costin 01/04/21 10:45:41
Modified: src/etc server.xml
src/share/org/apache/tomcat/modules/session
SessionIdGenerator.java
Log:
Check in for 1385, from [EMAIL PROTECTED] (Bojan Smojver).
Any random file can be specified. The default ( in server.xml ) is to use
/dev/urandom if it exists. To minimize user configuration we do set it
in server.xml and let the module decide if it exists or not.
The difference in speed is quite significant - instead of waiting 4-5 seconds
on the first JSP page ( or servlet with session ) now we have instant response.
Submitted by: [EMAIL PROTECTED] (Bojan Smojver)
Revision Changes Path
1.73 +2 -1 jakarta-tomcat/src/etc/server.xml
Index: server.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- server.xml 2001/03/24 06:49:29 1.72
+++ server.xml 2001/04/21 17:45:40 1.73
@@ -40,7 +40,8 @@
<SessionExpirer checkInterval="60" />
<!-- For development you can use randomClass="java.util.Random" -->
- <SessionIdGenerator randomClass="java.security.SecureRandom" />
+ <SessionIdGenerator randomClass="java.security.SecureRandom"
+ devRandom="/dev/urandom" />
<!-- ========== context processing modules ========== -->
1.3 +44 -29
jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SessionIdGenerator.java
Index: SessionIdGenerator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SessionIdGenerator.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SessionIdGenerator.java 2001/04/10 06:58:22 1.2
+++ SessionIdGenerator.java 2001/04/21 17:45:40 1.3
@@ -95,7 +95,9 @@
String randomClassName=null;
Random randomSource=null;
+
DataInputStream randomIS=null;
+ String devRandomSource="/dev/urandom";
static Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
@@ -109,15 +111,29 @@
randomSource=createRandomClass( randomClassName );
}
- /** Use /dev/random special device. This is new code, but may reduce the
- * big delay in generating the random
- */
- public void setUseDevRandom( boolean u ) {
- if( ! u ) return;
+ /** Use /dev/random-type special device. This is new code, but may reduce the
+ * big delay in generating the random.
+ *
+ * You must specify a path to a random generator file. Use /dev/urandom
+ * for linux ( or similar ) systems. Use /dev/random for maximum security
+ * ( it may block if not enough "random" exist ). You can also use
+ * a pipe that generates random.
+ *
+ * The code will check if the file exists, and default to java Random
+ * if not found. There is a significant performance difference, very
+ * visible on the first call to getSession ( like in the first JSP )
+ * - so use it if available.
+ */
+ public void setRandomFile( String s ) {
+ // as a hack, you can use a static file - and genarate the same
+ // session ids ( good for strange debugging )
try {
- randomIS= new DataInputStream( new FileInputStream("/dev/random"));
+ devRandomSource=s;
+ File f=new File( devRandomSource );
+ if( ! f.exists() ) return;
+ randomIS= new DataInputStream( new FileInputStream(f));
randomIS.readLong();
- log( "Opening /dev/random");
+ log( "Opening " + devRandomSource );
} catch( IOException ex ) {
randomIS=null;
}
@@ -141,8 +157,10 @@
/** Init session management stuff for this context.
*/
public void engineInit(ContextManager cm) throws TomcatException {
- if( randomSource==null && randomIS==null ) {
+ if( randomSource==null ) {
+ // backward compatibility
String randomClass=(String)cm.getProperty("randomClass" );
+ // set a reasonable default
if( randomClass==null ) {
randomClass="java.security.SecureRandom";
}
@@ -161,13 +179,13 @@
* JSP or servlet may not have sufficient Permissions.
*/
String newId;
+
if( System.getSecurityManager() == null ) {
- newId= SessionIdGenerator.getIdentifier(randomSource, randomIS, jsIdent);
+ newId= getIdentifier(jsIdent);
return newId;
}
// We're in a sandbox...
- PriviledgedIdGenerator di = new
- PriviledgedIdGenerator(randomSource,randomIS, jsIdent);
+ PriviledgedIdGenerator di = new PriviledgedIdGenerator(this, jsIdent);
try {
newId= (String)jdk11Compat.doPrivileged(di);
} catch( Exception ex ) {
@@ -178,18 +196,14 @@
// Sandbox support
static class PriviledgedIdGenerator extends Action {
- private Random randomSource;
- private String jsIdent;
- DataInputStream randomIS;
- public PriviledgedIdGenerator(Random rs, DataInputStream randomIS,String
ident) {
- randomSource = rs;
- jsIdent = ident;
- this.randomIS=randomIS;
+ SessionIdGenerator sg;
+ String jsIdent;
+ public PriviledgedIdGenerator(SessionIdGenerator sg, String jsIdent ) {
+ this.sg=sg;
+ this.jsIdent=jsIdent;
}
public Object run() {
- return SessionIdGenerator.getIdentifier(randomSource,
- randomIS,
- jsIdent);
+ return sg.getIdentifier(jsIdent);
}
}
@@ -248,24 +262,25 @@
// ** NOTE that this must work together with get_jserv_session_balance()
// ** in jserv_balance.c
- static synchronized public String getIdentifier (Random randomSource,
- DataInputStream devRandomIS,
- String jsIdent)
+ public synchronized String getIdentifier(String jsIdent)
{
StringBuffer sessionId = new StringBuffer();
- if( randomSource==null && devRandomIS==null)
+ if( randomSource==null && randomIS==null)
throw new RuntimeException( "No random source " );
// random value ..
long n = 0;
- if( devRandomIS!=null ) {
+ if( randomIS!=null ) {
try {
- n=devRandomIS.readLong();
- System.out.println("Getting /dev/random " + n );
+ n=randomIS.readLong();
+ //System.out.println("Getting /dev/random " + n );
} catch( IOException ex ) {
ex.printStackTrace();
+ randomIS=null;
+ // We could also re-open it ( if it's a file of random values )
}
- } else {
+ }
+ if( randomIS==null ) {
n=randomSource.nextLong();
}
