The fix for BZ 57338 (SSO + cluster) ended up making some fairly invasive changes so that the implementation was sensible. I'd like to discuss which - if any - of these changes we'd be happy to back-port to Tomcat 8 and Tomcat 7.
[1] Make GenericPrincipal Serializable I don't see any harm in back-porting this. [2] Remove SerializablePrincipal from the cluster implementation This isn't necessary but is it a nice clean-up that is possible because of [1]. I'm thinking back-port to 8.0.x only. It depends if SerializablePrincipal is considered part of the API or an implementation detail. [3] Switch to ConcurrentHashMap and remove syncs I don't see any harm in back-porting this. [4] Remove lookup() method This changes the API and is not necessary so I think we leave this as is. [5] Move sync to method I don't see any harm in back-porting this. [6] Make SSO Maps non-final This is essential to facilitate the fix so it has to be back-ported. [7] Switch to ReplicatedMap This changes the ClusterSSO API is essential to facilitate the fix so it has to be back-ported. [8] Remove Session from SSO Maps This changes the SSO API but it is essential to facilitate the fix so it has to be back-ported. [9] Make SingleSignOnEntry Serializable I don't see any harm in back-porting this. [A] Logging TODOs I don't see any harm in back-porting this. In summary, patches [7] and [8] look to be the ones that need the most careful consideration followed by [2]. Thoughts? Mark [1] http://svn.apache.org/r1645953 [2] http://svn.apache.org/r1645955 [3] http://svn.apache.org/r1646099 [4] http://svn.apache.org/r1646100 [5] http://svn.apache.org/r1646101 [6] http://svn.apache.org/r1646102 [7] http://svn.apache.org/r1646103 [8] http://svn.apache.org/r1646104 [9] http://svn.apache.org/r1646105 [A] http://svn.apache.org/r1646106 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org