Changes in f34b873: bug5555: don't store/replicate/load Session objects with empty attributes

				java/com.sap.sse.security.persistence/src/com/sap/sse/security/persistence/impl/DomainObjectFactoryImpl.java
			
          @@ -34,12 +34,14 @@ public class DomainObjectFactoryImpl implements DomainObjectFactory {

                   sessionsCollection.find().forEach((Document sessionDocument)->{

                       final String cacheName = sessionDocument.getString(FieldNames.CACHE_NAME.name());

                       final Session session = loadSession(sessionDocument);

          -            if (new MillisecondsTimePoint(session.getLastAccessTime()).plus(new MillisecondsDurationImpl(session.getTimeout())).before(MillisecondsTimePoint.now())) {

          -                // expired

          -                logger.info("Session "+session+" expired");

          -                expiredSessionIds.add(session.getId());

          -            } else {

          -                Util.addToValueSet(sessionsByCacheName, cacheName, session);

          +            if (!session.getAttributeKeys().isEmpty()) { // ignore sessions without state

          +                if (new MillisecondsTimePoint(session.getLastAccessTime()).plus(new MillisecondsDurationImpl(session.getTimeout())).before(MillisecondsTimePoint.now())) {

          +                    // expired

          +                    logger.info("Session "+session+" expired");

          +                    expiredSessionIds.add(session.getId());

          +                } else {

          +                    Util.addToValueSet(sessionsByCacheName, cacheName, session);

          +                }

                       }

                   });

                   final Document filter = new Document("$in", Util.map(expiredSessionIds, id->id.toString()));

				java/com.sap.sse.security/src/com/sap/sse/security/impl/ReplicatingCache.java
			
          @@ -72,8 +72,11 @@ public class ReplicatingCache<K, V> implements Cache<K, V>, Named {

                   }

                   V result = cache.put(key, value);

                   if (store && value instanceof Session) {

          -            securityService.replicate(new PutToReplicatingCacheOperation<K, V>(getName(), key, value));

          -            securityService.storeSession(getName(), (Session) value);

          +            final Session session = (Session) value;

          +            if (!session.getAttributeKeys().isEmpty()) {

          +                securityService.replicate(new PutToReplicatingCacheOperation<K, V>(getName(), key, value));

          +                securityService.storeSession(getName(), (Session) value);

          +            }

                   }

                   return result;

               }

				wiki/info/landscape/olympic-setup.md
			
          @@ -37,11 +37,11 @@ On sap-p1-2, the following SSH connections are maintained, assuming sap-p1-2 is 

           - tokyo-ssh.sapsailing.com: 10203-->10203; 5763-->rabbit-ap-northeast-1.sapsailing.com:5762; 15763-->rabbit-ap-northeast-1.sapsailing.com; 5675:rabbit.internal.sapsailing.com:5672; 15675:rabbit.internal.sapsailing.com:15672; 10202<--10202

          -This means that tokyo-ssh.sapsailing.com sees 

          +This means that tokyo-ssh.sapsailing.com sees the process to use for reverse replication at its port 8888. Both laptops see the RabbitMQ running in eu-west-1 and reachable with its internal IP address under rabbit.internal.sapsailing.com at localhost:5675 / localhost:15675. The port forwarding through tokyo-ssh.sapsailing.com to the internal RabbitMQ address works through VPC peering.

           ## AWS Setup

          -Our primary AWS region for the event will be Tokyo (ap-northeast-1). There, we have reserved the elastic IP ``52.194.91.94`` to which we've mapped the Route53 hostname ``tokyo-ssh.sapsailing.com`` with a simple A-record. The host assigned to the IP/hostname is to be used as a "jump host" for SSH tunnels. It runs Amazon Linux with a login-user named ``ec2-user``. The ``ec2-user`` has ``sudo`` permission.

          +Our primary AWS region for the event will be Tokyo (ap-northeast-1). There, we have reserved the elastic IP ``52.194.91.94`` to which we've mapped the Route53 hostname ``tokyo-ssh.sapsailing.com`` with a simple A-record. The host assigned to the IP/hostname is to be used as a "jump host" for SSH tunnels. It runs Amazon Linux with a login-user named ``ec2-user``. The ``ec2-user`` has ``sudo`` permission. In the root user's crontab we have the same set of scripts hooked up that in our eu-west-1 production landscape is responsible for obtaining and installing the landscape manager's SSH public keys to the login user's account, aligning the set of ``authorized_keys`` with those of the registered landscape managers (users with permission ``LANDSCAPE:MANAGE:AWS``). The ``authorized_keys.org`` file also contains the two public SSH keys of the ``sailing`` accounts on the two laptops, so each time the script produces a new ``authorized_keys`` file for the ``ec2-user``, the ``sailing`` keys for the laptop tunnels don't get lost.

           I added the EPEL repository like this:

...	...	@@ -37,11 +37,11 @@ On sap-p1-2, the following SSH connections are maintained, assuming sap-p1-2 is
37	37
38	38	- tokyo-ssh.sapsailing.com: 10203-->10203; 5763-->rabbit-ap-northeast-1.sapsailing.com:5762; 15763-->rabbit-ap-northeast-1.sapsailing.com; 5675:rabbit.internal.sapsailing.com:5672; 15675:rabbit.internal.sapsailing.com:15672; 10202<--10202
39	39
40		-This means that tokyo-ssh.sapsailing.com sees
	40	+This means that tokyo-ssh.sapsailing.com sees the process to use for reverse replication at its port 8888. Both laptops see the RabbitMQ running in eu-west-1 and reachable with its internal IP address under rabbit.internal.sapsailing.com at localhost:5675 / localhost:15675. The port forwarding through tokyo-ssh.sapsailing.com to the internal RabbitMQ address works through VPC peering.
41	41
42	42	## AWS Setup
43	43
44		-Our primary AWS region for the event will be Tokyo (ap-northeast-1). There, we have reserved the elastic IP ``52.194.91.94`` to which we've mapped the Route53 hostname ``tokyo-ssh.sapsailing.com`` with a simple A-record. The host assigned to the IP/hostname is to be used as a "jump host" for SSH tunnels. It runs Amazon Linux with a login-user named ``ec2-user``. The ``ec2-user`` has ``sudo`` permission.
	44	+Our primary AWS region for the event will be Tokyo (ap-northeast-1). There, we have reserved the elastic IP ``52.194.91.94`` to which we've mapped the Route53 hostname ``tokyo-ssh.sapsailing.com`` with a simple A-record. The host assigned to the IP/hostname is to be used as a "jump host" for SSH tunnels. It runs Amazon Linux with a login-user named ``ec2-user``. The ``ec2-user`` has ``sudo`` permission. In the root user's crontab we have the same set of scripts hooked up that in our eu-west-1 production landscape is responsible for obtaining and installing the landscape manager's SSH public keys to the login user's account, aligning the set of ``authorized_keys`` with those of the registered landscape managers (users with permission ``LANDSCAPE:MANAGE:AWS``). The ``authorized_keys.org`` file also contains the two public SSH keys of the ``sailing`` accounts on the two laptops, so each time the script produces a new ``authorized_keys`` file for the ``ec2-user``, the ``sailing`` keys for the laptop tunnels don't get lost.
45	45
46	46	I added the EPEL repository like this:
47	47

...	...	@@ -34,12 +34,14 @@ public class DomainObjectFactoryImpl implements DomainObjectFactory {
34	34	sessionsCollection.find().forEach((Document sessionDocument)->{
35	35	final String cacheName = sessionDocument.getString(FieldNames.CACHE_NAME.name());
36	36	final Session session = loadSession(sessionDocument);
37		- if (new MillisecondsTimePoint(session.getLastAccessTime()).plus(new MillisecondsDurationImpl(session.getTimeout())).before(MillisecondsTimePoint.now())) {
38		- // expired
39		- logger.info("Session "+session+" expired");
40		- expiredSessionIds.add(session.getId());
41		- } else {
42		- Util.addToValueSet(sessionsByCacheName, cacheName, session);
	37	+ if (!session.getAttributeKeys().isEmpty()) { // ignore sessions without state
	38	+ if (new MillisecondsTimePoint(session.getLastAccessTime()).plus(new MillisecondsDurationImpl(session.getTimeout())).before(MillisecondsTimePoint.now())) {
	39	+ // expired
	40	+ logger.info("Session "+session+" expired");
	41	+ expiredSessionIds.add(session.getId());
	42	+ } else {
	43	+ Util.addToValueSet(sessionsByCacheName, cacheName, session);
	44	+ }
43	45	}
44	46	});
45	47	final Document filter = new Document("$in", Util.map(expiredSessionIds, id->id.toString()));

...	...	@@ -72,8 +72,11 @@ public class ReplicatingCache<K, V> implements Cache<K, V>, Named {
72	72	}
73	73	V result = cache.put(key, value);
74	74	if (store && value instanceof Session) {
75		- securityService.replicate(new PutToReplicatingCacheOperation<K, V>(getName(), key, value));
76		- securityService.storeSession(getName(), (Session) value);
	75	+ final Session session = (Session) value;
	76	+ if (!session.getAttributeKeys().isEmpty()) {
	77	+ securityService.replicate(new PutToReplicatingCacheOperation<K, V>(getName(), key, value));
	78	+ securityService.storeSession(getName(), (Session) value);
	79	+ }
77	80	}
78	81	return result;
79	82	}