On 27/10/2013 21:14, Bob DeRemer wrote: > Potential Bug? > ============ > > I [think] there may be a problem in Tomcat's static > UpgradeUtil.doUpgrade logic when handling concurrent > connection/upgrade requests that rely on a custom > ServerEndpointConfig.Configurator.modifyHandshake to grab > [per-upgrade-request] client header values and inject them into the > wsSession that is being created. > > Specifically, the static doUpgrade does not appear to make a copy of > the ServerEndpointConfig before calling modifyHandshake. As a > result, any per-connection headers the Configurator may grab and put > in the ServerEndpointConfig.UserProperties map will be overwritten by > the last upgrade request that occurs before the upgrade logic creates > the new wsSession in the WsHttpUpgradeHandler.init call.
I've looked through the specification, the Javadoc and the EG archives and I can't find any justification for the copying of ServerEndpointConfig.userProperties to Session.userProperties > I am able to replicate this very easily by using the following server > configurator code. By making concurrent websocket connect requests > that place a unique "client-id" in the upgrade request headers, then > grabbing that "client-id" property using the code below, ALL > websocket sessions that get created will have the last "client-id" > header value that came in concurrently. <snip/> > Based on chapter 3 of the JSR-356 API document, the actual websocket > handshake process defined in the websocket spec, Hmm. I don't see any justification for the current behaviour in these documents > and the online > description of the process in this stackoverflow link > (http://stackoverflow.com/questions/17936440/accessing-httpsession-from-httpservletrequest-in-a-web-socket-socketendpoint/17994303#17994303), > it appears that we should be able to pass per-client information in > the upgrade headers and we should be able to get them into the > endpoint INSTANCE's Session user properties. I don't see any justification for this position either. However, I do think that it is correct. I'll update Tomcat's implementation to align with Jetty's. I also opened https://java.net/jira/browse/WEBSOCKET_SPEC-215 > If this is a bug, please confirm and I will create a bugzilla entry, > as it is very important that that we be able to do what I've > described above. It isn't a bug. It is a bug / grey area / whatever in the spec. If you do create this, please also include the reference to WEBSOCKET_SPEC-215. I'm going to start work on updating Tomcat just as soon as I finish typing this. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
