This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d5dce75 Add new connector attribute to control facade recycling
d5dce75 is described below
commit d5dce75b5c55194065f585c9a0b9cf606eb3a165
Author: remm <r...@apache.org>
AuthorDate: Wed Jan 22 15:35:37 2020 +0100
Add new connector attribute to control facade recycling
Use the same default as before, using the system property and false if
not set.
---
java/org/apache/catalina/connector/Connector.java | 38 ++++++++++++++++++-----
java/org/apache/catalina/connector/Request.java | 14 +++++++--
java/org/apache/catalina/connector/Response.java | 3 +-
webapps/docs/changelog.xml | 4 +++
webapps/docs/config/http.xml | 11 +++++++
webapps/docs/security-howto.xml | 10 +++---
6 files changed, 64 insertions(+), 16 deletions(-)
diff --git a/java/org/apache/catalina/connector/Connector.java
b/java/org/apache/catalina/connector/Connector.java
index 515d2af..d54927c 100644
--- a/java/org/apache/catalina/connector/Connector.java
+++ b/java/org/apache/catalina/connector/Connector.java
@@ -25,6 +25,7 @@ import java.util.HashSet;
import javax.management.ObjectName;
+import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Service;
@@ -56,13 +57,6 @@ public class Connector extends LifecycleMBeanBase {
private static final Log log = LogFactory.getLog(Connector.class);
- /**
- * Alternate flag to enable recycling of facades.
- */
- public static final boolean RECYCLE_FACADES =
-
Boolean.parseBoolean(System.getProperty("org.apache.catalina.connector.RECYCLE_FACADES",
"false"));
-
-
public static final String INTERNAL_EXECUTOR_NAME = "Internal";
@@ -165,6 +159,17 @@ public class Connector extends LifecycleMBeanBase {
/**
+ * The flag that controls recycling of the facades of the request
+ * processing objects. If set to <code>true</code> the object facades
+ * will be discarded when the request is recycled. If the security
+ * manager is enabled, this setting is ignored and object facades are
+ * always discarded.
+ */
+ protected boolean discardFacades =
+
Boolean.parseBoolean(System.getProperty("org.apache.catalina.connector.RECYCLE_FACADES",
"false"));
+
+
+ /**
* The redirect port for non-SSL to SSL redirects.
*/
protected int redirectPort = 443;
@@ -373,6 +378,25 @@ public class Connector extends LifecycleMBeanBase {
/**
+ * @return <code>true</code> if the object facades are discarded, either
+ * when the discardFacades value is <code>true</code> or when the
+ * security manager is enabled.
+ */
+ public boolean getDiscardFacades() {
+ return discardFacades || Globals.IS_SECURITY_ENABLED;
+ }
+
+
+ /**
+ * Set the recycling strategy for the object facades.
+ * @param discardFacades the new value of the flag
+ */
+ public void setDiscardFacades(boolean discardFacades) {
+ this.discardFacades = discardFacades;
+ }
+
+
+ /**
* @return the "enable DNS lookups" flag.
*/
public boolean getEnableLookups() {
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 841049a..7f27bdd 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -495,7 +495,7 @@ public class Request implements HttpServletRequest {
recycleSessionInfo();
recycleCookieInfo(false);
- if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
+ if (getDiscardFacades()) {
parameterMap = new ParameterMap<>();
} else {
parameterMap.setLocked(false);
@@ -506,7 +506,7 @@ public class Request implements HttpServletRequest {
applicationMapping.recycle();
applicationRequest = null;
- if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
+ if (getDiscardFacades()) {
if (facade != null) {
facade.clear();
facade = null;
@@ -586,6 +586,16 @@ public class Request implements HttpServletRequest {
/**
+ * Get the recycling strategy of the facade objects.
+ * @return the value of the flag as set on the connector, or
+ * <code>true</code> if no connector is associated with this request
+ */
+ public boolean getDiscardFacades() {
+ return (connector == null) ? true : connector.getDiscardFacades();
+ }
+
+
+ /**
* Filter chain associated with the request.
*/
protected FilterChain filterChain = null;
diff --git a/java/org/apache/catalina/connector/Response.java
b/java/org/apache/catalina/connector/Response.java
index d06a46c..37515ed 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -44,7 +44,6 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
import org.apache.catalina.Session;
import org.apache.catalina.security.SecurityUtil;
import org.apache.catalina.util.SessionConfig;
@@ -229,7 +228,7 @@ public class Response implements HttpServletResponse {
isCharacterEncodingSet = false;
applicationResponse = null;
- if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
+ if (getRequest().getDiscardFacades()) {
if (facade != null) {
facade.clear();
facade = null;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ae9d505..9473e86 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,6 +119,10 @@
<code>CachedResourceURLConnection</code>, it expands the feature to
include packedWARs and to take account of resource JARs. (markt)
</fix>
+ <update>
+ Refactor recycle facade system property into a new connector attribute
+ named <code>discardFacades</code>. (remm)
+ </update>
</changelog>
</subsection>
<subsection name="Coyote">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 057ee47..7a92820 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -94,6 +94,17 @@
<code>_default_</code> will be used.</p>
</attribute>
+ <attribute name="discardFacades" required="false">
+ <p>A boolean value which can be used to enable or disable the recycling
+ of the facade objects that isolate the container internal request
+ processing objects. If set to <code>true</code> the facades will be
+ set for garbage collection after every request, otherwise they will be
+ reused. This setting has no effect when the security manager is enabled.
+ If not specified, this attribute is set to the value of the
+ <code>org.apache.catalina.connector.RECYCLE_FACADES</code> system
+ property, or <code>false</code> if not set.</p>
+ </attribute>
+
<attribute name="enableLookups" required="false">
<p>Set to <code>true</code> if you want calls to
<code>request.getRemoteHost()</code> to perform DNS lookups in
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 8b3d14d..4b21e01 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -258,6 +258,11 @@
handle the response from a TRACE request (which exposes the browser to an
XSS attack), support for TRACE requests is disabled by default.</p>
+ <p>The <strong>discardFacades</strong> attribute set to <code>true</code>
+ will cause a new facade object to be created for each request. This
+ reduces the chances of a bug in an application exposing data from one
+ request to another.</p>
+
<p>The <strong>maxPostSize</strong> attribute controls the maximum size
of a POST request that will be parsed for parameters. The parameters are
cached for the duration of the request so this is limited to 2MB by
@@ -449,11 +454,6 @@
</section>
<section name="System Properties">
- <p>Setting <strong>org.apache.catalina.connector.RECYCLE_FACADES</strong>
- system property to <code>true</code> will cause a new facade object to be
- created for each request. This reduces the chances of a bug in an
- application exposing data from one request to another.</p>
-
<p>The <strong>
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH</strong> and
<strong>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</strong>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
