[
https://issues.apache.org/jira/browse/GEODE-8217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17136222#comment-17136222
]
ASF GitHub Bot commented on GEODE-8217:
---------------------------------------
DonalEvans commented on a change in pull request #5225:
URL: https://github.com/apache/geode/pull/5225#discussion_r440530600
##########
File path:
extensions/geode-modules-test/src/main/java/org/apache/geode/modules/session/catalina/DeltaSessionJUnitTest.java
##########
@@ -195,6 +199,65 @@ public void serializeReturnsSerializedObject() throws
IOException {
assertThat(result).isEqualTo(serializedObj);
}
+ @Test
+ public void setDeserializedAttributesValueInvokesGetAttribute() {
+ when(manager.getPreferDeserializedForm()).thenReturn(true);
+ DeltaSession session = spy(new DeltaSession(manager));
+ String attributeName = "name";
Review comment:
This string is already defined as a field in the class, so may not need
to be defined again here.
##########
File path:
extensions/geode-modules-test/src/main/java/org/apache/geode/modules/session/catalina/callback/SessionExpirationCacheListenerJUnitTest.java
##########
@@ -41,4 +44,20 @@ public void
TestAfterDestroyProcessesSessionExpiredByGemfire() {
verify(session).processExpired();
}
+
+ @Test
+ public void TestAfterDestroyProcessesSessionDestroyed() {
Review comment:
This method name should start with a lower-case t.
##########
File path:
extensions/geode-modules-test/src/main/java/org/apache/geode/modules/session/catalina/DeltaSessionJUnitTest.java
##########
@@ -195,6 +199,65 @@ public void serializeReturnsSerializedObject() throws
IOException {
assertThat(result).isEqualTo(serializedObj);
}
+ @Test
+ public void setDeserializedAttributesValueInvokesGetAttribute() {
+ when(manager.getPreferDeserializedForm()).thenReturn(true);
+ DeltaSession session = spy(new DeltaSession(manager));
+ String attributeName = "name";
+ List<String> attributeList = new ArrayList<>();
+ attributeList.add(attributeName);
+ Enumeration<String> attributeNames =
Collections.enumeration(attributeList);
+ doReturn(attributeNames).when(session).getAttributeNames();
+ doReturn(new Object()).when(session).getAttribute(attributeName, false);
+
+ session.setDeserializedAttributesValue();
+
+ verify(session).getAttribute(attributeName, false);
+ }
+
+ @Test
+ public void
setDeserializedAttributesValueNotInvokeGetAttributeIfNotPreferDeserializedForm()
{
+ when(manager.getPreferDeserializedForm()).thenReturn(false);
+ DeltaSession session = spy(new DeltaSession(manager));
+ String attributeName = "name";
Review comment:
This string is already defined as a field in the class, so may not need
to be defined again here.
##########
File path:
extensions/geode-modules-test/src/main/java/org/apache/geode/modules/session/catalina/DeltaSessionJUnitTest.java
##########
@@ -195,6 +199,65 @@ public void serializeReturnsSerializedObject() throws
IOException {
assertThat(result).isEqualTo(serializedObj);
}
+ @Test
+ public void setDeserializedAttributesValueInvokesGetAttribute() {
+ when(manager.getPreferDeserializedForm()).thenReturn(true);
+ DeltaSession session = spy(new DeltaSession(manager));
+ String attributeName = "name";
+ List<String> attributeList = new ArrayList<>();
+ attributeList.add(attributeName);
Review comment:
This can be replaced with:
`Collection<String> attributeList = Collections.singelton(attributeName);`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Geode session replication could leak internal serialized bytes during
> HttpSessionAttributeListener invocation even when preferDeserializedForm is
> set to true
> -------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: GEODE-8217
> URL: https://issues.apache.org/jira/browse/GEODE-8217
> Project: Geode
> Issue Type: Bug
> Components: http session
> Reporter: Eric Shu
> Assignee: Eric Shu
> Priority: Major
> Labels: caching-applications
>
> When preferDeserializedForm is set to true (default value), session object
> should not contain serialized byte in the cache. However, the following
> exception shows that product leaks the serialized bytes.
> {noformat}
> Jun 02, 2020 3:31:58 PM org.apache.catalina.session.StandardSession
> setAttribute
> SEVERE: Session attribute event listener threw exception
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> at
> org.apache.geode.modules.session.AccessAttributeValueListener.attributeReplaced(AccessAttributeValueListener.java:34)
> at
> org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1482)
> at
> org.apache.geode.modules.session.catalina.DeltaSession.setAttribute(DeltaSession.java:262)
> at
> org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1385)
> at
> org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:137)
> at
> org.apache.geode.modules.session.catalina.DeltaSessionFacade.setAttribute(DeltaSessionFacade.java:49)
> at
> org.apache.geode.modules.session.CommandServlet.doGet(CommandServlet.java:64)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at
> org.apache.geode.modules.session.catalina.CommitSessionValve.invoke(CommitSessionValve.java:47)
> at
> org.apache.geode.modules.session.catalina.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:45)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
> Please note if preferDeserializedForm is set to false, this issue could still
> exist, unless HttpSessionBindingEvent.getValue() is not being accessed by the
> application. Otherwise, user should set preferDeserializedForm to true to
> avoid this issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
