You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/31 15:24:14 UTC
DO NOT REPLY [Bug 25835] New: -
Synchronization problem with RequestFilterValve
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25835>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25835
Synchronization problem with RequestFilterValve
Summary: Synchronization problem with RequestFilterValve
Product: Tomcat 4
Version: 4.1.29
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: slavik.markovich@orange.co.il
Copied from the mailing list:
I'm having some problems with using RemoteAddrValve to allow only certain
addresses to access an Engine.
I'm using tomcat 4.1.27 with jdk1.3.1 on Solaris.
I've configured the following:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="a.b.c.d"/>
under the engine. I know I should have escaped the '.' (regexp) but it should
work as is.
I'm receiving once in every few thousands of requests the following error:
2003-12-26 11:26:51 CoyoteAdapter An exception or error occurred in the
container during the request processing
java.lang.StringIndexOutOfBoundsException: String index out of range: 11
at java.lang.String.charAt(String.java:511)
at
org.apache.regexp.StringCharacterIterator.charAt(StringCharacterIterator.java:90)
at org.apache.regexp.RE.matchNodes(RE.java:1161)
at org.apache.regexp.RE.matchAt(RE.java:1448)
at org.apache.regexp.RE.match(RE.java:1540)
at org.apache.regexp.RE.match(RE.java:1468)
at org.apache.regexp.RE.match(RE.java:1561)
at
org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:335)
at
org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:131)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:479)
Also, once in every few thousands of requests I'm receiving a 403 access denied
error on a valid address (I can see that in the access log).
After checking the RequestFilterValve class, I can see it saves the compiled
regular expressions (RE) and reuses them to check every request. Looking at
regexp documentations, it is explicitly stated that RE is not thread-safe. Am I
missing something? It looks like under load, this valve fails.
Also, I can see that the RequestFilterValve class didn't change in the 5.0.16
version either.
Possible solution:
Synchronizing the process method would be a bad idea (bottleneck for all
requests) so it looks like there won't be any choice but to recreate the RE as
local variables.
There is also a possibility (ugly one) of serializing the array of RE to a byte
array and de-serializing it in the process method.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org