Author: markt
Date: Mon Jan 18 13:13:35 2016
New Revision: 1725263
URL: http://svn.apache.org/viewvc?rev=1725263&view=rev
Log:
Expand the session attribute filtering options
- new option to filter based on implementation class of value
- new option to log a warning message if an attribute is filtered out
- always log a message at at least debug level if an attribute is filtered out
Modified:
tomcat/trunk/java/org/apache/catalina/ha/session/mbeans-descriptors.xml
tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/cluster-manager.xml
tomcat/trunk/webapps/docs/config/manager.xml
Modified:
tomcat/trunk/java/org/apache/catalina/ha/session/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ha/session/mbeans-descriptors.xml?rev=1725263&r1=1725262&r2=1725263&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/ha/session/mbeans-descriptors.xml
(original)
+++ tomcat/trunk/java/org/apache/catalina/ha/session/mbeans-descriptors.xml Mon
Jan 18 13:13:35 2016
@@ -314,6 +314,14 @@
name="sessionAttributeNameFilter"
descritpion="The string pattern used for including session attributes in
replication. Null means all attributes are included."
type="java.lang.String"/>
+ <attribute
+ name="sessionAttributeValueClassNameFilter"
+ description="The regular expression used to filter session attributes
based on the implementation class of the value. The regular expression is
anchored and must match the fully qualified class name."
+ type="java.lang.String"/>
+ <attribute
+ name="warnOnSessionAttributeFilterFailure"
+ description="Should a WARN level log message be generated if a session
attribute fails to match sessionAttributeNameFilter or
sessionAttributeClassNameFilter?"
+ type="boolean"/>
<operation
name="expireSession"
description="Expired the given session"
@@ -536,6 +544,14 @@
name="sessionAttributeNameFilter"
descritpion="The string pattern used for including session attributes in
replication. Null means all attributes are included."
type="java.lang.String"/>
+ <attribute
+ name="sessionAttributeValueClassNameFilter"
+ description="The regular expression used to filter session attributes
based on the implementation class of the value. The regular expression is
anchored and must match the fully qualified class name."
+ type="java.lang.String"/>
+ <attribute
+ name="warnOnSessionAttributeFilterFailure"
+ description="Should a WARN level log message be generated if a session
attribute fails to match sessionAttributeNameFilter or
sessionAttributeClassNameFilter?"
+ type="boolean"/>
<operation
name="expireSession"
description="Expired the given session"
Modified: tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties?rev=1725263&r1=1725262&r2=1725263&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/LocalStrings.properties Mon
Jan 18 13:13:35 2016
@@ -32,6 +32,8 @@ JDBCStore.missingDataSourceName=No valid
JDBCStore.commitSQLException=SQLException committing connection before closing
managerBase.container.noop=Managers added to containers other than Contexts
will never be used
managerBase.createSession.ise=createSession: Too many active sessions
+managerBase.sessionAttributeNameFilter=Skipped session attribute named [{0}]
because it did not match the name filter [{1}]
+managerBase.sessionAttributeValueClassNameFilter=Skipped session attribute
named [{0}] because the value type [{1}] did not match the filter [{2}]
managerBase.sessionTimeout=Invalid session timeout setting {0}
standardManager.loading=Loading persisted sessions from {0}
standardManager.loading.exception=Exception while loading persisted sessions
Modified: tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java?rev=1725263&r1=1725262&r2=1725263&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java Mon Jan 18
13:13:35 2016
@@ -203,6 +203,10 @@ public abstract class ManagerBase extend
private Pattern sessionAttributeNamePattern;
+ private Pattern sessionAttributeValueClassNamePattern;
+
+ private boolean warnOnSessionAttributeFilterFailure;
+
// ------------------------------------------------------------- Properties
@@ -257,6 +261,86 @@ public abstract class ManagerBase extend
}
+ /**
+ * Obtain the regular expression used to filter session attribute based on
+ * the implementation class of the value. The regular expression is
anchored
+ * and must match the fully qualified class name.
+ *
+ * @return The regular expression currently used to filter class names.
+ * {@code null} means no filter is applied. If an empty string is
+ * specified then no names will match the filter and all attributes
+ * will be blocked.
+ */
+ public String getSessionAttributeValueClassNameFilter() {
+ if (sessionAttributeValueClassNamePattern == null) {
+ return null;
+ }
+ return sessionAttributeValueClassNamePattern.toString();
+ }
+
+
+ /**
+ * Provides {@link #getSessionAttributeValueClassNameFilter()} as a
+ * pre-compiled regular expression pattern.
+ *
+ * @return The pre-compiled pattern used to filter session attributes based
+ * on the implementation class name of the value. {@code null}
means
+ * no filter is applied.
+ */
+ protected Pattern getSessionAttributeValueClassNamePattern() {
+ return sessionAttributeValueClassNamePattern;
+ }
+
+
+ /**
+ * Set the regular expression to use to filter classes used for session
+ * attributes. The regular expression is anchored and must match the fully
+ * qualified class name.
+ *
+ * @param sessionAttributeValueClassNameFilter The regular expression to
use
+ * to filter session attributes based on class name. Use {@code
+ * null} if no filtering is required. If an empty string is
+ * specified then no names will match the filter and all
+ * attributes will be blocked.
+ *
+ * @throws PatternSyntaxException If the expression is not valid
+ */
+ public void setSessionAttributeValueClassNameFilter(String
sessionAttributeValueClassNameFilter)
+ throws PatternSyntaxException {
+ if (sessionAttributeValueClassNameFilter == null ||
+ sessionAttributeValueClassNameFilter.length() == 0) {
+ sessionAttributeValueClassNamePattern = null;
+ }
+ sessionAttributeValueClassNamePattern =
+ Pattern.compile(sessionAttributeValueClassNameFilter);
+ }
+
+
+ /**
+ * Should a warn level log message be generated if a session attribute is
+ * not persisted / replicated / restored.
+ *
+ * @return {@code true} if a warn level log message should be generated
+ */
+ public boolean getWarnOnSessionAttributeFilterFailure() {
+ return warnOnSessionAttributeFilterFailure;
+ }
+
+
+ /**
+ * Configure whether or not a warn level log message should be generated if
+ * a session attribute is not persisted / replicated / restored.
+ *
+ * @param warnOnSessionAttributeFilterFailure {@code true} if the
+ * warn level message should be generated
+ *
+ */
+ public void setWarnOnSessionAttributeFilterFailure(
+ boolean warnOnSessionAttributeFilterFailure) {
+ this.warnOnSessionAttributeFilterFailure =
warnOnSessionAttributeFilterFailure;
+ }
+
+
@Override
public Context getContext() {
return context;
@@ -719,10 +803,39 @@ public abstract class ManagerBase extend
@Override
public boolean willAttributeDistribute(String name, Object value) {
Pattern sessionAttributeNamePattern = getSessionAttributeNamePattern();
- if (sessionAttributeNamePattern == null) {
- return true;
+ if (sessionAttributeNamePattern != null) {
+ if (!sessionAttributeNamePattern.matcher(name).matches()) {
+ if (getWarnOnSessionAttributeFilterFailure() ||
log.isDebugEnabled()) {
+ String msg =
sm.getString("managerBase.sessionAttributeNameFilter",
+ name, sessionAttributeNamePattern);
+ if (getWarnOnSessionAttributeFilterFailure()) {
+ log.warn(msg);
+ } else {
+ log.debug(msg);
+ }
+ }
+ return false;
+ }
+ }
+
+ Pattern sessionAttributeValueClassNamePattern =
getSessionAttributeValueClassNamePattern();
+ if (value != null && sessionAttributeValueClassNamePattern != null) {
+ if (!sessionAttributeValueClassNamePattern.matcher(
+ value.getClass().getName()).matches()) {
+ if (getWarnOnSessionAttributeFilterFailure() ||
log.isDebugEnabled()) {
+ String msg =
sm.getString("managerBase.sessionAttributeValueClassNameFilter",
+ name, value.getClass().getName(),
sessionAttributeNamePattern);
+ if (getWarnOnSessionAttributeFilterFailure()) {
+ log.warn(msg);
+ } else {
+ log.debug(msg);
+ }
+ }
+ return false;
+ }
}
- return sessionAttributeNamePattern.matcher(name).matches();
+
+ return true;
}
Modified: tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml?rev=1725263&r1=1725262&r2=1725263&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/mbeans-descriptors.xml Mon
Jan 18 13:13:35 2016
@@ -132,6 +132,14 @@
descritpion="The string pattern used for including session
attributes in distribution. Null means all attributes are included."
type="java.lang.String"/>
+ <attribute name="sessionAttributeValueClassNameFilter"
+ description="The regular expression used to filter session
attributes based on the implementation class of the value. The regular
expression is anchored and must match the fully qualified class name."
+ type="java.lang.String"/>
+
+ <attribute name="warnOnSessionAttributeFilterFailure"
+ description="Should a WARN level log message be generated if a
session attribute fails to match sessionAttributeNameFilter or
sessionAttributeClassNameFilter?"
+ type="boolean"/>
+
<operation name="backgroundProcess"
description="Invalidate all sessions that have expired."
impact="ACTION"
@@ -319,6 +327,14 @@
descritpion="The string pattern used for including session
attributes in distribution. Null means all attributes are included."
type="java.lang.String"/>
+ <attribute name="sessionAttributeValueClassNameFilter"
+ description="The regular expression used to filter session
attributes based on the implementation class of the value. The regular
expression is anchored and must match the fully qualified class name."
+ type="java.lang.String"/>
+
+ <attribute name="warnOnSessionAttributeFilterFailure"
+ description="Should a WARN level log message be generated if a
session attribute fails to match sessionAttributeNameFilter or
sessionAttributeClassNameFilter?"
+ type="boolean"/>
+
<operation name="backgroundProcess"
description="Invalidate all sessions that have expired."
impact="ACTION"
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1725263&r1=1725262&r2=1725263&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jan 18 13:13:35 2016
@@ -207,6 +207,13 @@
well as unload to ensure that configuration changes made while the web
application is stopped are applied to any persisted data. (markt)
</add>
+ <add>
+ Extend the session attribute filtering options to include filtering
+ based on the implementation class of the value and optional
+ <code>WARN</code> level logging if an attribute is filtered. These
+ options are avaialble for all of the Manager implementations that ship
+ with Tomcat. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/trunk/webapps/docs/config/cluster-manager.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cluster-manager.xml?rev=1725263&r1=1725262&r2=1725263&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/cluster-manager.xml (original)
+++ tomcat/trunk/webapps/docs/config/cluster-manager.xml Mon Jan 18 13:13:35
2016
@@ -77,17 +77,6 @@
when session attributes are being replicated or removed across Tomcat
nodes in the cluster.
</attribute>
- <attribute name="sessionAttributeNameFilter" required="false">
- A regular expression used to filter which session attributes will be
- replicated. An attribute will only be replicated if its name matches
- this pattern. If the pattern is zero length or <code>null</code>, all
- attributes are eligible for replication. The pattern is anchored so the
- session attribute name must fully match the pattern. As an example, the
- value <code>(userName|sessionHistory)</code> will only replicate the
- two session attributes named <code>userName</code> and
- <code>sessionHistory</code>. If not specified, the default value of
- <code>null</code> will be used.
- </attribute>
<attribute name="maxInactiveInterval" required="false">
<p>The initial maximum time interval, in seconds,
between client requests before a session is invalidated. A negative
value
@@ -184,6 +173,26 @@
effective only when <code>sendAllSessions</code> is <code>false</code>.
Default is <code>2000</code> milliseconds.
</attribute>
+ <attribute name="sessionAttributeNameFilter" required="false">
+ <p>A regular expression used to filter which session attributes will be
+ replicated. An attribute will only be replicated if its name matches
+ this pattern. If the pattern is zero length or <code>null</code>, all
+ attributes are eligible for replication. The pattern is anchored so the
+ session attribute name must fully match the pattern. As an example, the
+ value <code>(userName|sessionHistory)</code> will only replicate the
+ two session attributes named <code>userName</code> and
+ <code>sessionHistory</code>. If not specified, the default value of
+ <code>null</code> will be used.</p>
+ </attribute>
+ <attribute name="sessionAttributeValueClassNameFilter" required="false">
+ <p>A regular expression used to filter which session attributes will be
+ replicated. An attribute will only be replicated if the implementation
+ class name of the value matches this pattern. If the pattern is zero
+ length or <code>null</code>, all attributes are eligible for
+ replication. The pattern is anchored so the fully qualified class name
+ must fully match the pattern. If not specified, the default value of
+ <code>null</code> will be used.</p>
+ </attribute>
<attribute name="stateTimestampDrop" required="false">
When this node sends a <code>GET_ALL_SESSIONS</code> message to other
node, all session messages that are received as a response are queued.
@@ -195,6 +204,14 @@
If set to <code>false</code>, all queued session messages are handled.
Default is <code>true</code>.
</attribute>
+ <attribute name="warnOnSessionAttributeFilterFailure" required="false">
+ <p>If <strong>sessionAttributeNameFilter</strong> or
+ <strong>sessionAttributeValueClassNameFilter</strong> blocks an
+ attribute, should this be logged at <code>WARN</code> level? If
+ <code>WARN</code> level logging is disabled then it will be logged at
+ <code>DEBUG</code>. The default value of this attribute is
+ <code>false</code>.</p>
+ </attribute>
</attributes>
</subsection>
<subsection name="org.apache.catalina.ha.session.BackupManager Attributes">
@@ -218,6 +235,26 @@
another map.
Default value is <code>15000</code> milliseconds.
</attribute>
+ <attribute name="sessionAttributeNameFilter" required="false">
+ <p>A regular expression used to filter which session attributes will be
+ replicated. An attribute will only be replicated if its name matches
+ this pattern. If the pattern is zero length or <code>null</code>, all
+ attributes are eligible for replication. The pattern is anchored so the
+ session attribute name must fully match the pattern. As an example, the
+ value <code>(userName|sessionHistory)</code> will only replicate the
+ two session attributes named <code>userName</code> and
+ <code>sessionHistory</code>. If not specified, the default value of
+ <code>null</code> will be used.</p>
+ </attribute>
+ <attribute name="sessionAttributeValueClassNameFilter" required="false">
+ <p>A regular expression used to filter which session attributes will be
+ replicated. An attribute will only be replicated if the implementation
+ class name of the value matches this pattern. If the pattern is zero
+ length or <code>null</code>, all attributes are eligible for
+ replication. The pattern is anchored so the fully qualified class name
+ must fully match the pattern. If not specified, the default value of
+ <code>null</code> will be used.</p>
+ </attribute>
<attribute name="terminateOnStartFailure" required="false">
Set to true if you wish to terminate replication map when replication
map fails to start. If replication map is terminated, associated
context
@@ -225,6 +262,14 @@
does not end. It will try to join the map membership in the heartbeat.
Default value is <code>false</code> .
</attribute>
+ <attribute name="warnOnSessionAttributeFilterFailure" required="false">
+ <p>If <strong>sessionAttributeNameFilter</strong> or
+ <strong>sessionAttributeValueClassNameFilter</strong> blocks an
+ attribute, should this be logged at <code>WARN</code> level? If
+ <code>WARN</code> level logging is disabled then it will be logged at
+ <code>DEBUG</code>. The default value of this attribute is
+ <code>false</code>.</p>
+ </attribute>
</attributes>
</subsection>
</section>
Modified: tomcat/trunk/webapps/docs/config/manager.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/manager.xml?rev=1725263&r1=1725262&r2=1725263&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/manager.xml (original)
+++ tomcat/trunk/webapps/docs/config/manager.xml Mon Jan 18 13:13:35 2016
@@ -167,7 +167,7 @@
</attribute>
<attribute name="sessionAttributeNameFilter" required="false">
- A regular expression used to filter which session attributes will be
+ <p>A regular expression used to filter which session attributes will be
distributed. An attribute will only be distributed if its name matches
this pattern. If the pattern is zero length or <code>null</code>, all
attributes are eligible for distribution. The pattern is anchored so
the
@@ -175,7 +175,26 @@
value <code>(userName|sessionHistory)</code> will only distribute the
two session attributes named <code>userName</code> and
<code>sessionHistory</code>. If not specified, the default value of
- <code>null</code> will be used.
+ <code>null</code> will be used.</p>
+ </attribute>
+
+ <attribute name="sessionAttributeValueClassNameFilter" required="false">
+ <p>A regular expression used to filter which session attributes will be
+ distributed. An attribute will only be distributed if the
implementation
+ class name of the value matches this pattern. If the pattern is zero
+ length or <code>null</code>, all attributes are eligible for
+ distribution. The pattern is anchored so the fully qualified class name
+ must fully match the pattern. If not specified, the default value of
+ <code>null</code> will be used.</p>
+ </attribute>
+
+ <attribute name="warnOnSessionAttributeFilterFailure" required="false">
+ <p>If <strong>sessionAttributeNameFilter</strong> or
+ <strong>sessionAttributeValueClassNameFilter</strong> blocks an
+ attribute, should this be logged at <code>WARN</code> level? If
+ <code>WARN</code> level logging is disabled then it will be logged at
+ <code>DEBUG</code>. The default value of this attribute is
+ <code>false</code>.</p>
</attribute>
</attributes>
@@ -266,8 +285,9 @@
<code>org.apache.catalina.session.StandardManager</code> class.
</p>
</attribute>
+
<attribute name="sessionAttributeNameFilter" required="false">
- A regular expression used to filter which session attributes will be
+ <p>A regular expression used to filter which session attributes will be
distributed. An attribute will only be distributed if its name matches
this pattern. If the pattern is zero length or <code>null</code>, all
attributes are eligible for distribution. The pattern is anchored so
the
@@ -275,7 +295,26 @@
value <code>(userName|sessionHistory)</code> will only distribute the
two session attributes named <code>userName</code> and
<code>sessionHistory</code>. If not specified, the default value of
- <code>null</code> will be used.
+ <code>null</code> will be used.</p>
+ </attribute>
+
+ <attribute name="sessionAttributeValueClassNameFilter" required="false">
+ <p>A regular expression used to filter which session attributes will be
+ distributed. An attribute will only be distributed if the
implementation
+ class name of the value matches this pattern. If the pattern is zero
+ length or <code>null</code>, all attributes are eligible for
+ distribution. The pattern is anchored so the fully qualified class name
+ must fully match the pattern. If not specified, the default value of
+ <code>null</code> will be used.</p>
+ </attribute>
+
+ <attribute name="warnOnSessionAttributeFilterFailure" required="false">
+ <p>If <strong>sessionAttributeNameFilter</strong> or
+ <strong>sessionAttributeValueClassNameFilter</strong> blocks an
+ attribute, should this be logged at <code>WARN</code> level? If
+ <code>WARN</code> level logging is disabled then it will be logged at
+ <code>DEBUG</code>. The default value of this attribute is
+ <code>false</code>.</p>
</attribute>
</attributes>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
