You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Chris Parrinello <ch...@chrispy.net> on 2000/05/01 03:00:40 UTC
[Catalina] Session Store?
Hi,
I'd like to work on the Session store component in Catalina if nobody else has
spoken for it.
I noticed that Craig has filled out most of the FileStore implementation. I
assume all that is left are the methods that have FIXME in them?
Chris
Re: [Catalina] Manager for FileStore
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Chris Parrinello wrote:
> "Craig R. McClanahan" wrote:
> >
> > Hi Chris .. I'll be happy to sign you up for whichever Store implementations you
> > want to work on. You're correct -- the FileStore one needs to be fleshed out
> > (although I'm not sure that file-per-session is going to scale real well). I'd
> > also like to see Store implementations that use a database via JDBC, plus other
> > approaches that might sound reasonable.
>
> I was just looking at the code and realized that there needs to be a Manager
> implementation that uses the Store interface in order for the FileStore to work
> (unless I'm missing something...). Please sign me up for that action item as
> well unless somebody else is working on an implementation.
>
You've got it right ... I just added your name to the "proposals/catalina/STATUS.html"
entry for this piece.
Here are some random thoughts I have had about what could/should be supported:
* Configurable policy on when active but idle sessions should
be swapped out to the Store. Perhaps based on some
combination of maximum active sessions in memory, minimum
time before swapout is allowed, etc.
* Configurable policy to persist active sessions occassionally
even if you're not swapping them out (low grade failure recovery
support).
* On shutdown, persist everything. On subsequent startup,
the sessions that were active should remain active.
To do some of this, you'll need a background thread to be running. You can look at
the one in StandardManager for a starting point if you like.
>
> Thanks,
> Chris
>
Craig
[Catalina] Manager for FileStore
Posted by Chris Parrinello <ch...@chrispy.net>.
"Craig R. McClanahan" wrote:
>
> Hi Chris .. I'll be happy to sign you up for whichever Store implementations you
> want to work on. You're correct -- the FileStore one needs to be fleshed out
> (although I'm not sure that file-per-session is going to scale real well). I'd
> also like to see Store implementations that use a database via JDBC, plus other
> approaches that might sound reasonable.
I was just looking at the code and realized that there needs to be a Manager
implementation that uses the Store interface in order for the FileStore to work
(unless I'm missing something...). Please sign me up for that action item as
well unless somebody else is working on an implementation.
Thanks,
Chris
Re: [Catalina] Session Store?
Posted by Chris Parrinello <ch...@chrispy.net>.
"Craig R. McClanahan" wrote:
>
> Hi Chris .. I'll be happy to sign you up for whichever Store implementations you
> want to work on. You're correct -- the FileStore one needs to be fleshed out
> (although I'm not sure that file-per-session is going to scale real well). I'd
> also like to see Store implementations that use a database via JDBC, plus other
> approaches that might sound reasonable.
>
> Craig
I'd be interested in doing the JDBC implementation as well.
Thanks,
Chris
Re: [Catalina] Session Store?
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
John Pappin wrote:
> It seems to me that this is one of those things that would very well as an
> interface, and basic implementation... (Like the JDBC Driver interface)... A
> simple file store would allow the project to continue, and other store types
> could be built in parallel.
> Lets face it, what the store does will depend on who/what is running it, and
> I suspect that something like this would be best as customizable as
> possible.
>
Agreed ... that's why Store *is* an interface in Catalina. The file-based
implementation is about half done, and someone volunteered to work on it -- but
the more the merrier.
>
> - Brill Pappin
>
Craig
Re: [Catalina] Session Store?
Posted by John Pappin <jo...@jmonkey.com>.
It seems to me that this is one of those things that would very well as an
interface, and basic implementation... (Like the JDBC Driver interface)... A
simple file store would allow the project to continue, and other store types
could be built in parallel.
Lets face it, what the store does will depend on who/what is running it, and
I suspect that something like this would be best as customizable as
possible.
- Brill Pappin
----- Original Message -----
From: "Ben Laurie" <be...@algroup.co.uk>
To: <to...@jakarta.apache.org>
Sent: Monday, May 01, 2000 12:34 PM
Subject: Re: [Catalina] Session Store?
> "Craig R. McClanahan" wrote:
> >
> > Hi Chris .. I'll be happy to sign you up for whichever Store
implementations you
> > want to work on. You're correct -- the FileStore one needs to be
fleshed out
> > (although I'm not sure that file-per-session is going to scale real
well). I'd
> > also like to see Store implementations that use a database via JDBC,
plus other
> > approaches that might sound reasonable.
>
> Like Splash (the distributed store I was bending your ear about at
> ApacheCon - now working in prototype) ... tell me - I've never actually
> looked inside a Java session store - how big do they get? I realise this
> is a "how long is a piece of string" question, I'm just trying to get a
> feel for rough figures for typical applications.
>
> Cheers,
>
> Ben.
>
> --
> http://www.apache-ssl.org/ben.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
[Catalina] [Patch] Very minor character encoding bug fix
Posted by Remy Maucherat <re...@exoffice.com>.
Fixes the following bug :
While trying to open a reader on the request input stream, the specified
character encoding could be null.
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/connector/Constants.java,v
retrieving revision 1.2
diff -r1.2 Constants.java
76a77
> public static final String DEFAULT_CHARACTER_ENCODING = "8859_1";
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/connector/RequestBase.java,v
retrieving revision 1.7
diff -r1.7 RequestBase.java
705a706,709
> String encoding = getCharacterEncoding();
> if (encoding == null) {
> encoding = Constants.DEFAULT_CHARACTER_ENCODING;
> }
708c712
< getCharacterEncoding());
---
> encoding);
Remy
[Catalina] [Patch] Role resolution broken
Posted by Remy Maucherat <re...@exoffice.com>.
Fixes the following bug :
Authorization was only given if principal.getName() was equal to the
authorized role name, because of a bug during the initialization of the
roles Hashtable in MemoryRealm.
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/realm/MemoryRealm.java,v
retrieving revision 1.3
diff -r1.3 MemoryRealm.java
368c373
< users.addElement(role);
---
> users.addElement(username);
Remy
Re: [Catalina] [Patch] Basic security
Posted by Craig McClanahan <Cr...@eng.sun.com>.
Remy Maucherat wrote:
> This patch enables HTTP Basic authentication in Catalina, and fixes a
> cosmetic issue.
>
This looks great ... I will start integrating and testing it first thing
tomorrow morning.
Craig
Re: [Catalina] [Patch] Basic security
Posted by Remy Maucherat <re...@exoffice.com>.
> - I use the brand new Xerces Base64 decoder to unencode the HTTP
> authorization string (original classname : org.apache.xerces.utils.Base64)
Ooops, it seems my attachement got killed by the mailing list server.
Remy
package org.apache.tomcat.util;
import java.lang.*;
/**
* This class provides encode/decode for RFC 2045 Base64 as
* defined by RFC 2045, N. Freed and N. Borenstein.
* RFC 2045: Multipurpose Internet Mail Extensions (MIME)
* Part One: Format of Internet Message Bodies. Reference
* 1996 Available at: http://www.ietf.org/rfc/rfc2045.txt
* This class is used by XML Schema binary format validation
*
* @author Jeffrey Rodriguez
* @version
*/
public final class Base64 {
static private final int BASELENGTH = 255;
static private final int LOOKUPLENGTH = 63;
static private final int TWENTYFOURBITGROUP = 24;
static private final int EIGHTBIT = 8;
static private final int SIXTEENBIT = 16;
static private final int SIXBIT = 6;
static private final int FOURBYTE = 4;
static private final byte PAD = ( byte ) '=';
static private byte [] base64Alphabet = new byte[BASELENGTH];
static private byte [] lookUpBase64Alphabet = new byte[LOOKUPLENGTH];
static {
for (int i = 0; i<BASELENGTH; i++ ) {
base64Alphabet[i] = -1;
}
for ( int i = 'Z'; i >= 'A'; i-- ) {
base64Alphabet[i] = (byte) (i-'A');
}
for ( int i = 'z'; i>= 'a'; i--) {
base64Alphabet[i] = (byte) ( i-'a' + 26);
}
for ( int i = '9'; i >= '0'; i--) {
base64Alphabet[i] = (byte) (i-'0' + 52);
}
base64Alphabet['+'] = 62;
base64Alphabet['/'] = 63;
for (int i = 0; i<=25; i++ )
lookUpBase64Alphabet[i] = (byte) ('A'+i );
for (int i = 26, j = 0; i<=51; i++, j++ )
lookUpBase64Alphabet[i] = (byte) ('a'+ j );
for (int i = 52, j = 0; i<=61; i++, j++ )
lookUpBase64Alphabet[i] = (byte) ('0' + j );
}
static boolean isBase64( byte octect ) {
//shall we ignore white space? JEFF??
return(octect == PAD || base64Alphabet[octect] != -1 );
}
static boolean isArrayByteBase64( byte[] arrayOctect ) {
int length = arrayOctect.length;
if ( length == 0 )
return false;
for ( int i=0; i < length; i++ ) {
if ( Base64.isBase64( arrayOctect[i] ) == false)
return false;
}
return true;
}
/**
* Encodes hex octects into Base64
*
* @param binaryData Array containing binaryData
* @return Encoded Base64 array
*/
public byte[] encode( byte[] binaryData ) {
int lengthDataBits = binaryData.length*EIGHTBIT;
int fewerThan24bits = lengthDataBits%TWENTYFOURBITGROUP;
int numberTriplets = lengthDataBits/TWENTYFOURBITGROUP;
byte encodedData[] = null;
if ( fewerThan24bits != 0 ) //data not divisible by 24 bit
encodedData = new byte[ (numberTriplets + 1 )*4 ];
else // 16 or 8 bit
encodedData = new byte[ numberTriplets*4 ];
byte k=0, l=0, b1=0,b2=0,b3=0;
int encodedIndex = 0;
int dataIndex = 0;
int i = 0;
for ( i = 0; i<numberTriplets; i++ ) {
dataIndex = i*3;
b1 = binaryData[dataIndex];
b2 = binaryData[dataIndex + 1];
b3 = binaryData[dataIndex + 2];
l = (byte)(b2 & 0x0f);
k = (byte)(b1 & 0x03);
encodedIndex = i*4;
encodedData[encodedIndex] = lookUpBase64Alphabet[ b1 >>2 ];
encodedData[encodedIndex+1] = lookUpBase64Alphabet[(b2 >>4 ) |
( k<<4 )];
encodedData[encodedIndex+2] = lookUpBase64Alphabet[ (l <<2 ) |
( b3>>6)];
encodedData[encodedIndex+3] = lookUpBase64Alphabet[ b3 & 0x3f ];
}
// form integral number of 6-bit groups
dataIndex = i*3;
encodedIndex = i*4;
if (fewerThan24bits == EIGHTBIT ) {
b1 = binaryData[dataIndex];
k = (byte) ( b1 &0x03 );
encodedData[encodedIndex] = lookUpBase64Alphabet[ b1 >>2 ];
encodedData[encodedIndex + 1] = lookUpBase64Alphabet[ k<<4 ];
encodedData[encodedIndex + 2] = PAD;
encodedData[encodedIndex + 3] = PAD;
} else if ( fewerThan24bits == SIXTEENBIT ) {
b1 = binaryData[dataIndex];
b2 = binaryData[dataIndex +1 ];
l = ( byte ) ( b2 &0x0f );
k = ( byte ) ( b1 &0x03 );
encodedData[encodedIndex] = lookUpBase64Alphabet[ b1 >>2 ];
encodedData[encodedIndex + 1] = lookUpBase64Alphabet[ (b2 >>4 )
| ( k<<4 )];
encodedData[encodedIndex + 2] = lookUpBase64Alphabet[ l<<2 ];
encodedData[encodedIndex + 3] = PAD;
}
return encodedData;
}
/**
* Decodes Base64 data into octects
*
* @param binaryData Byte array containing Base64 data
* @return Array containind decoded data.
*/
public byte[] decode( byte[] base64Data ) {
int numberQuadruple = base64Data.length/FOURBYTE;
byte decodedData[] = null;
byte b1=0,b2=0,b3=0, b4=0, marker0=0, marker1=0;
// Throw away anything not in base64Data
// Adjust size
int encodedIndex = 0;
int dataIndex = 0;
decodedData = new byte[ numberQuadruple*3 + 1 ];
for (int i = 0; i<numberQuadruple; i++ ) {
dataIndex = i*4;
marker0 = base64Data[dataIndex +2];
marker1 = base64Data[dataIndex +3];
b1 = base64Alphabet[base64Data[dataIndex]];
b2 = base64Alphabet[base64Data[dataIndex +1]];
if ( marker0 != PAD && marker1 != PAD ) { //No PAD e.g 3cQl
b3 = base64Alphabet[ marker0 ];
b4 = base64Alphabet[ marker1 ];
decodedData[encodedIndex] = (byte)( b1 <<2 | b2>>4 ) ;
decodedData[encodedIndex+1] = (byte)(((b2 & 0xf)<<4 ) |(
(b3>>2) & 0xf) );
decodedData[encodedIndex+2] = (byte)( b3<<6 | b4 );
} else if ( marker0 == PAD ) { //Two PAD e.g.
3c[Pad][Pad]
decodedData[encodedIndex] = (byte)( b1 <<2 | b2>>4 ) ;
decodedData[encodedIndex+1] = (byte)((b2 & 0xf)<<4 );
decodedData[encodedIndex+2] = (byte) 0;
} else if ( marker1 == PAD ) { //One PAD e.g.
3cQ[Pad]
b3 = base64Alphabet[ marker0 ];
decodedData[encodedIndex] = (byte)( b1 <<2 | b2>>4 );
decodedData[encodedIndex+1] = (byte)(((b2 & 0xf)<<4 ) |(
(b3>>2) & 0xf) );
decodedData[encodedIndex+2] = (byte)( b3<<6);
}
encodedIndex += 3;
}
return decodedData;
}
}
[Catalina] [Patch] Basic security
Posted by Remy Maucherat <re...@exoffice.com>.
This patch enables HTTP Basic authentication in Catalina, and fixes a
cosmetic issue.
Here is a summary of what the patch addresses :
- Fix to the load-on-startup bug (the added function in StandardContext is
no longer necessary now)
- Added parsing of the SecurityConstraint and SecurityCollection data
structures in ContextConfig
- XML Mapper cannot handle object factories (like
SecurityConstraint.createCollection), so SecurityCollection is now a
standard JavaBean. I probably could have written a new XMLaction, though ...
- Added support for LoginConfig in the XML
- I use the brand new Xerces Base64 decoder to unencode the HTTP
authorization string (original classname : org.apache.xerces.utils.Base64)
- Fixed the memory realm hasRole function (ClassCastException)
- It works :-) HttpServletRequest.getUserPrincipal works, too (tested with
Slide / OpenDAV).
- I also include a web.xml patch, which uses the new XML elements
Remy
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/conf/web.xml,v
retrieving revision 1.5
diff -r1.5 web.xml
47a52,73
>
> <security-role>
> <role-name>tomcat</role-name>
> </security-role>
>
> <security-constraint>
> <auth-role>tomcat</auth-role>
> <security-collection>
> <name>test</name>
> <method>OPTIONS</method>
> <method>GET</method>
> <method>PROPFIND</method>
> <pattern>/*</pattern>
> </security-collection>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>tomcat</realm-name>
> <login-page>/login.html</login-page>
> <error-page>/error.html</error-page>
> </login-config>
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/core/StandardContext.java,v
retrieving revision 1.15
diff -r1.15 StandardContext.java
324a325,342
> * Set the login configuration descriptor for this web application.
> *
> * @param authMethod Authentication method to use, if any
> * @param realmName Realm name to use in security challenges
> * @param loginPage Context-relative URI of the login page
> * @param errorPage Context-relative URI of the error page
> */
> public void setLoginConfig(String authMethod, String realmName,
> String loginPage, String errorPage) {
>
> LoginConfig newLoginConfig =
> new LoginConfig(authMethod, realmName, loginPage, errorPage);
> setLoginConfig(newLoginConfig);
>
> }
>
>
> /**
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/core/StandardWrapper.java,v
retrieving revision 1.8
diff -r1.8 StandardWrapper.java
278,295d277
<
< /**
< * This should not be necessary, but XmlMapper does not seem to find
< * the version of setLoadOnStartup with an "int" argument.
< *
< * @param value New load-on-startup value
< */
< public void setLoadOnStartup(String value) {
<
< try {
< setLoadOnStartup(Integer.parseInt(value));
< } catch (NumberFormatException e) {
< setLoadOnStartup(0);
< }
<
< }
<
<
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/deploy/SecurityCollection.java,v
retrieving revision 1.1
diff -r1.1 SecurityCollection.java
107a108,117
> /**
> * Construct a new security collection instance without default values.
> */
> public SecurityCollection() {
>
> super();
>
> }
>
>
149a160,189
> * Return the security constraint we are attached to.
> */
> public void setConstraint(SecurityConstraint constraint) {
>
> if (constraint != null) {
>
> Enumeration patternsList = this.patterns.keys();
> while (patternsList.hasMoreElements()) {
> String currentPattern = (String) patternsList.nextElement();
> constraint.removePattern(currentPattern);
> }
>
> }
>
> this.constraint = constraint;
>
> if (constraint != null) {
>
> Enumeration patternsList = this.patterns.keys();
> while (patternsList.hasMoreElements()) {
> String currentPattern = (String) patternsList.nextElement();
> constraint.addPattern(currentPattern, this);
> }
>
> }
>
> }
>
>
> /**
158a199,208
> /**
> * Return the name of this web resource collection.
> */
> public void setName(String name) {
>
> this.name = name;
>
> }
>
>
189c239,241
< constraint.addPattern(pattern, this);
---
> if (constraint != null) {
> constraint.addPattern(pattern, this);
> }
287c339,341
< constraint.removePattern(pattern);
---
> if (constraint != null) {
> constraint.removePattern(pattern);
> }
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/deploy/SecurityConstraint.java,v
retrieving revision 1.1
diff -r1.1 SecurityConstraint.java
286c286,288
< // Check all defined patterns
---
> System.out.println("Checking " + uri + " with method " + method);
>
> // Check all defined patterns
357c359
< patterns.put(pattern, collection);
---
> patterns.put(pattern, collection);
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/realm/MemoryRealm.java,v
retrieving revision 1.3
diff -r1.3 MemoryRealm.java
303a304
>
310a312
>
313,315c315,318
< MemoryRealmPrincipal item =
< (MemoryRealmPrincipal) items.nextElement();
< if (name.equals(item.getName())) {
---
> String item =
> (String) items.nextElement();
>
> if (name.equals(item)) {
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/security/HttpBasicAuth.java,v
retrieving revision 1.6
diff -r1.6 HttpBasicAuth.java
75a76
> import org.apache.tomcat.util.Base64;
93a95,100
> // --------------------------------------------------------------
Constants
>
>
> private static final Base64 base64Helper = new Base64();
>
>
116c123
< // Validate any credentials already included with this request
---
> // Validate any credentials already included with this request
120a128,129
> System.out.println("Authorization : " + authorization);
>
133a143,144
> System.out.println("Realm name : " + realmName);
>
161c172,173
< String unencoded = authorization; // FIXME - Base64 Decoder needed!
---
> String unencoded = new
String(base64Helper.decode(authorization.getBytes()));
>
166c178,179
< String password = unencoded.substring(colon + 1);
---
> // Remove spaces appended at the end of the password (is it a bug ?)
> String password = unencoded.substring(colon + 1).trim();
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomca
t/startup/ContextConfig.java,v
retrieving revision 1.6
diff -r1.6 ContextConfig.java
231c231,233
< mapper.addRule("web-app/context-param",
---
> mapper.setDebug(999);
>
> mapper.addRule("web-app/context-param",
269c271,280
< ; // FIXME - web-app/login-config
---
> mapper.addRule("web-app/login-config",
> mapper.methodSetter("setLoginConfig", 4));
> mapper.addRule("web-app/login-config/auth-method",
> mapper.methodParam(0));
> mapper.addRule("web-app/login-config/realm-name",
> mapper.methodParam(1));
> mapper.addRule("web-app/login-config/login-page",
> mapper.methodParam(2));
> mapper.addRule("web-app/login-config/error-page",
> mapper.methodParam(3));
289c300,321
< ; // FIXME - web-app/security-constraint
---
> mapper.addRule("web-app/security-constraint",
> mapper.objectCreate("org.apache.tomcat.deploy.SecurityConstraint"));
> mapper.addRule("web-app/security-constraint",
> mapper.addChild("addConstraint",
> "org.apache.tomcat.deploy.SecurityConstraint"));
> mapper.addRule("web-app/security-constraint/user-constraint",
> mapper.methodSetter("setUserConstraint", 0));
> mapper.addRule("web-app/security-constraint/auth-role",
> mapper.methodSetter("addAuthRole", 0));
> mapper.addRule("web-app/security-constraint/security-collection",
> mapper.objectCreate("org.apache.tomcat.deploy.SecurityCollection"));
> mapper.addRule("web-app/security-constraint/security-collection",
> mapper.addChild("addCollection",
> "org.apache.tomcat.deploy.SecurityCollection"));
> mapper.addRule("web-app/security-constraint/security-collection",
> mapper.setParent("setConstraint"));
> mapper.addRule("web-app/security-constraint/security-collection/name",
> mapper.methodSetter("setName", 0));
> mapper.addRule("web-app/security-constraint/security-collection/method",
> mapper.methodSetter("addMethod", 0));
> mapper.addRule("web-app/security-constraint/security-collection/pattern",
> mapper.methodSetter("addPattern", 0));
308a341
> String[] argTypes = { "int" };
310c343
< mapper.methodSetter("setLoadOnStartup", 0));
---
> mapper.methodSetter("setLoadOnStartup", 0, argTypes));
Re: [Catalina] Session Store?
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Thanks James ... I will add your name to the (growing) list of contributors in
file "proposals/catalina/STATUS.html" in the Tomcat source repository.
Craig
James Cook wrote:
> Has anyone thought of using JavaSpaces as a Store implementation? Better
> yet, IBM's TSpaces implementation is an order of magnitude faster.
>
> I tinkered about a year ago with the idea of building a distributed web
> server using this approach. Http requests would be put into the tuple space
> and withdrawn by whatever web server was free to do so. It worked quite
> well, however the cost of serializing http requests (responses) was pretty
> abusive on the design.
>
> Regardless, I wanted to implement the session storage mechanism this way as
> well. It seems ideal for those systems that need some sort of failover
> mechanism for session state as well as the immediate benefit of session
> sharing. IBM's TSpace product also can be backed to a database for
> persistence. The only problem lies in their licensing. It is not opensource.
>
> JavaSpaces is a much, much slower implementation with nary half the
> features, but since it is open, it would probably be a better alternative
> for distribution examples. I would be happy to sign up for the
> implementation.
>
> jim
>
> > -----Original Message-----
> > From: Ben Laurie [mailto:ben@algroup.co.uk]
> > Sent: Monday, May 01, 2000 3:16 PM
> > To: tomcat-dev@jakarta.apache.org
> > Subject: Re: [Catalina] Session Store?
> >
> >
> > "Craig R. McClanahan" wrote:
> > >
> > > Ben Laurie wrote:
> > >
> > > > "Craig R. McClanahan" wrote:
> > > > >
> > > > > Hi Chris .. I'll be happy to sign you up for whichever
> > Store implementations you
> > > > > want to work on. You're correct -- the FileStore one needs
> > to be fleshed out
> > > > > (although I'm not sure that file-per-session is going to
> > scale real well). I'd
> > > > > also like to see Store implementations that use a database
> > via JDBC, plus other
> > > > > approaches that might sound reasonable.
> > > >
> > > > Like Splash (the distributed store I was bending your ear about at
> > > > ApacheCon - now working in prototype) ... tell me - I've
> > never actually
> > > > looked inside a Java session store - how big do they get? I
> > realise this
> > > > is a "how long is a piece of string" question, I'm just
> > trying to get a
> > > > feel for rough figures for typical applications.
> > > >
> > >
> > > The only rational answer, of course, is "it depends ..." :-)
> > >
> > > I view session stores as being useful in (at least) the
> > following broad categories:
> > >
> > > * Large web application with lots of relatively long-lived sessions, but
> > > many of them not currently active (and therefore it becomes
> > > possible to swap them out). This lets you run an app where not all
> > > the active users can fit in the memory of your server, in the same way
> > > that an OS lets you run apps whose total memory requirements exceeds
> > > the physical memory of the server.
> > >
> > > * Mechanism to share session information in a load balanced environment
> > > (the Store interface probably needs to be beefed up to deal with this)
> > > similar to what you were talking about. This subdivides into
> > situations
> > > where a session sticks to the first server that it is
> > assigned to (like Apache
> > > JServ does it today) and situations where a session can be migrated
> > > between servers for load balancing or failure recovery.
> > >
> > > * Mechanism to save session state across server restarts (either
> > > normal shutdowns or auto-reloads during development). Performance
> > > is probably not as big a concern here.
> > >
> > > So the answer is ... maybe thousands of sessions, with data
> > content of the type
> > > typically stored (i.e. serializable objects representing the
> > current application
> > > state). I suspect many apps will run into other bottlenecks
> > (like database or network
> > > performance) before they hit constraints due to the Store
> > implementation.
> >
> > Splash's initial motivation was to solve the second problem, but it
> > probably would also work for the third (it will have pluggable stores
> > [yeah, I know, a pluggable store with pluggable stores underneath, blech
> > - but it is written in C] and they could be persistent. In fact, I'm
> > likely to add DB soon).
> >
> > The first is _much_ harder in a distributed environment and I currently
> > have no intention to address it.
> >
> > Cheers,
> >
> > Ben.
> >
> > --
> > http://www.apache-ssl.org/ben.html
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
RE: [Catalina] Session Store?
Posted by James Cook <ji...@iname.com>.
Has anyone thought of using JavaSpaces as a Store implementation? Better
yet, IBM's TSpaces implementation is an order of magnitude faster.
I tinkered about a year ago with the idea of building a distributed web
server using this approach. Http requests would be put into the tuple space
and withdrawn by whatever web server was free to do so. It worked quite
well, however the cost of serializing http requests (responses) was pretty
abusive on the design.
Regardless, I wanted to implement the session storage mechanism this way as
well. It seems ideal for those systems that need some sort of failover
mechanism for session state as well as the immediate benefit of session
sharing. IBM's TSpace product also can be backed to a database for
persistence. The only problem lies in their licensing. It is not opensource.
JavaSpaces is a much, much slower implementation with nary half the
features, but since it is open, it would probably be a better alternative
for distribution examples. I would be happy to sign up for the
implementation.
jim
> -----Original Message-----
> From: Ben Laurie [mailto:ben@algroup.co.uk]
> Sent: Monday, May 01, 2000 3:16 PM
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: [Catalina] Session Store?
>
>
> "Craig R. McClanahan" wrote:
> >
> > Ben Laurie wrote:
> >
> > > "Craig R. McClanahan" wrote:
> > > >
> > > > Hi Chris .. I'll be happy to sign you up for whichever
> Store implementations you
> > > > want to work on. You're correct -- the FileStore one needs
> to be fleshed out
> > > > (although I'm not sure that file-per-session is going to
> scale real well). I'd
> > > > also like to see Store implementations that use a database
> via JDBC, plus other
> > > > approaches that might sound reasonable.
> > >
> > > Like Splash (the distributed store I was bending your ear about at
> > > ApacheCon - now working in prototype) ... tell me - I've
> never actually
> > > looked inside a Java session store - how big do they get? I
> realise this
> > > is a "how long is a piece of string" question, I'm just
> trying to get a
> > > feel for rough figures for typical applications.
> > >
> >
> > The only rational answer, of course, is "it depends ..." :-)
> >
> > I view session stores as being useful in (at least) the
> following broad categories:
> >
> > * Large web application with lots of relatively long-lived sessions, but
> > many of them not currently active (and therefore it becomes
> > possible to swap them out). This lets you run an app where not all
> > the active users can fit in the memory of your server, in the same way
> > that an OS lets you run apps whose total memory requirements exceeds
> > the physical memory of the server.
> >
> > * Mechanism to share session information in a load balanced environment
> > (the Store interface probably needs to be beefed up to deal with this)
> > similar to what you were talking about. This subdivides into
> situations
> > where a session sticks to the first server that it is
> assigned to (like Apache
> > JServ does it today) and situations where a session can be migrated
> > between servers for load balancing or failure recovery.
> >
> > * Mechanism to save session state across server restarts (either
> > normal shutdowns or auto-reloads during development). Performance
> > is probably not as big a concern here.
> >
> > So the answer is ... maybe thousands of sessions, with data
> content of the type
> > typically stored (i.e. serializable objects representing the
> current application
> > state). I suspect many apps will run into other bottlenecks
> (like database or network
> > performance) before they hit constraints due to the Store
> implementation.
>
> Splash's initial motivation was to solve the second problem, but it
> probably would also work for the third (it will have pluggable stores
> [yeah, I know, a pluggable store with pluggable stores underneath, blech
> - but it is written in C] and they could be persistent. In fact, I'm
> likely to add DB soon).
>
> The first is _much_ harder in a distributed environment and I currently
> have no intention to address it.
>
> Cheers,
>
> Ben.
>
> --
> http://www.apache-ssl.org/ben.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
>
Re: [Catalina] Session Store?
Posted by Ben Laurie <be...@algroup.co.uk>.
"Craig R. McClanahan" wrote:
>
> Ben Laurie wrote:
>
> > "Craig R. McClanahan" wrote:
> > >
> > > Hi Chris .. I'll be happy to sign you up for whichever Store implementations you
> > > want to work on. You're correct -- the FileStore one needs to be fleshed out
> > > (although I'm not sure that file-per-session is going to scale real well). I'd
> > > also like to see Store implementations that use a database via JDBC, plus other
> > > approaches that might sound reasonable.
> >
> > Like Splash (the distributed store I was bending your ear about at
> > ApacheCon - now working in prototype) ... tell me - I've never actually
> > looked inside a Java session store - how big do they get? I realise this
> > is a "how long is a piece of string" question, I'm just trying to get a
> > feel for rough figures for typical applications.
> >
>
> The only rational answer, of course, is "it depends ..." :-)
>
> I view session stores as being useful in (at least) the following broad categories:
>
> * Large web application with lots of relatively long-lived sessions, but
> many of them not currently active (and therefore it becomes
> possible to swap them out). This lets you run an app where not all
> the active users can fit in the memory of your server, in the same way
> that an OS lets you run apps whose total memory requirements exceeds
> the physical memory of the server.
>
> * Mechanism to share session information in a load balanced environment
> (the Store interface probably needs to be beefed up to deal with this)
> similar to what you were talking about. This subdivides into situations
> where a session sticks to the first server that it is assigned to (like Apache
> JServ does it today) and situations where a session can be migrated
> between servers for load balancing or failure recovery.
>
> * Mechanism to save session state across server restarts (either
> normal shutdowns or auto-reloads during development). Performance
> is probably not as big a concern here.
>
> So the answer is ... maybe thousands of sessions, with data content of the type
> typically stored (i.e. serializable objects representing the current application
> state). I suspect many apps will run into other bottlenecks (like database or network
> performance) before they hit constraints due to the Store implementation.
Splash's initial motivation was to solve the second problem, but it
probably would also work for the third (it will have pluggable stores
[yeah, I know, a pluggable store with pluggable stores underneath, blech
- but it is written in C] and they could be persistent. In fact, I'm
likely to add DB soon).
The first is _much_ harder in a distributed environment and I currently
have no intention to address it.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Missing bits - Common components module?
Posted by John Pappin <jo...@jmonkey.com>.
I just tried to build Ant again, and found that the CVS version no longer
has the xml libraries it used to (and so it won't build).
Have the libraries changed to something else?
Might I suggest a "common" module that has working versions of all the
libraries required, to build each project (such as the xml library that ant
will use)... This would be tremendusly helpful in maintaining stability in
my own builds, and likely in everyone elses as well.
- Brill Pappin
javax.xml.* ??
Posted by John Pappin <jo...@jmonkey.com>.
in trying to brainwash Ant into compiling, I notice a new package..
C:\working\jakarta-ant\src\main\org\apache\tools\ant\ProjectHelper.java:64:
Pack
age javax.xml.parsers not found in import.
import javax.xml.parsers.*;
I can't find it on the sun site however... will an implementation be
provided with ant?
(I assume this pacage will be going into JDK 1.3?).
- Brill Pappin
Re: [Catalina] Session Store?
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Ben Laurie wrote:
> "Craig R. McClanahan" wrote:
> >
> > Hi Chris .. I'll be happy to sign you up for whichever Store implementations you
> > want to work on. You're correct -- the FileStore one needs to be fleshed out
> > (although I'm not sure that file-per-session is going to scale real well). I'd
> > also like to see Store implementations that use a database via JDBC, plus other
> > approaches that might sound reasonable.
>
> Like Splash (the distributed store I was bending your ear about at
> ApacheCon - now working in prototype) ... tell me - I've never actually
> looked inside a Java session store - how big do they get? I realise this
> is a "how long is a piece of string" question, I'm just trying to get a
> feel for rough figures for typical applications.
>
The only rational answer, of course, is "it depends ..." :-)
I view session stores as being useful in (at least) the following broad categories:
* Large web application with lots of relatively long-lived sessions, but
many of them not currently active (and therefore it becomes
possible to swap them out). This lets you run an app where not all
the active users can fit in the memory of your server, in the same way
that an OS lets you run apps whose total memory requirements exceeds
the physical memory of the server.
* Mechanism to share session information in a load balanced environment
(the Store interface probably needs to be beefed up to deal with this)
similar to what you were talking about. This subdivides into situations
where a session sticks to the first server that it is assigned to (like Apache
JServ does it today) and situations where a session can be migrated
between servers for load balancing or failure recovery.
* Mechanism to save session state across server restarts (either
normal shutdowns or auto-reloads during development). Performance
is probably not as big a concern here.
So the answer is ... maybe thousands of sessions, with data content of the type
typically stored (i.e. serializable objects representing the current application
state). I suspect many apps will run into other bottlenecks (like database or network
performance) before they hit constraints due to the Store implementation.
>
> Cheers,
>
> Ben.
>
Craig McClanahan
Re: [Catalina] Session Store?
Posted by Ben Laurie <be...@algroup.co.uk>.
"Craig R. McClanahan" wrote:
>
> Hi Chris .. I'll be happy to sign you up for whichever Store implementations you
> want to work on. You're correct -- the FileStore one needs to be fleshed out
> (although I'm not sure that file-per-session is going to scale real well). I'd
> also like to see Store implementations that use a database via JDBC, plus other
> approaches that might sound reasonable.
Like Splash (the distributed store I was bending your ear about at
ApacheCon - now working in prototype) ... tell me - I've never actually
looked inside a Java session store - how big do they get? I realise this
is a "how long is a piece of string" question, I'm just trying to get a
feel for rough figures for typical applications.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Re: [Catalina] Session Store?
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Hi Chris .. I'll be happy to sign you up for whichever Store implementations you
want to work on. You're correct -- the FileStore one needs to be fleshed out
(although I'm not sure that file-per-session is going to scale real well). I'd
also like to see Store implementations that use a database via JDBC, plus other
approaches that might sound reasonable.
Craig
Chris Parrinello wrote:
> Hi,
>
> I'd like to work on the Session store component in Catalina if nobody else has
> spoken for it.
>
> I noticed that Craig has filled out most of the FileStore implementation. I
> assume all that is left are the methods that have FIXME in them?
>
> Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org