RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

2024-03-22 Thread Rick Noel
Thank you very much Chris 
The classes my app uses should be serialize anyway so I just go that route.
But thanks for that code snippet too

Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com

-Original Message-
From: Christopher Schultz  
Sent: Friday, March 22, 2024 2:36 PM
To: Tomcat Users List ; Rick Noel 

Subject: Re: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

Rick,

On 3/22/24 13:33, Rick Noel wrote:
> I do not want to replicate customer because that class does not 
> implement  serializable
> 
> I was looking for someway that the Manager would NOT try to replicate 
> it
This is an allow-list which is much more secure than a deny-list.

It's a regular expression, so you can feel free to get super-creative with the 
expression if you want to effectively create a deny-list with one item.

Honestly, this is probably some technical dept worth paying off at this point.

Another option would be to store the object in a wrapper in the session that 
*is* serializable but it doesn't actually try to serialize the object it wraps.

I did one of these ages ago for similar reasons: I didn't want to go change all 
those classes to be Serializable. Here it is:

public class TransientObjectWrapper
 implements Serializable
{
 private static final long serialVersionUID = -4694896879363833304L;

 private transient final T _o;

 public TransientObjectWrapper(T o) { _o = o; }

 public T getWrappedObject() { return _o; } }

Using this plus a craftily-written Filter, HttpServletRequestWrapper, and 
HttpSession implementation would allow you to do this kind of thing without any 
failures.

Or you could just configure Tomcat's already flexible allow-list for session 
attribute names.

-chris

> -Original Message-
> From: Mark Thomas 
> Sent: Friday, March 22, 2024 1:27 PM
> To: users@tomcat.apache.org
> Subject: Re: [EXT]Re: Tomcat session replication issue - 
> java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
> 
> On 22/03/2024 15:43, Rick Noel wrote:
>> Mark,
>>
>> So if my customer object is failing to get set in the session 
>> replication, I could add this to the config snippet?
>>
>> sessionAttributeNameFilter="customer"
> 
> You set that to the attributes you DO want to replicate, not the ones you 
> don't.
> 
> Mark
> 
>>
>> so like this?...
>>
>>
>> >channelSendOptions="6">
>>
>> > className="org.apache.catalina.ha.session.DeltaManager"
>>  expireSessionsOnShutdown="false"
>>  
>> notifyListenersOnReplication="true"
>>  maxActiveSessions="8192"
>> 
>> sessionAttributeNameFilter="customer"
>>  />
>>
>> > className="org.apache.catalina.tribes.group.GroupChannel">
>>   > className="org.apache.catalina.tribes.membership.McastService"
>>   address="228.0.0.4"
>>   port="45564"
>>   frequency="500"
>>   dropTime="3000"/>
>>   > className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>> address="auto"
>> port="5000"
>> selectorTimeout="100"
>> maxThreads="6"/>
>>
>>   > className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>> > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
>>   
>>   > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
>>   > className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor&qu

Re: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

2024-03-22 Thread Christopher Schultz

Rick,

On 3/22/24 13:33, Rick Noel wrote:

I do not want to replicate customer because that class does not
implement  serializable

I was looking for someway that the Manager would NOT try to replicate
it

This is an allow-list which is much more secure than a deny-list.

It's a regular expression, so you can feel free to get super-creative 
with the expression if you want to effectively create a deny-list with 
one item.


Honestly, this is probably some technical dept worth paying off at this 
point.


Another option would be to store the object in a wrapper in the session 
that *is* serializable but it doesn't actually try to serialize the 
object it wraps.


I did one of these ages ago for similar reasons: I didn't want to go 
change all those classes to be Serializable. Here it is:


public class TransientObjectWrapper
implements Serializable
{
private static final long serialVersionUID = -4694896879363833304L;

private transient final T _o;

public TransientObjectWrapper(T o) { _o = o; }

public T getWrappedObject() { return _o; }
}

Using this plus a craftily-written Filter, HttpServletRequestWrapper, 
and HttpSession implementation would allow you to do this kind of thing 
without any failures.


Or you could just configure Tomcat's already flexible allow-list for 
session attribute names.


-chris


-Original Message-
From: Mark Thomas 
Sent: Friday, March 22, 2024 1:27 PM
To: users@tomcat.apache.org
Subject: Re: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

On 22/03/2024 15:43, Rick Noel wrote:

Mark,

So if my customer object is failing to get set in the session
replication, I could add this to the config snippet?

sessionAttributeNameFilter="customer"


You set that to the attributes you DO want to replicate, not the ones you don't.

Mark



so like this?...







  
  

  

  
  
  
  


   
filter=".*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.c

ss|.*\.txt"/>



   





Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com

-Original Message-
From: Mark Thomas 
Sent: Friday, March 22, 2024 11:32 AM
To: users@tomcat.apache.org
Subject: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

On 22/03/2024 15:15, Rick Noel wrote:

Is there a way to configure DeltaManager or the Cluster element so it does not 
cause my application to throw this error.

22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5]
org.apache.catalina.core.StandardWrapperValve.invoke
Servlet.service() for servlet [jsp] in context with path [##0001]
threw exception [An exception occurred processing
[/services/include/properties.jsp] at line [196]

193:
194:session.setAttribute( "format", stationFormat );
195:session.setAttribute( "employee_id", employeeId );
196:session.setAttribute( "customer", customer );
197:session.setAttribute( "customer_id", customerId );
198:session.setAttribute( "nonidentifier_call_letters", 
nonIdentifierCallLetters );
199:session.setAttribute( "call_letters", callLetters );


Stacktrace:] with root cause
  java.lang.IllegalArgumentException: setAttribute:
Non-serializable attribute [customer]


I know why the error, it is because the  customer object was never written to 
be serialiazable.
The old application I am working on has a lot of such non serialized
objects and I do not want to search out change them all to implement
serialiazable

I am hoping there is a way to configure Tomcat to just not try and
replication sessions all object which are not serialiazable


https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftomc
at.apache.org%2Ftomcat-10.1-doc%2Fconfig%2Fmanager.html&data=05%7C02%7
CRNoel%40westwoodone.com%7C1b723f1052ef4e59bf0808dc4a959af2%7Ce5d6709f
becf4b058cee37f5a62617c4%7C0%7C0%7C638467253633727340%7CUnknown%7CTWFp
bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
0%3D%7C0%7C%7C%7C&sdata=o5SvJv%2FM4QtRYM%2BEk18%2For7R81deb1g%2BW7N7XS
rMwuM%3D&reserved=0

Search for sessionAttributeNameFilter

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.

RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

2024-03-22 Thread Rick Noel
I do not want to replicate customer because that class does not implement  
serializable

I was looking for someway that the Manager would NOT try to replicate it 

Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com

-Original Message-
From: Mark Thomas  
Sent: Friday, March 22, 2024 1:27 PM
To: users@tomcat.apache.org
Subject: Re: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

On 22/03/2024 15:43, Rick Noel wrote:
> Mark,
> 
> So if my customer object is failing to get set in the session 
> replication, I could add this to the config snippet?
> 
> sessionAttributeNameFilter="customer"

You set that to the attributes you DO want to replicate, not the ones you don't.

Mark

> 
> so like this?...
> 
> 
>channelSendOptions="6">
> 
> className="org.apache.catalina.ha.session.DeltaManager"
> expireSessionsOnShutdown="false"
> 
> notifyListenersOnReplication="true"
> maxActiveSessions="8192"
>
> sessionAttributeNameFilter="customer"
> />
> 
> className="org.apache.catalina.tribes.group.GroupChannel">
>   className="org.apache.catalina.tribes.membership.McastService"
>  address="228.0.0.4"
>  port="45564"
>  frequency="500"
>  dropTime="3000"/>
>   className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>address="auto"
>port="5000"
>selectorTimeout="100"
>maxThreads="6"/>
> 
>   className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
>  
>   className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
>   className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
>   className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/>
>
> 
> className="org.apache.catalina.ha.tcp.ReplicationValve"
>   
> filter=".*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.c
> ss|.*\.txt"/>
> 
> 
> className="org.apache.catalina.ha.session.ClusterSessionListener"/>
>   
> 
> 
> 
> 
> 
> Rick Noel
> Systems Programmer | Westwood One
> rn...@westwoodone.com
> 
> -Original Message-
> From: Mark Thomas 
> Sent: Friday, March 22, 2024 11:32 AM
> To: users@tomcat.apache.org
> Subject: [EXT]Re: Tomcat session replication issue - 
> java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
> 
> On 22/03/2024 15:15, Rick Noel wrote:
>> Is there a way to configure DeltaManager or the Cluster element so it does 
>> not cause my application to throw this error.
>>
>> 22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5] 
>> org.apache.catalina.core.StandardWrapperValve.invoke 
>> Servlet.service() for servlet [jsp] in context with path [##0001] 
>> threw exception [An exception occurred processing 
>> [/services/include/properties.jsp] at line [196]
>>
>> 193:
>> 194:session.setAttribute( "format", stationFormat );
>> 195:session.setAttribute( "employee_id", employeeId );
>> 196:session.setAttribute( "customer", customer );
>> 197:session.setAttribute( "customer_id", customerId );
>> 198:

Re: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

2024-03-22 Thread Mark Thomas

On 22/03/2024 15:43, Rick Noel wrote:

Mark,

So if my customer object is failing to get set in the session replication,
I could add this to the config snippet?

sessionAttributeNameFilter="customer"


You set that to the attributes you DO want to replicate, not the ones 
you don't.


Mark



so like this?...




   

   
 
 

 
   
 
 
 
 
   

   


   
  





Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com

-Original Message-
From: Mark Thomas 
Sent: Friday, March 22, 2024 11:32 AM
To: users@tomcat.apache.org
Subject: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

On 22/03/2024 15:15, Rick Noel wrote:

Is there a way to configure DeltaManager or the Cluster element so it does not 
cause my application to throw this error.

22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5] 
org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for 
servlet [jsp] in context with path [##0001] threw exception [An exception 
occurred processing [/services/include/properties.jsp] at line [196]

193:
194:session.setAttribute( "format", stationFormat );
195:session.setAttribute( "employee_id", employeeId );
196:session.setAttribute( "customer", customer );
197:session.setAttribute( "customer_id", customerId );
198:session.setAttribute( "nonidentifier_call_letters", 
nonIdentifierCallLetters );
199:session.setAttribute( "call_letters", callLetters );


Stacktrace:] with root cause
 java.lang.IllegalArgumentException: setAttribute: 
Non-serializable attribute [customer]


I know why the error, it is because the  customer object was never written to 
be serialiazable.
The old application I am working on has a lot of such non serialized objects 
and I do not want to search out change them all to implement serialiazable

I am hoping there is a way to configure Tomcat to just not try and replication 
sessions all object which are not serialiazable


https://tomcat.apache.org/tomcat-10.1-doc/config/manager.html

Search for sessionAttributeNameFilter

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you know the sender and you are sure the 
content is safe. Please report the message using the Report Message feature in 
your email client if you believe the email is suspicious.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

2024-03-22 Thread Rick Noel
So setting...   
sessionAttributeNameFilter="customer"
does not work,
 still getting the error  java.lang.IllegalArgumentException: setAttribute: 
Non-serializable attribute : customer

Do I need to set this also?

sessionAttributeValueClassNameFilter= 
"java\\.lang\\.(?:Boolean|Integer|Long|Number|String)|com.radiovoodoo.customer.Customer"

I am thinking no config setting can stop this error.

I am thinking  I must alter my Customer code and make that class implement 
java.io.Serializable.
And that is  what I was hoping not to do. (alter the application code itself)

Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com

-Original Message-
From: Rick Noel
Sent: Friday, March 22, 2024 11:43 AM
To: Tomcat Users List 
Subject: RE: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

Mark,

So if my customer object is failing to get set in the session replication, I 
could add this to the config snippet?

sessionAttributeNameFilter="customer"

so like this?...




  

  




  




  

  


  
 





Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com

-Original Message-
From: Mark Thomas 
Sent: Friday, March 22, 2024 11:32 AM
To: users@tomcat.apache.org
Subject: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

On 22/03/2024 15:15, Rick Noel wrote:
> Is there a way to configure DeltaManager or the Cluster element so it does 
> not cause my application to throw this error.
>
> 22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5]
> org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service()
> for servlet [jsp] in context with path [##0001] threw exception [An
> exception occurred processing [/services/include/properties.jsp] at
> line [196]
>
> 193:
> 194:session.setAttribute( "format", stationFormat );
> 195:session.setAttribute( "employee_id", employeeId );
> 196:session.setAttribute( "customer", customer );
> 197:session.setAttribute( "customer_id", customerId );
> 198:session.setAttribute( "nonidentifier_call_letters", 
> nonIdentifierCallLetters );
> 199:session.setAttribute( "call_letters", callLetters );
>
>
> Stacktrace:] with root cause
> java.lang.IllegalArgumentException: setAttribute:
> Non-serializable attribute [customer]
>
>
> I know why the error, it is because the  customer object was never written to 
> be serialiazable.
> The old application I am working on has a lot of such non serialized
> objects and I do not want to search out change them all to implement
> serialiazable
>
> I am hoping there is a way to configure Tomcat to just not try and
> replication sessions all object which are not serialiazable

https://tomcat.apache.org/tomcat-10.1-doc/config/manager.html

Search for sessionAttributeNameFilter

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you know the sender and you are sure the 
content is safe. Please report the message using the Report Message feature in 
your email client if you believe the email is suspicious.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: [EXT]Re: Tomcat session replication issue - java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

2024-03-22 Thread Rick Noel
Mark,

So if my customer object is failing to get set in the session replication,
I could add this to the config snippet?

sessionAttributeNameFilter="customer"

so like this?...




  

  




  




  

  


  
 





Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com

-Original Message-
From: Mark Thomas 
Sent: Friday, March 22, 2024 11:32 AM
To: users@tomcat.apache.org
Subject: [EXT]Re: Tomcat session replication issue - 
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :

On 22/03/2024 15:15, Rick Noel wrote:
> Is there a way to configure DeltaManager or the Cluster element so it does 
> not cause my application to throw this error.
>
> 22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5] 
> org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for 
> servlet [jsp] in context with path [##0001] threw exception [An exception 
> occurred processing [/services/include/properties.jsp] at line [196]
>
> 193:
> 194:session.setAttribute( "format", stationFormat );
> 195:session.setAttribute( "employee_id", employeeId );
> 196:session.setAttribute( "customer", customer );
> 197:session.setAttribute( "customer_id", customerId );
> 198:session.setAttribute( "nonidentifier_call_letters", 
> nonIdentifierCallLetters );
> 199:session.setAttribute( "call_letters", callLetters );
>
>
> Stacktrace:] with root cause
> java.lang.IllegalArgumentException: setAttribute: 
> Non-serializable attribute [customer]
>
>
> I know why the error, it is because the  customer object was never written to 
> be serialiazable.
> The old application I am working on has a lot of such non serialized objects 
> and I do not want to search out change them all to implement serialiazable
>
> I am hoping there is a way to configure Tomcat to just not try and 
> replication sessions all object which are not serialiazable

https://tomcat.apache.org/tomcat-10.1-doc/config/manager.html

Search for sessionAttributeNameFilter

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you know the sender and you are sure the 
content is safe. Please report the message using the Report Message feature in 
your email client if you believe the email is suspicious.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org