Created attachment 956716 [details] A simple distributable war deployment example. Description of problem: org.apache.catalina.valves.CrawlerSessionManagerValve is a valve provided by JBossWeb (jbossweb-7.4.8.Final-redhat-4.jar). When using this valve in clustered EAP 6 environment, session cannot be replicated. Version-Release number of selected component (if applicable): jbossweb-7.4.8.Final-redhat-4.jar How reproducible: Always Steps to Reproduce: 1. Setup a 2-node EAP 6.3 cluster. Both 2 nodes use standalone-ha profile and have port offset=100 on 2nd node. Setup DEBUG logging level for root logger. 2. Deploy a "distributable" war deployment on 2 nodes (example echo.war attached) 3. Use any developer tool to change browser's user-agent, to similate a bot/crawler to visit the deployment page (http://localhost:8080/echo). I use "User Agent Switcher" on firefox to change user-agent as MSNBot (user-agent string="msnbot/1.1 ( http://search.msn.com/msnbot.htm)" ) 4. The session created for this bot cannot be replicated and get the exception in server log: ----------------------------------- 22:05:07,494 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 1915297560: ClientIp=127.0.0.1, RequestedSessionId=null 22:05:07,495 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 1915297560: UserAgent=msnbot/1.1 ( http://search.msn.com/msnbot.htm) 22:05:07,496 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 1915297560: Bot found. UserAgent=msnbot/1.1 ( http://search.msn.com/msnbot.htm) 22:05:07,516 ERROR [org.apache.catalina.connector] (http-/127.0.0.1:8180-1) JBWEB001018: An exception or error occurred in the container during the request processing: java.lang.IllegalArgumentException: JBAS018062: 'org.apache.catalina.valves.CrawlerSessionManagerValve' attribute with type 'org.apache.catalina.valves.CrawlerSessionManagerValve' cannot be replicated at org.jboss.as.web.session.ClusteredSession.setAttribute(ClusteredSession.java:824) [jboss-as-web-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19] at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:130) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.catalina.valves.CrawlerSessionManagerValve.invoke(CrawlerSessionManagerValve.java:222) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_71] 22:05:07,580 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 1915297560: ClientIp=127.0.0.1, RequestedSessionId=null 22:05:07,581 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 1915297560: UserAgent=msnbot/1.1 ( http://search.msn.com/msnbot.htm) 22:05:07,581 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 1915297560: Bot found. UserAgent=msnbot/1.1 ( http://search.msn.com/msnbot.htm) 22:05:07,582 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 1915297560: SessionID=+Xxz8f6BiTLtqvReNLZkrZ+6 22:05:07,583 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 1915297560: Bot session accessed. SessionID=+Xxz8f6BiTLtqvReNLZkrZ+6 ----------------------------------- Actual results: Exception printed out Expected results: No exception Additional info:
Sorry, forgot a step in section "Steps to Reproduce" Steps to Reproduce: 1. Setup a 2-node EAP 6.3 cluster. Both 2 nodes use standalone-ha profile and have port offset=100 on 2nd node. Setup DEBUG logging level for root logger. 1-a. Enable "CrawlerSessionManagerValve" by adding <valve> definition into "web" subsystem in standalone-ha.xml (on both 2 nodes): ------------------------------------------------------ <subsystem xmlns="urn:jboss:domain:web:2.1" default-virtual-server="default-host" native="false"> ...... <valve name="CrawlerSessionManagerValve" module="org.jboss.as.web" class-name="org.apache.catalina.valves.CrawlerSessionManagerValve"> <param param-name="crawlerUserAgents" param-value=".*[bB]ot.*|.*Yahoo! Slurp.*|.*Feedfetcher-Google.*"/> <param param-name="sessionInactiveInterval" param-value="60"/> </valve> </subsystem> ------------------------------------------------------ 2. Deploy a "distributable" war deployment on 2 nodes (example echo.war attached) ......
r2537 in web, you should probably verify it.
Should be fixed by 7.5.0.Beta5 upgrade 1157438
The posted fix won't work: https://source.jboss.org/changelog/JBossWeb?cs=2537 A non-static inner class cannot be serialized unless the parent class is also Serializable (since the object will contain an implicit reference to the parent instance).
As I mention to the poster on the jboss-support-eap6 mailing list: > Looking deeper into the actual implementation, the purpose of setting the > value as a session attribute is only to trigger a valueUnbound() session > event (the CrawlerSessionManagerValve implements > HttpSessionBindingListener), which is used on session destruction to cleanup > obsolete client IP <-> session ID mappings. > This seems sloppy. I don't see why this couldn't be more easily achieved by > implementing HttpSessionListener, and registering the valve as a listener > when a new "bot" session is detected. That way, there is nothing to put in > the session, and no need for the class to be serializable.
A session listener must be added to all webapps by the valve then, it's not so easy and it may not be better in practice. BTW, this valve is a utility straight from upstream Tomcat. I will modify my commit, but that is all I'm going to do about this.
Trying r2544 to work around the serialization issue.
Trying r2544 in a 2-node (standalone mode) EAP 6 cluster, couldn't reproduce the error anymore: --------------------- 16:58:19,365 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8080-1) 1489346810: UserAgent=msnbot/1.1 ( http://search.msn.com/msnbot.htm) 16:58:19,365 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8080-1) 1489346810: Bot found. UserAgent=msnbot/1.1 ( http://search.msn.com/msnbot.htm) ...... 16:58:19,390 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8080-1) 1489346810: New bot session. SessionID=59AITeqJezBwoNA2tq2Gjfok ...... ...... 16:58:58,523 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 551206825: Bot found. UserAgent=msnbot/1.1 ( http://search.msn.com/msnbot.htm) 16:58:58,524 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 551206825: SessionID=e-qeCfNBBs2sM4JT9avuC4Pl 16:58:58,590 DEBUG [org.apache.catalina.valves] (http-/127.0.0.1:8180-1) 551206825: Bot session accessed. SessionID=e-qeCfNBBs2sM4JT9avuC4Pl ---------------------
Verified in EAP 6.4.0.DR11