[Owasp-appsensor-project] Filter HashMaps and Thread Safety

Owen Berger owen.k.berger at gmail.com
Fri Aug 5 19:27:06 EDT 2011


I just checked the codebase, and you did change the maps in the filters to
ConcurrentHashMaps. I was looking at an old post somewhere, and neglected to
double-check for the latest version of the filter code, my  bad.

I have implemented an AppSensorManager class that is a Singleton, and stores
both HashMaps as ConcurrentHashMaps. The filters then call on the
AppSensorManager when necessary to change or look up information in the
maps.

In order to clean the map, I gave each key/value pair an expiration, in the
form of an object (value) which is mapped to the sessionID (key) :

private static class ClientIpAndExpire {
        private String clientIp;
        private DateTime expiration;
        private ClientIpAndExpire (String ip) {
            this.clientIp = ip;
            this.expiration = new DateTime().plusMinutes(30);
        }
    }

 I then used Quartz to come in and clean the map at regular intervals,
removing old sessionId/ClientIP mappings.

Does this look like an okay implementation of those filters?  Please
remember that I am an amateur developer and am interested in learning as
much as possible, so any tweaks or flat-out problems that you see, please
let me know about them.

Thank you and enjoy your vacation.

-Owen Berger

p.s. I will put up a post about my use case in a couple of days.

On Fri, Aug 5, 2011 at 5:39 AM, John Melton <jtmelton at gmail.com> wrote:

> Owen,
> I'm the lead dev, but am on vacation at the moment. I'll take care of these
> when I get back next week sometime.
> Thanks,
> John
>
> On Thu, Aug 4, 2011 at 9:52 PM, Owen Berger <owen.k.berger at gmail.com>wrote:
>
>> This is my first time on the appsensor list, so please let me know if my
>> questions have been asked before and I missed it.
>>
> Welcome - glad you're looking into it. If you want to [and are able] to
> share your use case, please do - we're interested in gathering info about
> how folks are using appsensor.
>
>>
>> -What is the best way to implement a thread-safe version of the Static
>> HashMap used in the User Agent and Client IP filters?
>>
> I updated the codebase recently to use concurrenthashmaps but I might have
> missed these places. I'll look when I get back from vacation.
>
>>
>> -Are the Maps thread-safe as is, e.g. as Static maps inside the filter, or
>> would a singleton using a ConcurrentHashMap do the same or better job for a
>> web application where state is needed?
>>
> These are not thread-safe as is as you mention. They were very simple
> examples as you can see, so are not "production" quality. If you end up
> making useful changes, please feel free to share back and we can improve
> them.
>
>>
>> -I would like to make the maps subject to a cleaner that removes all of
>> the old map entries utilizing a Job in Quartz, so is that still possible in
>> the filter if I use the Static HashMap?
>>
> I've thought a bit about your point of the "cleansing" routine. I don't
> think it would work well in it's current incarnation, but you should be able
> to move it out to a context style object, make it thread safe and then
> access it from both the filter and your quartz job.
>
>>
>> Thanks for any help or direction,
>>
>> -Owen
>>
>>
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20110805/b96dcca4/attachment.html 


More information about the Owasp-appsensor-project mailing list