-
Bug
-
Resolution: Done
-
Major
-
JBossAS-5.1.0.GA
-
None
As described in http://labs.jboss.com/community/wiki/HAWebSessionsviaDatabasePersistencethere there is a way to tell JBoss to store web sessions in a datasource without using the Tomcat PersistentManager but the code both in the same article and in the SVN (trunk) have the same bug:
2009-11-04 13:25:29,945 WARN [org.jboss.web.tomcat.service.session.InstantSnapshotManager./bligoo]
(ajp-192.168.1.127-8009-1) Failed to replicate session NbQHDZfTi7jV5MySSD6JPg__
java.lang.StringIndexOutOfBoundsException: String index out of range: 24
at java.lang.AbstractStringBuilder.substring(AbstractStringBuilder.java:879)
at java.lang.StringBuilder.substring(StringBuilder.java:55)
at org.jboss.web.tomcat.service.session.persistent.RDBMSStoreBase.maskId(RDBMSStoreBase.java:107
9)
at org.jboss.web.tomcat.service.session.persistent.RDBMSStoreBase.maskId(RDBMSStoreBase.java:106
1)
at org.jboss.web.tomcat.service.session.persistent.RDBMSStoreBase.storeSessionData(RDBMSStoreBas
e.java:1007)
at org.jboss.web.tomcat.service.session.persistent.PersistentStoreDistributedCacheManager.storeS
essionData(PersistentStoreDistributedCacheManager.java:148)
at org.jboss.web.tomcat.service.session.persistent.PersistentStoreDistributedCacheManager.storeS
essionData(PersistentStoreDistributedCacheManager.java:41) at org.jboss.web.tomcat.service.sessio
n.ClusteredSession.processSessionReplication(ClusteredSession.java:1192)
at org.jboss.web.tomcat.service.session.JBossCacheManager.processSessionRepl(JBossCacheManager.j
ava:2182)
at org.jboss.web.tomcat.service.session.JBossCacheManager.storeSession(JBossCacheManager.java:31
3)
at org.jboss.web.tomcat.service.session.InstantSnapshotManager.snapshot(InstantSnapshotManager.j
ava:51)
at org.jboss.web.tomcat.service.session.ClusteredSessionValve.handleRequest(ClusteredSessionValv
e.java:147)
at org.jboss.web.tomcat.service.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:
94)
at org.jboss.web.tomcat.service.session.LockingValve.invoke(LockingValve.java:62)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstabl
ishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstabli
shmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436)
at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
The problem seems to be in the maskId function in org.jboss.web.tomcat.service.session.persistent.RDBMSStoreBase
1064 private static String maskId(String realId)
1065 {
1066 if (realId == null)
1067
1070 else
1071 {
1072 int length = realId.length();
1073 if (length <= 8)
1074
1077 StringBuilder sb = new StringBuilder(realId.substring(0, 2));
1078 sb.append("****");
1079 sb.append(sb.substring(length - 6, length));
1080 return sb.toString();
1081 }
1082 }
The line 1079 should be
sb.append(realId.substring(length - 6, length));
I already opened a thread in the forum of tomcat intergration about this but got no response.
- blocks
-
JBPAPP-3203 Broken masking of session ids in persistent session manager
- Closed
- is duplicated by
-
JBPAPP-10832 Warning Failed to replicate session with StringIndexOutOfBoundsException
- Closed