-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 12/12/19 04:38, Mark Thomas wrote:
> On 11/12/2019 19:17, Christopher Schultz wrote:
>> On 12/11/19 13:01, Mark Thomas wrote:
>
> <snip/>
>
>>> Setting RECYCLE_FACADES=true does exactly that. Continued used
>>> by the app triggers an NPE since the underlying
>>> request/response is no longer there. Hence my question.
>>
>> RequestFacade currently has a number of methods that perform
>> null-checks on the "request" member, but not all methods do this.
>> Exampl e:
>>
>> @Override public ServletContext getServletContext() { if (request
>> == null) { throw new IllegalStateException(
>> sm.getString("requestFacade.nullRequest")); }
>>
>> return request.getServletContext(); }
>>
>> Negative example:
>>
>> @Override public AsyncContext startAsync() throws
>> IllegalStateException { return request.startAsync(); }
>>
>> Should these be aligned?
>
> Probably. It will only change the exception from an NPE to ISE but
> I guess we should be consistent here.
>
>> It seems to me that if recycleFacades="false" then there really
>> isn't any reason to wrap the request (response, etc.) in a facade
>> object at all, is there?
>
> It makes it harder for a malicious app to get at the internal
> object.
That's what I thought. So, if you trust the webapp and there are no
held-reference bugs, then the facades are completely superfluous.
Right now, the only option is either to re-use facades (which is
potentially dangerous if the webapp has held-reference bugs) or
recycle them (which is wasteful, GC-wise). There is no option to NOT
use them.
I'm just wondering if there is an opportunity for simpler execution in
a "known trusted" configuration -- which is very common.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3yXBAACgkQHPApP6U8
pFj9HhAAg3UuJ93OPeDggzdTXHj1uafJUVttma50XsQqHGw9IzXjKp0y68j1c/ro
Ii2Rm+/HnGyQG4tMk0ILTkkI6b9235Y8ywk7tTCVeiZppIgcnGH29MkARKakjXyW
Q95OAOKoUQ2Bo0z7Hl8jJCi/Ri+VAyV6O98q4nVKh2sx0a99wE+Q2GNBxqH2621r
AAGg9Bm9/GOQYOx04Lr6nEwLyWQJy8MyD9rYX5lr0wmh16AFj4l4Tey8oEFEsNuW
AUMflBgxuQV5BIICQPwSmHvZ4F0Poo4qxtSbO8N5vryecIxk2xxPvNMuK5GnQ87N
PepT0i9Pi/UAqK1P7MH6djc9Kz2ps2KyGU9kbYri0EqhST0lefTiBBXPUwxyv9PM
eDOvwAnk80Fp3Jt/KG9ygVuujmmm4qLWFk2CcauZhB08XQSUGxmIqNgTNLwFut0O
Kj5JhzJ5Patr+0nohywwDLQ1Cr3DYqvbz0hCjmWIAM0OIVMbIX4aGyQpetyU/imL
b5RNLcWeMqt5uM+gtQ7aQbBhwbuZpMVWXqPV4AREpPI0ek7HJlgNPZlTHVr6KrVo
i9lAZfYvtbkLDNs2JJitYDhv4TqbvH3X3jh9lXmgzuUirrmq1R+9tP92N/MUepHE
rlwyx4DESz5CiutWZksjzJHRK4aqLmUnFB0vZ8pMfyeLXXzUcfc=
=DZCT
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
