1. Aspect-Oriented Programming with AspectJ™
AspectJ.org
Xerox PARC
Erik Hilsdale Gregor Kiczales with Bill Griswold, Jim Hugunin, Wes Isberg, Mik Kersten
partially funded by DARPA under contract F C0246
© Copyright Xerox Corporation, All Rights Reserved
(c) Copyright Xerox Corporation, All rights reserved.

2. Aspect-Oriented programming with AspectJ
this tutorial is about...
using AOP and AspectJ to:
improve the modularity of crosscutting concerns
design modularity
source code modularity
development process
aspects are two things:
concerns that crosscut [design level]
a programming construct [implementation level]
enables crosscutting concerns to be captured in modular units
AspectJ is:
is an aspect-oriented extension to Java™ that supports general-purpose aspect-oriented programming
(c) Copyright Xerox Corporation, All rights reserved.

3. Aspect-Oriented programming with AspectJ
good modularity
XML parsing
OOP is an idea about how to structure systems the idea of an “object” has proven to be a powerful
fundamentally about classification and specialization (classes and inheritance)
XML parsing in org.apache.tomcat
red shows relevant lines of code
nicely fits in one box
(c) Copyright Xerox Corporation, All rights reserved.

4. good modularity URL pattern matching
URL pattern matching in org.apache.tomcat
red shows relevant lines of code
nicely fits in two boxes (using inheritance)

5. problems like… logging is not modularized
where is logging in org.apache.tomcat
red shows lines of code that handle logging
not in just one place
not even in a small number of places

6. StandardSessionManager
problems like…
session expiration is not modularized /* *
* ====================================================================
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* reserved.
* Copyright (c) 1999 The Apache Software Foundation. All rights
* The Apache Software License, Version 1.1
* 1. Redistributions of source code must retain the above copyright
* are met:
* the documentation and/or other materials provided with the
* distribution.
* notice, this list of conditions and the following disclaimer in
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer.
itself,
* if and wherever such third-party acknowlegements normally appear.
* Apache Software Foundation (
* Alternately, this acknowlegement may appear in the software
* "This product includes software developed by the
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* Foundation" must not be used to endorse or promote products
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
* 5. Products derived from this software may not be called "Apache"
* permission, please contact
derived
* from this software without prior written permission. For written
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* This software consists of voluntary contributions made by many
* SUCH DAMAGE.
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* information on the Apache Software Foundation, please see
* individuals on behalf of the Apache Software Foundation. For more
* [Additional notices, if required by prior licensing conditions] */
* <
package org.apache.tomcat.session;
import java.net.*;
import java.util.*;
import java.io.*;
import org.apache.tomcat.util.StringManager;
import org.apache.tomcat.core.*;
* Core implementation of an application level session
James Duncan Davidson
/**
import javax.servlet.http.*;
import javax.servlet.*;
James Todd
Jason Hunter
private String id;
private Hashtable values = new Hashtable();
private StringManager sm =
public class ApplicationSession implements HttpSession {
StringManager.getManager("org.apache.tomcat.session");
private ServerSession serverSession;
private boolean valid = true;
private int inactiveInterval = -1;
private long lastAccessed = creationTime;
private Context context;
private long creationTime = System.currentTimeMillis();;
private long thisAccessTime = creationTime;
this.inactiveInterval = context.getSessionTimeOut();
this.context = context;
this.id = id;
Context context) {
ApplicationSession(String id, ServerSession serverSession,
this.serverSession = serverSession; }
this.inactiveInterval *= 60;
if (this.inactiveInterval != -1) {
return serverSession;
ServerSession getServerSession() {
* inactivities can be dealt with accordingly.
* Called by context when request comes in so that accesses and
void accessed() {
thisAccessTime = System.currentTimeMillis();
lastAccessed = thisAccessTime;
// set last accessed to thisAccessTime as it will be left over
// from the previous access
int thisInterval =
if (inactiveInterval != -1) {
void validate() {
validate();
invalidate();
if (thisInterval > inactiveInterval) {
(int)(System.currentTimeMillis() - lastAccessed) / 1000;
// if we have an inactive interval, check to see if we've exceeded it
if (valid) {
// HTTP SESSION IMPLEMENTATION METHODS
String msg = sm.getString("applicationSession.session.ise");
public String getId() {
throw new IllegalStateException(msg);
} else {
return id;
return creationTime;
public long getCreationTime() {
public long getLastAccessedTime() {
return new SessionContextImpl();
public HttpSessionContext getSessionContext() {
return lastAccessed;
public void invalidate() {
// remove everything in the session
serverSession.removeApplicationSession(context);
removeValue(name);
String name = (String)enum.nextElement();
Enumeration enum = values.keys();
while (enum.hasMoreElements()) {
public boolean isNew() {
valid = false;
if (! valid) {
return true;
return false;
if (thisAccessTime == creationTime) {
public void setAttribute(String name, Object value) {
setAttribute(name, value);
public void putValue(String name, Object value) {
removeValue(name); // remove any existing binding
throw new IllegalArgumentException(msg);
String msg = sm.getString("applicationSession.value.iae");
if (name == null) {
new HttpSessionBindingEvent(this, name);
((HttpSessionBindingListener)value).valueBound(e);
HttpSessionBindingEvent e =
if (value != null && value instanceof HttpSessionBindingListener) {
values.put(name, value);
public Object getAttribute(String name) {
return getAttribute(name);
public Object getValue(String name) {
return values.get(name);
public String[] getValueNames() {
names.addElement(e.nextElement());
while (e.hasMoreElements()) {
Vector names = new Vector();
Enumeration e = getAttributeNames();
names.copyInto(valueNames);
String[] valueNames = new String[names.size()];
public Enumeration getAttributeNames() {
return valueNames;
return (Enumeration)valuesClone.keys();
Hashtable valuesClone = (Hashtable)values.clone();
public void removeAttribute(String name) {
removeAttribute(name);
public void removeValue(String name) {
Object o = values.get(name);
((HttpSessionBindingListener)o).valueUnbound(e);
new HttpSessionBindingEvent(this,name);
if (o instanceof HttpSessionBindingListener) {
public void setMaxInactiveInterval(int interval) {
values.remove(name);
public int getMaxInactiveInterval() {
inactiveInterval = interval;
return inactiveInterval; //
ApplicationSession
import java.io.IOException;
import java.util.Vector;
import javax.servlet.ServletException;
import java.util.Hashtable;
import java.util.Enumeration;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionContext;
import org.apache.tomcat.catalina.*;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.http.HttpSessionBindingEvent;
* serializable, so that it can be stored in persistent storage or transferred
* Standard implementation of the <b>Session</b> interface. This object is
* internal (Session) and application level (HttpSession) view of the session.
* <b>IMPLEMENTATION NOTE</b>: An instance of this class represents both the
* <p>
* to a different JVM for distributable session support.
* HttpSession view of this instance back to a Session view.
* of the <code>org.apache.tomcat.session</code> package cannot cast an
* However, because the class itself is not declared public, Java logic outside
$Revision: 1.2 $ $Date: 2000/05/15 17:54:10 $
Craig R. McClanahan
implements HttpSession, Session {
final class StandardSession
// Constructors
manager The manager with which this Session is associated
* Construct a new Session associated with the specified Manager.
this.manager = manager;
super();
public StandardSession(Manager manager) {
// Instance Variables
private Hashtable attributes = new Hashtable();
* The collection of user data attributes associated with this Session.
* The time this session was created, in milliseconds since midnight,
private long creationTime = 0L;
* January 1, 1970 GMT.
private String id = null;
* The session identifier of this Session.
private static final String info = "StandardSession/1.0";
* Descriptive information describing this Session implementation.
private long lastAccessedTime = creationTime;
* The last accessed time for this Session.
private Manager manager = null;
* The Manager with which this Session is associated.
* the servlet container may invalidate this session. A negative time
* The maximum time interval, in seconds, between client requests before
* indicates that the session should never time out.
private boolean isNew = true;
* Flag indicating whether this session is new or not.
private int maxInactiveInterval = -1;
private boolean isValid = false;
* Flag indicating whether this session is valid or not.
* The string manager for this package.
private static HttpSessionContext sessionContext = null;
* The HTTP session context associated with this session.
private long thisAccessedTime = creationTime;
* The current accessed time for this session.
// Session Properties
* Set the creation time for this session. This method is called by the
public void setCreationTime(long time) {
time The new creation time
* Manager when an existing Session instance is reused.
this.thisAccessedTime = time;
this.lastAccessedTime = time;
this.creationTime = time;
* Return the session identifier for this session.
return (this.id);
(manager instanceof ManagerBase))
if ((this.id != null) && (manager != null) &&
public void setId(String id) {
* Set the session identifier for this session.
id The new session identifier
((ManagerBase) manager).remove(this);
((ManagerBase) manager).add(this);
if ((manager != null) && (manager instanceof ManagerBase))
* <code><description>/<version></code>.
* Return descriptive information about this Session implementation and
* the corresponding version number, in the format
return (this.info);
public String getInfo() {
* a value associated with the session, do not affect the access time.
* GMT. Actions that your application takes, such as getting or setting
* session, as the number of milliseconds since midnight, January 1, 1970
* Return the last time the client sent a request associated with this
return (this.lastAccessedTime);
return (this.manager);
public Manager getManager() {
* Return the Manager within which this Session is valid.
public void setManager(Manager manager) {
manager The new Manager
* Set the Manager within which this Session is valid.
* Return the maximum time interval, in seconds, between client requests
IllegalStateException if this method is called on
* time indicates that the session should never time out.
* before the servlet container will invalidate the session. A negative
return (this.maxInactiveInterval);
* an invalidated session
* Set the maximum time interval, in seconds, between client requests
interval The new maximum interval
this.maxInactiveInterval = interval;
public HttpSession getSession() {
* is the facade.
* Return the <code>HttpSession</code> for which this object
return ((HttpSession) this);
// Session Public Methods
* session, even if the application does not reference it.
* should be called by the context when a request comes in for a particular
* Update the accessed time information for this session. This method
this.isNew=false;
this.thisAccessedTime = System.currentTimeMillis();
this.lastAccessedTime = this.thisAccessedTime;
public void access() {
* without triggering an exception if the session has already expired.
* Perform the internal processing required to invalidate this session,
// Remove this session from our manager's active sessions
public void expire() {
while (attrs.hasMoreElements()) {
Enumeration attrs = getAttributeNames();
Vector results = new Vector();
// Unbind any objects associated with this session
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
Enumeration names = results.elements();
results.addElement(attr);
String attr = (String) attrs.nextElement();
setValid(false);
// Mark this session as invalid
public void recycle() {
* preparation for reuse of this object.
* Release all object references, and initialize instance variables, in
// Reset the instance variables associated with this Session
manager = null;
isNew = true;
maxInactiveInterval = -1;
lastAccessedTime = 0L;
attributes.clear();
creationTime = 0L;
id = null;
isValid = false;
((ManagerBase) manager).recycle(this);
// Tell our Manager that this Session has been recycled
// Session Package Methods
boolean isValid() {
* Return the <code>isValid</code> flag for this session.
return (this.isValid);
void setNew(boolean isNew) {
isNew The new value for the <code>isNew</code> flag
* Set the <code>isNew</code> flag for this session.
this.isNew = isNew;
isValid The new value for the <code>isValid</code> flag
* Set the <code>isValid</code> flag for this session.
this.isValid = isValid;
void setValid(boolean isValid) {
// HttpSession Properties
IllegalStateException if this method is called on an
* Return the time when this session was created, in milliseconds since
* midnight, January 1, 1970 GMT.
* invalidated session
return (this.creationTime);
* Return the session context with which this session is associated.
* Java Servlet API.
* replacement. It will be removed in a future version of the
As of Version 2.1, this method is deprecated and has no
return (sessionContext);
sessionContext = new StandardSessionContext();
if (sessionContext == null)
// HttpSession Public Methods
* <code>null</code> if no object is bound with that name.
* Return the object bound with the specified name in this session, or
name Name of the attribute to be returned
return (attributes.get(name));
* Return an <code>Enumeration</code> of <code>String</code> objects
* containing the names of the objects bound to this session.
return (attributes.keys());
name Name of the value to be returned
* <code>getAttribute()</code>
As of Version 2.2, this method is replaced by
return (getAttribute(name));
* are no such objects, a zero-length array is returned.
* Return the set of names of objects bound to this session. If there
* <code>getAttributeNames()</code>
names[i] = (String) results.elementAt(i);
return (names);
for (int i = 0; i < names.length; i++)
String names[] = new String[results.size()];
* Invalidates this session and unbinds any objects bound to it.
expire();
// Cause this session to expire
* session, or if the client chooses not to join the session. For
* Return <code>true</code> if the client does not yet know about the
* request.
* has disabled the use of cookies, then a session would be new on each
* example, if the server used only cookie-based sessions, and the client
return (this.isNew);
* Bind an object to this session, using the specified name. If an object
* replaced.
* of the same name is already bound to this session, the object is
name Name to which the object is bound, cannot be null
value Object to be bound, cannot be null
* <code>valueBound()</code> on the object.
* After this method executes, and if the object implements
* <code>HttpSessionBindingListener</code>, the container calls
* <code>setAttribute()</code>
* does nothing.
* the session does not have an object bound with this name, this method
* Remove the object bound with the specified name from this session. If
name Name of the object to remove from this session.
* <code>valueUnbound()</code> on the object.
Object object = attributes.get(name);
synchronized (attributes) {
((HttpSessionBindingListener) object).valueUnbound
(new HttpSessionBindingEvent((HttpSession) this, name));
if (object instanceof HttpSessionBindingListener) {
// System.out.println( "Removing attribute " + name );
return;
attributes.remove(name);
if (object == null)
* <code>removeAttribute()</code>
IllegalArgumentException if an attempt is made to add a
* non-serializable object in an environment marked distributable.
throw new IllegalArgumentException
(sm.getString("standardSession.setAttribute.iae"));
!(value instanceof Serializable))
if ((manager != null) && manager.getDistributable() &&
((HttpSessionBindingListener) value).valueBound
if (value instanceof HttpSessionBindingListener)
attributes.put(name, value);
// HttpSession Private Methods
* is not restored by this method, and must be set explicitly.
* <b>IMPLEMENTATION NOTE</b>: The reference to the owning Manager
* object input stream.
* Read a serialized version of this session object from the specified
ClassNotFoundException if an unknown class is specified
IOException if an input/output error occurs
stream The input stream to read from
id = (String) stream.readObject();
lastAccessedTime = ((Long) stream.readObject()).longValue();
creationTime = ((Long) stream.readObject()).longValue();
// Deserialize the scalar instance variables (except Manager)
private void readObject(ObjectInputStream stream)
throws ClassNotFoundException, IOException {
isNew = ((Boolean) stream.readObject()).booleanValue();
maxInactiveInterval = ((Integer) stream.readObject()).intValue();
String name = (String) stream.readObject();
Object value = (Object) stream.readObject();
for (int i = 0; i < n; i++) {
int n = ((Integer) stream.readObject()).intValue();
// Deserialize the attribute count and attribute values
isValid = ((Boolean) stream.readObject()).booleanValue();
* object output stream.
* Write a serialized version of this session object to the specified
* explicitly.
* <b>IMPLEMENTATION NOTE</b>: Any attribute that is not Serializable
* <code>readObject()</code>, you must set the associated Manager
* in the serialized representation of this Session. After calling
* <b>IMPLEMENTATION NOTE</b>: The owning Manager will not be stored
stream The output stream to write to
* Manager is set to <code>true</code>.
* be sure the <code>distributable</code> property of our associated
* will be silently ignored. If you do not want any such attributes,
stream.writeObject(id);
stream.writeObject(new Long(creationTime));
private void writeObject(ObjectOutputStream stream) throws IOException {
stream.writeObject(new Boolean(isValid));
stream.writeObject(new Integer(maxInactiveInterval));
stream.writeObject(new Long(lastAccessedTime));
// Write the scalar instance variables (except Manager)
// Accumulate the names of serializable attributes
stream.writeObject(new Boolean(isNew));
if (value instanceof Serializable)
Object value = attributes.get(attr);
stream.writeObject(new Integer(results.size()));
// Serialize the attribute count and the attribute values
stream.writeObject(attributes.get(name));
stream.writeObject(name);
Enumeration getAttributeNames() |
Object getAttribute(String) |
crosscut invalidate(StandardSession s): s & (int getMaxInactiveInterval() |
long getCreationTime() |
String[] getValueNames() |
static advice(StandardSession s): invalidate(s) {
if (!s.isValid())
before {
void setAttribute(String, Object));
void removeAttribute(String) |
void invalidate() |
boolean isNew() |
+ ".ise"));
+ thisJoinPoint.methodName
throw new IllegalStateException
(s.sm.getString("standardSession."
// Private Class
* This class is a dummy implementation of the <code>HttpSessionContext</code>
* when <code>HttpSession.getSessionContext()</code> is called.
* interface, to conform to the requirement that such an object be returned
* interface will be removed in a future version of this API.
As of Java Servlet API 2.1 with no replacement. The
* Return the session identifiers of all sessions defined
* within this context.
private Vector dummy = new Vector();
final class StandardSessionContext implements HttpSessionContext {
public Enumeration getIds() {
* and will be removed in a future version of the API.
As of Java Servlet API 2.1 with no replacement.
* This method must return an empty <code>Enumeration</code>
return (dummy.elements());
id Session identifier for which to look up a session
* Return the <code>HttpSession</code> associated with the
* specified session identifier.
return (null);
public HttpSession getSession(String id) {
* future version of the API.
* This method must return null and will be removed in a
StandardSession
import javax.servlet.http.Cookie;
import org.w3c.dom.Node;
import org.w3c.dom.NamedNodeMap;
* an optional, configurable, maximum number of active sessions allowed.
* no session persistence or distributable capabilities, but does support
* Standard implementation of the <b>Manager</b> interface that provides
* checkInterval="60" maxActiveSessions="-1"
* maxInactiveInterval="-1" />
* <Manager className="org.apache.tomcat.session.StandardManager"
* <code>
* in the following format:
* Lifecycle configuration of this component assumes an XML node
* where you can adjust the following parameters, with default values
* </code>
* be active at once, or -1 for no limit. [-1]
* <li><b>maxInactiveInterval</b> - The default maximum number of seconds of
* inactivity before which the servlet container is allowed to time out
* <li><b>maxActiveSessions</b> - The maximum number of sessions allowed to
* thread checks for expired sessions. [60]
* <li><b>checkInterval</b> - The interval (in seconds) between background
* in square brackets:
* <ul>
* </ul>
* descriptor, if any. [-1]
* the default session timeout specified in the web application deployment
* a session, or -1 for no limit. This value should be overridden from
implements Lifecycle, Runnable {
extends ManagerBase
public final class StandardManager
$Revision: $ $Date: 2000/05/02 21:28:30 $
* The interval (in seconds) between checks for expired sessions.
private boolean configured = false;
* Has this component been configured yet?
private int checkInterval = 60;
private static final String info = "StandardManager/1.0";
* The descriptive information about this implementation.
protected int maxActiveSessions = -1;
* The maximum number of active Sessions allowed, or -1 for no limit.
private boolean started = false;
* Has this component been started yet?
private Thread thread = null;
* The background thread.
* The background thread completion semaphore.
private boolean threadDone = false;
* Name to register for the background thread.
// Properties
private String threadName = "StandardManager";
return (this.checkInterval);
public int getCheckInterval() {
* Return the check interval (in seconds) for this Manager.
checkInterval The new check interval
* Set the check interval (in seconds) for this Manager.
public void setCheckInterval(int checkInterval) {
this.checkInterval = checkInterval;
* Return descriptive information about this Manager implementation and
public int getMaxActiveSessions() {
* no limit.
* Return the maximum number of active Sessions allowed, or -1 for
return (this.maxActiveSessions);
* Set the maximum number of actives Sessions allowed, or -1 for
this.maxActiveSessions = max;
public void setMaxActiveSessions(int max) {
max The new maximum number of sessions
// Public Methods
* method of the returned session. If a new session cannot be created
* for any reason, return <code>null</code>.
* id will be assigned by this method, and available via the getId()
* settings specified by this Manager's properties. The session
* Construct and return a new session object, based on the default
if ((maxActiveSessions >= 0) &&
(sessions.size() >= maxActiveSessions))
public Session createSession() {
* instantiated for any reason
IllegalStateException if a new session cannot be
return (super.createSession());
(sm.getString("standardManager.createSession.ise"));
// Lifecycle Methods
* Configure this component, based on the specified configuration
IllegalStateException if this component has already been
* (<B>FIXME: What object type should this really be?)
parameters Configuration parameters for this component
* parameters. This method should be called immediately after the
* component instance is created, and before <code>start()</code>
* is called.
LifecycleException if this component detects a fatal error
* configured and/or started
if (configured)
// Validate and update our current component state
throws LifecycleException {
* in the configuration parameters it was given
public void configure(Node parameters)
configured = true;
(sm.getString("standardManager.alreadyConfigured"));
throw new LifecycleException
NamedNodeMap attributes = parameters.getAttributes();
if (!("Manager".equals(parameters.getNodeName())))
// Parse and process our configuration parameters
if (parameters == null)
Node node = null;
} catch (Throwable t) {
; // XXX - Throw exception?
setCheckInterval(Integer.parseInt(node.getNodeValue()));
try {
if (node != null) {
node = attributes.getNamedItem("checkInterval");
setMaxActiveSessions(Integer.parseInt(node.getNodeValue()));
node = attributes.getNamedItem("maxActiveSessions");
setMaxInactiveInterval(Integer.parseInt(node.getNodeValue()));
node = attributes.getNamedItem("maxInactiveInterval");
IllegalStateException if this component has not yet been
* configured (if required for this component)
* and before any of the public methods of the component are utilized.
* component. This method should be called after <code>configure()</code>,
* Prepare for the beginning of active use of the public methods of this
public void start() throws LifecycleException {
* that prevents this component from being used
* started
(sm.getString("standardManager.notConfigured"));
if (!configured)
// Start the background reaper thread
threadStart();
started = true;
(sm.getString("standardManager.alreadyStarted"));
if (started)
* component. This method should be the last one called on a given
* Gracefully terminate the active use of the public methods of this
* been stopped
* that needs to be reported
IllegalStateException if this component has already
* instance of this component.
IllegalStateException if this component has not been started
public void stop() throws LifecycleException {
// Stop the background reaper thread
threadStop();
started = false;
if (!started)
(sm.getString("standardManager.notStarted"));
// Expire all active sessions
continue;
session.expire();
if (!session.isValid())
StandardSession session = (StandardSession) sessions[i];
Session sessions[] = findSessions();
for (int i = 0; i < sessions.length; i++) {
// Private Methods
* Invalidate all sessions that have expired.
long timeNow = System.currentTimeMillis();
private void processExpires() {
(int) ((timeNow - session.getLastAccessedTime()) / 1000L);
if (timeIdle >= maxInactiveInterval)
int timeIdle = // Truncate, do not round up
if (maxInactiveInterval < 0)
int maxInactiveInterval = session.getMaxInactiveInterval();
private void threadSleep() {
* property.
* Sleep for the duration specified by the <code>checkInterval</code> ;
} catch (InterruptedException e) {
Thread.sleep(checkInterval * 1000L);
if (thread != null)
private void threadStart() {
* Start the background thread that will periodically check for
* session timeouts.
thread.start();
thread.setDaemon(true);
thread = new Thread(this, threadName);
threadDone = false;
private void threadStop() {
* Stop the background thread that is periodically checking for
if (thread == null)
thread.join();
thread.interrupt();
threadDone = true;
thread = null;
// Background Thread
* The background thread that checks for session timeouts and shutdown.
processExpires();
threadSleep();
// Loop until the termination semaphore is set
public void run() {
while (!threadDone) {
StandardManager
StandardSessionManager
import org.apache.tomcat.util.SessionUtil;
import org.apache.tomcat.core.SessionManager;
import org.apache.tomcat.core.Response;
import org.apache.tomcat.core.Context;
import org.apache.tomcat.core.Request;
* XXX - At present, use of <code>StandardManager</code> is hard coded,
* that adapts to the new component-based Manager implementation.
* Specialized implementation of org.apache.tomcat.core.SessionManager
* and lifecycle configuration is not supported.
* the core level. The Tomcat.Next "Manager" interface acts more like a
* collection class, and has minimal knowledge of the detailed request
* paradigm, I would suggest moving the logic implemented here back into
* <b>IMPLEMENTATION NOTE</b>: Once we commit to the new Manager/Session
* a Context to tell the Manager that we create what the default session
* XXX - At present, there is no way (via the SessionManager interface) for
* processing semantics of handling sessions.
* should be.
* timeout for this web application (specified in the deployment descriptor)
implements SessionManager {
public final class StandardSessionManager
* Create a new SessionManager that adapts to the corresponding Manager
manager = new StandardManager();
public StandardSessionManager() {
* implementation.
if (manager instanceof Lifecycle) {
} catch (LifecycleException e) {
throw new IllegalStateException("" + e);
((Lifecycle) manager).start();
((Lifecycle) manager).configure(null);
* The Manager implementation we are actually using.
* Mark the specified session's last accessed time. This should be
public void accessed(Context ctx, Request req, String id) {
session The session to be marked
* called for each request by a RequestInterceptor.
HttpSession session=findSession(ctx, id);
// cache the HttpSession - avoid another find
((Session) session).access();
if (session instanceof Session)
if( session == null) return;
req.setSession( session );
Session session = manager.findSession(id);
public HttpSession findSession( Context ctx, String id ) {
// XXX should we throw exception or just return null ??
} catch (IOException e) {
if(session!=null)
return session.getSession();
return manager.createSession().getSession();
public HttpSession createSession(Context ctx) {
* Remove all sessions because our associated Context is being shut down.
ctx The context that is being shut down
// contexts, we just want to remove the sessions of ctx!
// The manager will still run after that ( i.e. keep database
// XXX XXX a manager may be shared by multiple
public void removeSessions(Context ctx) {
// connection open
((Lifecycle) manager).stop();
* Used by context to configure the session manager's inactivity timeout.
* descriptor (web.xml). This method lets the Context conforgure the
* Context on the other hand has it's timeout set by the deployment
* The SessionManager may have some default session time out, the
public void setSessionTimeOut(int minutes) {
minutes The session inactivity timeout in minutes.
* session manager according to this value.
manager.setMaxInactiveInterval(minutes * 60);
if(-1 != minutes) {
// The manager works with seconds...
ServerSessionManager
import org.apache.tomcat.util.*;
public class ServerSessionManager implements SessionManager {
manager = new ServerSessionManager();
static {
protected int inactiveInterval = -1;
private static ServerSessionManager manager; // = new ServerSessionManager();
private Reaper reaper;
private Hashtable sessions = new Hashtable();
return manager;
public static ServerSessionManager getManager() {
reaper.start();
reaper.setServerSessionManager(this);
private ServerSessionManager() {
reaper = Reaper.getReaper();
if( apS==null) return;
ServerSession servS=apS.getServerSession();
ApplicationSession apS=(ApplicationSession)findSession( ctx, id);
public void accessed( Context ctx, Request req, String id ) {
req.setSession( apS );
// cache it - no need to compute it again
apS.accessed();
servS.accessed();
if(-1 != inactiveInterval) {
session.setMaxInactiveInterval(inactiveInterval);
sessions.put(sessionId, session);
ServerSession session = new ServerSession(sessionId);
String sessionId = SessionIdGenerator.generateId();
if(sSession==null) return null;
return sSession.getApplicationSession(ctx, false);
public HttpSession findSession(Context ctx, String id) {
return session.getApplicationSession( ctx, true );
ServerSession sSession=(ServerSession)sessions.get(id);
// XXX
Enumeration enum = sessions.keys();
synchronized void reap() {
// solution for this, but we'll determine something else later.
// sync'd for safty -- no other thread should be getting something
// from this while we are reaping. This isn't the most optimal
session.reap();
Object key = enum.nextElement();
session.validate();
ServerSession session = (ServerSession)sessions.get(key);
String id = session.getId();
synchronized void removeSession(ServerSession session) {
sessions.remove(id);
public void removeSessions(Context context) {
session.invalidate();
appSession.invalidate();
if (appSession != null) {
session.getApplicationSession(context, false);
ApplicationSession appSession =
inactiveInterval = (minutes * 60);
SessionInterceptor
package org.apache.tomcat.request;
* It also marks the session as accessed.
* in the Request.
* Will process the request and determine the session Id, and set it
// GS, separates the session id from the jvm route
static final char SESSIONID_ROUTE_SEP = '.';
public class SessionInterceptor extends BaseInterceptor implements RequestInterceptor {
* add new interceptors for other methods.
* This implementation only handles Cookies sessions, please extend or
public SessionInterceptor() {
int debug=0;
ContextManager cm;
public void setContextManager( ContextManager cm ) {
debug=i;
System.out.println("Set debug to " + i);
public void setDebug( int i ) {
String sessionId = null;
public int requestMap(Request request ) {
this.cm=cm;
if (cookie.getName().equals("JSESSIONID")) {
sessionId = cookie.getValue();
Cookie cookie = cookies[i];
for( int i=0; i<cookies.length; i++ ) {
Cookie cookies[]=request.getCookies(); // assert !=null
request.setRequestedSessionIdFromCookie(true);
if (sessionId!=null){
sessionId=validateSessionId(request, sessionId);
sessionId=request.getRequestURI().substring(foundAt+sig.length());
request.setRequestURI(request.getRequestURI().substring(0, foundAt));
// rewrite URL, do I need to do anything more?
if ((foundAt=request.getRequestURI().indexOf(sig))!=-1){
if( debug>0 ) cm.log(" XXX RURI=" + request.getRequestURI());
String sig=";jsessionid=";
int foundAt=-1;
return 0;
request.setRequestedSessionIdFromURL(true);
* It will also clean up the session from load-balancing strings.
sessionId, or null if not valid
/** Validate and fix the session id. If the session is not valid return null.
// We may still set it and just return session invalid.
// XXX what is the correct behavior if the session is invalid ?
// Separate them ...
// GS, We piggyback the JVM id on top of the session cookie
private String validateSessionId(Request request, String sessionId){
if(idex > 0) {
sessionId = sessionId.substring(0, idex);
int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
if( debug>0 ) cm.log(" Orig sessionId " + sessionId );
if (null != sessionId) {
if (sessionId != null && sessionId.length()!=0) {
SessionManager sM = ctx.getSessionManager();
if(null != sM.findSession(ctx, sessionId)) {
sM.accessed(ctx, request, sessionId );
Context ctx=request.getContext();
// cookie. We must check for validity in the current context.
// multiple Session cookies (one for the root
// GS, We are in a problem here, we may actually get
// context and one for the real context... or old session
return sessionId;
if( debug>0 ) cm.log(" Final session id " + sessionId );
request.setRequestedSessionId(sessionId);
return null;
public int beforeBody( Request rrequest, Response response ) {
if( debug>0 ) cm.log("Before Body " + reqSessionId );
if( reqSessionId==null)
String reqSessionId = response.getSessionId();
if(sessionPath.length() == 0) {
sessionPath = "/";
String sessionPath = rrequest.getContext().getPath();
// multiple session cookies can be used, one for each
// context.
// GS, set the path attribute to the cookie. This way
if(null != jvmRoute) {
// GS, piggyback the jvm route on the session id.
reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
String jvmRoute = rrequest.getJvmRoute();
if(!sessionPath.equals("/")) {
cookie.setMaxAge(-1);
reqSessionId);
Cookie cookie = new Cookie("JSESSIONID",
CookieTools.getCookieHeaderValue(cookie));
cookie.setVersion(0);
response.addHeader( CookieTools.getCookieHeaderName(cookie),
cookie.setVersion(1);
cookie.setPath(sessionPath); {
if( ctx.getDebug() > 0 ) ctx.log("Removing sessions from " + ctx );
public void contextShutdown( Context ctx )
throws TomcatException
/** Notification of context shutdown
ctx.getSessionManager().removeSessions(ctx);
ServerSession
* Core implementation of a server session
public class ServerSession {
private Hashtable appSessions = new Hashtable();
ServerSession(String id) {
(ApplicationSession)appSessions.get(context);
public ApplicationSession getApplicationSession(Context context,
boolean create) {
appSession = new ApplicationSession(id, this, context);
appSessions.put(context, appSession);
// sync to ensure valid?
if (appSession == null && create) {
return appSession;
// a new appSession
// inactive interval -- if so, invalidate and create
// make sure that we haven't gone over the end of our
appSessions.remove(context);
void removeApplicationSession(Context context) {
void validate()
// if we have an inactive interval, check to see if
// we've exceeded it
ssm.removeSession(this);
ServerSessionManager ssm =
ServerSessionManager.getManager();
Enumeration enum = appSessions.keys();
synchronized void invalidate() {
(ApplicationSession)appSessions.get(key);
String msg = sm.getString("serverSession.value.iae");
return values.keys();
public Enumeration getValueNames() {
appSession.validate();

7. problems like… session tracking is not modularized HTTPRequest
SessionInterceptor
requestMap(request)
beforeBody(req, resp)
...
getCookies()
getRequestURI()(doc)
getSession() getRequestedSessionId()
...
Session
getAttribute(name)
setAttribute(name, val)
invalidate()
...
HTTPResponse
getRequest()
setContentType(contentType)
getOutptutStream() setSessionId(id)
...
Servlet

8. the cost of tangled code
redundant code
same fragment of code in many places
difficult to reason about
non-explicit structure
the big picture of the tangling isn’t clear
difficult to change
have to find all the code involved
and be sure to change it consistently
and be sure not to break it by accident

9. crosscutting concerns
HTTPRequest
SessionInterceptor
getCookies()
getRequestURI()(doc)
getSession() getRequestedSessionId()
...
requestMap(request)
beforeBody(req, resp)
...
Session
HTTPResponse
getAttribute(name)
setAttribute(name, val)
invalidate()
...
getRequest()
setContentType(contentType)
getOutptutStream() setSessionId(id)
...
Servlet

10. Aspect-Oriented programming with AspectJ
the AOP idea
aspect-oriented programming
crosscutting is inherent in complex systems
crosscutting concerns
have a clear purpose
have a natural structure
defined set of methods, module boundary crossings, points of resource utilization, lines of dataflow…
so, let’s capture the structure of crosscutting concerns explicitly...
in a modular way
with linguistic and tool support
aspects are
well-modularized crosscutting concerns
here’s where we pick up the crystallization of style and analogy to OOP points
people know this, they deal with it a variety of ways, we can make that explicit
(1) It rests on an assumption that cross-cutting is inherent. That in any sufficiently complex system… I haven’t proven this assumption today, I’ve just reminded you about the problem. But I believe it, and we can talk an EXAMPLES HERE
(2) But that cross-cutting concerns are not random…
(c) Copyright Xerox Corporation, All rights reserved.

11. Aspect-Oriented programming with AspectJ
language support to… /* *
* ====================================================================
* modification, are permitted provided that the following conditions
* Redistribution and use in source and binary forms, with or without
* reserved.
* Copyright (c) 1999 The Apache Software Foundation. All rights
* The Apache Software License, Version 1.1
* are met:
* the documentation and/or other materials provided with the
* distribution.
* notice, this list of conditions and the following disclaimer in
* 2. Redistributions in binary form must reproduce the above copyright
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* Alternately, this acknowlegement may appear in the software
* Apache Software Foundation (
* "This product includes software developed by the
* any, must include the following acknowlegement:
* 3. The end-user documentation included with the redistribution, if
derived
* from this software without prior written permission. For written
* Foundation" must not be used to endorse or promote products
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
itself,
* if and wherever such third-party acknowlegements normally appear.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* permission of the Apache Group.
* nor may "Apache" appear in their names without prior written
* 5. Products derived from this software may not be called "Apache"
* permission, please contact
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* SUCH DAMAGE.
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* information on the Apache Software Foundation, please see
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* [Additional notices, if required by prior licensing conditions] */
* <
package org.apache.tomcat.session;
import javax.servlet.*;
import java.util.*;
import javax.servlet.http.*;
import java.net.*;
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.StringManager;
import java.io.*;
/**
James Todd
Jason Hunter
James Duncan Davidson
* Core implementation of an application level session
public class ApplicationSession implements HttpSession {
private Context context;
private long creationTime = System.currentTimeMillis();;
private ServerSession serverSession;
private String id;
private StringManager sm =
StringManager.getManager("org.apache.tomcat.session");
private Hashtable values = new Hashtable();
this.serverSession = serverSession;
this.context = context;
Context context) {
ApplicationSession(String id, ServerSession serverSession,
private boolean valid = true;
private long thisAccessTime = creationTime;
this.id = id; }
this.inactiveInterval *= 60;
if (this.inactiveInterval != -1) {
this.inactiveInterval = context.getSessionTimeOut();
return serverSession;
ServerSession getServerSession() {
* inactivities can be dealt with accordingly.
* Called by context when request comes in so that accesses and
if (valid) {
// HTTP SESSION IMPLEMENTATION METHODS
public String getId() {
String msg = sm.getString("applicationSession.session.ise");
throw new IllegalStateException(msg);
return id;
} else {
return creationTime;
public long getCreationTime() {
return new SessionContextImpl();
public HttpSessionContext getSessionContext() {
public void invalidate() {
// remove everything in the session
serverSession.removeApplicationSession(context);
removeValue(name);
String name = (String)enum.nextElement();
Enumeration enum = values.keys();
while (enum.hasMoreElements()) {
public boolean isNew() {
valid = false;
if (! valid) {
return true;
return false;
if (thisAccessTime == creationTime) {
public void setAttribute(String name, Object value) {
setAttribute(name, value);
public void putValue(String name, Object value) {
removeValue(name); // remove any existing binding
throw new IllegalArgumentException(msg);
String msg = sm.getString("applicationSession.value.iae");
if (name == null) {
new HttpSessionBindingEvent(this, name);
((HttpSessionBindingListener)value).valueBound(e);
HttpSessionBindingEvent e =
if (value != null && value instanceof HttpSessionBindingListener) {
values.put(name, value);
public Object getAttribute(String name) {
return getAttribute(name);
public Object getValue(String name) {
return values.get(name);
public String[] getValueNames() {
names.addElement(e.nextElement());
while (e.hasMoreElements()) {
Vector names = new Vector();
Enumeration e = getAttributeNames();
names.copyInto(valueNames);
String[] valueNames = new String[names.size()];
public Enumeration getAttributeNames() {
return valueNames;
return (Enumeration)valuesClone.keys();
Hashtable valuesClone = (Hashtable)values.clone();
public void removeAttribute(String name) {
removeAttribute(name);
public void removeValue(String name) {
Object o = values.get(name);
((HttpSessionBindingListener)o).valueUnbound(e);
new HttpSessionBindingEvent(this,name);
if (o instanceof HttpSessionBindingListener) {
public void setMaxInactiveInterval(int interval) {
values.remove(name);
public int getMaxInactiveInterval() {
inactiveInterval = interval;
return inactiveInterval; //
ApplicationSession
import java.io.IOException;
import java.util.Vector;
import java.util.Hashtable;
import java.util.Enumeration;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import org.apache.tomcat.catalina.*;
import javax.servlet.http.HttpSessionContext;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
* <b>IMPLEMENTATION NOTE</b>: An instance of this class represents both the
* <p>
* to a different JVM for distributable session support.
* Standard implementation of the <b>Session</b> interface. This object is
* serializable, so that it can be stored in persistent storage or transferred
* However, because the class itself is not declared public, Java logic outside
* internal (Session) and application level (HttpSession) view of the session.
* of the <code>org.apache.tomcat.session</code> package cannot cast an
Craig R. McClanahan
$Revision: 1.2 $ $Date: 2000/05/15 17:54:10 $
* HttpSession view of this instance back to a Session view.
// Constructors
implements HttpSession, Session {
final class StandardSession
manager The manager with which this Session is associated
* Construct a new Session associated with the specified Manager.
this.manager = manager;
super();
public StandardSession(Manager manager) {
// Instance Variables
private Hashtable attributes = new Hashtable();
* The collection of user data attributes associated with this Session.
* The time this session was created, in milliseconds since midnight,
private long creationTime = 0L;
* January 1, 1970 GMT.
private String id = null;
* The session identifier of this Session.
private static final String info = "StandardSession/1.0";
* Descriptive information describing this Session implementation.
* The last accessed time for this Session.
private Manager manager = null;
* The Manager with which this Session is associated.
* The maximum time interval, in seconds, between client requests before
private int maxInactiveInterval = -1;
* indicates that the session should never time out.
* the servlet container may invalidate this session. A negative time
private boolean isNew = true;
* Flag indicating whether this session is new or not.
private boolean isValid = false;
* Flag indicating whether this session is valid or not.
* The string manager for this package.
private static HttpSessionContext sessionContext = null;
* The HTTP session context associated with this session.
private long thisAccessedTime = creationTime;
* The current accessed time for this session.
// Session Properties
* Set the creation time for this session. This method is called by the
time The new creation time
* Manager when an existing Session instance is reused.
this.creationTime = time;
this.thisAccessedTime = time;
public void setCreationTime(long time) {
* Return the session identifier for this session.
return (this.id);
* Set the session identifier for this session.
id The new session identifier
((ManagerBase) manager).remove(this);
(manager instanceof ManagerBase))
if ((this.id != null) && (manager != null) &&
public void setId(String id) {
((ManagerBase) manager).add(this);
if ((manager != null) && (manager instanceof ManagerBase))
* the corresponding version number, in the format
* Return descriptive information about this Session implementation and
return (this.info);
public String getInfo() {
* <code><description>/<version></code>.
* Return the Manager within which this Session is valid.
return (this.manager);
public Manager getManager() {
public void setManager(Manager manager) {
manager The new Manager
* Set the Manager within which this Session is valid.
* Return the maximum time interval, in seconds, between client requests
IllegalStateException if this method is called on
* time indicates that the session should never time out.
* before the servlet container will invalidate the session. A negative
* an invalidated session
return (this.maxInactiveInterval);
* Set the maximum time interval, in seconds, between client requests
interval The new maximum interval
this.maxInactiveInterval = interval;
* Return the <code>HttpSession</code> for which this object
return ((HttpSession) this);
public HttpSession getSession() {
* is the facade.
// Session Public Methods
* without triggering an exception if the session has already expired.
* Perform the internal processing required to invalidate this session,
public void expire() {
// Remove this session from our manager's active sessions
String attr = (String) attrs.nextElement();
while (attrs.hasMoreElements()) {
Vector results = new Vector();
Enumeration attrs = getAttributeNames();
// Unbind any objects associated with this session
String name = (String) names.nextElement();
while (names.hasMoreElements()) {
Enumeration names = results.elements();
results.addElement(attr);
setValid(false);
// Mark this session as invalid
* preparation for reuse of this object.
* Release all object references, and initialize instance variables, in
public void recycle() {
manager = null;
maxInactiveInterval = -1;
id = null;
creationTime = 0L;
attributes.clear();
// Reset the instance variables associated with this Session
((ManagerBase) manager).recycle(this);
// Tell our Manager that this Session has been recycled
isValid = false;
isNew = true;
// Session Package Methods
* Return the <code>isValid</code> flag for this session.
return (this.isValid);
boolean isValid() {
void setNew(boolean isNew) {
isNew The new value for the <code>isNew</code> flag
* Set the <code>isNew</code> flag for this session.
this.isNew = isNew;
void setValid(boolean isValid) {
isValid The new value for the <code>isValid</code> flag
* Set the <code>isValid</code> flag for this session.
this.isValid = isValid;
// HttpSession Properties
IllegalStateException if this method is called on an
* midnight, January 1, 1970 GMT.
* Return the time when this session was created, in milliseconds since
* invalidated session
return (this.creationTime);
* replacement. It will be removed in a future version of the
As of Version 2.1, this method is deprecated and has no
* Return the session context with which this session is associated.
* Java Servlet API.
sessionContext = new StandardSessionContext();
return (sessionContext);
if (sessionContext == null)
// HttpSession Public Methods
* <code>null</code> if no object is bound with that name.
* Return the object bound with the specified name in this session, or
name Name of the attribute to be returned
return (attributes.get(name));
* containing the names of the objects bound to this session.
* Return an <code>Enumeration</code> of <code>String</code> objects
return (attributes.keys());
name Name of the value to be returned
* <code>getAttribute()</code>
As of Version 2.2, this method is replaced by
return (getAttribute(name));
* are no such objects, a zero-length array is returned.
* Return the set of names of objects bound to this session. If there
* <code>getAttributeNames()</code>
names[i] = (String) results.elementAt(i);
return (names);
for (int i = 0; i < names.length; i++)
String names[] = new String[results.size()];
* Invalidates this session and unbinds any objects bound to it.
expire();
// Cause this session to expire
* session, or if the client chooses not to join the session. For
* Return <code>true</code> if the client does not yet know about the
* request.
* has disabled the use of cookies, then a session would be new on each
* example, if the server used only cookie-based sessions, and the client
return (this.isNew);
* Bind an object to this session, using the specified name. If an object
* replaced.
* of the same name is already bound to this session, the object is
name Name to which the object is bound, cannot be null
value Object to be bound, cannot be null
* <code>valueBound()</code> on the object.
* After this method executes, and if the object implements
* <code>HttpSessionBindingListener</code>, the container calls
* <code>setAttribute()</code>
* does nothing.
* the session does not have an object bound with this name, this method
* Remove the object bound with the specified name from this session. If
name Name of the object to remove from this session.
* <code>valueUnbound()</code> on the object.
if (object == null)
Object object = attributes.get(name);
synchronized (attributes) {
(new HttpSessionBindingEvent((HttpSession) this, name));
((HttpSessionBindingListener) object).valueUnbound
if (object instanceof HttpSessionBindingListener) {
attributes.remove(name);
// System.out.println( "Removing attribute " + name );
return;
* <code>removeAttribute()</code>
IllegalArgumentException if an attempt is made to add a
* non-serializable object in an environment marked distributable.
throw new IllegalArgumentException
(sm.getString("standardSession.setAttribute.iae"));
!(value instanceof Serializable))
if ((manager != null) && manager.getDistributable() &&
if (value instanceof HttpSessionBindingListener)
((HttpSessionBindingListener) value).valueBound
attributes.put(name, value);
// HttpSession Private Methods
* <b>IMPLEMENTATION NOTE</b>: The reference to the owning Manager
* is not restored by this method, and must be set explicitly.
* object input stream.
* Read a serialized version of this session object from the specified
ClassNotFoundException if an unknown class is specified
stream The input stream to read from
// Deserialize the scalar instance variables (except Manager)
creationTime = ((Long) stream.readObject()).longValue();
throws ClassNotFoundException, IOException {
private void readObject(ObjectInputStream stream)
IOException if an input/output error occurs
isValid = ((Boolean) stream.readObject()).booleanValue();
id = (String) stream.readObject();
String name = (String) stream.readObject();
Object value = (Object) stream.readObject();
for (int i = 0; i < n; i++) {
int n = ((Integer) stream.readObject()).intValue();
// Deserialize the attribute count and attribute values
* object output stream.
* Write a serialized version of this session object to the specified
* <b>IMPLEMENTATION NOTE</b>: Any attribute that is not Serializable
* will be silently ignored. If you do not want any such attributes,
* explicitly.
* <code>readObject()</code>, you must set the associated Manager
* <b>IMPLEMENTATION NOTE</b>: The owning Manager will not be stored
* in the serialized representation of this Session. After calling
* Manager is set to <code>true</code>.
stream The output stream to write to
* be sure the <code>distributable</code> property of our associated
stream.writeObject(new Integer(maxInactiveInterval));
stream.writeObject(id);
stream.writeObject(new Long(creationTime));
private void writeObject(ObjectOutputStream stream) throws IOException {
// Write the scalar instance variables (except Manager)
stream.writeObject(new Boolean(isValid));
// Accumulate the names of serializable attributes
stream.writeObject(new Boolean(isNew));
if (value instanceof Serializable)
Object value = attributes.get(attr);
stream.writeObject(new Integer(results.size()));
// Serialize the attribute count and the attribute values
stream.writeObject(attributes.get(name));
stream.writeObject(name);
Enumeration getAttributeNames() |
String[] getValueNames() |
Object getAttribute(String) |
long getCreationTime() |
crosscut invalidate(StandardSession s): s & (int getMaxInactiveInterval() |
static advice(StandardSession s): invalidate(s) {
before {
void setAttribute(String, Object));
void removeAttribute(String) |
void invalidate() |
boolean isNew() |
+ ".ise"));
(s.sm.getString("standardSession."
+ thisJoinPoint.methodName
throw new IllegalStateException
if (!s.isValid())
// Private Class
* when <code>HttpSession.getSessionContext()</code> is called.
* This class is a dummy implementation of the <code>HttpSessionContext</code>
* interface, to conform to the requirement that such an object be returned
As of Java Servlet API 2.1 with no replacement. The
private Vector dummy = new Vector();
final class StandardSessionContext implements HttpSessionContext {
* interface will be removed in a future version of this API.
* and will be removed in a future version of the API.
* This method must return an empty <code>Enumeration</code>
* within this context.
* Return the session identifiers of all sessions defined
As of Java Servlet API 2.1 with no replacement.
return (dummy.elements());
public Enumeration getIds() {
* This method must return null and will be removed in a
id Session identifier for which to look up a session
* specified session identifier.
* Return the <code>HttpSession</code> associated with the
public HttpSession getSession(String id) {
* future version of the API.
return (null);
StandardSession
import javax.servlet.http.Cookie;
import org.w3c.dom.Node;
import org.w3c.dom.NamedNodeMap;
* an optional, configurable, maximum number of active sessions allowed.
* no session persistence or distributable capabilities, but does support
* Standard implementation of the <b>Manager</b> interface that provides
* checkInterval="60" maxActiveSessions="-1"
* maxInactiveInterval="-1" />
* <Manager className="org.apache.tomcat.session.StandardManager"
* <code>
* in the following format:
* Lifecycle configuration of this component assumes an XML node
* where you can adjust the following parameters, with default values
* </code>
* be active at once, or -1 for no limit. [-1]
* <li><b>maxInactiveInterval</b> - The default maximum number of seconds of
* inactivity before which the servlet container is allowed to time out
* <li><b>maxActiveSessions</b> - The maximum number of sessions allowed to
* thread checks for expired sessions. [60]
* <li><b>checkInterval</b> - The interval (in seconds) between background
* in square brackets:
* <ul>
* </ul>
* descriptor, if any. [-1]
* the default session timeout specified in the web application deployment
* a session, or -1 for no limit. This value should be overridden from
implements Lifecycle, Runnable {
extends ManagerBase
public final class StandardManager
$Revision: $ $Date: 2000/05/02 21:28:30 $
* The interval (in seconds) between checks for expired sessions.
private boolean configured = false;
* Has this component been configured yet?
private int checkInterval = 60;
private static final String info = "StandardManager/1.0";
* The descriptive information about this implementation.
protected int maxActiveSessions = -1;
* The maximum number of active Sessions allowed, or -1 for no limit.
private boolean started = false;
* Has this component been started yet?
private Thread thread = null;
* The background thread.
* The background thread completion semaphore.
private boolean threadDone = false;
* Name to register for the background thread.
// Properties
private String threadName = "StandardManager";
return (this.checkInterval);
public int getCheckInterval() {
* Return the check interval (in seconds) for this Manager.
checkInterval The new check interval
* Set the check interval (in seconds) for this Manager.
public void setCheckInterval(int checkInterval) {
this.checkInterval = checkInterval;
* Return descriptive information about this Manager implementation and
public int getMaxActiveSessions() {
* no limit.
* Return the maximum number of active Sessions allowed, or -1 for
return (this.maxActiveSessions);
* Set the maximum number of actives Sessions allowed, or -1 for
this.maxActiveSessions = max;
public void setMaxActiveSessions(int max) {
max The new maximum number of sessions
// Public Methods
* method of the returned session. If a new session cannot be created
* for any reason, return <code>null</code>.
* id will be assigned by this method, and available via the getId()
* settings specified by this Manager's properties. The session
* Construct and return a new session object, based on the default
if ((maxActiveSessions >= 0) &&
(sessions.size() >= maxActiveSessions))
public Session createSession() {
* instantiated for any reason
IllegalStateException if a new session cannot be
return (super.createSession());
(sm.getString("standardManager.createSession.ise"));
// Lifecycle Methods
* Configure this component, based on the specified configuration
IllegalStateException if this component has already been
* (<B>FIXME: What object type should this really be?)
parameters Configuration parameters for this component
* parameters. This method should be called immediately after the
* component instance is created, and before <code>start()</code>
* is called.
LifecycleException if this component detects a fatal error
* configured and/or started
if (configured)
// Validate and update our current component state
throws LifecycleException {
* in the configuration parameters it was given
public void configure(Node parameters)
if (!("Manager".equals(parameters.getNodeName())))
// Parse and process our configuration parameters
if (parameters == null)
(sm.getString("standardManager.alreadyConfigured"));
configured = true;
throw new LifecycleException
NamedNodeMap attributes = parameters.getAttributes();
} catch (Throwable t) {
; // XXX - Throw exception?
setCheckInterval(Integer.parseInt(node.getNodeValue()));
if (node != null) {
node = attributes.getNamedItem("checkInterval");
Node node = null;
try {
setMaxActiveSessions(Integer.parseInt(node.getNodeValue()));
node = attributes.getNamedItem("maxActiveSessions");
setMaxInactiveInterval(Integer.parseInt(node.getNodeValue()));
node = attributes.getNamedItem("maxInactiveInterval");
* component. This method should be called after <code>configure()</code>,
* Prepare for the beginning of active use of the public methods of this
* started
* configured (if required for this component)
IllegalStateException if this component has not yet been
* and before any of the public methods of the component are utilized.
public void start() throws LifecycleException {
* that prevents this component from being used
if (started)
(sm.getString("standardManager.alreadyStarted"));
(sm.getString("standardManager.notConfigured"));
if (!configured)
threadStart();
// Start the background reaper thread
started = true;
* instance of this component.
* Gracefully terminate the active use of the public methods of this
* component. This method should be the last one called on a given
* been stopped
IllegalStateException if this component has already
IllegalStateException if this component has not been started
if (!started)
public void stop() throws LifecycleException {
* that needs to be reported
started = false;
(sm.getString("standardManager.notStarted"));
for (int i = 0; i < sessions.length; i++) {
StandardSession session = (StandardSession) sessions[i];
Session sessions[] = findSessions();
// Expire all active sessions
threadStop();
// Stop the background reaper thread
continue;
session.expire();
if (!session.isValid())
// Private Methods
private void threadSleep() {
* Sleep for the duration specified by the <code>checkInterval</code>
* property. ;
} catch (InterruptedException e) {
Thread.sleep(checkInterval * 1000L);
private void threadStart() {
* session timeouts.
* Start the background thread that will periodically check for
thread.start();
thread.setDaemon(true);
threadDone = false;
if (thread != null)
thread = new Thread(this, threadName);
* Stop the background thread that is periodically checking for
threadDone = true;
if (thread == null)
private void threadStop() {
thread.join();
thread.interrupt();
thread = null;
// Background Thread
public void run() {
* The background thread that checks for session timeouts and shutdown.
processExpires();
threadSleep();
while (!threadDone) {
// Loop until the termination semaphore is set
StandardManager
StandardSessionManager
import org.apache.tomcat.util.SessionUtil;
import org.apache.tomcat.core.SessionManager;
import org.apache.tomcat.core.Response;
import org.apache.tomcat.core.Context;
import org.apache.tomcat.core.Request;
* XXX - At present, use of <code>StandardManager</code> is hard coded,
* that adapts to the new component-based Manager implementation.
* Specialized implementation of org.apache.tomcat.core.SessionManager
* and lifecycle configuration is not supported.
* the core level. The Tomcat.Next "Manager" interface acts more like a
* collection class, and has minimal knowledge of the detailed request
* paradigm, I would suggest moving the logic implemented here back into
* <b>IMPLEMENTATION NOTE</b>: Once we commit to the new Manager/Session
* a Context to tell the Manager that we create what the default session
* XXX - At present, there is no way (via the SessionManager interface) for
* processing semantics of handling sessions.
* should be.
* timeout for this web application (specified in the deployment descriptor)
implements SessionManager {
public final class StandardSessionManager
* Create a new SessionManager that adapts to the corresponding Manager
manager = new StandardManager();
public StandardSessionManager() {
* implementation.
if (manager instanceof Lifecycle) {
} catch (LifecycleException e) {
throw new IllegalStateException("" + e);
((Lifecycle) manager).start();
((Lifecycle) manager).configure(null);
* The Manager implementation we are actually using.
// XXX should we throw exception or just return null ??
public HttpSession findSession( Context ctx, String id ) {
} catch (IOException e) {
return session.getSession();
if(session!=null)
Session session = manager.findSession(id);
return manager.createSession().getSession();
public HttpSession createSession(Context ctx) {
* Remove all sessions because our associated Context is being shut down.
public void removeSessions(Context ctx) {
ctx The context that is being shut down
// The manager will still run after that ( i.e. keep database
// connection open
// contexts, we just want to remove the sessions of ctx!
// XXX XXX a manager may be shared by multiple
((Lifecycle) manager).stop();
* Used by context to configure the session manager's inactivity timeout.
* session manager according to this value.
* descriptor (web.xml). This method lets the Context conforgure the
* Context on the other hand has it's timeout set by the deployment
* The SessionManager may have some default session time out, the
if(-1 != minutes) {
// The manager works with seconds...
public void setSessionTimeOut(int minutes) {
minutes The session inactivity timeout in minutes.
manager.setMaxInactiveInterval(minutes * 60);
ServerSessionManager
import org.apache.tomcat.util.*;
public class ServerSessionManager implements SessionManager {
private static ServerSessionManager manager; // = new ServerSessionManager();
public static ServerSessionManager getManager() {
manager = new ServerSessionManager();
static {
protected int inactiveInterval = -1;
private Hashtable sessions = new Hashtable();
return manager;
reaper.setServerSessionManager(this);
reaper.start();
reaper = Reaper.getReaper();
private Reaper reaper;
private ServerSessionManager() {
String sessionId = SessionIdGenerator.generateId();
session.setMaxInactiveInterval(inactiveInterval);
return session.getApplicationSession( ctx, true );
if(-1 != inactiveInterval) {
sessions.put(sessionId, session);
ServerSession session = new ServerSession(sessionId);
if(sSession==null) return null;
public HttpSession findSession(Context ctx, String id) {
return sSession.getApplicationSession(ctx, false);
ServerSession sSession=(ServerSession)sessions.get(id);
// XXX
Enumeration enum = sessions.keys();
synchronized void reap() {
// solution for this, but we'll determine something else later.
// sync'd for safty -- no other thread should be getting something
// from this while we are reaping. This isn't the most optimal
session.reap();
Object key = enum.nextElement();
session.validate();
ServerSession session = (ServerSession)sessions.get(key);
String id = session.getId();
synchronized void removeSession(ServerSession session) {
sessions.remove(id);
public void removeSessions(Context context) {
session.invalidate();
appSession.invalidate();
if (appSession != null) {
session.getApplicationSession(context, false);
ApplicationSession appSession =
inactiveInterval = (minutes * 60);
SessionInterceptor
package org.apache.tomcat.request;
* It also marks the session as accessed.
* in the Request.
* Will process the request and determine the session Id, and set it
// GS, separates the session id from the jvm route
static final char SESSIONID_ROUTE_SEP = '.';
public class SessionInterceptor extends BaseInterceptor implements RequestInterceptor {
* add new interceptors for other methods.
* This implementation only handles Cookies sessions, please extend or
public SessionInterceptor() {
int debug=0;
ContextManager cm;
public void setContextManager( ContextManager cm ) {
debug=i;
System.out.println("Set debug to " + i);
public void setDebug( int i ) {
String sessionId = null;
public int requestMap(Request request ) {
this.cm=cm;
if (cookie.getName().equals("JSESSIONID")) {
sessionId = cookie.getValue();
Cookie cookie = cookies[i];
for( int i=0; i<cookies.length; i++ ) {
Cookie cookies[]=request.getCookies(); // assert !=null
request.setRequestedSessionIdFromCookie(true);
if (sessionId!=null){
sessionId=validateSessionId(request, sessionId);
sessionId=request.getRequestURI().substring(foundAt+sig.length());
request.setRequestURI(request.getRequestURI().substring(0, foundAt));
// rewrite URL, do I need to do anything more?
if ((foundAt=request.getRequestURI().indexOf(sig))!=-1){
if( debug>0 ) cm.log(" XXX RURI=" + request.getRequestURI());
String sig=";jsessionid=";
int foundAt=-1;
return 0;
request.setRequestedSessionIdFromURL(true);
sessionId, or null if not valid
* It will also clean up the session from load-balancing strings.
/** Validate and fix the session id. If the session is not valid return null.
// We may still set it and just return session invalid.
// XXX what is the correct behavior if the session is invalid ?
// GS, We piggyback the JVM id on top of the session cookie
private String validateSessionId(Request request, String sessionId){
if(idex > 0) {
sessionId = sessionId.substring(0, idex);
int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
if (null != sessionId) {
// Separate them ...
if( debug>0 ) cm.log(" Orig sessionId " + sessionId );
if (sessionId != null && sessionId.length()!=0) {
Context ctx=request.getContext();
SessionManager sM = ctx.getSessionManager();
if(null != sM.findSession(ctx, sessionId)) {
// cookie. We must check for validity in the current context.
// context and one for the real context... or old session
// GS, We are in a problem here, we may actually get
// multiple Session cookies (one for the root
return sessionId;
request.setRequestedSessionId(sessionId);
if( debug>0 ) cm.log(" Final session id " + sessionId );
return null;
public int beforeBody( Request rrequest, Response response ) {
if( debug>0 ) cm.log("Before Body " + reqSessionId );
if( reqSessionId==null)
String reqSessionId = response.getSessionId();
if(sessionPath.length() == 0) {
sessionPath = "/";
String sessionPath = rrequest.getContext().getPath();
// multiple session cookies can be used, one for each
// context.
// GS, set the path attribute to the cookie. This way
if(null != jvmRoute) {
// GS, piggyback the jvm route on the session id.
reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
String jvmRoute = rrequest.getJvmRoute();
if(!sessionPath.equals("/")) {
cookie.setMaxAge(-1);
reqSessionId);
Cookie cookie = new Cookie("JSESSIONID",
CookieTools.getCookieHeaderValue(cookie));
cookie.setVersion(0);
response.addHeader( CookieTools.getCookieHeaderName(cookie),
cookie.setVersion(1);
cookie.setPath(sessionPath); {
if( ctx.getDebug() > 0 ) ctx.log("Removing sessions from " + ctx );
public void contextShutdown( Context ctx )
throws TomcatException
/** Notification of context shutdown
ctx.getSessionManager().removeSessions(ctx);
ServerSession
* Core implementation of a server session
public class ServerSession {
private Hashtable appSessions = new Hashtable();
ServerSession(String id) {
private int inactiveInterval = -1;
(ApplicationSession)appSessions.get(context);
boolean create) {
public ApplicationSession getApplicationSession(Context context,
appSessions.put(context, appSession);
appSession = new ApplicationSession(id, this, context);
// sync to ensure valid?
if (appSession == null && create) {
return appSession;
// a new appSession
// inactive interval -- if so, invalidate and create
// make sure that we haven't gone over the end of our
appSessions.remove(context);
void removeApplicationSession(Context context) {
void validate()
synchronized void invalidate() {
Enumeration enum = appSessions.keys();
(ApplicationSession)appSessions.get(key);
String msg = sm.getString("serverSession.value.iae");
public Enumeration getValueNames() {
return values.keys();
appSession.validate();
private long lastAccessed = creationTime;
validate();
thisAccessTime = System.currentTimeMillis();
lastAccessed = thisAccessTime;
void accessed() {
// set last accessed to thisAccessTime as it will be left over
// from the previous access
int thisInterval =
if (inactiveInterval != -1) {
// if we have an inactive interval, check to see if we've exceeded it
void validate() {
if (thisInterval > inactiveInterval) {
invalidate();
(int)(System.currentTimeMillis() - lastAccessed) / 1000;
return lastAccessed;
public long getLastAccessedTime() {
// we've exceeded it
// if we have an inactive interval, check to see if
ServerSessionManager ssm =
ssm.removeSession(this);
ServerSessionManager.getManager();
private long lastAccessedTime = creationTime;
* GMT. Actions that your application takes, such as getting or setting
* session, as the number of milliseconds since midnight, January 1, 1970
* Return the last time the client sent a request associated with this
* a value associated with the session, do not affect the access time.
return (this.lastAccessedTime);
this.lastAccessedTime = time;
* session, even if the application does not reference it.
* Update the accessed time information for this session. This method
* should be called by the context when a request comes in for a particular
public void access() {
lastAccessedTime = 0L;
this.isNew=false;
this.thisAccessedTime = System.currentTimeMillis();
this.lastAccessedTime = this.thisAccessedTime;
isNew = ((Boolean) stream.readObject()).booleanValue();
lastAccessedTime = ((Long) stream.readObject()).longValue();
maxInactiveInterval = ((Integer) stream.readObject()).intValue();
stream.writeObject(new Long(lastAccessedTime));
ApplicationSession apS=(ApplicationSession)findSession( ctx, id);
public void accessed( Context ctx, Request req, String id ) {
sM.accessed(ctx, request, sessionId );
// cache it - no need to compute it again
apS.accessed();
servS.accessed();
if( apS==null) return;
ServerSession servS=apS.getServerSession();
req.setSession( apS );
long timeNow = System.currentTimeMillis();
* Invalidate all sessions that have expired.
private void processExpires() {
int timeIdle = // Truncate, do not round up
int maxInactiveInterval = session.getMaxInactiveInterval();
if (maxInactiveInterval < 0)
if (timeIdle >= maxInactiveInterval)
(int) ((timeNow - session.getLastAccessedTime()) / 1000L);
* called for each request by a RequestInterceptor.
* Mark the specified session's last accessed time. This should be
HttpSession session=findSession(ctx, id);
if( session == null) return;
public void accessed(Context ctx, Request req, String id) {
session The session to be marked
// cache the HttpSession - avoid another find
((Session) session).access();
if (session instanceof Session)
req.setSession( session ); /* *
* ====================================================================
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* reserved.
* Copyright (c) 1999 The Apache Software Foundation. All rights
* The Apache Software License, Version 1.1
* 1. Redistributions of source code must retain the above copyright
* are met:
* the documentation and/or other materials provided with the
* distribution.
* notice, this list of conditions and the following disclaimer in
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer.
itself,
* if and wherever such third-party acknowlegements normally appear.
* Apache Software Foundation (
* Alternately, this acknowlegement may appear in the software
* "This product includes software developed by the
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* Foundation" must not be used to endorse or promote products
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
* 5. Products derived from this software may not be called "Apache"
* permission, please contact
derived
* from this software without prior written permission. For written
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* This software consists of voluntary contributions made by many
* SUCH DAMAGE.
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* information on the Apache Software Foundation, please see
* individuals on behalf of the Apache Software Foundation. For more
* [Additional notices, if required by prior licensing conditions] */
* <
package org.apache.tomcat.session;
import java.net.*;
import java.util.*;
import java.io.*;
import org.apache.tomcat.util.StringManager;
import org.apache.tomcat.core.*;
* Core implementation of an application level session
James Duncan Davidson
/**
import javax.servlet.http.*;
import javax.servlet.*;
James Todd
Jason Hunter
private String id;
private Hashtable values = new Hashtable();
private StringManager sm =
public class ApplicationSession implements HttpSession {
StringManager.getManager("org.apache.tomcat.session");
private ServerSession serverSession;
private boolean valid = true;
private int inactiveInterval = -1;
private long lastAccessed = creationTime;
private Context context;
private long creationTime = System.currentTimeMillis();;
private long thisAccessTime = creationTime;
this.inactiveInterval = context.getSessionTimeOut();
this.context = context;
this.id = id;
Context context) {
ApplicationSession(String id, ServerSession serverSession,
this.serverSession = serverSession; }
this.inactiveInterval *= 60;
if (this.inactiveInterval != -1) {
return serverSession;
ServerSession getServerSession() {
* inactivities can be dealt with accordingly.
* Called by context when request comes in so that accesses and
void accessed() {
thisAccessTime = System.currentTimeMillis();
lastAccessed = thisAccessTime;
// set last accessed to thisAccessTime as it will be left over
// from the previous access
int thisInterval =
if (inactiveInterval != -1) {
void validate() {
validate();
invalidate();
if (thisInterval > inactiveInterval) {
(int)(System.currentTimeMillis() - lastAccessed) / 1000;
// if we have an inactive interval, check to see if we've exceeded it
if (valid) {
// HTTP SESSION IMPLEMENTATION METHODS
String msg = sm.getString("applicationSession.session.ise");
public String getId() {
throw new IllegalStateException(msg);
} else {
return id;
return creationTime;
public long getCreationTime() {
public long getLastAccessedTime() {
return new SessionContextImpl();
public HttpSessionContext getSessionContext() {
return lastAccessed;
public void invalidate() {
// remove everything in the session
serverSession.removeApplicationSession(context);
removeValue(name);
String name = (String)enum.nextElement();
Enumeration enum = values.keys();
while (enum.hasMoreElements()) {
public boolean isNew() {
valid = false;
if (! valid) {
return true;
return false;
if (thisAccessTime == creationTime) {
public void setAttribute(String name, Object value) {
setAttribute(name, value);
public void putValue(String name, Object value) {
removeValue(name); // remove any existing binding
throw new IllegalArgumentException(msg);
String msg = sm.getString("applicationSession.value.iae");
if (name == null) {
new HttpSessionBindingEvent(this, name);
((HttpSessionBindingListener)value).valueBound(e);
HttpSessionBindingEvent e =
if (value != null && value instanceof HttpSessionBindingListener) {
values.put(name, value);
public Object getAttribute(String name) {
return getAttribute(name);
public Object getValue(String name) {
return values.get(name);
public String[] getValueNames() {
names.addElement(e.nextElement());
while (e.hasMoreElements()) {
Vector names = new Vector();
Enumeration e = getAttributeNames();
names.copyInto(valueNames);
String[] valueNames = new String[names.size()];
public Enumeration getAttributeNames() {
return valueNames;
return (Enumeration)valuesClone.keys();
Hashtable valuesClone = (Hashtable)values.clone();
public void removeAttribute(String name) {
removeAttribute(name);
public void removeValue(String name) {
Object o = values.get(name);
((HttpSessionBindingListener)o).valueUnbound(e);
new HttpSessionBindingEvent(this,name);
if (o instanceof HttpSessionBindingListener) {
public void setMaxInactiveInterval(int interval) {
values.remove(name);
public int getMaxInactiveInterval() {
inactiveInterval = interval;
return inactiveInterval; //
ApplicationSession
import java.io.IOException;
import java.util.Vector;
import javax.servlet.ServletException;
import java.util.Hashtable;
import java.util.Enumeration;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionContext;
import org.apache.tomcat.catalina.*;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.http.HttpSessionBindingEvent;
* serializable, so that it can be stored in persistent storage or transferred
* Standard implementation of the <b>Session</b> interface. This object is
* internal (Session) and application level (HttpSession) view of the session.
* <b>IMPLEMENTATION NOTE</b>: An instance of this class represents both the
* <p>
* to a different JVM for distributable session support.
* HttpSession view of this instance back to a Session view.
* of the <code>org.apache.tomcat.session</code> package cannot cast an
* However, because the class itself is not declared public, Java logic outside
$Revision: 1.2 $ $Date: 2000/05/15 17:54:10 $
Craig R. McClanahan
implements HttpSession, Session {
final class StandardSession
// Constructors
manager The manager with which this Session is associated
* Construct a new Session associated with the specified Manager.
this.manager = manager;
super();
public StandardSession(Manager manager) {
// Instance Variables
private Hashtable attributes = new Hashtable();
* The collection of user data attributes associated with this Session.
* The time this session was created, in milliseconds since midnight,
private long creationTime = 0L;
* January 1, 1970 GMT.
private String id = null;
* The session identifier of this Session.
private static final String info = "StandardSession/1.0";
* Descriptive information describing this Session implementation.
private long lastAccessedTime = creationTime;
* The last accessed time for this Session.
private Manager manager = null;
* The Manager with which this Session is associated.
* the servlet container may invalidate this session. A negative time
* The maximum time interval, in seconds, between client requests before
* indicates that the session should never time out.
private boolean isNew = true;
* Flag indicating whether this session is new or not.
private int maxInactiveInterval = -1;
private boolean isValid = false;
* Flag indicating whether this session is valid or not.
* The string manager for this package.
private static HttpSessionContext sessionContext = null;
* The HTTP session context associated with this session.
private long thisAccessedTime = creationTime;
* The current accessed time for this session.
// Session Properties
* Set the creation time for this session. This method is called by the
public void setCreationTime(long time) {
time The new creation time
* Manager when an existing Session instance is reused.
this.thisAccessedTime = time;
this.lastAccessedTime = time;
this.creationTime = time;
* Return the session identifier for this session.
return (this.id);
(manager instanceof ManagerBase))
if ((this.id != null) && (manager != null) &&
public void setId(String id) {
* Set the session identifier for this session.
id The new session identifier
((ManagerBase) manager).remove(this);
((ManagerBase) manager).add(this);
if ((manager != null) && (manager instanceof ManagerBase))
* <code><description>/<version></code>.
* Return descriptive information about this Session implementation and
* the corresponding version number, in the format
return (this.info);
public String getInfo() {
* a value associated with the session, do not affect the access time.
* GMT. Actions that your application takes, such as getting or setting
* session, as the number of milliseconds since midnight, January 1, 1970
* Return the last time the client sent a request associated with this
return (this.lastAccessedTime);
return (this.manager);
public Manager getManager() {
* Return the Manager within which this Session is valid.
public void setManager(Manager manager) {
manager The new Manager
* Set the Manager within which this Session is valid.
* Return the maximum time interval, in seconds, between client requests
IllegalStateException if this method is called on
* time indicates that the session should never time out.
* before the servlet container will invalidate the session. A negative
return (this.maxInactiveInterval);
* an invalidated session
* Set the maximum time interval, in seconds, between client requests
interval The new maximum interval
this.maxInactiveInterval = interval;
public HttpSession getSession() {
* is the facade.
* Return the <code>HttpSession</code> for which this object
return ((HttpSession) this);
// Session Public Methods
* session, even if the application does not reference it.
* should be called by the context when a request comes in for a particular
* Update the accessed time information for this session. This method
this.isNew=false;
this.thisAccessedTime = System.currentTimeMillis();
this.lastAccessedTime = this.thisAccessedTime;
public void access() {
* without triggering an exception if the session has already expired.
* Perform the internal processing required to invalidate this session,
// Remove this session from our manager's active sessions
public void expire() {
while (attrs.hasMoreElements()) {
Enumeration attrs = getAttributeNames();
Vector results = new Vector();
// Unbind any objects associated with this session
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
Enumeration names = results.elements();
results.addElement(attr);
String attr = (String) attrs.nextElement();
setValid(false);
// Mark this session as invalid
public void recycle() {
* preparation for reuse of this object.
* Release all object references, and initialize instance variables, in
// Reset the instance variables associated with this Session
manager = null;
isNew = true;
maxInactiveInterval = -1;
lastAccessedTime = 0L;
attributes.clear();
creationTime = 0L;
id = null;
isValid = false;
((ManagerBase) manager).recycle(this);
// Tell our Manager that this Session has been recycled
// Session Package Methods
boolean isValid() {
* Return the <code>isValid</code> flag for this session.
return (this.isValid);
void setNew(boolean isNew) {
isNew The new value for the <code>isNew</code> flag
* Set the <code>isNew</code> flag for this session.
this.isNew = isNew;
isValid The new value for the <code>isValid</code> flag
* Set the <code>isValid</code> flag for this session.
this.isValid = isValid;
void setValid(boolean isValid) {
// HttpSession Properties
IllegalStateException if this method is called on an
* Return the time when this session was created, in milliseconds since
* midnight, January 1, 1970 GMT.
* invalidated session
return (this.creationTime);
* Return the session context with which this session is associated.
* Java Servlet API.
* replacement. It will be removed in a future version of the
As of Version 2.1, this method is deprecated and has no
return (sessionContext);
sessionContext = new StandardSessionContext();
if (sessionContext == null)
// HttpSession Public Methods
* <code>null</code> if no object is bound with that name.
* Return the object bound with the specified name in this session, or
name Name of the attribute to be returned
return (attributes.get(name));
* Return an <code>Enumeration</code> of <code>String</code> objects
* containing the names of the objects bound to this session.
return (attributes.keys());
name Name of the value to be returned
* <code>getAttribute()</code>
As of Version 2.2, this method is replaced by
return (getAttribute(name));
* are no such objects, a zero-length array is returned.
* Return the set of names of objects bound to this session. If there
* <code>getAttributeNames()</code>
names[i] = (String) results.elementAt(i);
return (names);
for (int i = 0; i < names.length; i++)
String names[] = new String[results.size()];
* Invalidates this session and unbinds any objects bound to it.
expire();
// Cause this session to expire
* session, or if the client chooses not to join the session. For
* Return <code>true</code> if the client does not yet know about the
* request.
* has disabled the use of cookies, then a session would be new on each
* example, if the server used only cookie-based sessions, and the client
return (this.isNew);
* Bind an object to this session, using the specified name. If an object
* replaced.
* of the same name is already bound to this session, the object is
name Name to which the object is bound, cannot be null
value Object to be bound, cannot be null
* <code>valueBound()</code> on the object.
* After this method executes, and if the object implements
* <code>HttpSessionBindingListener</code>, the container calls
* <code>setAttribute()</code>
* does nothing.
* the session does not have an object bound with this name, this method
* Remove the object bound with the specified name from this session. If
name Name of the object to remove from this session.
* <code>valueUnbound()</code> on the object.
Object object = attributes.get(name);
synchronized (attributes) {
((HttpSessionBindingListener) object).valueUnbound
(new HttpSessionBindingEvent((HttpSession) this, name));
if (object instanceof HttpSessionBindingListener) {
// System.out.println( "Removing attribute " + name );
return;
attributes.remove(name);
if (object == null)
* <code>removeAttribute()</code>
IllegalArgumentException if an attempt is made to add a
* non-serializable object in an environment marked distributable.
throw new IllegalArgumentException
(sm.getString("standardSession.setAttribute.iae"));
!(value instanceof Serializable))
if ((manager != null) && manager.getDistributable() &&
((HttpSessionBindingListener) value).valueBound
if (value instanceof HttpSessionBindingListener)
attributes.put(name, value);
// HttpSession Private Methods
* is not restored by this method, and must be set explicitly.
* <b>IMPLEMENTATION NOTE</b>: The reference to the owning Manager
* object input stream.
* Read a serialized version of this session object from the specified
ClassNotFoundException if an unknown class is specified
IOException if an input/output error occurs
stream The input stream to read from
id = (String) stream.readObject();
lastAccessedTime = ((Long) stream.readObject()).longValue();
creationTime = ((Long) stream.readObject()).longValue();
// Deserialize the scalar instance variables (except Manager)
private void readObject(ObjectInputStream stream)
throws ClassNotFoundException, IOException {
isNew = ((Boolean) stream.readObject()).booleanValue();
maxInactiveInterval = ((Integer) stream.readObject()).intValue();
String name = (String) stream.readObject();
Object value = (Object) stream.readObject();
for (int i = 0; i < n; i++) {
int n = ((Integer) stream.readObject()).intValue();
// Deserialize the attribute count and attribute values
isValid = ((Boolean) stream.readObject()).booleanValue();
* object output stream.
* Write a serialized version of this session object to the specified
* explicitly.
* <b>IMPLEMENTATION NOTE</b>: Any attribute that is not Serializable
* <code>readObject()</code>, you must set the associated Manager
* in the serialized representation of this Session. After calling
* <b>IMPLEMENTATION NOTE</b>: The owning Manager will not be stored
stream The output stream to write to
* Manager is set to <code>true</code>.
* be sure the <code>distributable</code> property of our associated
* will be silently ignored. If you do not want any such attributes,
stream.writeObject(id);
stream.writeObject(new Long(creationTime));
private void writeObject(ObjectOutputStream stream) throws IOException {
stream.writeObject(new Boolean(isValid));
stream.writeObject(new Integer(maxInactiveInterval));
stream.writeObject(new Long(lastAccessedTime));
// Write the scalar instance variables (except Manager)
// Accumulate the names of serializable attributes
stream.writeObject(new Boolean(isNew));
if (value instanceof Serializable)
Object value = attributes.get(attr);
stream.writeObject(new Integer(results.size()));
// Serialize the attribute count and the attribute values
stream.writeObject(attributes.get(name));
stream.writeObject(name);
Enumeration getAttributeNames() |
Object getAttribute(String) |
crosscut invalidate(StandardSession s): s & (int getMaxInactiveInterval() |
long getCreationTime() |
String[] getValueNames() |
static advice(StandardSession s): invalidate(s) {
if (!s.isValid())
before {
void setAttribute(String, Object));
void removeAttribute(String) |
void invalidate() |
boolean isNew() |
+ ".ise"));
+ thisJoinPoint.methodName
throw new IllegalStateException
(s.sm.getString("standardSession."
// Private Class
* This class is a dummy implementation of the <code>HttpSessionContext</code>
* when <code>HttpSession.getSessionContext()</code> is called.
* interface, to conform to the requirement that such an object be returned
* interface will be removed in a future version of this API.
As of Java Servlet API 2.1 with no replacement. The
* Return the session identifiers of all sessions defined
* within this context.
private Vector dummy = new Vector();
final class StandardSessionContext implements HttpSessionContext {
public Enumeration getIds() {
* and will be removed in a future version of the API.
As of Java Servlet API 2.1 with no replacement.
* This method must return an empty <code>Enumeration</code>
return (dummy.elements());
id Session identifier for which to look up a session
* Return the <code>HttpSession</code> associated with the
* specified session identifier.
return (null);
public HttpSession getSession(String id) {
* future version of the API.
* This method must return null and will be removed in a
StandardSession
import javax.servlet.http.Cookie;
import org.w3c.dom.Node;
import org.w3c.dom.NamedNodeMap;
* an optional, configurable, maximum number of active sessions allowed.
* no session persistence or distributable capabilities, but does support
* Standard implementation of the <b>Manager</b> interface that provides
* checkInterval="60" maxActiveSessions="-1"
* maxInactiveInterval="-1" />
* <Manager className="org.apache.tomcat.session.StandardManager"
* <code>
* in the following format:
* Lifecycle configuration of this component assumes an XML node
* where you can adjust the following parameters, with default values
* </code>
* be active at once, or -1 for no limit. [-1]
* <li><b>maxInactiveInterval</b> - The default maximum number of seconds of
* inactivity before which the servlet container is allowed to time out
* <li><b>maxActiveSessions</b> - The maximum number of sessions allowed to
* thread checks for expired sessions. [60]
* <li><b>checkInterval</b> - The interval (in seconds) between background
* in square brackets:
* <ul>
* </ul>
* descriptor, if any. [-1]
* the default session timeout specified in the web application deployment
* a session, or -1 for no limit. This value should be overridden from
implements Lifecycle, Runnable {
extends ManagerBase
public final class StandardManager
$Revision: $ $Date: 2000/05/02 21:28:30 $
* The interval (in seconds) between checks for expired sessions.
private boolean configured = false;
* Has this component been configured yet?
private int checkInterval = 60;
private static final String info = "StandardManager/1.0";
* The descriptive information about this implementation.
protected int maxActiveSessions = -1;
* The maximum number of active Sessions allowed, or -1 for no limit.
private boolean started = false;
* Has this component been started yet?
private Thread thread = null;
* The background thread.
* The background thread completion semaphore.
private boolean threadDone = false;
* Name to register for the background thread.
// Properties
private String threadName = "StandardManager";
return (this.checkInterval);
public int getCheckInterval() {
* Return the check interval (in seconds) for this Manager.
checkInterval The new check interval
* Set the check interval (in seconds) for this Manager.
public void setCheckInterval(int checkInterval) {
this.checkInterval = checkInterval;
* Return descriptive information about this Manager implementation and
public int getMaxActiveSessions() {
* no limit.
* Return the maximum number of active Sessions allowed, or -1 for
return (this.maxActiveSessions);
* Set the maximum number of actives Sessions allowed, or -1 for
this.maxActiveSessions = max;
public void setMaxActiveSessions(int max) {
max The new maximum number of sessions
// Public Methods
* method of the returned session. If a new session cannot be created
* for any reason, return <code>null</code>.
* id will be assigned by this method, and available via the getId()
* settings specified by this Manager's properties. The session
* Construct and return a new session object, based on the default
if ((maxActiveSessions >= 0) &&
(sessions.size() >= maxActiveSessions))
public Session createSession() {
* instantiated for any reason
IllegalStateException if a new session cannot be
return (super.createSession());
(sm.getString("standardManager.createSession.ise"));
// Lifecycle Methods
* Configure this component, based on the specified configuration
IllegalStateException if this component has already been
* (<B>FIXME: What object type should this really be?)
parameters Configuration parameters for this component
* parameters. This method should be called immediately after the
* component instance is created, and before <code>start()</code>
* is called.
LifecycleException if this component detects a fatal error
* configured and/or started
if (configured)
// Validate and update our current component state
throws LifecycleException {
* in the configuration parameters it was given
public void configure(Node parameters)
configured = true;
(sm.getString("standardManager.alreadyConfigured"));
throw new LifecycleException
NamedNodeMap attributes = parameters.getAttributes();
if (!("Manager".equals(parameters.getNodeName())))
// Parse and process our configuration parameters
if (parameters == null)
Node node = null;
} catch (Throwable t) {
; // XXX - Throw exception?
setCheckInterval(Integer.parseInt(node.getNodeValue()));
try {
if (node != null) {
node = attributes.getNamedItem("checkInterval");
setMaxActiveSessions(Integer.parseInt(node.getNodeValue()));
node = attributes.getNamedItem("maxActiveSessions");
setMaxInactiveInterval(Integer.parseInt(node.getNodeValue()));
node = attributes.getNamedItem("maxInactiveInterval");
IllegalStateException if this component has not yet been
* configured (if required for this component)
* and before any of the public methods of the component are utilized.
* component. This method should be called after <code>configure()</code>,
* Prepare for the beginning of active use of the public methods of this
public void start() throws LifecycleException {
* that prevents this component from being used
* started
(sm.getString("standardManager.notConfigured"));
if (!configured)
// Start the background reaper thread
threadStart();
started = true;
(sm.getString("standardManager.alreadyStarted"));
if (started)
* component. This method should be the last one called on a given
* Gracefully terminate the active use of the public methods of this
* been stopped
* that needs to be reported
IllegalStateException if this component has already
* instance of this component.
IllegalStateException if this component has not been started
public void stop() throws LifecycleException {
// Stop the background reaper thread
threadStop();
started = false;
if (!started)
(sm.getString("standardManager.notStarted"));
// Expire all active sessions
continue;
session.expire();
if (!session.isValid())
StandardSession session = (StandardSession) sessions[i];
Session sessions[] = findSessions();
for (int i = 0; i < sessions.length; i++) {
// Private Methods
* Invalidate all sessions that have expired.
long timeNow = System.currentTimeMillis();
private void processExpires() {
(int) ((timeNow - session.getLastAccessedTime()) / 1000L);
if (timeIdle >= maxInactiveInterval)
int timeIdle = // Truncate, do not round up
if (maxInactiveInterval < 0)
int maxInactiveInterval = session.getMaxInactiveInterval();
private void threadSleep() {
* property.
* Sleep for the duration specified by the <code>checkInterval</code> ;
} catch (InterruptedException e) {
Thread.sleep(checkInterval * 1000L);
if (thread != null)
private void threadStart() {
* Start the background thread that will periodically check for
* session timeouts.
thread.start();
thread.setDaemon(true);
thread = new Thread(this, threadName);
threadDone = false;
private void threadStop() {
* Stop the background thread that is periodically checking for
if (thread == null)
thread.join();
thread.interrupt();
threadDone = true;
thread = null;
// Background Thread
* The background thread that checks for session timeouts and shutdown.
processExpires();
threadSleep();
// Loop until the termination semaphore is set
public void run() {
while (!threadDone) {
StandardManager
StandardSessionManager
import org.apache.tomcat.util.SessionUtil;
import org.apache.tomcat.core.SessionManager;
import org.apache.tomcat.core.Response;
import org.apache.tomcat.core.Context;
import org.apache.tomcat.core.Request;
* XXX - At present, use of <code>StandardManager</code> is hard coded,
* that adapts to the new component-based Manager implementation.
* Specialized implementation of org.apache.tomcat.core.SessionManager
* and lifecycle configuration is not supported.
* the core level. The Tomcat.Next "Manager" interface acts more like a
* collection class, and has minimal knowledge of the detailed request
* paradigm, I would suggest moving the logic implemented here back into
* <b>IMPLEMENTATION NOTE</b>: Once we commit to the new Manager/Session
* a Context to tell the Manager that we create what the default session
* XXX - At present, there is no way (via the SessionManager interface) for
* processing semantics of handling sessions.
* should be.
* timeout for this web application (specified in the deployment descriptor)
implements SessionManager {
public final class StandardSessionManager
* Create a new SessionManager that adapts to the corresponding Manager
manager = new StandardManager();
public StandardSessionManager() {
* implementation.
if (manager instanceof Lifecycle) {
} catch (LifecycleException e) {
throw new IllegalStateException("" + e);
((Lifecycle) manager).start();
((Lifecycle) manager).configure(null);
* The Manager implementation we are actually using.
* Mark the specified session's last accessed time. This should be
public void accessed(Context ctx, Request req, String id) {
session The session to be marked
* called for each request by a RequestInterceptor.
HttpSession session=findSession(ctx, id);
// cache the HttpSession - avoid another find
((Session) session).access();
if (session instanceof Session)
if( session == null) return;
req.setSession( session );
Session session = manager.findSession(id);
public HttpSession findSession( Context ctx, String id ) {
// XXX should we throw exception or just return null ??
} catch (IOException e) {
if(session!=null)
return session.getSession();
return manager.createSession().getSession();
public HttpSession createSession(Context ctx) {
* Remove all sessions because our associated Context is being shut down.
ctx The context that is being shut down
// contexts, we just want to remove the sessions of ctx!
// The manager will still run after that ( i.e. keep database
// XXX XXX a manager may be shared by multiple
public void removeSessions(Context ctx) {
// connection open
((Lifecycle) manager).stop();
* Used by context to configure the session manager's inactivity timeout.
* descriptor (web.xml). This method lets the Context conforgure the
* Context on the other hand has it's timeout set by the deployment
* The SessionManager may have some default session time out, the
public void setSessionTimeOut(int minutes) {
minutes The session inactivity timeout in minutes.
* session manager according to this value.
manager.setMaxInactiveInterval(minutes * 60);
if(-1 != minutes) {
// The manager works with seconds...
ServerSessionManager
import org.apache.tomcat.util.*;
public class ServerSessionManager implements SessionManager {
manager = new ServerSessionManager();
static {
protected int inactiveInterval = -1;
private static ServerSessionManager manager; // = new ServerSessionManager();
private Reaper reaper;
private Hashtable sessions = new Hashtable();
return manager;
public static ServerSessionManager getManager() {
reaper.start();
reaper.setServerSessionManager(this);
private ServerSessionManager() {
reaper = Reaper.getReaper();
if( apS==null) return;
ServerSession servS=apS.getServerSession();
ApplicationSession apS=(ApplicationSession)findSession( ctx, id);
public void accessed( Context ctx, Request req, String id ) {
req.setSession( apS );
// cache it - no need to compute it again
apS.accessed();
servS.accessed();
if(-1 != inactiveInterval) {
session.setMaxInactiveInterval(inactiveInterval);
sessions.put(sessionId, session);
ServerSession session = new ServerSession(sessionId);
String sessionId = SessionIdGenerator.generateId();
if(sSession==null) return null;
return sSession.getApplicationSession(ctx, false);
public HttpSession findSession(Context ctx, String id) {
return session.getApplicationSession( ctx, true );
ServerSession sSession=(ServerSession)sessions.get(id);
// XXX
Enumeration enum = sessions.keys();
synchronized void reap() {
// solution for this, but we'll determine something else later.
// sync'd for safty -- no other thread should be getting something
// from this while we are reaping. This isn't the most optimal
session.reap();
Object key = enum.nextElement();
session.validate();
ServerSession session = (ServerSession)sessions.get(key);
String id = session.getId();
synchronized void removeSession(ServerSession session) {
sessions.remove(id);
public void removeSessions(Context context) {
session.invalidate();
appSession.invalidate();
if (appSession != null) {
session.getApplicationSession(context, false);
ApplicationSession appSession =
inactiveInterval = (minutes * 60);
SessionInterceptor
package org.apache.tomcat.request;
* It also marks the session as accessed.
* in the Request.
* Will process the request and determine the session Id, and set it
// GS, separates the session id from the jvm route
static final char SESSIONID_ROUTE_SEP = '.';
public class SessionInterceptor extends BaseInterceptor implements RequestInterceptor {
* add new interceptors for other methods.
* This implementation only handles Cookies sessions, please extend or
public SessionInterceptor() {
int debug=0;
ContextManager cm;
public void setContextManager( ContextManager cm ) {
debug=i;
System.out.println("Set debug to " + i);
public void setDebug( int i ) {
String sessionId = null;
public int requestMap(Request request ) {
this.cm=cm;
if (cookie.getName().equals("JSESSIONID")) {
sessionId = cookie.getValue();
Cookie cookie = cookies[i];
for( int i=0; i<cookies.length; i++ ) {
Cookie cookies[]=request.getCookies(); // assert !=null
request.setRequestedSessionIdFromCookie(true);
if (sessionId!=null){
sessionId=validateSessionId(request, sessionId);
sessionId=request.getRequestURI().substring(foundAt+sig.length());
request.setRequestURI(request.getRequestURI().substring(0, foundAt));
// rewrite URL, do I need to do anything more?
if ((foundAt=request.getRequestURI().indexOf(sig))!=-1){
if( debug>0 ) cm.log(" XXX RURI=" + request.getRequestURI());
String sig=";jsessionid=";
int foundAt=-1;
return 0;
request.setRequestedSessionIdFromURL(true);
* It will also clean up the session from load-balancing strings.
sessionId, or null if not valid
/** Validate and fix the session id. If the session is not valid return null.
// We may still set it and just return session invalid.
// XXX what is the correct behavior if the session is invalid ?
// Separate them ...
// GS, We piggyback the JVM id on top of the session cookie
private String validateSessionId(Request request, String sessionId){
if(idex > 0) {
sessionId = sessionId.substring(0, idex);
int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
if( debug>0 ) cm.log(" Orig sessionId " + sessionId );
if (null != sessionId) {
if (sessionId != null && sessionId.length()!=0) {
SessionManager sM = ctx.getSessionManager();
if(null != sM.findSession(ctx, sessionId)) {
sM.accessed(ctx, request, sessionId );
Context ctx=request.getContext();
// cookie. We must check for validity in the current context.
// multiple Session cookies (one for the root
// GS, We are in a problem here, we may actually get
// context and one for the real context... or old session
return sessionId;
if( debug>0 ) cm.log(" Final session id " + sessionId );
request.setRequestedSessionId(sessionId);
return null;
public int beforeBody( Request rrequest, Response response ) {
if( debug>0 ) cm.log("Before Body " + reqSessionId );
if( reqSessionId==null)
String reqSessionId = response.getSessionId();
if(sessionPath.length() == 0) {
sessionPath = "/";
String sessionPath = rrequest.getContext().getPath();
// multiple session cookies can be used, one for each
// context.
// GS, set the path attribute to the cookie. This way
if(null != jvmRoute) {
// GS, piggyback the jvm route on the session id.
reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
String jvmRoute = rrequest.getJvmRoute();
if(!sessionPath.equals("/")) {
cookie.setMaxAge(-1);
reqSessionId);
Cookie cookie = new Cookie("JSESSIONID",
CookieTools.getCookieHeaderValue(cookie));
cookie.setVersion(0);
response.addHeader( CookieTools.getCookieHeaderName(cookie),
cookie.setVersion(1);
cookie.setPath(sessionPath); {
if( ctx.getDebug() > 0 ) ctx.log("Removing sessions from " + ctx );
public void contextShutdown( Context ctx )
throws TomcatException
/** Notification of context shutdown
ctx.getSessionManager().removeSessions(ctx);
ServerSession
* Core implementation of a server session
public class ServerSession {
private Hashtable appSessions = new Hashtable();
ServerSession(String id) {
(ApplicationSession)appSessions.get(context);
public ApplicationSession getApplicationSession(Context context,
boolean create) {
appSession = new ApplicationSession(id, this, context);
appSessions.put(context, appSession);
// sync to ensure valid?
if (appSession == null && create) {
return appSession;
// a new appSession
// inactive interval -- if so, invalidate and create
// make sure that we haven't gone over the end of our
appSessions.remove(context);
void removeApplicationSession(Context context) {
void validate()
// if we have an inactive interval, check to see if
// we've exceeded it
ssm.removeSession(this);
ServerSessionManager ssm =
ServerSessionManager.getManager();
Enumeration enum = appSessions.keys();
synchronized void invalidate() {
(ApplicationSession)appSessions.get(key);
String msg = sm.getString("serverSession.value.iae");
return values.keys();
public Enumeration getValueNames() {
appSession.validate();
what you are going to see is that if you set out to do this, it is possible to do so. AspectJ is a mix of old and new ideas – its good that some of them are old – in a new package that explicitly supports crosscutting modularity.
(c) Copyright Xerox Corporation, All rights reserved.

12. modular aspects HTTPRequest SessionInterception getCookies()
getRequestURI()(doc)
getSession() getRequestedSessionId()
...
requestMap(request)
beforeBody(req, resp)
...
Session
HTTPResponse
getAttribute(name)
setAttribute(name, val)
invalidate()
...
getRequest()
setContentType(contentType)
getOutptutStream() setSessionId(id)
...
Servlet

13. AspectJ™ is… a small and well-integrated extension to Java
a general-purpose AO language
just as Java is a general-purpose OO language
freely available implementation
compiler is Open Source
includes IDE support
emacs, JBuilder, Forte
user feedback is driving language design
currently at 1.0b1 release

14. expected benefits of using AOP
good modularity, even for crosscutting concerns
less tangled code
more natural code
shorter code
easier maintenance and evolution
easier to reason about, debug, change
more reusable
library aspects
plug and play aspects when appropriate

15. Aspect-Oriented programming with AspectJ
outline
I AOP overview
brief motivation, essence of AOP idea
II AspectJ language mechanisms
basic concepts, language semantics
III development environment
IDE support, running the compiler, debugging etc.
IV using aspects
aspect examples, how to use AspectJ to program aspects, exercises to solidify the ideas
V related work
survey of other activities in the AOP community
(c) Copyright Xerox Corporation, All rights reserved.

16. looking ahead problem structure AspectJ mechanisms Part IV:
crosscutting in the design, and how to use AspectJ to capture that
AspectJ mechanisms
Part II:
crosscutting in the code mechanisms AspectJ provides

17. Basic Mechanisms of AspectJ
Part II
Basic Mechanisms of AspectJ

18. goals of this chapter present basic language mechanisms
using one simple example
emphasis on what the mechanisms do
small scale motivation
later chapters elaborate on
environment, tools
larger examples, design and SE issues

19. Aspect-Oriented programming with AspectJ
basic mechanisms
1 overlay onto Java
dynamic join points
“points in the execution” of Java programs
4 small additions to Java
pointcuts
pick out join points and values at those points
primitive pointcuts
user-defined pointcuts
advice
additional action to take at join points in a pointcut
intra-class declarations (aka “open classes”)
aspect
a modular unit of crosscutting behavior
comprised of advice, intra-class declarations,
field,constructor and method declarations
(c) Copyright Xerox Corporation, All rights reserved.

20. a simple figure editor factory methods * operations that move elements
Display *
Figure
FigureElement
makePoint(..) makeLine(..)
moveBy(int, int)
operations that move elements
Point
Line 2
setX(int) setY(int)
setP1(Point) setP2(Point)

21. a simple figure editor class Line implements FigureElement{
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) { this.p1 = p1; }
void setP2(Point p2) { this.p2 = p2; }
void moveBy(int dx, int dy) { ... } }
class Point implements FigureElement {
private int x = 0, y = 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) { this.x = x; }
void setY(int y) { this.y = y; }

22. we will initially assume just a single display
display updating
collection of figure elements
that move periodically
must refresh the display as needed
complex collection
asynchronous events
other examples
session liveness
value caching
we will initially assume just a single display

23. Aspect-Oriented programming with AspectJ
join points
key points in dynamic call graph
a method is called
a method is called
a Figure
and returns or throws
dispatch
and returns or throws
a method executes
a Line
fix this, move points.
dispatch
and returns or throws
a method executes
and returns or throws
(c) Copyright Xerox Corporation, All rights reserved.

24. join point terminology
a Line
method call join points
dispatch
method execution join points
several kinds of join points
method & constructor call join points
method & constructor execution join points
field get & set join points
exception handler execution join points
static & dynamic initialization join points

25. join point terminology
Aspect-Oriented programming with AspectJ
join point terminology
key points in dynamic call graph
all join points on this slide are within the control flow of this join point
a Line
a Figure
fix animation
repeated calls result in new join points
(c) Copyright Xerox Corporation, All rights reserved.

26. primitive pointcuts “a means of identifying join points”
a pointcut is like a predicate on join points that:
can match or not match any given join point and
optionally, can pull out some of the values at that join point
call(void Line.setP1(Point))
matches if the join point is a method call with this signature

27. pointcut composition
pointcuts compose like predicates, using &&, || and !
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point))
a “void Line.setP1(Point)” call or
a “void Line.setP2(Point)” call
each time a Line receives a “void setP1(Point)” or “void setP2(Point)” method call

28. user-defined pointcuts
defined use the pointcut construct
user-defined (aka named) pointcuts
can be used in the same way as primitive pointcuts
pointcut move():
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point));
name
parameters
more on parameters and how pointcuts can expose values at join points in a few slides

29. Aspect-Oriented programming with AspectJ
pointcuts
summary so far
pointcut move():
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point));
user-defined pointcut designator
check for cflowbelow/sub
primitive pointcut designator, can be:
- call, execution - this, target, args
- get, set - within, withincode
- handler - cflow, cflowbelow
- initialization, staticinitialization
(c) Copyright Xerox Corporation, All rights reserved.

30. Aspect-Oriented programming with AspectJ
after advice
action to take after computation under join points
after advice runs “on the way back out”
a Line
pointcut move():
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point));
after() returning: move() {
<code here runs after each move> }
delay animation until clicked
fix picture
(c) Copyright Xerox Corporation, All rights reserved.

31. a simple aspect DisplayUpdating v1
an aspect defines a special class that can crosscut other classes
aspect DisplayUpdating {
pointcut move():
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point));
after() returning: move() {
Display.update(); }
box means complete running code

32. Aspect-Oriented programming with AspectJ
without AspectJ
DisplayUpdating v1
class Line {
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1;
Display.update(); }
void setP2(Point p2) {
this.p2 = p2;
fix color of this
what you would expect
update calls are tangled through the code
“what is going on” is less explicit
(c) Copyright Xerox Corporation, All rights reserved.

33. pointcuts can cut across multiple classes pointcut move():
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int));

34. pointcuts can use interface signatures pointcut move():
call(void FigureElement.moveBy(int, int)) ||
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int));

35. a multi-class aspect DisplayUpdating v2 aspect DisplayUpdating {
pointcut move():
call(void FigureElement.moveBy(int, int)) ||
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int));
after() returning: move() {
Display.update(); }

36. using values at join points
demonstrate first, explain in detail afterwards
pointcut can explicitly expose certain values
advice can use value
pointcut move(FigureElement figElt):
target(figElt) &&
(call(void FigureElement.moveBy(int, int)) ||
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int)));
after(FigureElement fe) returning: move(fe) {
<fe is bound to the figure element> }
parameter mechanism being used

37. explaining parameters…
Aspect-Oriented programming with AspectJ
explaining parameters…
of pointcut designators
in this, target & args pointcut designators
typed variable pulls corresponding value out of join points
variable bound in user-defined pointcut designator
makes value accessible on pointcut
pointcut move(Line l): target(l) &&
(call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)));
after(Line line): move(line) { <line is bound to the line> }
pointcut parameters
typed variable
fix next three slides, args, target, this.
(c) Copyright Xerox Corporation, All rights reserved.

38. explaining parameters…
of advice
variable bound in advice
variable in place of type name in pointcut designator
pulls corresponding value out of join points
makes value accessible within advice
pointcut move(Line l): target(l) &&
(call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)));
after(Line line): move(line) { <line is bound to the line> }
advice parameters
typed variable

39. explaining parameters…
value is ‘pulled’
right to left across ‘:’ left side : right side
from pointcut designators to user-defined pointcut designators
from pointcut to advice
pointcut move(Line l): target(l) &&
(call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)));
after(Line line): move(line) { <line is bound to the line> }

40. target primitive pointcut designator target(<type name>)
any join point at which
target object is an instance of type (or class) name
target(Point)
target(Line)
target(FigureElement)
“any join point” means it matches join points of all kinds
method & constructor call join points
method & constructor execution join points
field get & set join points
exception handler execution join points
static & dynamic initialization join points

41. Aspect-Oriented programming with AspectJ
an idiom for…
getting target object in a polymorphic pointcut
target(<supertype name>) &&
does not further restrict the join points
does pick up the target object
pointcut move(FigureElement figElt):
target(figElt) &&
(call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int)));
after(FigureElement fe): move(fe) {
<fe is bound to the figure element> }
(c) Copyright Xerox Corporation, All rights reserved.

42. context & multiple classes
Aspect-Oriented programming with AspectJ
context & multiple classes
DisplayUpdating v3
aspect DisplayUpdating {
pointcut move(FigureElement figElt):
target(figElt) &&
(call(void FigureElement.moveBy(int, int)) ||
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int)));
after(FigureElement fe): move(fe) {
Display.update(fe); }
fix this.. it’s a duplicate of previous slide.
(c) Copyright Xerox Corporation, All rights reserved.

43. Aspect-Oriented programming with AspectJ
without AspectJ
class Line {
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1; }
void setP2(Point p2) {
this.p2 = p2;
class Point {
private int x = 0, y= 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) {
this.x = x;
void setY(int y) {
this.y = y;
fix underbars
(c) Copyright Xerox Corporation, All rights reserved.

44. without AspectJ DisplayUpdating v1 class Line { class Point {
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1;
Display.update(); }
void setP2(Point p2) {
this.p2 = p2;
class Point {
private int x = 0, y= 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) {
this.x = x;
void setY(int y) {
this.y = y;

45. without AspectJ DisplayUpdating v2 class Line { class Point {
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1;
Display.update(); }
void setP2(Point p2) {
this.p2 = p2;
class Point {
private int x = 0, y = 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) {
this.x = x;
void setY(int y) {
this.y = y;

46. without AspectJ DisplayUpdating v3 non-modular “display updating”
class Line {
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1;
Display.update(this); }
void setP2(Point p2) {
this.p2 = p2;
class Point {
private int x = 0, y = 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) {
this.x = x;
void setY(int y) {
this.y = y;
non-modular “display updating”
evolution is cumbersome
changes in all classes
have to track & change all callers

47. with AspectJ class Line { class Point { private int x = 0, y = 0;
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1; }
void setP2(Point p2) {
this.p2 = p2;
class Point {
private int x = 0, y = 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) {
this.x = x;
void setY(int y) {
this.y = y;

48. with AspectJ DisplayUpdating v1 class Line { class Point {
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1; }
void setP2(Point p2) {
this.p2 = p2;
class Point {
private int x = 0, y = 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) {
this.x = x;
void setY(int y) {
this.y = y;
aspect DisplayUpdating {
pointcut move():
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point));
after() returning: move() {
Display.update(); }

49. with AspectJ DisplayUpdating v2 class Line { class Point {
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1; }
void setP2(Point p2) {
this.p2 = p2;
class Point {
private int x = 0, y = 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) {
this.x = x;
void setY(int y) {
this.y = y;
aspect DisplayUpdating {
pointcut move():
call(void FigureElement.moveBy(int, int) ||
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int));
after() returning: move() {
Display.update(); }

50. with AspectJ DisplayUpdating v3 modular “display updating” aspect
class Line {
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) {
this.p1 = p1; }
void setP2(Point p2) {
this.p2 = p2;
class Point {
private int x = 0, y = 0;
int getX() { return x; }
int getY() { return y; }
void setX(int x) {
this.x = x;
void setY(int y) {
this.y = y;
aspect DisplayUpdating {
pointcut move(FigureElement figElt):
target(figElt) &&
(call(void FigureElement.moveBy(int, int) ||
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int)));
after(FigureElement fe) returning: move(fe) {
Display.update(fe); }
modular “display updating” aspect
all changes in single aspect
evolution is modular

51. advice is before before proceeding at join point
additional action to take at join points
before before proceeding at join point
after returning a value to join point
after throwing a throwable to join point
after returning to join point either way
around on arrival at join point gets explicit control over when&if program proceeds

52. contract checking pre-conditions post-conditions condition enforcement
simple example of before/after/around
pre-conditions
check whether parameter is valid
post-conditions
check whether values were set
condition enforcement
force parameters to be valid

53. Aspect-Oriented programming with AspectJ
pre-condition
using before advice
aspect PointBoundsPreCondition {
before(int newX):
call(void Point.setX(int)) && args(newX) {
assert(newX >= MIN_X);
assert(newX <= MAX_X); }
before(int newY):
call(void Point.setY(int)) && args(newY) {
assert(newY >= MIN_Y);
assert(newY <= MAX_Y);
private void assert(boolean v) {
if ( !v )
throw new RuntimeException();
what follows the ‘:’ is always a pointcut – primitive or user-defined
(c) Copyright Xerox Corporation, All rights reserved.

54. post-condition using after advice aspect PointBoundsPostCondition {
after(Point p, int newX) returning:
call(void Point.setX(int)) && target(p) && args(newX) {
assert(p.getX() == newX); }
after(Point p, int newY) returning:
call(void Point.setY(int)) && target(p) && args(newY) {
assert(p.getY() == newY);
private void assert(boolean v) {
if ( !v )
throw new RuntimeException();

55. condition enforcement
Aspect-Oriented programming with AspectJ
condition enforcement
using around advice
aspect PointBoundsEnforcement {
void around(Point p, int newX):
call(void Point.setX(int)) && target(p) && args(newX) {
proceed(p, clip(newX, MIN_X, MAX_X)); }
void around(Point p, int newY):
call(void Point.setY(int)) && target(p) && args(newY) {
proceed(p, clip(newY, MIN_Y, MAX_Y));
private int clip(int val, int min, int max) {
return Math.max(min, Math.min(max, val));
ADD CAche example here.
(c) Copyright Xerox Corporation, All rights reserved.

56. Aspect-Oriented programming with AspectJ
special static method
<result type> proceed(arg1, arg2, …)
available only in around advice
means “run what would have run if this around advice had not been defined”
(c) Copyright Xerox Corporation, All rights reserved.

57. other primitive pointcuts
Aspect-Oriented programming with AspectJ
other primitive pointcuts
this(<type name>)
within(<type name>) withincode(<method/constructor signature>)
any join point at which
currently executing object is an instance of type or class name
currently executing code is contained within class name currently executing code is specified method or constructor
get(int Point.x)
set(int Point.x)
field reference or assignment join points
Preview of what’s to come wrt sites. How sites are designated.
(c) Copyright Xerox Corporation, All rights reserved.

58. fine-grained protection
Aspect-Oriented programming with AspectJ
fine-grained protection
a runtime error
class Figure {
public Point makeLine(Line p1, Line p2) { new Line... }
public Point makePoint(int x, int y) { new Point... }
... }
aspect FactoryEnforcement {
pointcut illegalNewFigElt():
(call(Point.new(..)) || call(Line.new(..))) &&
!withincode(* Figure.make*(..));
before(): illegalNewFigElt() {
throw new Error("Use factory method instead.");
want to ensure that figure elements are only constructed using the factory methods
more on wildcards in 3 slides
color in this correctly, remember this, aspect, pointcut.
(c) Copyright Xerox Corporation, All rights reserved.

59. fine-grained protection
Aspect-Oriented programming with AspectJ
fine-grained protection
a compile-time error
class Figure {
public Point makeLine(Line p1, Line p2) { new Line... }
public Point makePoint(int x, int y) { new Point... }
... }
aspect FactoryEnforcement {
pointcut illegalNewFigElt():
(call(Point.new(..)) || call(Line.new(..))) &&
!withincode(* Figure.make*(..));
declare error: illegalNewFigElt()
"Use factory method instead.");
want to ensure that figure elements are only constructed using the factory methods
color in this correctly, remember this, aspect, pointcut.
must be a static pointcut (more on this later)
(c) Copyright Xerox Corporation, All rights reserved.

60. fine-grained protection
Aspect-Oriented programming with AspectJ
fine-grained protection
as a static inner class
class Line implements FigureElement{
private Point p1, p2;
Point getP1() { return p1; }
Point getP2() { return p2; }
void setP1(Point p1) { this.p1 = p1; }
void setP2(Point p2) { this.p2 = p2; }
void moveBy(int dx, int dy) { ... }
static aspect SetterEnforcement {
declare error: set(Point Line.*) &&
!withincode(void Line.setP*(Point))
"Use setter method, even inside Line class."; }
color in this correctly, remember this, aspect, pointcut.
common idiom when scope of enforcement aspect is a single class, and you never want to unplug it (more on unplugging aspects later)
(c) Copyright Xerox Corporation, All rights reserved.

61. wildcarding in pointcuts
Aspect-Oriented programming with AspectJ
wildcarding in pointcuts
“*” is wild card
“..” is multi-part wild card
target(Point)
target(graphics.geom.Point)
target(graphics.geom.*) any type in graphics.geom
target(graphics..*) any type in any sub-package
of graphics
call(void Point.setX(int))
call(public * Point.*(..)) any public method on Point
call(public * *(..)) any public method on any type
call(void Point.getX())
call(void Point.getY())
call(void Point.get*())
call(void get*()) any getter
call(Point.new(int, int))
call(new(..)) any constructor
Describe actual matching rules, with arrows.
(c) Copyright Xerox Corporation, All rights reserved.

62. property-based crosscutting
package com.xerox.scan;
public class C2 { …
public int frotz() {
A.doSomething(…); }
public int bar() {
package com.xerox.print;
public class C1 { …
public void foo() {
A.doSomething(…); }
package com.xerox.copy;
public class C3 { …
public String s1() {
A.doSomething(…); }
crosscuts of methods with a common property
public/private, return a certain value, in a particular package
logging, debugging, profiling
log on entry to every public method

63. property-based crosscutting
Aspect-Oriented programming with AspectJ
property-based crosscutting
aspect PublicErrorLogging {
Log log = new Log();
pointcut publicCall():
call(public * com.xerox..*.*(..));
after() throwing (Error e): publicCall() {
log.write(e); }
means we are at a public call to com.xerox.. package
maintenance is always where better modularity pays off best
consider code maintenance
another programmer adds a public method
i.e. extends public interface – this code will still work
another programmer reads this code
“what’s really going on” is explicit
(c) Copyright Xerox Corporation, All rights reserved.

64. Aspect-Oriented programming with AspectJ
special value
reflective* access to the join point
thisJoinPoint.
Signature getSignature()
Object[] getArgs()
...
available in any advice
thisJoinPoint is abbreviated to ‘tjp’ in these slides to save slide space
* introspective subset of reflection consistent with Java
(c) Copyright Xerox Corporation, All rights reserved.

65. Aspect-Oriented programming with AspectJ
using thisJoinPoint
in highly polymorphic advice
aspect PointCoordinateTracing {
before(Point p, int newVal): set(int Point.*) &&
target(p) &&
args(newVal) {
System.out.println("At " +
tjp.getSignature() +
" field is set to " +
newVal +
"."); }
using thisJoinPoint makes it possible for advice to recover information about where it is running
(c) Copyright Xerox Corporation, All rights reserved.

66. other primitive pointcuts
Aspect-Oriented programming with AspectJ
other primitive pointcuts
execution(void Point.setX(int))
method/constructor execution join points (actual running method)
initialization(Point)
object initialization join points
staticinitialization(Point)
class initialization join points (as the class is loaded)
Preview of what’s to come wrt sites. How sites are designated.
(c) Copyright Xerox Corporation, All rights reserved.

67. other primitive pointcuts
Aspect-Oriented programming with AspectJ
other primitive pointcuts
cflow(pointcut designator)
all join points within the dynamic control flow of any join point in pointcut designator
cflowbelow(pointcut designator)
all join points within the dynamic control flow below any join point in pointcut designator
Preview of what’s to come wrt sites. How sites are designated.
needs more verbiage.
(c) Copyright Xerox Corporation, All rights reserved.

68. context sensitive aspects
Aspect-Oriented programming with AspectJ
context sensitive aspects
what happens when moveBy is called on a Line?
aspect DisplayUpdating {
pointcut move(FigureElement figElt):
target(figElt) &&
(call(void FigureElement.moveBy(int, int)) ||
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int)));
after(FigureElement fe): move(fe) {
Display.update(fe); }
fix this.. it’s a duplicate of previous slide.
(c) Copyright Xerox Corporation, All rights reserved.

69. context sensitive aspects
Aspect-Oriented programming with AspectJ
context sensitive aspects
DisplayUpdating v4
aspect DisplayUpdating {
pointcut move(FigureElement figElt):
target(figElt) &&
(call(void FigureElement.moveBy(int, int)) ||
call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int)));
pointcut topLevelMove(FigureElement figElt):
move(figElt) && !cflowbelow(move(FigureElement));
after(FigureElement fe) returning: topLevelMove(fe) {
Display.update(fe); }
the non-reentrant calls idiom:
ptc && !cflowbelow(ptc)
fix underbars
(c) Copyright Xerox Corporation, All rights reserved.

70. intra-type declarations1
Aspect-Oriented programming with AspectJ
intra-type declarations1
DisplayUpdating v5
aspect DisplayUpdating {
private Display FigureElement.display;
static void setDisplay(FigureElement fe, Display d) {
fe.display = d; }
pointcut move(FigureElement figElt):
<as before>;
after(FigureElement fe): move(fe) {
fe.display.update(fe);
adds members to target interface/class
remove underscores
1. recently termed “open classes”
(c) Copyright Xerox Corporation, All rights reserved.

71. field/getter/setter idiom
Aspect-Oriented programming with AspectJ
field/getter/setter idiom
private with respect to enclosing aspect declaration
aspect DisplayUpdating {
private Display FigureElement.display;
static void setDisplay(FigureElement fe, Display d) {
fe.display = d; }
pointcut move(FigureElement figElt):
<as before>;
after(FigureElement fe): move(fe) {
fe.display.update(fe);
the display field
is a field of FigureElement, but
belongs to DisplayUpdating aspect
so DisplayUpdating aspect should provide getter/setter
remove underscores
(c) Copyright Xerox Corporation, All rights reserved.

72. Aspect-Oriented programming with AspectJ
a “GOF pattern”
aspect DisplayUpdating {
private List FigureElement.observers = new LinkedList();
static void addDisplay(FigureElement fe, Display d) {
fe.observers.add(d); }
static void removeDisplay(FigureElement fe, Display d) {
fe.observers.remove(d);
pointcut move(FigureElement figElt):
<as before>;
after(FigureElement fe): move(fe) {
Iterator iter = fe.observers.iterator();
...
remove underscores
(c) Copyright Xerox Corporation, All rights reserved.

73. Aspect-Oriented programming with AspectJ
another pattern
aspect XXXReaderWriterSynchronization {
pointcut readers(Object o): …;
pointcut writers(Object o): …;
before(Object o): readers(o) { ... }
after (Object o): readers(o) { ... }
before(Object o): writers(o) { ... } }
remove underscores
from Doug Lea’s concurrent programming in Java
a common synchronization pattern
(c) Copyright Xerox Corporation, All rights reserved.

74. Aspect-Oriented programming with AspectJ
another pattern
aspect RegistryReaderWriterSynchronization {
pointcut readers(Object o):
call(Iterator Display.iterator()) ||
call(FigureElement getElementNear(int, int));
pointcut writers(Object o):
call(void Display.addElement(FigureElement)) ||
call(void Display.removeElement(FigureElement));
before(Object o): readers(o) { ... }
after (Object o): readers(o) { ... }
before(Object o): writers(o) { ... } }
remove underscores
(c) Copyright Xerox Corporation, All rights reserved.

75. inheritance & specialization
pointcuts can have additional advice
aspect with
concrete pointcut
perhaps no advice on the pointcut
in figure editor
move() can have advice from multiple aspects
module can expose certain well-defined pointcuts
abstract pointcuts can be specialized
abstract pointcut
concrete advice on the abstract pointcut

76. Aspect-Oriented programming with AspectJ
a shared pointcut
public class FigureEditor {
...
pointcut move(FigureElement figElt):
target(figElt) && ...; }
aspect DisplayUpdating {
after(FigureElement fe) returning:
FigureEditor.move(fe) {
(c) Copyright Xerox Corporation, All rights reserved.

77. a reusable aspect abstract
abstract public aspect RemoteExceptionLogging {
abstract pointcut logPoint();
after() throwing (RemoteException e): logPoint() {
log.println(“Remote call failed in: ” thisJoinPoint.toString() “(” + e + “).”); }
abstract
public aspect MyRMILogging extends RemoteExceptionLogging {
pointcut logPoint():
call(* RegistryServer.*.*(..)) ||
call(private * RMIMessageBrokerImpl.*.*(..)); }

78. an aspect as a reusable pattern
Aspect-Oriented programming with AspectJ
an aspect as a reusable pattern
aspect RWSynchronization {
abstract pointcut readers(Object o);
abstract pointcut writers(Object o);
before(Object o): readers(o) { ... }
after (Object o): readers(o) { ... }
before(Object o): writers(o) { ... } }
remove underscores
aspect MumbleRWSynchronization extends RWSynchronization {
pointcut readers(Object o): …;
pointcut writers(Object o): …; }
(c) Copyright Xerox Corporation, All rights reserved.

79. Aspect-Oriented programming with AspectJ
aspect instances
Gregor Kiczales:
skip this for today
aspect PublicErrorLogging
pertarget(PublicErrorLogging.publicInterface()) {
Log log = new Log();
pointcut publicInterface():
call(public * com.xerox..*.*(..));
after() throwing (Error e): publicInterface() {
log.write(e); }
one instance of the aspect for each object that ever executes at these points
(c) Copyright Xerox Corporation, All rights reserved.

80. looking up aspect instances
Aspect-Oriented programming with AspectJ
looking up aspect instances
Gregor Kiczales:
skip this for today :
static Log getLog(Object obj) {
return (PublicErrorLogging.aspectOf(obj)).log; }
static method of aspects
for default aspects takes no argument
for aspects of pertarget/perthis takes an Object
for aspects of percflow takes no arguments
returns aspect instance
(c) Copyright Xerox Corporation, All rights reserved.

81. Aspect-Oriented programming with AspectJ
aspect relations
Gregor Kiczales:
skip this for today
pertarget(<pointcut>) perthis(<pointcut>)
one aspect instance for each
object that is ever “this” at
the join points
percflow(<pointcut>) percflowbelow(<pointcut>)
one aspect instance for each join point in pointcut, is available at all joinpoints in cflow or cflowbelow p1 l1 l2 p3 p2
(c) Copyright Xerox Corporation, All rights reserved.

82. context sensitive aspects
DisplayUpdating v4
Gregor Kiczales:
skip this for today
aspect DisplayUpdating {
List movers = new LinkedList();
List movees = new LinkedList();
// …
pointcut moveCall(Object mover, FigureElement movee):
this(mover) && target(movee) &&
(call(void Line.setP1(Point)) ||
call(void Line.setP2(Point)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int)));
after(Object mover, FigureElement movee) returning:
moveCall(mover, movee) {
movers.add(mover);
movees.add(movee); }

83. Aspect-Oriented programming with AspectJ
summary
join points method & constructor call
execution
field
get
set
exception handler
initialization
aspects
crosscutting type
pertarget
perthis
percflow
percflowbelow
pointcuts
-primitive-
call execution handler get set initialization
this target args
within withincode cflow cflowbelow -user-defined- pointcut declaration abstract
overriding
advice
before
after
around
declare
error
intra-type decls
dispatch
remove of eachobject? maybe?
(c) Copyright Xerox Corporation, All rights reserved.

84. where we have been… … and where we are going problem structure
Part IV:
crosscutting in the design, and how to use AspectJ to capture that
AspectJ mechanisms
Part II:
crosscutting in the code mechanisms AspectJ provides

85. Aspect-Oriented programming with AspectJ AspectJ IDE support
Part III
AspectJ IDE support
(c) Copyright Xerox Corporation, All rights reserved.

86. programming environment
Aspect-Oriented programming with AspectJ
programming environment
AJDE support for
emacs, JBuilder, Forte
debugger
jdb style (ajdb)
window-based
ajdoc variant of javadoc
show examples of
navigating AspectJ code
compiling, tracking errors
debugging
using ajdoc
(c) Copyright Xerox Corporation, All rights reserved.

87. Aspect-Oriented programming with AspectJ Using Aspects
Part IV
Using Aspects
(c) Copyright Xerox Corporation, All rights reserved.

88. Aspect-Oriented programming with AspectJ
goals of this chapter
present examples of aspects in design
intuitions for identifying aspects
present implementations in AspectJ
how language support helps
work on implementations in AspectJ
putting AspectJ into practice
raise some style issues
objects vs. aspects
when are aspects appropriate?
(c) Copyright Xerox Corporation, All rights reserved.

89. example – plug&play tracing
Aspect-Oriented programming with AspectJ
example – plug&play tracing
simple tracing
exposes join points and uses very simple advice
an unpluggable aspect
core program functionality is unaffected by the aspect
(c) Copyright Xerox Corporation, All rights reserved.

90. tracing without AspectJ
Aspect-Oriented programming with AspectJ
tracing without AspectJ
class TraceSupport {
static int TRACELEVEL = 0;
static protected PrintStream stream = null;
static protected int callDepth = -1;
static void init(PrintStream _s) {stream=_s;}
static void traceEntry(String str) {
if (TRACELEVEL == 0) return;
callDepth++;
printEntering(str); }
static void traceExit(String str) {
callDepth--;
printExiting(str);
TraceSupport
remove underscores
class Point {
void set(int x, int y) {
TraceSupport.traceEntry(“Point.set”);
_x = x; _y = y;
TraceSupport.traceExit(“Point.set”); }
(c) Copyright Xerox Corporation, All rights reserved.

91. a clear crosscutting structure
Aspect-Oriented programming with AspectJ
a clear crosscutting structure
all modules of the system use the trace facility in a consistent way:
entering the methods and
exiting the methods
TraceSupport
Say consistent over and over again. What programming in AJ is _understanding_ what is consistent in a crosscut.
hilsdale:
lesson: what it means to be a good aspectJ programmer is being able to identify the _consistency_ or inviariant underlying a crosscut.
what is it about these 12 places? What is the invariant?
gregor: should be what is the invariant that underlies the crosscut
this line is about
interacting with
the trace facility
(c) Copyright Xerox Corporation, All rights reserved.

92. Aspect-Oriented programming with AspectJ
tracing as an aspect
aspect MyTracing {
pointcut trace():
within(com.bigboxco.boxes.*) &&
execution(* *(..));
before(): trace() {
TraceSupport.traceEntry(
thisJoinPoint.getSignature()); }
after(): trace() {
TraceSupport.traceExit(
TraceSupport
replace “points” with a singular noun
(c) Copyright Xerox Corporation, All rights reserved.

93. Aspect-Oriented programming with AspectJ
plug and debug
plug in:
unplug:
or…
ajc Point.java Line.java
TraceSupport.java MyTracing.java
ajc Point.java Line.java
(c) Copyright Xerox Corporation, All rights reserved.

94. Aspect-Oriented programming with AspectJ
plug and debug
//From ContextManager
public void service( Request rrequest, Response rresponse ) {
// log( "New request " + rrequest );
try {
// System.out.print("A");
rrequest.setContextManager( this );
rrequest.setResponse(rresponse);
rresponse.setRequest(rrequest);
// wront request - parsing error
int status=rresponse.getStatus();
if( status < 400 )
status= processRequest( rrequest );
if(status==0)
status=authenticate( rrequest, rresponse );
if(status == 0)
status=authorize( rrequest, rresponse );
if( status == 0 ) {
rrequest.getWrapper().handleRequest(rrequest,
rresponse);
} else {
// something went wrong
handleError( rrequest, rresponse, null, status ); }
} catch (Throwable t) {
handleError( rrequest, rresponse, t, 0 );
// System.out.print("B");
rresponse.finish();
rrequest.recycle();
rresponse.recycle();
} catch( Throwable ex ) {
if(debug>0) log( "Error closing request " + ex);
// log( "Done with request " + rrequest );
// System.out.print("C");
return;
// log( "New request " + rrequest );
// System.out.print(“A”);
// System.out.print("B");
if(debug>0)
log("Error closing request " + ex);
// log("Done with request " + rrequest);
// System.out.print("C");
(c) Copyright Xerox Corporation, All rights reserved.

95. Aspect-Oriented programming with AspectJ
plug and debug
turn debugging on/off
without editing classes
with no runtime cost
can save debugging code between uses
can be used for profiling, logging
easy to be sure it is off
simply compile without aspects
this connects to point about how to start using aj – compile w/o ajc
(c) Copyright Xerox Corporation, All rights reserved.

96. Aspect-Oriented programming with AspectJ
aspects in the design
have these benefits
objects are not responsible for using TraceSupport
XXXTracings aspect encapsulates that responsibility
MyTracing, DisplayTracing etc.
objects have no knowledge of TraceSupport
are shielded from changes to TraceSupport interface
only XXXTracing aspect is affected
removing tracing from the design is trivial
just remove the XXXTracing aspects and TraceSupport class
Very important point at this point in talk. When you pick up smalltalk you don’t write algol programs. Your PL changes your thinking. Implications and benefits in the design in addition to in the code.
When you pick up PL1 you do write algol programs.
Very careful with this point: Say “while strong aop is a radical shift, and you can imagine an aop language that would be as jarring as the difference between algol & smalltalk, what we’ve done with aspectJ is this incremental package. We can do this because objects are pretty good”. Don’t say that aspects lead you to a completely different design. It will lead you to think differently, but not in big parts of the design.
(c) Copyright Xerox Corporation, All rights reserved.

97. aspects in the code have these benefits
classes contain no calls to trace methods
XXXTracing aspects encapsulate those calls
MyTracing, DisplayTracing etc.
if the TraceSupport interface changes, there is no need to modify the object classes
only the trace aspect class needs to be modified
removing tracing from the application is trivial
compile without the trace aspect class

98. tracing: object vs. aspect
Aspect-Oriented programming with AspectJ
tracing: object vs. aspect
using an object captures tracing support, but does not capture its consistent usage by other objects
using an aspect captures the consistent usage of the tracing support by the objects
TraceSupport
TraceSupport
make change in speech.
what “consistent” wants to be saying is…
“the structure of the crosscutting”
“the invariant underlying the crosscutting”
(c) Copyright Xerox Corporation, All rights reserved.

99. a Tracing library aspect
Aspect-Oriented programming with AspectJ
ggodbeer:
Delete this slide
a Tracing library aspect
Tracing exercise 1
refactor MyTracing into
a reusable (library) aspect Tracing and
an extension equivalent to MyTracing
(c) Copyright Xerox Corporation, All rights reserved.

100. refactor MyTracing into a reusable (library) aspect and an extension equivalent to MyTracing
exercise
abstract aspect Tracing {
// what goes here? }
aspect MyTracing extends Tracing {
// what goes here? }

101. a Tracing library aspect
Aspect-Oriented programming with AspectJ
ggodbeer:
Delete this slide
a Tracing library aspect
Tracing exercise 2
original after advice runs whether computation returned normally or threw an exception
instead, define
one advice for normal return, and
a second for abrupt return (throwing exception)
what should it print?
(c) Copyright Xerox Corporation, All rights reserved.

102. exercise
define one advice for normal return, a second for abrupt return
abstract aspect Tracing {
// what goes here? }
aspect MyTracing extends Tracing {
// what goes here? }

103. discussion
what, at the design level, does each of these aspects implement?
did you retain TraceSupport class?
what do you think of the names Tracing and MyTracing for these aspects? what did you name the abstract pointcut
can you combine the techniques of OO frameworks with these aspects to make the Tracing aspect even more flexible? is it a good idea to do so? …

104. Aspect-Oriented programming with AspectJ
example – roles/views
add visitor
(c) Copyright Xerox Corporation, All rights reserved.

105. Aspect-Oriented programming with AspectJ
CloneablePoint
aspect CloneablePoint {
declare parents: Point implements Cloneable;
public Object Point.clone() throws CloneNotSupportedException {
// we choose to bring all fields up to date before cloning
makeRectangular(); // defined in class Point
makePolar(); // defined in class Point
return super.clone(); }
declare gets blue
(c) Copyright Xerox Corporation, All rights reserved.

106. Aspect-Oriented programming with AspectJ
roles/views
exercise/discussion
Write the HashablePoint and ComparablePoint aspects.
Consider a more complex system. Would you want the HashablePoint aspect associated with the Point class, or with other HashableX objects, or both?
(c) Copyright Xerox Corporation, All rights reserved.

107. example – counting bytes
interface OutputStream {
public void write(byte b);
public void write(byte[] b); }
/**
* This SIMPLE aspect keeps a global count of all
* the bytes ever written to any OutputStream. */
aspect ByteCounting {
int count = 0;
int getCount() { return count; }
// //
// what goes here? //

108. exercise complete the code for ByteCounting /**
* This SIMPLE aspect keeps a global count of all
* all the bytes ever written to an OutputStream. */
aspect ByteCounting {
int count = 0;
int getCount() { return count; } }

109. Aspect-Oriented programming with AspectJ
counting bytes v1
a first attempt
aspect ByteCounting {
int count = 0;
int getCount() { return count; }
after() returning:
call(void OutputStream.write(byte)) {
count = count + 1; }
after(byte[] bytes) returning:
call(void OutputStream.write(bytes)) {
count = count + bytes.length;
(c) Copyright Xerox Corporation, All rights reserved.

110. Aspect-Oriented programming with AspectJ
counting bytes
some stream implementations
class SimpleOutputStream implements OutputStream {
public void write(byte b) { … }
public void write(byte[] b) {
for (int i = 0; i < b.length; i++) write(b[i]); }
class OneOutputStream implements OutputStream {
public void write(byte[] b) { … }
(c) Copyright Xerox Corporation, All rights reserved.

111. counting bytes another implementation
class OtherOutputStream implements OutputStream {
public void write(byte b) {
byte[] bs = new byte[1] { b };
write(bs); }
public void write(byte[] b) { … }

112. exercise make a more robust implementation aspect ByteCounting {
int count = 0;
int getCount() { return count; }
pointcut write(): call(void OutputStream.write(byte)) ||
call(void OutputStream.write(byte[]));
after() returning:
call(void OutputStream .write(byte)) {
count++; }
after(byte[] bytes) returning:
call(void OutputStream .write(bytes)) {
count = count + bytes.length;

113. counting bytes v2 using cflowbelow for more robust counting
aspect ByteCounting {
int count = 0;
int getCount() { return count; }
pointcut write(): call(void OutputStream.write(byte)) ||
call(void OutputStream.write(byte[]));
pointcut writeCflow(): cflowbelow(write());
after() returning:
!writeCflow() && call(void OutputStream .write(byte)) {
count++; }
after(byte[] bytes) returning:
!writeCflow() && call(void OutputStream .write(bytes)) {
count = count + bytes.length;

114. Aspect-Oriented programming with AspectJ
exercise
per-stream counting
aspect ByteCounting {
/* put declarations here that provide per-stream count state */
pointcut write(): call(void OutputStream.write(byte)) ||
call(void OutputStream.write(byte[]));
/* ... and show how to properly increment the count state */
... count = count + 1;
... count = count + bytes.length; }
get rid of this? per-stream is bizarre?
(c) Copyright Xerox Corporation, All rights reserved.

115. Aspect-Oriented programming with AspectJ
counting bytes v3
per-stream counting
aspect ByteCounting {
/* put declarations here that provide per-stream count state */
private int OutputStream.count = 0;
static public int getCount(OutputStream os) { return os.count; }
public int OutputStream.getCount() { return count; }
pointcut write(): call(void OutputStream.write(byte)) ||
call(void OutputStream.write(byte[]));
/* ... and show how to properly increment the count state */
... s.count = s.count + 1;
... s.count = s.count + bytes.length; }
third party perspective:
ByteCounting.getCount(s);
s.getCount();
get rid of this? per-stream is bizarre?
(c) Copyright Xerox Corporation, All rights reserved.

116. Aspect-Oriented programming with AspectJ
counting bytes
exercises
How do the aspects change if the method void write(Collection c) is added to the OutputStream interface?
How would you change v2 to handle byte generators:
interface ByteGenerator { int getLength(); void generateTo(OutputStream s); }
(c) Copyright Xerox Corporation, All rights reserved.

117. example – context passing
caller1
caller2
Service
workers need to know the caller:
capabilities
charge backs
to customize result
worker 1
worker 3
worker 2

118. context-passing aspects
Aspect-Oriented programming with AspectJ
context-passing aspects
caller1
caller2
Service
workers need to know the caller:
capabilities
charge backs
to customize result
sucks that the grey became red
I’ll have to fix this, it MAY be easy, if the rest of the tutorial was using symbolic colors consistently.
worker 1
worker 3
worker 2
(c) Copyright Xerox Corporation, All rights reserved.

119. context-passing aspects
Aspect-Oriented programming with AspectJ
context-passing aspects
pointcut invocations(Caller c):
this(c) && call(void Service.doService(String));
fix later
(c) Copyright Xerox Corporation, All rights reserved.

120. context-passing aspects
pointcut invocations(Caller c):
this(c) && call(void Service.doService(String));
pointcut workPoints(Worker w):
target(w) && call(void Worker.doTask(Task));

121. context-passing aspects
pointcut invocations(Caller c):
this(c) && call(void Service.doService(String));
pointcut workPoints(Worker w):
target(w) && call(void Worker.doTask(Task));
pointcut perCallerWork(Caller c, Worker w):
cflow(invocations(c)) && workPoints(w);

122. context-passing aspects
abstract aspect CapabilityChecking {
pointcut invocations(Caller c):
this(c) && call(void Service.doService(String));
pointcut workPoints(Worker w):
target(w) && call(void Worker.doTask(Task));
pointcut perCallerWork(Caller c, Worker w):
cflow(invocations(c)) && workPoints(w);
before (Caller c, Worker w): perCallerWork(c, w) {
w.checkCapabilities(c); }

123. example n1 points a screen with location and color
that monitors location changes
that monitors color changes
that monitors screen changes

124. observe setX, setY observe println observe setColor Display
println(String)
updateStatus(String)
Point
setX(int) setY(int) setColor(Color)
observe println
observe setColor

125. <point 12> moved <point 28> changed color
Gregor Kiczales:
this slide needs to be objects, not classes, to make the multiple observer thing clear
observe setX, setY
<point 12> moved <point 28> changed color
Point
setX(int) setY(int) setColor(Color)
observe println
observe setColor
<point 12> moved <point 28> changed color
last change: 14:02:29

126. it isn’t clear to me how much of this to give them
Gregor Kiczales:
it isn’t clear to me how much of this to give them
exercise
complete the code
aspect CoordinateObserving {
HashMap perPointObservers = new WeakHashMap();
static void addObserver(Point p, Display d) { ... }
static void removeObserver(Point p, Display d) { ... }
Iterator getObservers(Point p) { ... }
pointcut change(): (call(void Point.setX(int)) ||
call(void Point.setY(int))) &&
target(p);
after(Point p) returning: change() {
// iterate for each display in observers…
update(p, d); }
void update(Point p, Display d) {
d.println(“Point “ + p + “has moved” …);

127. exercise complete the code aspect CoordinateObserving {
HashMap perPointObservers = new WeakHashMap();
static void addObserver(Point p, Display d) { ... }
static void removeObserver(Point p, Display d) { ... }
Iterator getObservers(Point p) { ... }
pointcut change(): (call(void Point.setX(int)) ||
call(void Point.setY(int))) &&
target(p);
after(Point p) returning: change() {
// iterate for each display in observers…
update(p, d); }
void update(Point p, Display d) {
d.println(“Point “ + p + “has moved” …);

128. exercise complete the code aspect Observing {
HashMap perPointObservers = new WeakHashMap();
static void addObserver(Object p, Object d) { ... }
static void removeObserver(Point p, Display d) { ... }
Iterator getObservers(Point p) { ... }
abstract pointcut change();
after(Point p) returning: change() {
// iterate for each display in observers…
update(p, d); }
abstract void update(Point p, Display d);

129. exercise complete the code aspect ColorObserving {
Display d; // assume this is set up for you }

130. exercise complete the code for DisplayXXX aspect DisplayObserving {
Display d; // assume this is set up for you }

131. exercise
abstract these into a reusable aspect
aspect Observing { }

132. exercise abstract these into a reusable aspect
abstract aspect Observing {
private WeakHashMap perSubjectObservers = new WeakHashMap();
private Collection getObservers(Subject s) {
Collection observers = (Collection)perSubjectObservers.get(s);
if ( observers == null ) {
observers = new LinkedList();
perSubjectObservers.put(s, observers); }
return observers;
protected interface Subject { }
protected interface Observer { }
public void addObserver(Subject s, Observer o) { getObservers(s).add(o); }
public void removeObserver(Subject s, Observer o) { getObservers(s).remove(o); }
abstract pointcut change();
after(Subject s): change() {
Iterator iter = getObservers(s).iterator();
while ( iter.hasNext() ) {
updateObserver(s, ((Observer)iter.next()));
abstract void updateObserver(Subject s, Observer o);

133. exercise abstract these into a reusable aspect
public aspect ColorObserving extends Observing {
declare parents: Point implements Subject;
declare parents: Screen implements Observer;
pointcut changes(Subject s): call(void Point.setColor(Color)) && target(s);
void updateObserver(Subject s, Observer o) {
((Screen)o).display("Screen updated because color changed."); }

134. exercise abstract these into a reusable aspect
public aspect CoordinateObserving extends Observing {
declare parents: Point implements Subject;
declare parents: Screen implements Observer;
pointcut changes(Subject s): (call(void Point.setX(int)) ||
call(void Point.setY(int)) ) &&
target(s);
void updateObserver(Subject s, Observer o) {
((Screen)o).display("Screen updated because coordinates changed."); }

135. exercise abstract these into a reusable aspect
public aspect ScreenObserving extends Observing {
declare parents: Screen implements Subject;
declare parents: Screen implements Observer;
pointcut changes(Subject s): call(void Screen.display(String)) &&
target(s);
void updateObserver(Subject s, Observer o) {
((Screen)o).display("Screen updated because screen displayed."); }

136. example – properties of interfaces
Aspect-Oriented programming with AspectJ
example – properties of interfaces
interface Forest {
int howManyTrees();
int howManyBirds();
... }
pointcut forestCall(): call(* Forest.*(..));
before(): forestCall(): {
(c) Copyright Xerox Corporation, All rights reserved.

137. Aspect-Oriented programming with AspectJ
aspects on interfaces
a first attempt
aspect Forestry {
pointcut forestCall():
call(* Forest.*(..));
before(): forestCall() { System.out.println(tjp.getSignature() " is a Forest-Method."); }
(c) Copyright Xerox Corporation, All rights reserved.

138. Aspect-Oriented programming with AspectJ
aspects on interfaces
an implementation
class ForestImpl implements Forest {
public static void main(String[] args) {
Forest f1 = new ForestImpl();
f1.toString();
f1.howManyTrees(); }
public int howManyTrees() { return 100; }
public int howManyBirds() { return 200; }
interface Forest includes methods from Object, such as toString()
(c) Copyright Xerox Corporation, All rights reserved.

139. Aspect-Oriented programming with AspectJ
aspects on interfaces
adding constraints
aspect Forestry {
pointcut forestCall():
call(* Forest.*(..)) &&
!call(* Object.*(..));
before(): forestCall() {
System.out.println(thisJoinPoint.methodName +
" is a Forest-method."); }
(c) Copyright Xerox Corporation, All rights reserved.

140. Aspect-Oriented programming with AspectJ
aspects on interfaces
exercises
In this example you needed to constrain a pointcut because of undesired inheritance. Think of an example where you would want to capture methods in a super-interface.
Constraining a pointcut in this way can be seen as an aspect idiom. What other idioms have you seen in this tutorial?
(c) Copyright Xerox Corporation, All rights reserved.

141. example 6 client reactions to failures: - abort - try another server
RMI exception aspects
client reactions to failures:
- abort
- try another server

142. a TimeServer design

143. the TimeService public interface TimeService extends Remote { /**
* What's the time? */
public Date getTime() throws RemoteException;
* Get the name of the server
public String getName() throws RemoteException;
* Exported base name for the service
public static final String nameBase = "TimeService"; }

144. Aspect-Oriented programming with AspectJ
the TimeServer
public class TimeServer extends UnicastRemoteObject
implements TimeService {
/**
* The remotely accessible methods */
public Date getTime() throws RemoteException {return new Date();}
public String getName() throws RemoteException {return toString();}
* Make a new server object and register it
public static void main(String[] args) {
TimeServer ts = new TimeServer();
Naming.bind(TimeService.nameBase, ts); }
* Exception pointcuts. Code is not complete without advice on them.
pointcut create():
within(TimeServer) && call(TimeServer.new());
pointcut bind(): within(TimeServer) && call(void Naming.bind(String,..));
pointcut bindName(String name): args(name, ..) && bind();
no exception catching here, but notice
Some objects you can take out and the application still runs, many of them you can’t. Aspects are the same way.
Objects are a modularity mechanism, and when you use them … Aspects are the same. The only difference is that Aspects are about crosscutting. That’s the only difference.
(c) Copyright Xerox Corporation, All rights reserved.

145. AbortMyServer aspect AbortMyServer {
TimeServer around(): TimeServer.create() {
TimeServer result = null;
try {
result = proceed();
} catch (RemoteException e){
System.out.println("TimeServer err: " + e.getMessage());
System.exit(2); }
return result;
declare soft: RemoteException: TimeServer.create();
void around(String name): TimeServer.bindName(name) {
proceed(name);
System.out.println("TimeServer: bound name.");
} catch (Exception e) {
System.err.println("TimeServer: error " + e);
System.exit(1);
declare soft: Exception: TimeServer.bind();

146. RetryMyServer aspect RetryMyServer {
TimeServer around(): TimeServer.create() {
TimeServer result = null;
try { result = proceed(); }
catch (RemoteException e){
System.out.println("TimeServer error."); e.printStackTrace(); }
return result;
declare soft: RemoteException: TimeServer.create();
void around(String name): TimeServer.bindName(name) {
for (int tries = 0; tries < 3; tries++) {
try {
proceed(name + tries);
System.out.println("TimeServer: Name bound in registry.");
return;
} catch (AlreadyBoundException e) {
System.err.println("TimeServer: name already bound");
System.err.println("TimeServer: Giving up."); System.exit(1);
declare soft: Exception: TimeServer.bind();

147. again, no exception catching here
the Client
again, no exception catching here
public class Client {
TimeService server = null;
/**
* Get a server and ask it the time occasionally */
void run() {
server = (TimeService)Naming.lookup(TimeService.nameBase);
System.out.println("\nRemote Server=" + server.getName() + "\n\n");
while (true) {
System.out.println("Time: " + server.getTime());
pause(); }
* Exception pointcuts. Code is not complete without advice on them.
pointcut setup(): call(Remote Naming.lookup(..));
pointcut setupClient(Client c): this(c) && setup();
pointcut serve(): call(* TimeService.*(..));
pointcut serveClient(Client c, TimeService ts):
this(c) && target(ts) && serve();
… other methods …

148. AbortMyClient aspect AbortMyClient {
Remote around(Client c): Client.setupClient(c) {
Remote result = null;
try {
result = proceed(c);
} catch (Exception e) {
System.out.println("Client: No server. Aborting.");
System.exit(0); }
return result;
declare soft: Exception: Client.setup();
Object around(Client c, TimeService ts): Client.serveClient(c, ts) {
Object result = null;
result = proceed(c, ts);
} catch (RemoteException e) {
System.out.println("Client: Remote Exception. Aborting.");
declare soft: RemoteException: Client.serve();

149. RetryMyClient aspect RetryMyClient {
Remote around(Client c): Client.setupClient(c) {
Remote result = null;
try { result = proceed(c);}
catch (NotBoundException e) {
System.out.println("Client: Trying alternative name...");
result = findNewServer(TimeService.nameBase, c.server, 3);
if (result == null) System.exit(1); /* No server found */
} catch (Exception e2) { System.exit(2); }
return result; }
declare soft: Exception: Client.setup();
Object around(Client c, TimeService ts): Client.serveClient(c,ts) {
try { return proceed(c,ts); }
catch (RemoteException e) {
c.server = findNewServer(TimeService.nameBase, c.server, 3);
if (c.server == null) System.exit(1); /* No server found */
try { return proceed(c, c.server); }
catch (RemoteException e2) { System.exit(2); }
return null;
declare soft: RemoteException: Client.serve();
static TimeService findNewServer(String baseName,
Object currentServer, int nservers) { … }

150. Aspect-Oriented programming with AspectJ
building the client
abort mode:
retry mode:
switch to different failure handling modes without editing
no need for subclassing or delegation
reusable failure handlers
ajc Client.java TimeServer_Stub.java AbortMyClient.java
ajc Client.java TimeServer_Stub.java RetryMyClient.java
somewhere should say
“the benefits are the usual benefits of better modularity” the difference is that aspectj makes it possible to modularize crosscutting concerns -- aspects
(c) Copyright Xerox Corporation, All rights reserved.

151. RMI exception handling
Aspect-Oriented programming with AspectJ
RMI exception handling
exercises
Write another exception handler that, on exceptions, gives up the remote mode and instantiates a local TimeServer.
How would this client look like if the exception handling were not designed with aspects? Can you come up with a flexible OO design for easily switching between exception handlers?
Compare the design of exception handlers with aspects vs. with your OO design
(c) Copyright Xerox Corporation, All rights reserved.

152. exercise aspect UseLocalClient {
Object around(Client c, TimeService ts): Client.serveClient(c, ts) {
Object result = null;
try {
result = proceed(c, ts);
} catch (RemoteException e) {
c.s = new TimeServer();
proceed(c, s); }
return result;
declare soft: RemoteException: Client.serve();

153. example 7
layers of functionality
given a basic telecom operation, with customers, calls, connections
model/design/implement utilities such as
timing
consistency checks
...

154. telecom basic design Customer Call Connection Local LongDistance
Call startCall(Customer)
void pickupCall(Call)
void mergeCalls(Call, Call)
void hangupCall(Call)
Call
Customer getCaller()
void pickup()
void merge(Call)
void hangup()
Connection
Customer getReceiver()
void complete()
void drop()
0..N 1
caller
receiver
Local
LongDistance
These classes
define the
protocols for
setting up calls
(includes
conference
calling) and
establishing
connections

155. timing entities Call Customer Connection Local LongDistance
store total
connection
time
Call
Customer 1 1 1
0..N
caller
Connection
time each connection
receiver
Local
LongDistance

156. timing some actions Call Customer Connection Local LongDistance
connection dropped:
add time
Customer 1 1 1
0..N
connection made:
start timing
connection dropped:
stop timing
caller
Connection
receiver
Local
LongDistance

157. timing additional design elements Call Customer Timer Connection Local
long getTime()
Call
Customer 1 1 1
0..N
Timer
void stop()
void start()
long getTime()
invoke when
connection drops
caller
Connection
set and invoke
upon new
connection
receiver
Local
LongDistance

158. timing
exercise
Write an aspect representing the timing protocol.

159. timing connections and calls are involved
what is the nature of the crosscutting?
connections and calls are involved
well defined protocols among them
pieces of the timing protocol must be triggered by the execution of certain basic operations. e.g.
when connection is completed, set and start a timer
when connection drops, stop the timer and add time to customers’ connection time

160. Aspect-Oriented programming with AspectJ
timing
an aspect implementation
aspect Timing {
private Timer Connection.timer = new Timer();
private long Customer.totalConnectTime = 0;
public static long getTotalConnectTime(Customer c) {
return c.totalConnectTime; }
pointcut startTiming(Connection c): target(c) && call(void c.complete());
pointcut endTiming(Connection c): target(c) && call(void c.drop());
after(Connection c): startTiming(c) {
c.timer.start();
after(Connection c): endTiming(c) {
Timer timer = c.timer;
timer.stop();
long currTime = timer.getTime();
c.getCaller().totalConnectTime += currTime;
c.getReceiver().totalConnectTime += currTime;
FIX ME! Don’t just transliterate!
(c) Copyright Xerox Corporation, All rights reserved.

161. addToTime(timer.getTime())
timing as an object
Customer
...
long getTime()
void addToTime(long)
0..N 1
addToTime(timer.getTime())
0..N
Timer
void stop()
void start()
long getTime()
Connection
...
drop()
new(..)
timing as an object captures timing support, but does not capture the protocols involved in implementing the timing feature

162. addToTime(timer.getTime())
timing as an aspect
Timing
Customer
...
0..N
long getTime()
void addToTime(long t) 1
addToTime(timer.getTime())
0..N
Timer
void stop()
void start()
long getTime()
Connection
...
drop()
new(..)
timing as an aspect captures the protocols involved in implementing the timing feature

163. timing as an aspect
has these benefits
basic objects are not responsible for using the timing facility
timing aspect encapsulates that responsibility, for appropriate objects
if requirements for timing facility change, that change is shielded from the objects
only the timing aspect is affected
removing timing from the design is trivial
just remove the timing aspect

164. timing with AspectJ object code contains no calls to timing functions
has these benefits
object code contains no calls to timing functions
timing aspect code encapsulates those calls, for appropriate objects
if requirements for timing facility change, there is no need to modify the object classes
only the timing aspect class and auxiliary classes needs to be modified
removing timing from the application is trivial
compile without the timing aspect class

165. Aspect-Oriented programming with AspectJ
timing
exercises
How would you change your program if the interface to Timer objects changed to
What changes would be necessary without the aspect abstraction?
Timer
void start()
long stopAndGetTime()
(c) Copyright Xerox Corporation, All rights reserved.

166. telecom, continued
layers of functionality: consistency
ensure that all calls and connections are being shut down in the simulation

167. Aspect-Oriented programming with AspectJ
consistency checking
store each new call
remove calls that
hangup
merge
Call
Customer getCaller()
void pickup()
void merge(Call)
void hangup()
Customer
Call startCall(Customer)
void pickupCall(Call)
void mergeCalls(Call, Call)
void hangupCall(Call) 1
0..N
List of
Calls 1 1
0..N
0..N
Connection
Customer getCaller()
Customer getReceiver()
void complete()
void drop()
store each new connection
remove connections that drop
caller
I put a small background-colored box in the lower left corner of this slide to fix its appearance.
receiver
List of
Connections
0..N
Local
LongDistance
check at the end
of simulation
(c) Copyright Xerox Corporation, All rights reserved.

168. consistency checking aspect ConsistencyChecker {
Vector calls = new Vector(), connections = new Vector();
/* The lifecycle of calls */
after(Call c): target(c) && call(Call.new(..)) {
calls.addElement(c); }
after(Call c): target(c) && call(* Call.hangup(..)) {
calls.removeElement(c);
after(Call other): args(other) && (void Call.merge(Call)) {
calls.removeElement(other);
/* The lifecycle of connections */
after(Connection c): target(c) && call(Connection.new(..)) {
connections.addElement(c);
after(Connection c): target(c) && call(* Connection.drop(..)) {
connections.removeElement(c);
after(): within(TelecomDemo) && executions(void main(..)) {
if (calls.size() != 0) println("ERROR on calls clean up.");
if (connections.size()!=0) println("ERROR on connections clean up.");

169. Aspect-Oriented programming with AspectJ
summary so far
presented examples of aspects in design
intuitions for identifying aspects
presented implementations in AspectJ
how the language support can help
raised some style issues
objects vs. aspects
(c) Copyright Xerox Corporation, All rights reserved.

170. when are aspects appropriate?
Aspect-Oriented programming with AspectJ
when are aspects appropriate?
is there a concern that:
crosscuts the structure of several objects or operations
is beneficial to separate out
hilsdale:
in wrap=up part, do wrapup based on stuff
(c) Copyright Xerox Corporation, All rights reserved.

171. … crosscutting
a design concern that involves several objects or operations
implemented without AOP would lead to distant places in the code that
do the same thing
e.g. traceEntry(“Point.set”)
try grep to find these [Griswold]
do a coordinated single thing
e.g. timing, observer pattern
harder to find these

172. … beneficial to separate out
Aspect-Oriented programming with AspectJ
… beneficial to separate out
does it improve the code in real ways?
separation of concerns
e.g . think about service without timing
clarifies interactions, reduces tangling
e.g. all the traceEntry are really the same
easier to modify / extend
e.g. change the implementation of tracing
e.g. abstract aspect re-use
plug and play
tracing aspects unplugged but not deleted
standard q: what If people use this too much. A: they will, and then they’ll learn. It’s like any new feature. Good taste is learned from experience. What we’re trying to teach is how to use aspects when you need it. If you don’t, please don’t.
hilsdale:
NOT HERE:
simple d: of crosscutting:
You have it if with respect to one concern, one element is doing one thing, but with respect to another concern, one element is doing n things. Or vice versa.
Don’t use this.
(c) Copyright Xerox Corporation, All rights reserved.

173. learned through experience, influenced by taste and style
good designs
summary
capture “the story” well
may lead to good implementations, measured by
code size
tangling
coupling
etc.
learned through experience, influenced by taste and style

174. expected benefits of using AOP
Aspect-Oriented programming with AspectJ
expected benefits of using AOP
good modularity, even in the presence of crosscutting concerns
less tangled code, more natural code, smaller code
easier maintenance and evolution
easier to reason about, debug, change
more reusable
more possibilities for plug and play
abstract aspects
(c) Copyright Xerox Corporation, All rights reserved.

175. References, Related Work
Part V
References, Related Work

176. AOP and AspectJ on the web
aosd.net
collection of wide range of work on AO software development
aspectj.org
the AspectJ web site
downloads
documentation
examples
articles…

177. Aspect-Oriented programming with AspectJ
workshops
2001
ICSE, ECOOP, OOPSLA, Nantes, Lancaster, Brussels…
2000
ICSE, ECOOP, OOPSLA
1999
ECOOP, OOPSLA
1998
ICSE, ECOOP
1997
ECOOP
1996
AOP friends meeting (at PARC)
Reflection workshops
ECOOP –
OOPSLA –
(c) Copyright Xerox Corporation, All rights reserved.

178. conference First Int’l Conference on AOSD
technical papers, tutorials, workshops
in cooperation w/ ACM SIGPLAN and SIGSOFT
sponsored by AITO (ECOOP organization)
see aosd.net for link to conference site

179. AOP future – idea, language, tools
Aspect-Oriented programming with AspectJ
AOP future – idea, language, tools
objects are
code and state
“little computers”
message as goal
hierarchical structure
languages support
encapsulation
polymorphism
inheritance
tools
browser, editor, debuggers
preserve object abstraction
aspects are
crosscutting structure
languages support
crosscutting
tools
preserve aspect abstraction
I’m going to show you a very particular language. As you look at it, think Smalltalk, CLOS, Java. I.e. think about both it and the space around it.
(c) Copyright Xerox Corporation, All rights reserved.

180. Aspect-Oriented programming with AspectJ
AOP future
language design
more dynamic crosscuts, type system …
tools
more IDE support, aspect discovery, re-factoring, re-cutting…
software engineering
finding aspects, modularity principles, …
metrics
measurable benefits, areas for improvement
theory
type system for crosscutting, fast compilation, advanced crosscut constructs
(c) Copyright Xerox Corporation, All rights reserved.

181. AspectJ & the Java platform
AspectJ is a small extension to the Java programming language
all valid programs written in the Java programming language are also valid programs in the AspectJ programming language
AspectJ has its own compiler, ajc
ajc runs on Java 2 platform
ajc is available under Open Source license
ajc produces Java platform compatible .class files

182. AspectJ status release status aspectj.org tools license
3 major, ~18 minor releases over last year (1.0b1 is current)
tools
IDE extensions: Emacs, JBuilder 3.5, JBuilder 4, Forte4J
ajdoc to parallel javadoc
debugger: command line, GUI, & IDE
license
compiler, runtime and tools are free for any use
compiler and tools are Open Source
aspectj.org
May 1999: 90 downloads/mo, 20 members on users list
Feb 2001: 600 downloads/mo, 600 members on users list

183. AspectJ future
continue building language, compiler & tools
1.0
language semantics stable
compilation direct to bytecodes
1.1
incremental compiler
1.2
source of target classes not required?
2.0
new dynamic crosscut constructs

184. Aspect-Oriented programming with AspectJ
credits
AspectJ.org is a Xerox PARC project
slides, compiler, tools & documentation are available at aspectj.org
partially funded by DARPA under contract F C0246
(c) Copyright Xerox Corporation, All rights reserved.