The fix for BZ 57338 (SSO + cluster) ended up making some fairly
invasive changes so that the implementation was sensible. I'd like to
discuss which - if any - of these changes we'd be happy to back-port to
Tomcat 8 and Tomcat 7.
[1] Make GenericPrincipal Serializable
I don't see any harm in back-porting this.

[2] Remove SerializablePrincipal from the cluster implementation
This isn't necessary but is it a nice clean-up that is possible because
of [1]. I'm thinking back-port to 8.0.x only. It depends if
SerializablePrincipal is considered part of the API or an implementation
detail.

[3] Switch to ConcurrentHashMap and remove syncs
I don't see any harm in back-porting this.

[4] Remove lookup() method
This changes the API and is not necessary so I think we leave this as is.

[5] Move sync to method
I don't see any harm in back-porting this.

[6] Make SSO Maps non-final
This is essential to facilitate the fix so it has to be back-ported.

[7] Switch to ReplicatedMap
This changes the ClusterSSO API is essential to facilitate the fix so it
has to be back-ported.

[8] Remove Session from SSO Maps
This changes the SSO API but it is essential to facilitate the fix so it
has to be back-ported.

[9] Make SingleSignOnEntry Serializable
I don't see any harm in back-porting this.

[A] Logging TODOs
I don't see any harm in back-porting this.

In summary, patches [7] and [8] look to be the ones that need the most
careful consideration followed by [2].

Thoughts?

Mark


[1] http://svn.apache.org/r1645953
[2] http://svn.apache.org/r1645955
[3] http://svn.apache.org/r1646099
[4] http://svn.apache.org/r1646100
[5] http://svn.apache.org/r1646101
[6] http://svn.apache.org/r1646102
[7] http://svn.apache.org/r1646103
[8] http://svn.apache.org/r1646104
[9] http://svn.apache.org/r1646105
[A] http://svn.apache.org/r1646106

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to