) clazz.newInstance();
} catch (Exception e) {
- // Fall back to the default case
log.error(sm.getString("managerBase.random",
secureRandomClass), e);
}
}
+
+ if (result == null) {
+ // No secureRandomClass or creation failed. Use SecureRandom.
+ try {
+ if (secureRandomProvider != null &&
+ secureRandomProvider.length() > 0) {
+ result = SecureRandom.getInstance(secureRandomAlgorithm,
+ secureRandomProvider);
+ } else if (secureRandomAlgorithm != null &&
+ secureRandomAlgorithm.length() > 0) {
+ result = SecureRandom.getInstance(secureRandomAlgorithm);
+ }
+ } catch (NoSuchAlgorithmException e) {
+ log.error(sm.getString("managerBase.randomAlgorithm",
+ secureRandomAlgorithm), e);
+ } catch (NoSuchProviderException e) {
+ log.error(sm.getString("managerBase.randomProvider",
+ secureRandomProvider), e);
+ }
+ }
+
+ if (result == null) {
+ // Invalid provider / algorithm
+ try {
+ result = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ log.error(sm.getString("managerBase.randomAlgorithm",
+ secureRandomAlgorithm), e);
+ }
+ }
if (result == null) {
- // No secureRandomClass or creation failed
+ // Nothing works - use platform default
result = new SecureRandom();
}
-
+
if(log.isDebugEnabled()) {
long t2=System.currentTimeMillis();
if( (t2-t1) > 100 )
@@ -531,7 +451,7 @@ public abstract class ManagerBase extend
/**
- * Return the random number generator class name.
+ * Return the secure random number generator class name.
*/
public String getSecureRandomClass() {
@@ -541,21 +461,59 @@ public abstract class ManagerBase extend
/**
- * Set the random number generator class name.
+ * Set the secure random number generator class name.
*
- * @param randomClass The new random number generator class name
+ * @param randomClass The new secure random number generator class name
*/
- public void setSecureRandomClass(String randomClass) {
+ public void setSecureRandomClass(String secureRandomClass) {
- String oldRandomClass = this.secureRandomClass;
- this.secureRandomClass = randomClass;
- support.firePropertyChange("randomClass", oldRandomClass,
+ String oldSecureRandomClass = this.secureRandomClass;
+ this.secureRandomClass = secureRandomClass;
+ support.firePropertyChange("secureRandomClass", oldSecureRandomClass,
this.secureRandomClass);
}
/**
+ * Return the secure random number generator algorithm name.
+ */
+ public String getSecureRandomAlgorithm() {
+ return secureRandomAlgorithm;
+ }
+
+
+ /**
+ * Set the secure random number generator algorithm name.
+ *
+ * @param secureRandomAlgorithm The new secure random number generator
+ * algorithm name
+ */
+ public void setSecureRandomAlgorithm(String secureRandomAlgorithm) {
+ this.secureRandomAlgorithm = secureRandomAlgorithm;
+ }
+
+
+ /**
+ * Return the secure random number generator provider name.
+ */
+ public String getSecureRandomProvider() {
+ return secureRandomProvider;
+ }
+
+
+ /**
+ * Set the secure random number generator provider name.
+ *
+ * @param secureRandomProvider The new secure random number generator
+ * provider name
+ */
+ public void setSecureRandomProvider(String secureRandomProvider) {
+ this.secureRandomProvider = secureRandomProvider;
+ }
+
+
+ /**
* Number of session creations that failed due to maxActiveSessions
*
* @return The count
@@ -669,12 +627,6 @@ public abstract class ManagerBase extend
@Override
protected void startInternal() throws LifecycleException {
- randomFileCurrent = randomFile;
- InputStream is = createRandomInputStream();
- if (is != null) {
- randomInputStreams.add(is);
- }
-
// Ensure caches for timing stats are the right size by filling with
// nulls.
while (sessionCreationTiming.size() < TIMING_STATS_CACHE_SIZE) {
@@ -694,7 +646,7 @@ public abstract class ManagerBase extend
@Override
protected void stopInternal() throws LifecycleException {
- closeRandomInputStreams();
+ this.randoms.clear();
}
@@ -899,31 +851,7 @@ public abstract class ManagerBase extend
protected void getRandomBytes(byte bytes[]) {
- if (randomFileCurrentIsValid) {
- InputStream is = null;
- try {
- // If one of the InputStreams fails, is will be null and the
- // resulting NPE will trigger a fall-back to getRandom()
- is = randomInputStreams.poll();
- if (is == null) {
- is = createRandomInputStream();
- }
- int len = is.read(bytes);
- if (len == bytes.length) {
- randomInputStreams.add(is);
- return;
- }
- if(log.isDebugEnabled())
- log.debug("Got " + len + " " + bytes.length );
- } catch (Exception ex) {
- // Ignore
- }
- randomFileCurrentIsValid = false;
- if (is != null) {
- randomInputStreams.add(is);
- }
- closeRandomInputStreams();
- }
+
SecureRandom random = randoms.poll();
if (random == null) {
random = createSecureRandom();
Modified:
tomcat/trunk/java/org/apache/catalina/session/PersistentManagerBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/PersistentManagerBase.java?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/PersistentManagerBase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/PersistentManagerBase.java
Tue Nov 30 13:15:51 2010
@@ -865,7 +865,6 @@ public abstract class PersistentManagerB
((Lifecycle)getStore()).stop();
// Require a new random number generator if we are restarted
- this.randoms.clear();
super.stopInternal();
}
Modified: tomcat/trunk/java/org/apache/catalina/session/StandardManager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/StandardManager.java?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/StandardManager.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/StandardManager.java Tue Nov
30 13:15:51 2010
@@ -513,7 +513,6 @@ public class StandardManager extends Man
}
// Require a new random number generator if we are restarted
- this.randoms.clear();
super.stopInternal();
}
Modified: tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml Tue
Nov 30 13:15:51 2010
@@ -83,8 +83,16 @@
description="Time spent doing housekeeping and expiration"
type="long" />
+ <attribute name="secureRandomAlgorithm"
+ description="The secure random number generator algorithm name"
+ type="java.lang.String"/>
+
<attribute name="secureRandomClass"
- description="The random number generator class name"
+ description="The secure random number generator class name"
+ type="java.lang.String"/>
+
+ <attribute name="secureRandomProvider"
+ description="The secure random number generator provider name"
type="java.lang.String"/>
<attribute name="sessionAverageAliveTime"
Modified: tomcat/trunk/test/org/apache/catalina/session/Benchmarks.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/session/Benchmarks.java?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/session/Benchmarks.java (original)
+++ tomcat/trunk/test/org/apache/catalina/session/Benchmarks.java Tue Nov 30
13:15:51 2010
@@ -38,9 +38,9 @@ public class Benchmarks extends TestCase
/*
* Results on markt's 4-core Windows dev box
* 1 thread - ~1,400ms
- * 2 threads - ~2,200ms
- * 4 threads - ~3,200ms
- * 16 threads - ~14,800ms
+ * 2 threads - ~2,100ms
+ * 4 threads - ~3,100ms
+ * 16 threads - ~14,700ms
*
* Results on markt's 2-core OSX dev box
* 1 thread - ~4,700ms
@@ -70,9 +70,6 @@ public class Benchmarks extends TestCase
// Create a default session manager
StandardManager mgr = new StandardManager();
- // Calling start requires a valid container so do the equivalent
- mgr.randomFileCurrent = mgr.randomFile;
- mgr.createRandomInputStream();
mgr.generateSessionId();
while (mgr.sessionCreationTiming.size() <
ManagerBase.TIMING_STATS_CACHE_SIZE) {
@@ -113,8 +110,6 @@ public class Benchmarks extends TestCase
result.append(end-start);
result.append(", Randoms: ");
result.append(mgr.randoms.size());
- result.append(", RandomInputStreams: ");
- result.append(mgr.randomInputStreams.size());
System.out.println(result.toString());
}
@@ -140,10 +135,10 @@ public class Benchmarks extends TestCase
/*
* Results on markt's 4-core Windows dev box
- * 1 thread - ~4,000ms
- * 2 threads - ~6,500ms
- * 4 threads - ~10,400ms
- * 16 threads - ~43,600ms
+ * 1 thread - ~3,800ms
+ * 2 threads - ~6,700ms
+ * 4 threads - ~11,000ms
+ * 16 threads - ~43,500ms
*
* Results on markt's 2-core OSX dev box
* 1 thread - ~9,100ms
@@ -167,9 +162,6 @@ public class Benchmarks extends TestCase
// Create a default session manager
StandardManager mgr = new StandardManager();
mgr.setContainer(new StandardContext());
- // Calling start requires a valid container so do the equivalent
- mgr.randomFileCurrent = mgr.randomFile;
- mgr.createRandomInputStream();
mgr.generateSessionId();
while (mgr.sessionCreationTiming.size() <
ManagerBase.TIMING_STATS_CACHE_SIZE) {
@@ -209,8 +201,6 @@ public class Benchmarks extends TestCase
result.append(end-start);
result.append(", Randoms: ");
result.append(mgr.randoms.size());
- result.append(", RandomInputStreams: ");
- result.append(mgr.randomInputStreams.size());
System.out.println(result.toString());
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Nov 30 13:15:51 2010
@@ -56,7 +56,9 @@
</fix>
<update>
Further performance improvements to session ID generation. Remove
legacy
- configuration options that are no longer required. (markt)
+ configuration options that are no longer required. Provide additional
+ options to control the <code>SecureRandom</code> instances used to
+ generate session IDs. (markt)
</update>
<fix>
<bug>50351</bug>: Fix the regression that broke BeanFactory resources
Modified: tomcat/trunk/webapps/docs/config/manager.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/manager.xml?rev=1040511&r1=1040510&r2=1040511&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/manager.xml (original)
+++ tomcat/trunk/webapps/docs/config/manager.xml Tue Nov 30 13:15:51 2010
@@ -133,13 +133,33 @@
</p>
</attribute>
- <attribute name="randomClass" required="false">
+ <attribute name="secureRandomClass" required="false">
<p>Name of the Java class that extends
<code>java.security.SecureRandom</code> to use to generate session IDs.
If not specified, the default value is
<code>java.security.SecureRandom</code>.</p>
</attribute>
+ <attribute name="secureRandomProvider" required="false">
+ <p>Name of the provider to use to create the
+ <code>java.security.SecureRandom</code> instances that generate session
+ IDs. If an invalid algorithm and/or provider is specified, the Manager
+ will use the platform default provider and the default algorithm. If
not
+ specified, the platform default provider will be used.</p>
+ </attribute>
+
+ <attribute name="secureRandomAlgorithm" required="false">
+ <p>Name of the algorithm to use to create the
+ <code>java.security.SecureRandom</code> instances that generate session
+ IDs. If an invalid algorithm and/or provider is specified, the Manager
+ will use the platform default provider and the default algorithm. If
not
+ specified, the default algorithm of SHA1PRNG will be used. If the
+ default algorithm is not supported, the platform default will be used.
+ To specify that the platform default should be used, do not set the
+ secureRandomProvider attribute and set this attribute to the empty
+ string.</p>
+ </attribute>
+
<attribute name="sessionIdLength" required="false">
<p>The length of session ids created by this Manager, excluding any
JVM route information used for load balancing.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
