java/org/apache/catalina/valves/LoadBalancerDrainingValve.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.catalina.valves;

import java.io.IOException;

import jakarta.servlet.ServletException;
import jakarta.servlet.SessionCookieConfig;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletResponse;

import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.SessionConfig;

/**
 * <p>
 * A Valve to detect situations where a load-balanced node receiving a request has been deactivated by the load balancer
 * (JK_LB_ACTIVATION=DIS) and the incoming request has no valid session.
 * </p>
 * <p>
 * In these cases, the user's session cookie should be removed if it exists, any ";jsessionid" parameter should be
 * removed from the request URI, and the client should be redirected to the same URI. This will cause the load-balanced
 * to re-balance the client to another server.
 * </p>
 * <p>
 * All this work is required because when the activation state of a node is DISABLED, the load-balancer will still send
 * requests to the node if they appear to have a session on that node. Since mod_jk doesn't actually know whether the
 * session id is valid, it will send the request blindly to the disabled node, which makes it take much longer to drain
 * the node than strictly necessary.
 * </p>
 * <p>
 * For testing purposes, a special cookie can be configured and used by a client to ignore the normal behavior of this
 * Valve and allow a client to get a new session on a DISABLED node. See {@link #setIgnoreCookieName} and
 * {@link #setIgnoreCookieValue} to configure those values.
 * </p>
 * <p>
 * This Valve should be installed earlier in the Valve pipeline than any authentication valves, as the redirection
 * should take place before an authentication valve would save a request to a protected resource.
 * </p>
 *
 * @see <a href="https://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html">Load balancer
 *          documentation</a>
 */
public class LoadBalancerDrainingValve extends ValveBase {

    /**
     * The request attribute key where the load-balancer's activation state can be found.
     */
    public static final String ATTRIBUTE_KEY_JK_LB_ACTIVATION = "JK_LB_ACTIVATION";

    /**
     * The HTTP response code that will be used to redirect the request back to the load-balancer for re-balancing.
     * Defaults to 307 (TEMPORARY_REDIRECT). HTTP status code 305 (USE_PROXY) might be an option, here. too.
     */
    private int _redirectStatusCode = HttpServletResponse.SC_TEMPORARY_REDIRECT;

    /**
     * The name of the cookie which can be set to ignore the "draining" action of this Filter. This will allow a client
     * to contact the server without being re-balanced to another server. The expected cookie value can be set in the
     * {@link #_ignoreCookieValue}. The cookie name and value must match to avoid being re-balanced.
     */
    private String _ignoreCookieName;

    /**
     * The value of the cookie which can be set to ignore the "draining" action of this Filter. This will allow a client
     * to contact the server without being re-balanced to another server. The expected cookie name can be set in the
     * {@link #_ignoreCookieName}. The cookie name and value must match to avoid being re-balanced.
     */
    private String _ignoreCookieValue;

    public LoadBalancerDrainingValve() {
        super(true); // Supports async
    }

    //
    // Configuration parameters
    //

    /**
     * Sets the HTTP response code that will be used to redirect the request back to the load-balancer for re-balancing.
     * Defaults to 307 (TEMPORARY_REDIRECT).
     *
     * @param code The code to use for the redirect
     */
    public void setRedirectStatusCode(int code) {
        _redirectStatusCode = code;
    }

    /**
     * Gets the name of the cookie that can be used to override the re-balancing behavior of this Valve when the current
     * node is in the DISABLED activation state.
     *
     * @return The cookie name used to ignore normal processing rules.
     *
     * @see #setIgnoreCookieValue
     */
    public String getIgnoreCookieName() {
        return _ignoreCookieName;
    }

    /**
     * Sets the name of the cookie that can be used to override the re-balancing behavior of this Valve when the current
     * node is in the DISABLED activation state. There is no default value for this setting: the ability to override the
     * re-balancing behavior of this Valve is <i>disabled</i> by default.
     *
     * @param cookieName The cookie name to use to ignore normal processing rules.
     *
     * @see #getIgnoreCookieValue
     */
    public void setIgnoreCookieName(String cookieName) {
        _ignoreCookieName = cookieName;
    }

    /**
     * Gets the expected value of the cookie that can be used to override the re-balancing behavior of this Valve when
     * the current node is in the DISABLED activation state.
     *
     * @return The cookie value used to ignore normal processing rules.
     *
     * @see #setIgnoreCookieValue
     */
    public String getIgnoreCookieValue() {
        return _ignoreCookieValue;
    }

    /**
     * Sets the expected value of the cookie that can be used to override the re-balancing behavior of this Valve when
     * the current node is in the DISABLED activation state. The "ignore" cookie's value <b>must</b> be exactly equal to
     * this value in order to allow the client to override the re-balancing behavior.
     *
     * @param cookieValue The cookie value to use to ignore normal processing rules.
     *
     * @see #getIgnoreCookieValue
     */
    public void setIgnoreCookieValue(String cookieValue) {
        _ignoreCookieValue = cookieValue;
    }

    @Override
    public void invoke(Request request, Response response) throws IOException, ServletException {
        if ("DIS".equals(request.getAttribute(ATTRIBUTE_KEY_JK_LB_ACTIVATION)) &&
                !request.isRequestedSessionIdValid()) {

            if (containerLog.isDebugEnabled()) {
                containerLog.debug(sm.getString("loadBalancerDrainingValve.draining"));
            }

            boolean ignoreRebalance = false;
            Cookie sessionCookie = null;

            final Cookie[] cookies = request.getCookies();

            final String sessionCookieName = SessionConfig.getSessionCookieName(request.getContext());

            if (null != cookies) {
                for (Cookie cookie : cookies) {
                    final String cookieName = cookie.getName();
                    if (containerLog.isTraceEnabled()) {
                        containerLog.trace("Checking cookie " + cookieName + "=" + cookie.getValue());
                    }

                    if (sessionCookieName.equals(cookieName) &&
                            request.getRequestedSessionId().equals(cookie.getValue())) {
                        sessionCookie = cookie;
                    } else if (null != _ignoreCookieName && _ignoreCookieName.equals(cookieName) &&
                            null != _ignoreCookieValue && _ignoreCookieValue.equals(cookie.getValue())) {
                        // The client presenting a valid ignore-cookie value?
                        ignoreRebalance = true;
                    }
                }
            }

            if (ignoreRebalance) {
                if (containerLog.isDebugEnabled()) {
                    containerLog.debug(sm.getString("loadBalancerDrainingValve.skip", _ignoreCookieName));
                }

                getNext().invoke(request, response);

                return;
            }

            // Kill any session cookie that was found
            // TODO: Consider implications of SSO cookies
            if (null != sessionCookie) {
                sessionCookie.setPath(SessionConfig.getSessionCookiePath(request.getContext()));
                sessionCookie.setMaxAge(0); // Delete
                sessionCookie.setValue(""); // Purge the cookie's value
                // Replicate logic used to set secure attribute for session cookies
                SessionCookieConfig sessionCookieConfig =
                        request.getContext().getServletContext().getSessionCookieConfig();
                sessionCookie.setSecure(request.isSecure() || sessionCookieConfig.isSecure());
                response.addCookie(sessionCookie);
            }

            // Re-write the URI if it contains a ;jsessionid parameter
            String uri = request.getRequestURI();
            String sessionURIParamName = SessionConfig.getSessionUriParamName(request.getContext());
            if (uri.contains(";" + sessionURIParamName + "=")) {
                uri = uri.replaceFirst(";" + sessionURIParamName + "=[^&?]*", "");
            }

            String queryString = request.getQueryString();

            if (null != queryString) {
                uri = uri + "?" + queryString;
            }

            // NOTE: Do not call response.encodeRedirectURL or the bad
            // sessionid will be restored
            response.setHeader("Location", uri);
            response.setStatus(_redirectStatusCode);
        } else {
            getNext().invoke(request, response);
        }
    }
}