[Bug 64023] New: Session serialization does not support values that (de)serialize to null

Fri, 20 Dec 2019 04:51:28 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=64023

            Bug ID: 64023
           Summary: Session serialization does not support values that
                    (de)serialize to null
           Product: Tomcat 9
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Cluster
          Assignee: dev@tomcat.apache.org
          Reporter: apa...@nospam.obeliks.de
  Target Milestone: -----

For caching purposes, we put some attributes in the session that are not
supposed to be distributed to backup nodes. We wanted to keep the webapp
distributable, and exclude these values explicitly from serialization, by
wrapping them in a serialization proxy that serializes to null (using
writeReplace).

While null values in the session are excluded from serialization in the first
place, null values returned from deserialization cause a NullPointerException
when the object is put into the ConcurrentHashMap:

> java.lang.NullPointerException
>         at 
> java.base/java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1011)
>         at 
> java.base/java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1006)
>         at 
> org.apache.catalina.ha.session.DeltaSession.doReadObject(DeltaSession.java:849)
>         at 
> org.apache.catalina.ha.session.DeltaSession.readObjectData(DeltaSession.java:618)
>         at 
> org.apache.catalina.ha.session.DeltaSession.readExternal(DeltaSession.java:593)
>         at 
> java.base/java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:2136)
>         at 
> java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2085)
>         at 
> java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1594)
>         at 
> java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:430)
>         at 
> org.apache.catalina.tribes.io.XByteBuffer.deserialize(XByteBuffer.java:560)
>         at 
> org.apache.catalina.tribes.tipis.AbstractReplicatedMap$MapMessage.value(AbstractReplicatedMap.java:1507)
>         at 
> org.apache.catalina.tribes.tipis.AbstractReplicatedMap$MapMessage.deserialize(AbstractReplicatedMap.java:1465)
>         at 
> org.apache.catalina.tribes.tipis.AbstractReplicatedMap.messageReceived(AbstractReplicatedMap.java:663)
>         at 
> org.apache.catalina.tribes.group.GroupChannel.messageReceived(GroupChannel.java:336)
>         at 
> org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:91)
>         at 
> org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.messageReceived(TcpFailureDetector.java:117)
>         at 
> org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:91)
>         at 
> org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:91)
>         at 
> org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor.messageReceived(ThroughputInterceptor.java:86)
>         at 
> org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:91)
>         at 
> org.apache.catalina.tribes.group.ChannelCoordinator.messageReceived(ChannelCoordinator.java:274)
>         at 
> org.apache.catalina.tribes.transport.ReceiverBase.messageDataReceived(ReceiverBase.java:261)
>         at 
> org.apache.catalina.tribes.transport.nio.NioReplicationTask.drainChannel(NioReplicationTask.java:213)
>         at 
> org.apache.catalina.tribes.transport.nio.NioReplicationTask.run(NioReplicationTask.java:101)
>         at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>         at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>         at java.base/java.lang.Thread.run(Thread.java:834)

While this might be an unconventional solution, it should be possible to have
null values in the object stream. A simple null-check after deserialization (in
both DeltaSession and StandardSession) looks sufficient.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to