You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2020/01/23 16:37:56 UTC
[tomcat] branch 7.0.x updated: Add new connector attribute to control facade recycling

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new c6fe6cf  Add new connector attribute to control facade recycling
c6fe6cf is described below

commit c6fe6cfdda0a3709c7e60e2dbb5cc961bb41fe5a
Author: remm <re...@apache.org>
AuthorDate: Thu Jan 23 10:54:52 2020 +0100

    Add new connector attribute to control facade recycling
    
    Use the same default as before, using the system property and false if
    not set.
---
 java/org/apache/catalina/connector/Connector.java | 39 ++++++++++++++++++-----
 java/org/apache/catalina/connector/Request.java   | 14 ++++++--
 java/org/apache/catalina/connector/Response.java  |  3 +-
 webapps/docs/changelog.xml                        |  4 +++
 webapps/docs/config/http.xml                      | 11 +++++++
 webapps/docs/security-howto.xml                   | 10 +++---
 6 files changed, 64 insertions(+), 17 deletions(-)

diff --git a/java/org/apache/catalina/connector/Connector.java b/java/org/apache/catalina/connector/Connector.java
index 5df2711..f95fab9 100644
--- a/java/org/apache/catalina/connector/Connector.java
+++ b/java/org/apache/catalina/connector/Connector.java
@@ -23,6 +23,7 @@ import java.util.HashSet;
 
 import javax.management.ObjectName;
 
+import org.apache.catalina.Globals;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.Service;
@@ -48,14 +49,6 @@ public class Connector extends LifecycleMBeanBase  {
 
     private static final Log log = LogFactory.getLog(Connector.class);
 
-
-    /**
-     * Alternate flag to enable recycling of facades.
-     */
-    public static final boolean RECYCLE_FACADES =
-            Boolean.parseBoolean(System.getProperty("org.apache.catalina.connector.RECYCLE_FACADES", "false"));
-
-
     // ------------------------------------------------------------ Constructor
 
     public Connector() {
@@ -140,6 +133,17 @@ public class Connector extends LifecycleMBeanBase  {
 
 
     /**
+     * The flag that controls recycling of the facades of the request
+     * processing objects. If set to <code>true</code> the object facades
+     * will be discarded when the request is recycled. If the security
+     * manager is enabled, this setting is ignored and object facades are
+     * always discarded.
+     */
+    protected boolean discardFacades =
+            Boolean.parseBoolean(System.getProperty("org.apache.catalina.connector.RECYCLE_FACADES", "false"));
+
+
+    /**
      * The redirect port for non-SSL to SSL redirects.
      */
     protected int redirectPort = 443;
@@ -371,6 +375,25 @@ public class Connector extends LifecycleMBeanBase  {
 
 
     /**
+     * @return <code>true</code> if the object facades are discarded, either
+     *   when the discardFacades value is <code>true</code> or when the
+     *   security manager is enabled.
+     */
+    public boolean getDiscardFacades() {
+        return discardFacades || Globals.IS_SECURITY_ENABLED;
+    }
+
+
+    /**
+     * Set the recycling strategy for the object facades.
+     * @param discardFacades the new value of the flag
+     */
+    public void setDiscardFacades(boolean discardFacades) {
+        this.discardFacades = discardFacades;
+    }
+
+
+    /**
      * @return the "enable DNS lookups" flag.
      */
     public boolean getEnableLookups() {
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index ab4e5f0..91efe10 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -509,7 +509,7 @@ public class Request implements HttpServletRequest {
 
         recycleSessionInfo();
 
-        if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
+        if (getDiscardFacades()) {
             parameterMap = new ParameterMap<String, String[]>();
         } else {
             parameterMap.setLocked(false);
@@ -518,7 +518,7 @@ public class Request implements HttpServletRequest {
 
         mappingData.recycle();
 
-        if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
+        if (getDiscardFacades()) {
             if (facade != null) {
                 facade.clear();
                 facade = null;
@@ -634,6 +634,16 @@ public class Request implements HttpServletRequest {
 
 
     /**
+     * Get the recycling strategy of the facade objects.
+     * @return the value of the flag as set on the connector, or
+     *   <code>true</code> if no connector is associated with this request
+     */
+    public boolean getDiscardFacades() {
+        return (connector == null) ? true : connector.getDiscardFacades();
+    }
+
+
+    /**
      * Filter chain associated with the request.
      */
     protected FilterChain filterChain = null;
diff --git a/java/org/apache/catalina/connector/Response.java b/java/org/apache/catalina/connector/Response.java
index 2d5c558..ad197a6 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -38,7 +38,6 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
 import org.apache.catalina.Session;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.security.SecurityUtil;
@@ -258,7 +257,7 @@ public class Response implements HttpServletResponse {
         included = false;
         isCharacterEncodingSet = false;
 
-        if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
+        if (request.getDiscardFacades()) {
             if (facade != null) {
                 facade.clear();
                 facade = null;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5f7e9bb..e479550 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -110,6 +110,10 @@
         <bug>58577</bug>: Respect the argument-count when searching for MBean
         operations to invoke via the JMXProxyServlet. (schultz)
       </fix>
+      <update>
+        Refactor recycle facade system property into a new connector attribute
+        named <code>discardFacades</code>. (remm)
+      </update>
     </changelog>
   </subsection>
   <subsection name="Coyote">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 260374d..f6cb6bc 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -84,6 +84,17 @@
       specified, this attribute is set to 10000 (10 seconds).</p>
     </attribute>
 
+    <attribute name="discardFacades" required="false">
+      <p>A boolean value which can be used to enable or disable the recycling
+      of the facade objects that isolate the container internal request
+      processing objects. If set to <code>true</code> the facades will be
+      set for garbage collection after every request, otherwise they will be
+      reused. This setting has no effect when the security manager is enabled.
+      If not specified, this attribute is set to the value of the
+      <code>org.apache.catalina.connector.RECYCLE_FACADES</code> system
+      property, or <code>false</code> if not set.</p>
+    </attribute>
+
     <attribute name="enableLookups" required="false">
       <p>Set to <code>true</code> if you want calls to
       <code>request.getRemoteHost()</code> to perform DNS lookups in
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 7bccf0c..e6199bc 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -257,6 +257,11 @@
       handle the response from a TRACE request (which exposes the browser to an
       XSS attack), support for TRACE requests is disabled by default.</p>
 
+      <p>The <strong>discardFacades</strong> attribute set to <code>true</code>
+      will cause a new facade object to be created for each request. This
+      reduces the chances of a bug in an application exposing data from one
+      request to another.</p>
+
       <p>The <strong>maxPostSize</strong> attribute controls the maximum size
       of a POST request that will be parsed for parameters. The parameters are
       cached for the duration of the request so this is limited to 2MB by
@@ -449,11 +454,6 @@
   </section>
 
   <section name="System Properties">
-    <p>Setting <strong>org.apache.catalina.connector.RECYCLE_FACADES</strong>
-    system property to <code>true</code> will cause a new facade object to be
-    created for each request. This reduces the chances of a bug in an
-    application exposing data from one request to another.</p>
-
     <p>The <strong>
     org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH</strong> and
     <strong>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</strong>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org