[Pki-devel] [PATCH] 202 Session-based nonces.

Ade Lee alee at redhat.com
Mon Feb 4 15:49:20 UTC 2013


Looks pretty good to me.

Question:
1. What is the purpose of the isMemberOfSubsystemGroup() method, and why
do we need it?

Ade

On Thu, 2013-01-31 at 09:37 -0600, Endi Sukma Dewata wrote:
> On 1/25/2013 3:22 PM, Endi Sukma Dewata wrote:
> > On 1/25/2013 2:18 PM, Endi Sukma Dewata wrote:
> >> Previously nonces were stored in a global map which might not scale
> >> well due to some issues:
> >> 1. The map used the nonces as map keys. There were possible nonce
> >>     collisions which required special handling.
> >> 2. The collision handling code was not thread safe. There were
> >>     possible race conditions during concurrent modifications.
> >> 3. The map was shared and size limited. If there were a lot of
> >>     users using the system, valid nonces could get pruned.
> >> 4. The map mapped the nonces to client certificates. This limited
> >>     the possible authentication methods that could be supported.
> >>
> >> Now the code has been modified such that each user has a private map
> >> in the user's session to store the nonces. Additional locking has been
> >> implemented to protect against concurrent modifications. The map now
> >> uses the target of the operation as the map key, eliminating possible
> >> collisions and allowing the use of other authentication methods. Since
> >> this is a private map, it's not affected by the number of users using
> >> the system.
> >>
> >> Ticket #474
> >
> > New patch attached. Fixed the session attribute name in
> > ProfileReviewServlet.java.
> 
> Rebased on top of patch #204. Fixed exception type.
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel





More information about the Pki-devel mailing list