cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-877095921
Okay, let's make some decisions (Bob Ross? _Here's a class, and it has a
friend..._)
Since there's no public `setFoo()` method in `GenericPrincipal` (attributes
are only set through the constructor and retrieved by `getAttribute(String
name)`), I don't see a big need for using `Collections.unmodifiableMap()`.
Again, with reflection one could access the hash map and modify entries, but
that would also be uber-paranoid (BTW, did you mean German über-paranoid?). On
the other hand, wrapping the map with an unmodifiable view will not hurt... So,
it's up to you to decide.
Both `DataSourceRealm` and `JNDIRealm` are the only components that
actually add attributes to `GenericPrincipal`´s attributes map
(`UserDatabaseRealm` and `MemoryRealm` work differently by relying on the
`User` instance). So, defensively copying attributes on input is not really
required, right? The attributes values are obtained from either JDBC or JNDI
so, no application code should have another reference to these.
With defensive copies, we could do two things:
1. Remove object duplication in `getAttribute(String name)` for all types
Pros: simple, fast
Cons: _shallow copy_ vs. _deep copy_ problem
2. Remove object duplication in `getAttribute(String name)` for known
_immutable_ types only
Pros: *no* _shallow copy_ vs. _deep copy_ problem
Cons: more complex code, slow, more CPU load on attribute retrieval, can't
tell whether a generic class is immutable
Although option 2 has much more cons, that may not be a big issue in
practice, since most of the attributes are actually Strings, Numbers and
Booleans only (e.g. Sun's standard LDAP provider returns Strings only). The
only types for which this may hurt a bit are arrays (both `DataSourceRealm` and
`JNDIRealm` may gather multi-value attributes).
With option 2, I would just modify method `GenericPrincipal.copyObject` and
leave `GenericPrincipal.copySerializableObject` untouched. The only difference
will be, that `copyObject` does a simple `return obj;` for many or most of the
_commonly object types_. So, no much code is saved with option 2 but, there are
likely no extra allocations needed for most of the attribute values returned.
So, what to do? (checked my personal choices)
- [x] use `Collections.unmodifiableMap()`
- [ ] copy values on input
- [ ] no defensive copies for _all_ types
- [x] no defensive copies for known _immutable_ types only
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
