Issue #12714 verify workername for Mongo usage #12715

janbartel · 2025-01-15T01:08:51Z

The workerName configured on the DefaultSessionIdManager can be unacceptable to MongoDB. The DefaultSessionIdManager prepends the workerName onto the generated random id to form a session id. If this workerName contains punctuation or other delimiter type characters, this messes with the MongoDB index over the session ids.

This PR allows MongoSessionDataStore to check the workerName at startup and fail the startup if it isn't admissible.

gregw

Approved.. but I do have a niggle you might want to fix

gregw · 2025-01-15T05:29:48Z

...rations/jetty-nosql/src/main/java/org/eclipse/jetty/nosql/mongodb/MongoSessionDataStore.java

@@ -159,6 +157,8 @@ public class MongoSessionDataStore extends NoSqlSessionDataStore
     */
    private DBObject _version1;

+    private final Pattern _workerNamePattern = Pattern.compile("[0-9a-zA-Z]*");


Not that it will make any difference, but:

Suggested change

private final Pattern _workerNamePattern = Pattern.compile("[0-9a-zA-Z]*");

private final static Pattern __workerNamePattern = Pattern.compile("[0-9a-zA-Z]*");

benweidig · 2025-01-15T06:28:36Z

...rations/jetty-nosql/src/main/java/org/eclipse/jetty/nosql/mongodb/MongoSessionDataStore.java

@@ -159,6 +157,8 @@ public class MongoSessionDataStore extends NoSqlSessionDataStore
     */
    private DBObject _version1;

+    private final Pattern _workerNamePattern = Pattern.compile("[0-9a-zA-Z]*");


Underscore is a valid character, too.
Adding it would allow the name to support snake case.

benweidig · 2025-01-15T06:29:32Z

...rations/jetty-nosql/src/main/java/org/eclipse/jetty/nosql/mongodb/MongoSessionDataStore.java

+            return;
+
+        if (!_workerNamePattern.matcher(_context.getWorkerName()).matches())
+            throw new IllegalStateException("Invalid worker name: " + _context.getWorkerName());


Works like a charm!
Only improvement might be stating what's valid, so if the issue is encountered it'd be fixable without diving into the code and looking up the Pattern

Issue #12714 verify workername for Mongo usage

3800931

janbartel requested a review from gregw January 15, 2025 01:08

janbartel self-assigned this Jan 15, 2025

janbartel mentioned this pull request Jan 15, 2025

MongoSessionDataStore can't upsert sessions if workerName contains token deliminators #12714

Open

janbartel added 3 commits January 15, 2025 15:27

Use Pattern class

03e632c

Make final

ebebe4c

Use different test to assert nothing thrown.

fbcb111

gregw previously approved these changes Jan 15, 2025

View reviewed changes

benweidig reviewed Jan 15, 2025

View reviewed changes

Mods after reviews: add _ as valid char; make static.

ec30879

janbartel dismissed gregw’s stale review via ec30879 January 16, 2025 22:43

janbartel added 2 commits January 17, 2025 09:53

Mod after review: add correct pattern to ISE as info

7f27d96

Fix ee9 test

235fa8f

olamy approved these changes Jan 20, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Issue #12714 verify workername for Mongo usage #12715

Issue #12714 verify workername for Mongo usage #12715

janbartel commented Jan 15, 2025

gregw left a comment

gregw Jan 15, 2025

janbartel Jan 16, 2025

benweidig Jan 15, 2025

benweidig Jan 15, 2025

	private final Pattern _workerNamePattern = Pattern.compile("[0-9a-zA-Z]*");
	private final static Pattern __workerNamePattern = Pattern.compile("[0-9a-zA-Z]*");

Issue #12714 verify workername for Mongo usage #12715

Are you sure you want to change the base?

Issue #12714 verify workername for Mongo usage #12715

Conversation

janbartel commented Jan 15, 2025

gregw left a comment

Choose a reason for hiding this comment

gregw Jan 15, 2025

Choose a reason for hiding this comment

janbartel Jan 16, 2025

Choose a reason for hiding this comment

benweidig Jan 15, 2025

Choose a reason for hiding this comment

benweidig Jan 15, 2025

Choose a reason for hiding this comment