[jira] [Updated] (GEODE-7533) System Properties catalina.home and catalina.base are cleared during webapp reloads when using HTTP Session Management Module
[
https://issues.apache.org/jira/browse/GEODE-7533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Charles Smith updated GEODE-7533:
-
Description:
I noticed when using the HTTP Session Management Module for AppServers that my
tomcat environment would act oddly when my webapp was reloaded. I tracked this
down to the fact that catalina.home and catalina.base system properties were
missing when the webapp reloaded.
A quick search of the Geode code base found a couple of unexplainable lines in:
{{geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java}}
in the close() method there are 2 calls to System.clearProperty() which
essentially clear catalina.home and catalina.base.
I am guessing that these lines exist from a previous state of this
InternalHttpService when it was perhaps using an embedded Tomcat instance. Now
the class appears to be implemented using Jetty and there are no other
references to the catalina properties than the lines that clear them.
This is likely also causing issues with the HTTP Session Management Module for
Tomcat. I was a least able to workaround this issue by disabling the embedded
HTTP server in the filter properties that configured the HTTP Session
Management Module.
Probably these 2 lines should just be removed from the InternalHttpService
class...
was:
I noticed when using the HTTP Session Management Module for AppServers that my
tomcat environment would act oddly when my webapp was reloaded. I tracked this
down to catalina.home and catalina.base system properties being missing when
the webapp reloaded.
A quick search of the Geode code base found a couple of unexplainable lines in:
{{geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java}}
in the close method there are 2 calls to System.clearProperty() which
essentially clear catalina.home and catalina.base.
I am guess that these lines are exist from a previous state of this
InternalHttpService when it was perhaps using an embedded Tomcat instance. Now
the class appears to be implemented using Jetty and there are no other
references to the catalina properties than the lines that clear them.
This is likely also causing issues with the HTTP Session Management Module for
Tomcat. I was a least able to workaround this issue by disabling the embedded
HTTP server in the filter properties that configured the HTTP Session
Management Module.
Probably these 2 lines should just be removed from the InternalHttpService
class...
> System Properties catalina.home and catalina.base are cleared during webapp
> reloads when using HTTP Session Management Module
> -
>
> Key: GEODE-7533
> URL: https://issues.apache.org/jira/browse/GEODE-7533
> Project: Geode
> Issue Type: Bug
> Components: http session
>Reporter: Charles Smith
>Priority: Major
>
> I noticed when using the HTTP Session Management Module for AppServers that
> my tomcat environment would act oddly when my webapp was reloaded. I tracked
> this down to the fact that catalina.home and catalina.base system properties
> were missing when the webapp reloaded.
>
> A quick search of the Geode code base found a couple of unexplainable lines
> in:
> {{geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java}}
> in the close() method there are 2 calls to System.clearProperty() which
> essentially clear catalina.home and catalina.base.
>
> I am guessing that these lines exist from a previous state of this
> InternalHttpService when it was perhaps using an embedded Tomcat instance.
> Now the class appears to be implemented using Jetty and there are no other
> references to the catalina properties than the lines that clear them.
>
> This is likely also causing issues with the HTTP Session Management Module
> for Tomcat. I was a least able to workaround this issue by disabling the
> embedded HTTP server in the filter properties that configured the HTTP
> Session Management Module.
>
> Probably these 2 lines should just be removed from the InternalHttpService
> class...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (GEODE-7533) System Properties catalina.home and catalina.base are cleared during webapp reloads when using HTTP Session Management Module
Charles Smith created GEODE-7533:
Summary: System Properties catalina.home and catalina.base are
cleared during webapp reloads when using HTTP Session Management Module
Key: GEODE-7533
URL: https://issues.apache.org/jira/browse/GEODE-7533
Project: Geode
Issue Type: Bug
Components: http session
Reporter: Charles Smith
I noticed when using the HTTP Session Management Module for AppServers that my
tomcat environment would act oddly when my webapp was reloaded. I tracked this
down to catalina.home and catalina.base system properties being missing when
the webapp reloaded.
A quick search of the Geode code base found a couple of unexplainable lines in:
{{geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java}}
in the close method there are 2 calls to System.clearProperty() which
essentially clear catalina.home and catalina.base.
I am guess that these lines are exist from a previous state of this
InternalHttpService when it was perhaps using an embedded Tomcat instance. Now
the class appears to be implemented using Jetty and there are no other
references to the catalina properties than the lines that clear them.
This is likely also causing issues with the HTTP Session Management Module for
Tomcat. I was a least able to workaround this issue by disabling the embedded
HTTP server in the filter properties that configured the HTTP Session
Management Module.
Probably these 2 lines should just be removed from the InternalHttpService
class...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (GEODE-7438) Session cookie set does not reflect the context's SessionCookieConfig
[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16983935#comment-16983935 ] Charles Smith commented on GEODE-7438: -- All done. Should be good for merging now. > Session cookie set does not reflect the context's SessionCookieConfig > - > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session >Reporter: Charles Smith >Priority: Major > Labels: docs > Time Spent: 10m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GEODE-7438) Session cookie set does not reflect the context's SessionCookieConfig
[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16983160#comment-16983160 ] Charles Smith commented on GEODE-7438: -- I grepped the source code and it looks like the supported Servlet spec for the HTTP Session Management Module or AppServers is only referenced in: geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb and geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb It sounded like the consensus on the mailing list was to document support for version 3.1? Is that correct? And if I update these 2 docs and squash that into my pull request commit will that be sufficient for it to be merged? > Session cookie set does not reflect the context's SessionCookieConfig > - > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session >Reporter: Charles Smith >Priority: Major > Labels: docs > Time Spent: 10m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)
