date:20200514

[Bug 64415] Error in slow query report - Comparison method violates its general contract!

2020-05-14 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=64415

Craig Webb  changed:

   What|Removed |Added

 CC||c.w...@crossflight.com

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] 02/02: Avoid waste of resources due to reconstruction of objects

2020-05-14 Thread Mark Thomas

On 13/05/2020 23:57, Rémy Maucherat wrote:
> On Thu, May 14, 2020 at 12:20 AM Mark Thomas  > wrote:
> 
> On 13/05/2020 19:23, Rémy Maucherat wrote:
> > On Mon, May 4, 2020 at 4:43 PM  
> > >> wrote:
> >
> >     This is an automated email from the ASF dual-hosted git
> repository.
> >
> >     markt pushed a commit to branch master
> >     in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >     commit 1719b71374d57d59bdcd99537bf13348cdaf87c7
> >     Author: KangZhiDong    >>
> >     AuthorDate: Sat Apr 25 01:30:47 2020 +0800
> >
> >         Avoid waste of resources due to reconstruction of objects
> >     ---
> >      .../apache/catalina/core/ApplicationContext.java   |  2 +-
> >      .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
> >      .../catalina/session/PersistentManagerBase.java    |  2 +-
> >      .../catalina/valves/rewrite/RewriteCond.java       |  2 +-
> >      .../catalina/valves/rewrite/RewriteRule.java       |  4 ++--
> >      .../catalina/valves/rewrite/RewriteValve.java      |  2 +-
> >      java/org/apache/juli/ClassLoaderLogManager.java    |  2 +-
> >      test/org/apache/catalina/valves/Benchmarks.java    | 26
> >     +++---
> >      8 files changed, 21 insertions(+), 21 deletions(-)
> >
> >
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=64432
> > Ok, so this looked like very fishy savings. It turns out each object
> > instance may want to have its own thread local. IMO that's the
> case for
> > nearly all the classes above, and either way it's probably not a good
> > idea to take any chances.
> > I think this should be reverted.
> 
> I went through each of these in turn and checked that a static
> ThreadLocal was safe to use. What do you think I missed?
> 
> 
> I used the testcases and verified the patch from the BZ:
> https://bz.apache.org/bugzilla/attachment.cgi?id=37241
> The static thread local would mean all rules are sharing the pattern of
> the first rule.
> 
> So overall: this optimization using static thread locals sounds
> dangerous as it could lead to hard to find bugs later on as soon as
> there are two or more instances of an object. So I'd prefer passing on
> it, even if it would be acceptable in some cases.

Fair enough. If I missed something in one place, it is possible I missed
it elsewhere. I'll revert.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Revert "Fix IDE warnings"

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 2ce13618e9deb09ba025bfbfcf7767bdc4f81d9d
Author: Mark Thomas 
AuthorDate: Thu May 14 09:39:14 2020 +0100

Revert "Fix IDE warnings"

This reverts commit 4efa2eca68bb64996eac03ac139453d692621183.
---
 java/org/apache/catalina/valves/rewrite/RewriteRule.java | 4 ++--
 java/org/apache/juli/ClassLoaderLogManager.java  | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/catalina/valves/rewrite/RewriteRule.java 
b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
index efdb8ac..0aa96de 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteRule.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
@@ -86,7 +86,7 @@ public class RewriteRule {
  * @return null if no rewrite took place
  */
 public CharSequence evaluate(CharSequence url, Resolver resolver) {
-Pattern pattern = RewriteRule.pattern.get();
+Pattern pattern = this.pattern.get();
 if (pattern == null) {
 // Parse the pattern
 int flags = 0;
@@ -94,7 +94,7 @@ public class RewriteRule {
 flags |= Pattern.CASE_INSENSITIVE;
 }
 pattern = Pattern.compile(patternString, flags);
-RewriteRule.pattern.set(pattern);
+this.pattern.set(pattern);
 }
 Matcher matcher = pattern.matcher(url);
 // Use XOR
diff --git a/java/org/apache/juli/ClassLoaderLogManager.java 
b/java/org/apache/juli/ClassLoaderLogManager.java
index c907056..cf3ad4c 100644
--- a/java/org/apache/juli/ClassLoaderLogManager.java
+++ b/java/org/apache/juli/ClassLoaderLogManager.java
@@ -277,7 +277,7 @@ public class ClassLoaderLogManager extends LogManager {
 return null;
 }
 
-String prefix = ClassLoaderLogManager.prefix.get();
+String prefix = this.prefix.get();
 String result = null;
 
 // If a prefix is defined look for a prefixed property first
@@ -595,13 +595,13 @@ public class ClassLoaderLogManager extends LogManager {
 }
 }
 try {
-ClassLoaderLogManager.prefix.set(prefix);
+this.prefix.set(prefix);
 Handler handler = (Handler) classLoader.loadClass(
 handlerClassName).getConstructor().newInstance();
 // The specification strongly implies all configuration 
should be done
 // during the creation of the handler object.
 // This includes setting level, filter, formatter and 
encoding.
-ClassLoaderLogManager.prefix.set(null);
+this.prefix.set(null);
 info.handlers.put(handlerName, handler);
 if (rootHandlers == null) {
 localRootLogger.addHandler(handler);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Revert "Avoid waste of resources due to reconstruction of objects"

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0b0e67900af6aa8882f69765b4dd2cc58e3b95e6
Author: Mark Thomas 
AuthorDate: Thu May 14 09:39:22 2020 +0100

Revert "Avoid waste of resources due to reconstruction of objects"

This reverts commit 1719b71374d57d59bdcd99537bf13348cdaf87c7.
---
 .../apache/catalina/core/ApplicationContext.java   |  2 +-
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../catalina/session/PersistentManagerBase.java|  2 +-
 .../catalina/valves/rewrite/RewriteCond.java   |  2 +-
 .../catalina/valves/rewrite/RewriteRule.java   |  4 ++--
 .../catalina/valves/rewrite/RewriteValve.java  |  2 +-
 java/org/apache/juli/ClassLoaderLogManager.java|  2 +-
 test/org/apache/catalina/valves/Benchmarks.java| 26 +++---
 8 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationContext.java 
b/java/org/apache/catalina/core/ApplicationContext.java
index 004055a..61981e5 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -171,7 +171,7 @@ public class ApplicationContext implements ServletContext {
 /**
  * Thread local data used during request dispatch.
  */
-private static final ThreadLocal dispatchData = new 
ThreadLocal<>();
+private final ThreadLocal dispatchData = new ThreadLocal<>();
 
 
 /**
diff --git a/java/org/apache/catalina/ha/tcp/ReplicationValve.java 
b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
index 8cd73b9..144dbbb 100644
--- a/java/org/apache/catalina/ha/tcp/ReplicationValve.java
+++ b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
@@ -85,7 +85,7 @@ public class ReplicationValve
 /**
  * crossContext session container
  */
-protected static final ThreadLocal> 
crossContextSessions =
+protected final ThreadLocal> crossContextSessions =
 new ThreadLocal<>() ;
 
 /**
diff --git a/java/org/apache/catalina/session/PersistentManagerBase.java 
b/java/org/apache/catalina/session/PersistentManagerBase.java
index 1fd08be..9f52c44 100644
--- a/java/org/apache/catalina/session/PersistentManagerBase.java
+++ b/java/org/apache/catalina/session/PersistentManagerBase.java
@@ -188,7 +188,7 @@ public abstract class PersistentManagerBase extends 
ManagerBase
  * Session that is currently getting swapped in to prevent loading it more
  * than once concurrently
  */
-private static final ThreadLocal sessionToSwapIn = new 
ThreadLocal<>();
+private final ThreadLocal sessionToSwapIn = new ThreadLocal<>();
 
 
 // - Properties
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteCond.java 
b/java/org/apache/catalina/valves/rewrite/RewriteCond.java
index a980d81..47a904c 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteCond.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteCond.java
@@ -28,7 +28,7 @@ public class RewriteCond {
 
 public static class PatternCondition extends Condition {
 public Pattern pattern;
-private static ThreadLocal matcher = new ThreadLocal<>();
+private ThreadLocal matcher = new ThreadLocal<>();
 
 @Override
 public boolean evaluate(String value, Resolver resolver) {
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteRule.java 
b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
index 0aa96de..833a12c 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteRule.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
@@ -26,7 +26,7 @@ public class RewriteRule {
 
 protected RewriteCond[] conditions = new RewriteCond[0];
 
-protected static ThreadLocal pattern = new ThreadLocal<>();
+protected ThreadLocal pattern = new ThreadLocal<>();
 protected Substitution substitution = null;
 
 protected String patternString = null;
@@ -186,7 +186,7 @@ public class RewriteRule {
 protected boolean cookieSecure = false;
 protected boolean cookieHttpOnly = false;
 protected Substitution cookieSubstitution = null;
-protected static ThreadLocal cookieResult = new ThreadLocal<>();
+protected ThreadLocal cookieResult = new ThreadLocal<>();
 
 /**
  *  This forces a request attribute named VAR to be set to the value VAL,
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java 
b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
index 9025293..20d8ba0 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
@@ -77,7 +77,7 @@ public class RewriteValve extends ValveBase {
 /**
  * If rewriting occurs, the whole request will be processed again.
  */
-protected static ThreadLocal

[tomcat] 03/03: Fix BZ 64432. Refactoring broke multi-line rewrite rules

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 344a00f5cf423d2ce30ceaf13c28cc7e5b13dde8
Author: Mark Thomas 
AuthorDate: Thu May 14 09:41:10 2020 +0100

Fix BZ 64432. Refactoring broke multi-line rewrite rules

Patch provided by Jj. Also includes previous 2 commits that revert the
refactoring.
---
 test/org/apache/catalina/valves/rewrite/TestRewriteValve.java | 9 +
 webapps/docs/changelog.xml| 9 +
 2 files changed, 18 insertions(+)

diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java 
b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
index 29c2961..134f45a 100644
--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -605,6 +605,15 @@ public class TestRewriteValve extends TomcatBaseTest {
 doTestRewrite("RewriteRule !^/c/.* /b/", "/c/d", "/c/d");
 }
 
+@Test
+public void testMultiLine001() throws Exception {
+doTestRewrite("RewriteRule /dummy /anotherDummy [L]\nRewriteRule ^/a 
/c [L]", "/a", "/c");
+}
+
+@Test
+public void testMultiLine002() throws Exception {
+doTestRewrite("RewriteRule /dummy /a\nRewriteRule /a /c [L]", 
"/dummy", "/c");
+}
 
 private void doTestRewrite(String config, String request, String 
expectedURI) throws Exception {
 doTestRewrite(config, request, expectedURI, null);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 73549a4..8171ca3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,15 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+64432: Correct a refactoring regression that broke handling
+of multi-line configuration in the RewriteValve. Patch provided by Jj.
+(markt)
+  
+
+  
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (43b10e3 -> 344a00f)

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 43b10e3  Revert
 new 2ce1361  Revert "Fix IDE warnings"
 new 0b0e679  Revert "Avoid waste of resources due to reconstruction of 
objects"
 new 344a00f  Fix BZ 64432. Refactoring broke multi-line rewrite rules

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/core/ApplicationContext.java   |  2 +-
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../catalina/session/PersistentManagerBase.java|  2 +-
 .../catalina/valves/rewrite/RewriteCond.java   |  2 +-
 .../catalina/valves/rewrite/RewriteRule.java   |  8 +++
 .../catalina/valves/rewrite/RewriteValve.java  |  2 +-
 java/org/apache/juli/ClassLoaderLogManager.java|  8 +++
 test/org/apache/catalina/valves/Benchmarks.java| 26 +++---
 .../catalina/valves/rewrite/TestRewriteValve.java  |  9 
 webapps/docs/changelog.xml |  9 
 10 files changed, 44 insertions(+), 26 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated (c0796a1 -> 912e1b6)

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from c0796a1  Revert
 new 9cbe7c6  Revert "Fix IDE warnings"
 new a0f8fce  Revert "Avoid waste of resources due to reconstruction of 
objects"
 new 912e1b6  Fix BZ 64432. Refactoring broke multi-line rewrite rules

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/core/ApplicationContext.java   |  2 +-
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../catalina/session/PersistentManagerBase.java|  2 +-
 .../catalina/valves/rewrite/RewriteCond.java   |  2 +-
 .../catalina/valves/rewrite/RewriteRule.java   |  8 +++
 .../catalina/valves/rewrite/RewriteValve.java  |  2 +-
 java/org/apache/juli/ClassLoaderLogManager.java|  8 +++
 test/org/apache/catalina/valves/Benchmarks.java| 26 +++---
 .../catalina/valves/rewrite/TestRewriteValve.java  |  9 
 webapps/docs/changelog.xml |  9 
 10 files changed, 44 insertions(+), 26 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Revert "Fix IDE warnings"

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 9cbe7c67e84d4641dc8634db857d078be905b814
Author: Mark Thomas 
AuthorDate: Thu May 14 10:04:42 2020 +0100

Revert "Fix IDE warnings"

This reverts commit e8c721a121d75f8ace7e5975f00d9adde6035c18.
---
 java/org/apache/catalina/valves/rewrite/RewriteRule.java | 4 ++--
 java/org/apache/juli/ClassLoaderLogManager.java  | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/catalina/valves/rewrite/RewriteRule.java 
b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
index efdb8ac..0aa96de 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteRule.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
@@ -86,7 +86,7 @@ public class RewriteRule {
  * @return null if no rewrite took place
  */
 public CharSequence evaluate(CharSequence url, Resolver resolver) {
-Pattern pattern = RewriteRule.pattern.get();
+Pattern pattern = this.pattern.get();
 if (pattern == null) {
 // Parse the pattern
 int flags = 0;
@@ -94,7 +94,7 @@ public class RewriteRule {
 flags |= Pattern.CASE_INSENSITIVE;
 }
 pattern = Pattern.compile(patternString, flags);
-RewriteRule.pattern.set(pattern);
+this.pattern.set(pattern);
 }
 Matcher matcher = pattern.matcher(url);
 // Use XOR
diff --git a/java/org/apache/juli/ClassLoaderLogManager.java 
b/java/org/apache/juli/ClassLoaderLogManager.java
index c907056..cf3ad4c 100644
--- a/java/org/apache/juli/ClassLoaderLogManager.java
+++ b/java/org/apache/juli/ClassLoaderLogManager.java
@@ -277,7 +277,7 @@ public class ClassLoaderLogManager extends LogManager {
 return null;
 }
 
-String prefix = ClassLoaderLogManager.prefix.get();
+String prefix = this.prefix.get();
 String result = null;
 
 // If a prefix is defined look for a prefixed property first
@@ -595,13 +595,13 @@ public class ClassLoaderLogManager extends LogManager {
 }
 }
 try {
-ClassLoaderLogManager.prefix.set(prefix);
+this.prefix.set(prefix);
 Handler handler = (Handler) classLoader.loadClass(
 handlerClassName).getConstructor().newInstance();
 // The specification strongly implies all configuration 
should be done
 // during the creation of the handler object.
 // This includes setting level, filter, formatter and 
encoding.
-ClassLoaderLogManager.prefix.set(null);
+this.prefix.set(null);
 info.handlers.put(handlerName, handler);
 if (rootHandlers == null) {
 localRootLogger.addHandler(handler);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Revert "Avoid waste of resources due to reconstruction of objects"

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit a0f8fcebc15d5274ba241fcbfc8f6cbe2173c344
Author: Mark Thomas 
AuthorDate: Thu May 14 10:04:47 2020 +0100

Revert "Avoid waste of resources due to reconstruction of objects"

This reverts commit c4b71e31f3183ce3f4b8e86bd2cef49393a2a7e5.
---
 .../apache/catalina/core/ApplicationContext.java   |  2 +-
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../catalina/session/PersistentManagerBase.java|  2 +-
 .../catalina/valves/rewrite/RewriteCond.java   |  2 +-
 .../catalina/valves/rewrite/RewriteRule.java   |  4 ++--
 .../catalina/valves/rewrite/RewriteValve.java  |  2 +-
 java/org/apache/juli/ClassLoaderLogManager.java|  2 +-
 test/org/apache/catalina/valves/Benchmarks.java| 26 +++---
 8 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationContext.java 
b/java/org/apache/catalina/core/ApplicationContext.java
index 1e29076..7e6eed6 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -186,7 +186,7 @@ public class ApplicationContext implements ServletContext {
 /**
  * Thread local data used during request dispatch.
  */
-private static final ThreadLocal dispatchData = new 
ThreadLocal<>();
+private final ThreadLocal dispatchData = new ThreadLocal<>();
 
 
 /**
diff --git a/java/org/apache/catalina/ha/tcp/ReplicationValve.java 
b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
index 666e29d..6eed956 100644
--- a/java/org/apache/catalina/ha/tcp/ReplicationValve.java
+++ b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
@@ -85,7 +85,7 @@ public class ReplicationValve
 /**
  * crossContext session container
  */
-protected static final ThreadLocal> 
crossContextSessions =
+protected final ThreadLocal> crossContextSessions =
 new ThreadLocal<>() ;
 
 /**
diff --git a/java/org/apache/catalina/session/PersistentManagerBase.java 
b/java/org/apache/catalina/session/PersistentManagerBase.java
index 1fd08be..9f52c44 100644
--- a/java/org/apache/catalina/session/PersistentManagerBase.java
+++ b/java/org/apache/catalina/session/PersistentManagerBase.java
@@ -188,7 +188,7 @@ public abstract class PersistentManagerBase extends 
ManagerBase
  * Session that is currently getting swapped in to prevent loading it more
  * than once concurrently
  */
-private static final ThreadLocal sessionToSwapIn = new 
ThreadLocal<>();
+private final ThreadLocal sessionToSwapIn = new ThreadLocal<>();
 
 
 // - Properties
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteCond.java 
b/java/org/apache/catalina/valves/rewrite/RewriteCond.java
index a980d81..47a904c 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteCond.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteCond.java
@@ -28,7 +28,7 @@ public class RewriteCond {
 
 public static class PatternCondition extends Condition {
 public Pattern pattern;
-private static ThreadLocal matcher = new ThreadLocal<>();
+private ThreadLocal matcher = new ThreadLocal<>();
 
 @Override
 public boolean evaluate(String value, Resolver resolver) {
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteRule.java 
b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
index 0aa96de..833a12c 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteRule.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
@@ -26,7 +26,7 @@ public class RewriteRule {
 
 protected RewriteCond[] conditions = new RewriteCond[0];
 
-protected static ThreadLocal pattern = new ThreadLocal<>();
+protected ThreadLocal pattern = new ThreadLocal<>();
 protected Substitution substitution = null;
 
 protected String patternString = null;
@@ -186,7 +186,7 @@ public class RewriteRule {
 protected boolean cookieSecure = false;
 protected boolean cookieHttpOnly = false;
 protected Substitution cookieSubstitution = null;
-protected static ThreadLocal cookieResult = new ThreadLocal<>();
+protected ThreadLocal cookieResult = new ThreadLocal<>();
 
 /**
  *  This forces a request attribute named VAR to be set to the value VAL,
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java 
b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
index 273fe80..70d204b 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
@@ -77,7 +77,7 @@ public class RewriteValve extends ValveBase {
 /**
  * If rewriting occurs, the whole request will be processed again.
  */
-protected static ThreadLocal

[tomcat] 03/03: Fix BZ 64432. Refactoring broke multi-line rewrite rules

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 912e1b61ff06aa754ab6e5df71a46f3e95a21b46
Author: Mark Thomas 
AuthorDate: Thu May 14 09:41:10 2020 +0100

Fix BZ 64432. Refactoring broke multi-line rewrite rules

Patch provided by Jj. Also includes previous 2 commits that revert the
refactoring.
---
 test/org/apache/catalina/valves/rewrite/TestRewriteValve.java | 9 +
 webapps/docs/changelog.xml| 9 +
 2 files changed, 18 insertions(+)

diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java 
b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
index 29c2961..134f45a 100644
--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -605,6 +605,15 @@ public class TestRewriteValve extends TomcatBaseTest {
 doTestRewrite("RewriteRule !^/c/.* /b/", "/c/d", "/c/d");
 }
 
+@Test
+public void testMultiLine001() throws Exception {
+doTestRewrite("RewriteRule /dummy /anotherDummy [L]\nRewriteRule ^/a 
/c [L]", "/a", "/c");
+}
+
+@Test
+public void testMultiLine002() throws Exception {
+doTestRewrite("RewriteRule /dummy /a\nRewriteRule /a /c [L]", 
"/dummy", "/c");
+}
 
 private void doTestRewrite(String config, String request, String 
expectedURI) throws Exception {
 doTestRewrite(config, request, expectedURI, null);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f8f1130..0b1b64d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,15 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+64432: Correct a refactoring regression that broke handling
+of multi-line configuration in the RewriteValve. Patch provided by Jj.
+(markt)
+  
+
+  
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Revert "Avoid waste of resources due to reconstruction of objects"

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit ab24401edbda54524bd5f29064c638e9ec81
Author: Mark Thomas 
AuthorDate: Thu May 14 10:06:58 2020 +0100

Revert "Avoid waste of resources due to reconstruction of objects"

This reverts commit 2b628e8dc9acbab42ad8af068155f660a29c2d91.
---
 .../apache/catalina/core/ApplicationContext.java   |  2 +-
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../catalina/session/PersistentManagerBase.java|  2 +-
 .../catalina/valves/rewrite/RewriteCond.java   |  2 +-
 .../catalina/valves/rewrite/RewriteRule.java   |  4 ++--
 .../catalina/valves/rewrite/RewriteValve.java  |  2 +-
 java/org/apache/juli/ClassLoaderLogManager.java|  2 +-
 test/org/apache/catalina/valves/Benchmarks.java| 26 +++---
 8 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationContext.java 
b/java/org/apache/catalina/core/ApplicationContext.java
index 90f32b2..b6cd374 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -186,7 +186,7 @@ public class ApplicationContext implements ServletContext {
 /**
  * Thread local data used during request dispatch.
  */
-private static final ThreadLocal dispatchData = new 
ThreadLocal<>();
+private final ThreadLocal dispatchData = new ThreadLocal<>();
 
 
 /**
diff --git a/java/org/apache/catalina/ha/tcp/ReplicationValve.java 
b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
index 666e29d..6eed956 100644
--- a/java/org/apache/catalina/ha/tcp/ReplicationValve.java
+++ b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
@@ -85,7 +85,7 @@ public class ReplicationValve
 /**
  * crossContext session container
  */
-protected static final ThreadLocal> 
crossContextSessions =
+protected final ThreadLocal> crossContextSessions =
 new ThreadLocal<>() ;
 
 /**
diff --git a/java/org/apache/catalina/session/PersistentManagerBase.java 
b/java/org/apache/catalina/session/PersistentManagerBase.java
index 1fd08be..9f52c44 100644
--- a/java/org/apache/catalina/session/PersistentManagerBase.java
+++ b/java/org/apache/catalina/session/PersistentManagerBase.java
@@ -188,7 +188,7 @@ public abstract class PersistentManagerBase extends 
ManagerBase
  * Session that is currently getting swapped in to prevent loading it more
  * than once concurrently
  */
-private static final ThreadLocal sessionToSwapIn = new 
ThreadLocal<>();
+private final ThreadLocal sessionToSwapIn = new ThreadLocal<>();
 
 
 // - Properties
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteCond.java 
b/java/org/apache/catalina/valves/rewrite/RewriteCond.java
index a980d81..47a904c 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteCond.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteCond.java
@@ -28,7 +28,7 @@ public class RewriteCond {
 
 public static class PatternCondition extends Condition {
 public Pattern pattern;
-private static ThreadLocal matcher = new ThreadLocal<>();
+private ThreadLocal matcher = new ThreadLocal<>();
 
 @Override
 public boolean evaluate(String value, Resolver resolver) {
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteRule.java 
b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
index 0aa96de..833a12c 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteRule.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
@@ -26,7 +26,7 @@ public class RewriteRule {
 
 protected RewriteCond[] conditions = new RewriteCond[0];
 
-protected static ThreadLocal pattern = new ThreadLocal<>();
+protected ThreadLocal pattern = new ThreadLocal<>();
 protected Substitution substitution = null;
 
 protected String patternString = null;
@@ -186,7 +186,7 @@ public class RewriteRule {
 protected boolean cookieSecure = false;
 protected boolean cookieHttpOnly = false;
 protected Substitution cookieSubstitution = null;
-protected static ThreadLocal cookieResult = new ThreadLocal<>();
+protected ThreadLocal cookieResult = new ThreadLocal<>();
 
 /**
  *  This forces a request attribute named VAR to be set to the value VAL,
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java 
b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
index c44f798..78cbe7c 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
@@ -79,7 +79,7 @@ public class RewriteValve extends ValveBase {
 /**
  * If rewriting occurs, the whole request will be processed again.
  */
-protected static ThreadLocal

[tomcat] 01/03: Revert "Fix IDE warnings"

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 05a54b29288f1ee8af81ba30ee83eb0266d9a32d
Author: Mark Thomas 
AuthorDate: Thu May 14 10:06:55 2020 +0100

Revert "Fix IDE warnings"

This reverts commit c0c799061091c0e5eee71be47245b14024c3051b.
---
 java/org/apache/catalina/valves/rewrite/RewriteRule.java | 4 ++--
 java/org/apache/juli/ClassLoaderLogManager.java  | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/catalina/valves/rewrite/RewriteRule.java 
b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
index efdb8ac..0aa96de 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteRule.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
@@ -86,7 +86,7 @@ public class RewriteRule {
  * @return null if no rewrite took place
  */
 public CharSequence evaluate(CharSequence url, Resolver resolver) {
-Pattern pattern = RewriteRule.pattern.get();
+Pattern pattern = this.pattern.get();
 if (pattern == null) {
 // Parse the pattern
 int flags = 0;
@@ -94,7 +94,7 @@ public class RewriteRule {
 flags |= Pattern.CASE_INSENSITIVE;
 }
 pattern = Pattern.compile(patternString, flags);
-RewriteRule.pattern.set(pattern);
+this.pattern.set(pattern);
 }
 Matcher matcher = pattern.matcher(url);
 // Use XOR
diff --git a/java/org/apache/juli/ClassLoaderLogManager.java 
b/java/org/apache/juli/ClassLoaderLogManager.java
index c907056..cf3ad4c 100644
--- a/java/org/apache/juli/ClassLoaderLogManager.java
+++ b/java/org/apache/juli/ClassLoaderLogManager.java
@@ -277,7 +277,7 @@ public class ClassLoaderLogManager extends LogManager {
 return null;
 }
 
-String prefix = ClassLoaderLogManager.prefix.get();
+String prefix = this.prefix.get();
 String result = null;
 
 // If a prefix is defined look for a prefixed property first
@@ -595,13 +595,13 @@ public class ClassLoaderLogManager extends LogManager {
 }
 }
 try {
-ClassLoaderLogManager.prefix.set(prefix);
+this.prefix.set(prefix);
 Handler handler = (Handler) classLoader.loadClass(
 handlerClassName).getConstructor().newInstance();
 // The specification strongly implies all configuration 
should be done
 // during the creation of the handler object.
 // This includes setting level, filter, formatter and 
encoding.
-ClassLoaderLogManager.prefix.set(null);
+this.prefix.set(null);
 info.handlers.put(handlerName, handler);
 if (rootHandlers == null) {
 localRootLogger.addHandler(handler);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/03: Fix BZ 64432. Refactoring broke multi-line rewrite rules

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 006886935d9ab1e1a7bfdc7c42ac0340a39a3280
Author: Mark Thomas 
AuthorDate: Thu May 14 09:41:10 2020 +0100

Fix BZ 64432. Refactoring broke multi-line rewrite rules

Patch provided by Jj. Also includes previous 2 commits that revert the
refactoring.
---
 test/org/apache/catalina/valves/rewrite/TestRewriteValve.java | 9 +
 webapps/docs/changelog.xml| 9 +
 2 files changed, 18 insertions(+)

diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java 
b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
index 29c2961..134f45a 100644
--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -605,6 +605,15 @@ public class TestRewriteValve extends TomcatBaseTest {
 doTestRewrite("RewriteRule !^/c/.* /b/", "/c/d", "/c/d");
 }
 
+@Test
+public void testMultiLine001() throws Exception {
+doTestRewrite("RewriteRule /dummy /anotherDummy [L]\nRewriteRule ^/a 
/c [L]", "/a", "/c");
+}
+
+@Test
+public void testMultiLine002() throws Exception {
+doTestRewrite("RewriteRule /dummy /a\nRewriteRule /a /c [L]", 
"/dummy", "/c");
+}
 
 private void doTestRewrite(String config, String request, String 
expectedURI) throws Exception {
 doTestRewrite(config, request, expectedURI, null);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5e01706..c3330f0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,15 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+64432: Correct a refactoring regression that broke handling
+of multi-line configuration in the RewriteValve. Patch provided by Jj.
+(markt)
+  
+
+  
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (2808a97 -> 0068869)

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 2808a97  Revert
 new 05a54b2  Revert "Fix IDE warnings"
 new ab24401  Revert "Avoid waste of resources due to reconstruction of 
objects"
 new 0068869  Fix BZ 64432. Refactoring broke multi-line rewrite rules

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/core/ApplicationContext.java   |  2 +-
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../catalina/session/PersistentManagerBase.java|  2 +-
 .../catalina/valves/rewrite/RewriteCond.java   |  2 +-
 .../catalina/valves/rewrite/RewriteRule.java   |  8 +++
 .../catalina/valves/rewrite/RewriteValve.java  |  2 +-
 java/org/apache/juli/ClassLoaderLogManager.java|  8 +++
 test/org/apache/catalina/valves/Benchmarks.java| 26 +++---
 .../catalina/valves/rewrite/TestRewriteValve.java  |  9 
 webapps/docs/changelog.xml |  9 
 10 files changed, 44 insertions(+), 26 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated (f009f30 -> 98b5abb)

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from f009f30  Harmonize
 new c571674  Revert "Fix IDE warnings"
 new 98b5abb  Revert "Avoid waste of resources due to reconstruction of 
objects"

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/core/ApplicationContext.java   |  2 +-
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../catalina/session/PersistentManagerBase.java|  2 +-
 java/org/apache/juli/ClassLoaderLogManager.java|  8 +++
 test/org/apache/catalina/valves/Benchmarks.java| 26 +++---
 5 files changed, 20 insertions(+), 20 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Revert "Avoid waste of resources due to reconstruction of objects"

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 98b5abb03d2f888c8ed58f43494b47f66c2d1227
Author: Mark Thomas 
AuthorDate: Thu May 14 10:11:16 2020 +0100

Revert "Avoid waste of resources due to reconstruction of objects"

This reverts commit bb788e126c9ba07e40b64ca78d92dd230c44552f.
---
 .../apache/catalina/core/ApplicationContext.java   |  2 +-
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../catalina/session/PersistentManagerBase.java|  2 +-
 java/org/apache/juli/ClassLoaderLogManager.java|  2 +-
 test/org/apache/catalina/valves/Benchmarks.java| 26 +++---
 5 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationContext.java 
b/java/org/apache/catalina/core/ApplicationContext.java
index dfd02a9..d19cdaa 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -190,7 +190,7 @@ public class ApplicationContext implements ServletContext {
 /**
  * Thread local data used during request dispatch.
  */
-private static final ThreadLocal dispatchData = new 
ThreadLocal();
+private final ThreadLocal dispatchData = new 
ThreadLocal();
 
 
 /**
diff --git a/java/org/apache/catalina/ha/tcp/ReplicationValve.java 
b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
index c5abeac..53ff3ea 100644
--- a/java/org/apache/catalina/ha/tcp/ReplicationValve.java
+++ b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
@@ -92,7 +92,7 @@ public class ReplicationValve
 /**
  * crossContext session container
  */
-protected static ThreadLocal> crossContextSessions 
=
+protected ThreadLocal> crossContextSessions =
 new ThreadLocal>() ;
 
 /**
diff --git a/java/org/apache/catalina/session/PersistentManagerBase.java 
b/java/org/apache/catalina/session/PersistentManagerBase.java
index a935e4b..f4db615 100644
--- a/java/org/apache/catalina/session/PersistentManagerBase.java
+++ b/java/org/apache/catalina/session/PersistentManagerBase.java
@@ -199,7 +199,7 @@ public abstract class PersistentManagerBase extends 
ManagerBase
  * Session that is currently getting swapped in to prevent loading it more
  * than once concurrently
  */
-private static final ThreadLocal sessionToSwapIn = new 
ThreadLocal();
+private final ThreadLocal sessionToSwapIn = new 
ThreadLocal();
 
 
 // - Properties
diff --git a/java/org/apache/juli/ClassLoaderLogManager.java 
b/java/org/apache/juli/ClassLoaderLogManager.java
index aca6388..b3e1b5f 100644
--- a/java/org/apache/juli/ClassLoaderLogManager.java
+++ b/java/org/apache/juli/ClassLoaderLogManager.java
@@ -112,7 +112,7 @@ public class ClassLoaderLogManager extends LogManager {
  * This prefix is used to allow using prefixes for the properties names
  * of handlers and their subcomponents.
  */
-protected static ThreadLocal prefix = new ThreadLocal();
+protected ThreadLocal prefix = new ThreadLocal();
 
 
 /**
diff --git a/test/org/apache/catalina/valves/Benchmarks.java 
b/test/org/apache/catalina/valves/Benchmarks.java
index 2d0155f..882e7d6 100644
--- a/test/org/apache/catalina/valves/Benchmarks.java
+++ b/test/org/apache/catalina/valves/Benchmarks.java
@@ -76,14 +76,14 @@ public class Benchmarks {
 return "ThreadLocals";
 }
 
-private static ThreadLocal currentMillisLocal = new 
ThreadLocal() {
+private ThreadLocal currentMillisLocal = new ThreadLocal() 
{
 @Override
 protected Long initialValue() {
 return Long.valueOf(0);
 }
 };
 
-private static ThreadLocal currentDateLocal = new 
ThreadLocal();
+private ThreadLocal currentDateLocal = new ThreadLocal();
 
 @Override
 public void run() {
@@ -112,14 +112,14 @@ public class Benchmarks {
 long value = 0;
 }
 
-private static ThreadLocal currentMillisLocal = new 
ThreadLocal() {
+private ThreadLocal currentMillisLocal = new 
ThreadLocal() {
 @Override
 protected MutableLong initialValue() {
 return new MutableLong();
 }
 };
 
-private static ThreadLocal currentDateLocal = new 
ThreadLocal();
+private ThreadLocal currentDateLocal = new ThreadLocal();
 
 @Override
 public void run() {
@@ -149,7 +149,7 @@ public class Benchmarks {
 public Date currentDate;
 }
 
-private static ThreadLocal currentStruct = new 
ThreadLocal() {
+private ThreadLocal currentStruct = new ThreadLocal() {
 @Override
 protected Struct initialValue() {
 return new Struct();
@@ -266,33 +266,33 @@ p

[tomcat] 01/02: Revert "Fix IDE warnings"

2020-05-14 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c571674ce7c7cb4b165a2a8c8396ec0530050c28
Author: Mark Thomas 
AuthorDate: Thu May 14 10:11:13 2020 +0100

Revert "Fix IDE warnings"

This reverts commit 02d11bb82e9b00bb9fe8f61eb42f3ca9cca40272.
---
 java/org/apache/juli/ClassLoaderLogManager.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/juli/ClassLoaderLogManager.java 
b/java/org/apache/juli/ClassLoaderLogManager.java
index a1cda43..aca6388 100644
--- a/java/org/apache/juli/ClassLoaderLogManager.java
+++ b/java/org/apache/juli/ClassLoaderLogManager.java
@@ -277,7 +277,7 @@ public class ClassLoaderLogManager extends LogManager {
 return null;
 }
 
-String prefix = ClassLoaderLogManager.prefix.get();
+String prefix = this.prefix.get();
 String result = null;
 
 // If a prefix is defined look for a prefixed property first
@@ -587,13 +587,13 @@ public class ClassLoaderLogManager extends LogManager {
 }
 }
 try {
-ClassLoaderLogManager.prefix.set(prefix);
+this.prefix.set(prefix);
 Handler handler = (Handler) classLoader.loadClass(
 handlerClassName).getConstructor().newInstance();
 // The specification strongly implies all configuration 
should be done
 // during the creation of the handler object.
 // This includes setting level, filter, formatter and 
encoding.
-ClassLoaderLogManager.prefix.set(null);
+this.prefix.set(null);
 info.handlers.put(handlerName, handler);
 if (rootHandlers == null) {
 localRootLogger.addHandler(handler);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64432] RewriteValve does not work with multiple rules

2020-05-14 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=64432

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 OS||All
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
Fixed. Thanks for the report and the test cases.

Fixed in:
- master for 10.0.0-M6 onwards
- 9.0.x for 9.0.36 onwards
- 8.5.x for 8.5.56 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58489] QueryStatsComparator throws IllegalArgumentException: Comparison method violates its general contract!

2020-05-14 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=58489

Dave France  changed:

   What|Removed |Added

 CC||d.fra...@crossflight.com

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Session serialization uses wrapper objects instead of primitives

2020-05-14 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

I'm interested in the history of the StandardSession.writeObjectData
method. I've been looking at it lately because I'm interested in
possibly (optionally) encrypting the sessions in the backend session
store. But this isn't about encryption at all.

The code for StandardSession.doWriteObject(ObjectOutputStream stream)
looks like this:


// Write the scalar instance variables (except Manager)
stream.writeObject(Long.valueOf(creationTime));
stream.writeObject(Long.valueOf(lastAccessedTime));
stream.writeObject(Integer.valueOf(maxInactiveInterval));
stream.writeObject(Boolean.valueOf(isNew));
stream.writeObject(Boolean.valueOf(isValid));
stream.writeObject(Long.valueOf(thisAccessedTime));


Is there any reason we are writing object wrappers for these primitive
members instead of just writing the primitives directly?

It turns out that the byte stream is identical whether one uses
objects or primitives, but the code is a little more complicated,
generates objects when none are necessary, etc. Here is the
doReadObject code:

creationTime = ((Long) stream.readObject()).longValue();
lastAccessedTime = ((Long) stream.readObject()).longValue();
maxInactiveInterval = ((Integer) stream.readObject()).intValue()
;
isNew = ((Boolean) stream.readObject()).booleanValue();
isValid = ((Boolean) stream.readObject()).booleanValue();
thisAccessedTime = ((Long) stream.readObject()).longValue();

If using primitives, it would be:

creationTime = stream.readLong();
lastAccessedTime = stream.readLong();
maxInactiveInterval = stream.readInt();
isNew = stream.readBoolean();
isValid = stream.readBoolean();
thisAccessedTime = stream.readLong();

I don't believe there is any benefit to using objects over primitives
in this case. If the stream doesn't contain the right object types in
the right order, the operation will fail so they are providing any
e.g. type-safety that you might get by casting to (Number) and then
pulling long value (to convert an int -> long, possibly).

I think the code is easier to read and will generate less temporary
garbage if the wrapper objects are removed.

I think the change will also remain interoperable between versions
since the byte-stream is unchanged.

Any objections to making this change?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl69aFEACgkQHPApP6U8
pFiiGA/+OTShGMP1QvzP9rINT8hyrjhoiXTxCN6cfazQZ3Q8UUXAFA6514tLLkli
3FBfu6CWyAe1S8WvzgkeWg0UospfKjSi3pod/uVjF9Bo4JYyPAe39FV8k74Suotk
HpQNbrrFMp7MeQowXdtns/ua8F+uo77JXTHrdc3eZIhBpfiyyyPQLaC73r/djMwf
v/0iDF/SBAL98fTQsnTqeFVGJGBUkHS1Yvuhr1DQ+I6gpSRn+wUGlvUmrxaNF6J6
opYfBpU53L/2skjN7yC/DC5pnYbgRRzKdoNKzgrNbEbK9dyqEztr4N82+8VdIccj
BJJA+7LqYDkVvrrTSCBL8hTlWr10P609rwX7t+/LHl0SzBVdsdiZurpBD/SRZXbQ
nNU2n2DauAVUDUsKoLR/MvzpGVW3cNJNOqMX8mscA9RkLJwfWTnrohD7YFXtj6iv
D03ekPpOBGSF1TX6JAjgDuciSPD2/Z9NV6wR1yKcfjm/rKkoAnv/orP/ccTsuXnq
fggNFZQAmfp93QJFf2G3wntmR/3fCWjETVWT5CxyTxSdn/Zmj08P2lKiyRUriLd1
4kGnNxLSFgo/UWIgoFaPeITbkupmI9rGQq+LZM1UlnhoHxWj3vVOdCN/Zu+3OpLQ
rFD5YTunZmHDBIcbtHbOmHeAGq7VU1BpvJ7V50jz9LW6OoX6GfQ=
=vEuO
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Encrypting session data

2020-05-14 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

Tomcat has provided session-persistence mechanisms as far back as I
can remember, and on-disk/in-database/in-memcached/in-redis storage is
a somewhat popular practice.

Occasionally, we (the community) are asked how to protect the data in
those back-end stores e.g. using encryption. The answer has usually
been "you need to trust your data store" and that Tomcat simply
doesn't provide this kind of facility.

A few years ago, I started advocating treating all networks as
un-trusted, including "trusted" ones. If you've seen any of my
presentations or read any of my comments on networks, you'll know that
I think all network communications should be encrypted, even within
corporate networks or other environments where the network should be
considered "trusted".

I think a reasonable extension of this policy is to not trust your
storage mechanisms any farther than necessary. For example, if you are
storing Tomcat sessions on-disk or in a database, there are very few
other things that need to snoop (or modify!) that data besides Tomcat
itself. So there isn't any reason NOT to add something like encryption
to Tomcat for session stores.

I've been looking at StandardSession, which is Serializable.
DeltaSession extends StandardSession and adds some magic for
clustering which is /separate from/ the standard serialization
mechanism -- at least when sending session-changes; I haven't yet
looked at bulk-migration of sessions between cluster nodes.

Such encryption could easily be implemented in
StandardSession.doWriteObject/doReadObject by simply performing the
existing serialization operation but adding an encryption step,
finally writing a byte string into the ObjectOutputStream. An
encryption algorithm+key could be added to the SessionManager and, if
present, we add symmetric encryption to the process.

I have a few questions about this for the community:

1. Does anyone want this? (I definitely know there are some yesses out
there)

2. Is it sufficient to implement this in StandardSession, or do we
need something more configurable / customizable / extensible?

3. Is symmetric encryption sufficient, or is there a reason to
muck-around with asymmetric encryption.

4. Can anyone think of anything that might break (or significantly
degrade) if this were to be added? I'm specifically thinking about
clustering which has its own separate encryption mechanism.

Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl69a8AACgkQHPApP6U8
pFhbAg/7BkhoAJUx8+r3mfFWx8ClSS0x5A4VMb86tLLM3zt7HTVyCrMuvOP3UTrh
6MnSbLFChJDeZfj39ypqWcocW5R+oB78ROVsJPiIOTsNPxyas7+hCL7D91BqxtGT
U/Q9DGnyWZTYObxlXqI0qqtFSnhN+UWa8ANpFQWGcuI/l1i8rIPHjkSazhFyBkbQ
Rxzed1/15KepSpBunXd3QzPeR3Nn7eFzL/J8EiVEe+T4psscoKGzJ8xRs2OcDj54
q88KqBfq04Dk+G9+KHLxDY2ZXmiP+Mt8uYNXwe/7zLbBtiv6aPdrNMNMS+ejdY+D
lRYX4u7KQmNdO/zIMyJJ/5DHy4MDktl803am+x4Cng4Skeh3Cg78TjeCf+NJ2toE
/lO9aCe/OGKAbZfczV8HSdMDKCgzon4G+6g/8glFlRk1MeuGMs/EfbLnyOB7cb/a
ixT/Tcx0l2U6W9iDNjSfq9+/sxDcmV64htSB5X+IP7GZyd8daOWg4QedkRyN04Dg
cjVPf8/rXtpUR4hY3DQG5GCStCyp7c1+dbBL1b/lBueV2arLK8V6Qz/8oQ2ERags
ZQUgRMuSaNHIp78djg6wDjUg+93ZhQ6Qxt/9pRuPqzkuZZsOGJ6vz9SPJaCYfz2F
9OjUY/G+VOyZi8jryu7c9fwYGO8WU7lGPBFjptOy4pgJdnaZLa4=
=l94x
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Session serialization uses wrapper objects instead of primitives

2020-05-14 Thread Mark Thomas

On 14/05/2020 16:48, Christopher Schultz wrote:
> All,
> 
> I'm interested in the history of the StandardSession.writeObjectData
> method. I've been looking at it lately because I'm interested in
> possibly (optionally) encrypting the sessions in the backend session
> store. But this isn't about encryption at all.
> 
> The code for StandardSession.doWriteObject(ObjectOutputStream stream)
> looks like this:
> 
> 
> // Write the scalar instance variables (except Manager)
> stream.writeObject(Long.valueOf(creationTime));
> stream.writeObject(Long.valueOf(lastAccessedTime));
> stream.writeObject(Integer.valueOf(maxInactiveInterval));
> stream.writeObject(Boolean.valueOf(isNew));
> stream.writeObject(Boolean.valueOf(isValid));
> stream.writeObject(Long.valueOf(thisAccessedTime));
> 
> 
> Is there any reason we are writing object wrappers for these primitive
> members instead of just writing the primitives directly?

That code goes all the way back to at least Tomcat 3.1.x (20+ years ago).

> It turns out that the byte stream is identical whether one uses
> objects or primitives,

That surprises me. Looking at the JRE source code it really surprises
me. So much that I am going to go and try it for myself.

One reason we might want to stick with writing objects is to support
sessionAttributeValueClassNameFilter. I'm only going from reading the
source so I could easily have missed something but it looks like that
will only work if we write/read objects.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Session serialization uses wrapper objects instead of primitives

2020-05-14 Thread Mark Thomas

On 14/05/2020 17:46, Mark Thomas wrote:
> On 14/05/2020 16:48, Christopher Schultz wrote:
>> All,
>>
>> I'm interested in the history of the StandardSession.writeObjectData
>> method. I've been looking at it lately because I'm interested in
>> possibly (optionally) encrypting the sessions in the backend session
>> store. But this isn't about encryption at all.
>>
>> The code for StandardSession.doWriteObject(ObjectOutputStream stream)
>> looks like this:
>>
>>
>> // Write the scalar instance variables (except Manager)
>> stream.writeObject(Long.valueOf(creationTime));
>> stream.writeObject(Long.valueOf(lastAccessedTime));
>> stream.writeObject(Integer.valueOf(maxInactiveInterval));
>> stream.writeObject(Boolean.valueOf(isNew));
>> stream.writeObject(Boolean.valueOf(isValid));
>> stream.writeObject(Long.valueOf(thisAccessedTime));
>>
>>
>> Is there any reason we are writing object wrappers for these primitive
>> members instead of just writing the primitives directly?
> 
> That code goes all the way back to at least Tomcat 3.1.x (20+ years ago).
> 
>> It turns out that the byte stream is identical whether one uses
>> objects or primitives,
> 
> That surprises me. Looking at the JRE source code it really surprises
> me. So much that I am going to go and try it for myself.

My testing shows the opposite. There is a significant difference between
writing primitives and writing objects.

Given backwards compatibility requirements we can't change this in 9.0.x
and earlier.

> One reason we might want to stick with writing objects is to support
> sessionAttributeValueClassNameFilter. I'm only going from reading the
> source so I could easily have missed something but it looks like that
> will only work if we write/read objects.

We only care about this for session attributes. We know our internal
attributes are safe so we could switch to primitives in 10.0.x.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Session serialization uses wrapper objects instead of primitives

2020-05-14 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 5/14/20 12:53, Mark Thomas wrote:
> On 14/05/2020 17:46, Mark Thomas wrote:
>> On 14/05/2020 16:48, Christopher Schultz wrote:
>>> All,
>>>
>>> I'm interested in the history of the
>>> StandardSession.writeObjectData method. I've been looking at it
>>> lately because I'm interested in possibly (optionally)
>>> encrypting the sessions in the backend session store. But this
>>> isn't about encryption at all.
>>>
>>> The code for StandardSession.doWriteObject(ObjectOutputStream
>>> stream) looks like this:
>>>
>>>
>>> // Write the scalar instance variables (except Manager)
>>> stream.writeObject(Long.valueOf(creationTime));
>>> stream.writeObject(Long.valueOf(lastAccessedTime));
>>> stream.writeObject(Integer.valueOf(maxInactiveInterval));
>>> stream.writeObject(Boolean.valueOf(isNew));
>>> stream.writeObject(Boolean.valueOf(isValid));
>>> stream.writeObject(Long.valueOf(thisAccessedTime));
>>>
>>>
>>> Is there any reason we are writing object wrappers for these
>>> primitive members instead of just writing the primitives
>>> directly?
>>
>> That code goes all the way back to at least Tomcat 3.1.x (20+
>> years ago).
>>
>>> It turns out that the byte stream is identical whether one
>>> uses objects or primitives,
>>
>> That surprises me. Looking at the JRE source code it really
>> surprises me. So much that I am going to go and try it for
>> myself.
>
> My testing shows the opposite. There is a significant difference
> between writing primitives and writing objects.

Hmm. I did a micro-test with just writing a single Long.valueOf()
value and a (primitive) long alone to an ObjectOutputStream. I didn't
test the StandardSession itself.

> Given backwards compatibility requirements we can't change this in
> 9.0.x and earlier.

Agreed.

>> One reason we might want to stick with writing objects is to
>> support sessionAttributeValueClassNameFilter. I'm only going from
>> reading the source so I could easily have missed something but it
>> looks like that will only work if we write/read objects.
>
> We only care about this for session attributes. We know our
> internal attributes are safe so we could switch to primitives in
> 10.0.x.

I'll have to play-around a bit to see what was wrong with my initial tes
t.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl69guMACgkQHPApP6U8
pFg40BAAowAyGeHKQAWyj4OjZVwuZJnZpNaBsK0Rthw2rmCPFVVzBb37IDV7svxk
HjmYyvKSM3NxRke/ftSysfg7hnGAaK0gFuyk8XSqUp5ZXkJUzHoS/44Ite1Fsqux
8iwc+djveuybUEacxz9PGLH9+vmXVI9EhvYUHKXyWS5w5KKXBVghPcrnL9gjBbTs
F7a92V6xiRUdnhDBpixOEBnwihfAisd1CS9XQjIAhVB2T0mkSsinZBFqzy5HZX4a
ohMhX1aAFKyHEV9rHeNlV9mTzj1Wg+rgXEVW4hWnGzmt+iS3KdLxdRZRw+6v78O6
M4cYPclPYek//toB7mf+FFyrPtyfVMjG9lvqP3serXQ8Ujh7HvUNQX91/kgpC9mQ
xWJQqpsR7CwkmleU/XFFcyz9Dp+N/SlZSomPneeLRj4+Epx+AX8WgXVZMZdJNXVf
MN5IIix7K9ff+drbCgwFsC2Yf1M76Mf6VQSXKdNmxZ5AfXJy9Kzk8z2rukj63wMA
wHs3CEjHjN7PevbgUbvQnA6Ze92ZRlzQqhrZl400/lriYzGeePQmqeVg5/mlAWLW
2YJQRsmaA8Q7QI63vZXkBYGBA1/lh6NDFF3mVqHCxAy3nUfSx3VNgwVZSk3aItqw
eDgNxRJkhR43MLj1GDQTAVjHF+XrMw87xDp58cI0pxhgavGzlsI=
=2xPi
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Session serialization uses wrapper objects instead of primitives

2020-05-14 Thread Mark Thomas

On 14/05/2020 18:41, Christopher Schultz wrote:
> Mark,
> 
> On 5/14/20 12:53, Mark Thomas wrote:
>> On 14/05/2020 17:46, Mark Thomas wrote:
>>> On 14/05/2020 16:48, Christopher Schultz wrote:
 All,

 I'm interested in the history of the
 StandardSession.writeObjectData method. I've been looking at it
 lately because I'm interested in possibly (optionally)
 encrypting the sessions in the backend session store. But this
 isn't about encryption at all.

 The code for StandardSession.doWriteObject(ObjectOutputStream
 stream) looks like this:


 // Write the scalar instance variables (except Manager)
 stream.writeObject(Long.valueOf(creationTime));
 stream.writeObject(Long.valueOf(lastAccessedTime));
 stream.writeObject(Integer.valueOf(maxInactiveInterval));
 stream.writeObject(Boolean.valueOf(isNew));
 stream.writeObject(Boolean.valueOf(isValid));
 stream.writeObject(Long.valueOf(thisAccessedTime));


 Is there any reason we are writing object wrappers for these
 primitive members instead of just writing the primitives
 directly?
>>>
>>> That code goes all the way back to at least Tomcat 3.1.x (20+
>>> years ago).
>>>
 It turns out that the byte stream is identical whether one
 uses objects or primitives,
>>>
>>> That surprises me. Looking at the JRE source code it really
>>> surprises me. So much that I am going to go and try it for
>>> myself.
> 
>> My testing shows the opposite. There is a significant difference
>> between writing primitives and writing objects.
> 
> Hmm. I did a micro-test with just writing a single Long.valueOf()
> value and a (primitive) long alone to an ObjectOutputStream. I didn't
> test the StandardSession itself.

I performed the same micro-test.

>> Given backwards compatibility requirements we can't change this in
>> 9.0.x and earlier.
> 
> Agreed.
> 
>>> One reason we might want to stick with writing objects is to
>>> support sessionAttributeValueClassNameFilter. I'm only going from
>>> reading the source so I could easily have missed something but it
>>> looks like that will only work if we write/read objects.
> 
>> We only care about this for session attributes. We know our
>> internal attributes are safe so we could switch to primitives in
>> 10.0.x.
> 
> I'll have to play-around a bit to see what was wrong with my initial tes
> t.

JRE version? I used a newish Java 8. Long value? I used 1000. I did
something stupid? Source code here:

https://github.com/markt-asf/tomcat-bugs/blob/master/src/java/org/apache/tomcat/ObjectStreams.java


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64442] New: Re-use roles and groups defined on users on MemoryUserDatabase creation

2020-05-14 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=64442

Bug ID: 64442
   Summary: Re-use roles and groups defined on users on
MemoryUserDatabase creation
   Product: Tomcat 10
   Version: unspecified
  Hardware: All
OS: All
Status: NEW
  Severity: minor
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: felix.schumac...@internetallee.de
  Target Milestone: --

Created attachment 37246
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37246&action=edit
Re-use roles and groups defined on users on MemoryUserDatabase creation

When the XML file for MemoryUserDatabse is digested, the order of the
elements was important. It had to be roles, groups and than users.
With this patch the order of the elements is not important any more.
If a user element defined a role or group before the corresponding
role or group element, we now will re-use that element and add a
possibly missing description.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64442] Re-use roles and groups defined on users on MemoryUserDatabase creation

2020-05-14 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=64442

--- Comment #1 from Christopher Schultz  ---
What's the desire, here? Making the XML more readable or avoiding redefining
roles or groups?

If you are going to modify the code, you could also modify the XML Schema to
suit (/conf/tomcat-users.xsd).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Session serialization uses wrapper objects instead of primitives

2020-05-14 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 5/14/20 14:21, Mark Thomas wrote:
> On 14/05/2020 18:41, Christopher Schultz wrote:
>> Mark,
>>
>> On 5/14/20 12:53, Mark Thomas wrote:
>>> On 14/05/2020 17:46, Mark Thomas wrote:
 On 14/05/2020 16:48, Christopher Schultz wrote:
> All,
>
> I'm interested in the history of the
> StandardSession.writeObjectData method. I've been looking
> at it lately because I'm interested in possibly
> (optionally) encrypting the sessions in the backend session
> store. But this isn't about encryption at all.
>
> The code for
> StandardSession.doWriteObject(ObjectOutputStream stream)
> looks like this:
>
>
> // Write the scalar instance variables (except Manager)
> stream.writeObject(Long.valueOf(creationTime));
> stream.writeObject(Long.valueOf(lastAccessedTime));
> stream.writeObject(Integer.valueOf(maxInactiveInterval));
> stream.writeObject(Boolean.valueOf(isNew));
> stream.writeObject(Boolean.valueOf(isValid));
> stream.writeObject(Long.valueOf(thisAccessedTime));
>
>
> Is there any reason we are writing object wrappers for
> these primitive members instead of just writing the
> primitives directly?

 That code goes all the way back to at least Tomcat 3.1.x
 (20+ years ago).

> It turns out that the byte stream is identical whether one
> uses objects or primitives,

 That surprises me. Looking at the JRE source code it really
 surprises me. So much that I am going to go and try it for
 myself.
>>
>>> My testing shows the opposite. There is a significant
>>> difference between writing primitives and writing objects.
>>
>> Hmm. I did a micro-test with just writing a single
>> Long.valueOf() value and a (primitive) long alone to an
>> ObjectOutputStream. I didn't test the StandardSession itself.
>
> I performed the same micro-test.
>
>>> Given backwards compatibility requirements we can't change this
>>> in 9.0.x and earlier.
>>
>> Agreed.
>>
 One reason we might want to stick with writing objects is to
 support sessionAttributeValueClassNameFilter. I'm only going
 from reading the source so I could easily have missed
 something but it looks like that will only work if we
 write/read objects.
>>
>>> We only care about this for session attributes. We know our
>>> internal attributes are safe so we could switch to primitives
>>> in 10.0.x.
>>
>> I'll have to play-around a bit to see what was wrong with my
>> initial tes t.
>
> JRE version? I used a newish Java 8. Long value? I used 1000. I
> did something stupid? Source code here:
>
> https://github.com/markt-asf/tomcat-bugs/blob/master/src/java/org/apac
he/tomcat/ObjectStreams.java

My
>
problem appears to be that I copy-pasted and didn't change one of
the calls. *eyeroll*

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl69rfEACgkQHPApP6U8
pFgO2w/+Mld4Akm77AOAOWRaqVQVi6BOXOUJE5uRGq8XlsTvx2U4GM6PTuT4F/Tp
Ow9g9NdpK89kPxBDDK+wfZF2qDmwO7uXWqKUr6OQ24qJR2aEerTQsn90GvbKp3j3
SmqeKVGMK8TZJlLtsw7YiMguH0z8v38wulwovBFPdVBZsPTKETo0DjrTxR0oZhrD
lZYKo5qwIF+LWd9NtdLSog9s/nMuC9jJoqwjD5azcRbmpAjYU9oIeQX8q3nqcOFh
DFxXVCbzzLe6EQlkSg0Bpc0PU3FoK5qKPaAcMdjtaVP+L28nbTVkTCugDcxcwNou
M2yi88gxtCk7OOknfum3ukNZI1gvRHvEHMQINdQaXmJ32oxy5QpdJ1ICew2Elo45
Hakms9os6i5QIz2XdF8BZ7ihqtuxkb3stzEi66KTtiTp41V6aHHTiAHIpsJfTsHZ
ZTiaS9UPHZVAMnSE6/QvIAz68IkA3/cQvz9Ed+lClp6r4vqWDomkFsqKH1NDMQCX
gCnTj/3zNXb4+FovhzFnEEM+Pbwe0c20y/I+piTe5S6U6Zcl958au4MNToBCr/t0
YXn0OkAlc24EJBOP37b3406SQEfmBDd4FP7z8fY9QTwT3cOBH3dvzaqYhL8mMBhF
ToVs/lbO5KoBJG0xDC3gK/22r19oyNUaiLa1OlUC533IeMpmloc=
=DHdr
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Session serialization uses wrapper objects instead of primitives

2020-05-14 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 5/14/20 14:21, Mark Thomas wrote:
> On 14/05/2020 18:41, Christopher Schultz wrote:
>> Mark,
>>
>> On 5/14/20 12:53, Mark Thomas wrote:
>>> On 14/05/2020 17:46, Mark Thomas wrote:
 On 14/05/2020 16:48, Christopher Schultz wrote:
> All,
>
> I'm interested in the history of the
> StandardSession.writeObjectData method. I've been looking
> at it lately because I'm interested in possibly
> (optionally) encrypting the sessions in the backend session
> store. But this isn't about encryption at all.
>
> The code for
> StandardSession.doWriteObject(ObjectOutputStream stream)
> looks like this:
>
>
> // Write the scalar instance variables (except Manager)
> stream.writeObject(Long.valueOf(creationTime));
> stream.writeObject(Long.valueOf(lastAccessedTime));
> stream.writeObject(Integer.valueOf(maxInactiveInterval));
> stream.writeObject(Boolean.valueOf(isNew));
> stream.writeObject(Boolean.valueOf(isValid));
> stream.writeObject(Long.valueOf(thisAccessedTime));
>
>
> Is there any reason we are writing object wrappers for
> these primitive members instead of just writing the
> primitives directly?

 That code goes all the way back to at least Tomcat 3.1.x
 (20+ years ago).

> It turns out that the byte stream is identical whether one
> uses objects or primitives,

 That surprises me. Looking at the JRE source code it really
 surprises me. So much that I am going to go and try it for
 myself.
>>
>>> My testing shows the opposite. There is a significant
>>> difference between writing primitives and writing objects.
>>
>> Hmm. I did a micro-test with just writing a single
>> Long.valueOf() value and a (primitive) long alone to an
>> ObjectOutputStream. I didn't test the StandardSession itself.
>
> I performed the same micro-test.
>
>>> Given backwards compatibility requirements we can't change this
>>> in 9.0.x and earlier.
>>
>> Agreed.
>>
 One reason we might want to stick with writing objects is to
 support sessionAttributeValueClassNameFilter. I'm only going
 from reading the source so I could easily have missed
 something but it looks like that will only work if we
 write/read objects.
>>
>>> We only care about this for session attributes. We know our
>>> internal attributes are safe so we could switch to primitives
>>> in 10.0.x.
>>
>> I'll have to play-around a bit to see what was wrong with my
>> initial tes t.

So my test was bunk, the data on-the-wire (so to speak) is very
different, and there is no way at all to make them compatible. :/

Perhaps a rewindable input stream would work, but it's just not really
that important.

I think it's okay to make a breaking change at 10.0, but only if
anyone really cares. It saves a couple of bytes which can add up.

In my microtest, I wrote a java.lang.Long value and a (primitive) long
to two separate files. The object-file was 82 bytes and the
primitive-file was 14 bytes. It looks like after the 2-byte header and
2-byte version identifier, the primitive long is written as "block
data" with a 1-byte length (8) and then the 8 bytes of the long. The
object flavor is ... more verbose.

So we get almost 90% savings for a single long value. On the other
hand, the primitive only values going into sessions are the metadata
and not the attributes, which will dominate the bulk of the data (or
should, anyway).

I still think this is worth doing.

Any objections?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl69sXYACgkQHPApP6U8
pFi6pg/9ExBQhRRlUv4QPUVDJEhJ8pN6KfBIoHgd/UWw2zYxjeifhDrN+biK2lLG
GHWmJuF+wEAFz9xtYqN46q1QqSKIQcWTAqI05NchNlqFd29JHwj+9QZV00VTd0eK
My4MTCVY4dSObJrePyw14tEHyRVcFl539bDhtez7fnjOGkq4EGNXvr7ep9L3w5GB
ckwKAp1OuFYz5/0ZCCDEVdRiSpoXAac06B5v0FUQb3TBn06gdavUJb9q0HM57RjI
0FkQHPyZ1ibfWOOLldBrCgA+7SygGiD6LO2nMo5Fgy1A4l5W/uekkhW96FXBKHng
/ocXJRQSkeDoanpQmu5pC/Ru1S0bNjZCIo9OMS0de6iEMEO3wPtvuLYhINYydk6E
3ZNx+EPZEFPoZuB1K0peWNDgFsE3ar5gL+y6cvztNoZtT1WymoDS6uQ4OvGXcXNL
61SOSe3CmqHF0dQTlD/Xikakumz4Kefny5QGw/XlchPVNCqUmvgxUwYPb965kwz3
Vt/3nib0QgKxbR0j54InFIRkG7gPuGyUaL0kwtMbFEdOTw+PqAEyIPSqIRtmkhVG
Mzf6ikh+TOToYi+OIJXUMloaVL8xafAo6hKTc7lbu2hAUv9bE47X6uVyQmD7Yxqu
R3LQGo3OYX9+GBdKBhgvbZB9bEkUImMbsgIXKIUScGaMH4RdtBE=
=AZle
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64442] Re-use roles and groups defined on users on MemoryUserDatabase creation

2020-05-14 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=64442

--- Comment #2 from Felix Schumacher  ---
The trigger here was, that we tried to add a role without a XML-aware editor
and placed the role definition behind the user, that also defined the role. The
result of such a misconfiguration is, a user that is not member of that role.
This is confusing. And the patch tries to be more forgiving with
misconfiguration.

Hadn't thought about adapting the XSD, though. Do you think we should adapt it?

Another possible way to let users know the misconfiguration is actually
checking the conformance of the XML file, but I think the more forgiving
approach is nicer (to the user).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64415] Error in slow query report - Comparison method violates its general contract!

Re: [tomcat] 02/02: Avoid waste of resources due to reconstruction of objects

[tomcat] 01/03: Revert "Fix IDE warnings"

[tomcat] 02/03: Revert "Avoid waste of resources due to reconstruction of objects"

[tomcat] 03/03: Fix BZ 64432. Refactoring broke multi-line rewrite rules

[tomcat] branch master updated (43b10e3 -> 344a00f)

[tomcat] branch 9.0.x updated (c0796a1 -> 912e1b6)

[tomcat] 01/03: Revert "Fix IDE warnings"

[tomcat] 02/03: Revert "Avoid waste of resources due to reconstruction of objects"

[tomcat] 03/03: Fix BZ 64432. Refactoring broke multi-line rewrite rules

[tomcat] 02/03: Revert "Avoid waste of resources due to reconstruction of objects"

[tomcat] 01/03: Revert "Fix IDE warnings"

[tomcat] 03/03: Fix BZ 64432. Refactoring broke multi-line rewrite rules

[tomcat] branch 8.5.x updated (2808a97 -> 0068869)

[tomcat] branch 7.0.x updated (f009f30 -> 98b5abb)

[tomcat] 02/02: Revert "Avoid waste of resources due to reconstruction of objects"

[tomcat] 01/02: Revert "Fix IDE warnings"

[Bug 64432] RewriteValve does not work with multiple rules

[Bug 58489] QueryStatsComparator throws IllegalArgumentException: Comparison method violates its general contract!

Session serialization uses wrapper objects instead of primitives

Encrypting session data

Re: Session serialization uses wrapper objects instead of primitives

Re: Session serialization uses wrapper objects instead of primitives

Re: Session serialization uses wrapper objects instead of primitives

Re: Session serialization uses wrapper objects instead of primitives

[Bug 64442] New: Re-use roles and groups defined on users on MemoryUserDatabase creation

[Bug 64442] Re-use roles and groups defined on users on MemoryUserDatabase creation

Re: Session serialization uses wrapper objects instead of primitives

Re: Session serialization uses wrapper objects instead of primitives

[Bug 64442] Re-use roles and groups defined on users on MemoryUserDatabase creation

30 matches

Site Navigation

Mail list logo

Footer information