Hi,
We intend to use the the OpenAZPDPEngine in a Spring Boot application and
currently we are instantiating only one PDPEngine in the application. Is this
going to give us problems when multiple requests use the same instance of
OpenAZPDPEngine? Effectively I’m asking if the OpenAZPDPEngine is thread-safe.
We are going to store the policies in the database and I rather not instantiate
an OpenAZPDPEngine for every decide and effectively lazily load the policies.
Current code:
@Bean
@Autowired
public PDPEngine pdpEngine(
@Value("${xacml.properties.path}") final String
xacmlPropertiesFileLocation) throws IOException, FactoryException {
Resource resource = resourceLoader.getResource(xacmlPropertiesFileLocation);
String absolutePath = resource.getFile().getAbsolutePath();
//This will be picked up by the XACML bootstrapping when creating a new
PDPEngine
System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, absolutePath);
PDPEngineFactory factory = PDPEngineFactory.newInstance();
return factory.newEngine();
}
If the OpenAZPDPEngine is not thread-safe are there any intentions to alter
this?
I also would like to add new Polices at run-time to the PDPEngine and it looks
like there is no hook for this. Correct? It seems that in a high-traffic
environment where every login goes through the PDPEngine it is a significant
performance penalty to call PDPEngineFactory.newInstance() for every request.
Thanks,
Okke
