Alon Bar-Lev has uploaded a new change for review. Change subject: aaa: make AuthenticationProfileRepository observable ......................................................................
aaa: make AuthenticationProfileRepository observable cleanup negotiation filter to update dynamically, as it is not enough to do lazy, per early requests. modify observer usage to use local inline object instead of effecting entire class. Topic: AAA Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1120720 Change-Id: I04db3fcb60a2199d5a4af042b589a30023e29ff5 Signed-off-by: Alon Bar-Lev <[email protected]> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java 2 files changed, 47 insertions(+), 51 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/21/32921/1 diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java index 78a686b..f8a18fb 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java @@ -16,7 +16,7 @@ import org.ovirt.engine.core.extensions.mgr.ExtensionProxy; import org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager; -public class AuthenticationProfileRepository implements Observer { +public class AuthenticationProfileRepository extends Observable { private static final Logger log = LoggerFactory.getLogger(AuthenticationProfileRepository.class); @@ -54,15 +54,22 @@ } public void registerProfile(AuthenticationProfile profile) { - registerProfile(profiles, profile); + profiles.put(profile.getName(), profile); } private AuthenticationProfileRepository() { - EngineExtensionsManager.getInstance().addObserver(this); - profiles = createProfiles(); + EngineExtensionsManager.getInstance().addObserver( + new Observer() { + @Override + public void update(Observable o, Object arg) { + createProfiles(); + } + } + ); + createProfiles(); } - private Map<String, AuthenticationProfile> createProfiles() { + private void createProfiles() { // Get the extensions that correspond to authn (authentication) service. // For each extension - get the relevant authn extension. @@ -83,16 +90,9 @@ log.debug("Ignoring", e); } } - return results; - } - - private void registerProfile(Map<String, AuthenticationProfile> map, AuthenticationProfile profile) { - map.put(profile.getName(), profile); - } - - @Override - public void update(Observable o, Object arg) { - profiles = createProfiles(); + profiles = results; + setChanged(); + notifyObservers(); } } diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java index 8e05e22..a9f751e 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java @@ -8,6 +8,8 @@ import java.util.Comparator; import java.util.Deque; import java.util.List; +import java.util.Observable; +import java.util.Observer; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -45,9 +47,7 @@ */ private static final String STACK_ATTR = NegotiationFilter.class.getName() + ".stack"; - /** - * The authentication profiles used to perform the authentication process. - */ + private volatile Collection<String> schemes; private volatile List<AuthenticationProfile> profiles; private long caps = 0; @@ -63,47 +63,43 @@ } } } + + AuthenticationProfileRepository.getInstance().addObserver( + new Observer() { + @Override + public void update(Observable o, Object arg) { + cacheNegotiatingProfiles(); + } + } + ); + cacheNegotiatingProfiles(); } @Override public void destroy() { } - /** - * Lazily find all the profiles that support negotiation and store them reversed to simplify the creation of the - * stacks of profiles later when processing requests. - */ - private void findNegotiatingProfiles(ServletRequest req) { - Collection<String> schemes = new ArrayList<String>(); - if (profiles == null) { - synchronized (this) { - if (profiles == null) { - schemes = new ArrayList<>(); - profiles = new ArrayList<AuthenticationProfile>(); + private synchronized void cacheNegotiatingProfiles() { + schemes = new ArrayList<String>(); + profiles = new ArrayList<AuthenticationProfile>(); - for (AuthenticationProfile profile : AuthenticationProfileRepository.getInstance().getProfiles()) { - if (profile != null) { - ExtMap authnContext = profile.getAuthn().getContext(); - if ((authnContext.<Long> get(Authn.ContextKeys.CAPABILITIES).longValue() & caps) != 0) { - profiles.add(profile); - schemes.addAll(authnContext.<Collection<String>>get(Authn.ContextKeys.HTTP_AUTHENTICATION_SCHEME, Collections.<String>emptyList())); - } - } - } - - Collections.sort( - profiles, - new Comparator<AuthenticationProfile>() { - @Override - public int compare(AuthenticationProfile o1, AuthenticationProfile o2) { - return Integer.valueOf(o1.getNegotiationPriority()).compareTo(o2.getNegotiationPriority()); - } - } - ); - } + for (AuthenticationProfile profile : AuthenticationProfileRepository.getInstance().getProfiles()) { + ExtMap authnContext = profile.getAuthn().getContext(); + if ((authnContext.<Long> get(Authn.ContextKeys.CAPABILITIES).longValue() & caps) != 0) { + profiles.add(profile); + schemes.addAll(authnContext.<Collection<String>>get(Authn.ContextKeys.HTTP_AUTHENTICATION_SCHEME, Collections.<String>emptyList())); } } - ((HttpServletRequest) req).setAttribute(FiltersHelper.Constants.REQUEST_SCHEMES_KEY, schemes); + + Collections.sort( + profiles, + new Comparator<AuthenticationProfile>() { + @Override + public int compare(AuthenticationProfile o1, AuthenticationProfile o2) { + return Integer.valueOf(o1.getNegotiationPriority()).compareTo(o2.getNegotiationPriority()); + } + } + ); } @Override @@ -115,7 +111,7 @@ if (FiltersHelper.isAuthenticated(httpreq) || httpreq.getAttribute(FiltersHelper.Constants.REQUEST_AUTH_RECORD_KEY) != null) { chain.doFilter(req, rsp); } else { - findNegotiatingProfiles(httpreq); + ((HttpServletRequest) req).setAttribute(FiltersHelper.Constants.REQUEST_SCHEMES_KEY, schemes); HttpSession session = httpreq.getSession(false); Deque<AuthenticationProfile> stack = null; if (session != null) { -- To view, visit http://gerrit.ovirt.org/32921 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I04db3fcb60a2199d5a4af042b589a30023e29ff5 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
