Remy Maucherat wrote:
Jeanfrancois Arcand wrote:
Brian Stansberry wrote:
At 10:03 PM 12/8/2003 -0800, you wrote:
The decision on whether to change the Realm interface, or move the header processing to AuthenticatorBase is still open.
So soon after such a major release it seems foolhardy to bring this up, but Phillipe's post seems to have opened a can of worms....
Are there any plans to do anything about JSR-115? As it's part of the J2EE 1.4 spec, I would think that for a compliant appserver to embed Tomcat (any others besides JBoss??), Tomcat would need to comply. I bring this up because if there is consideration of API changes to deal w/ the Servlet 2.4 authorization handling, it might be a good time to look into it. I'd be happy to help in such an effort if there is any interest.
All you have to do to comply with jsr115 is to extends RealmBase and override:
- hasUserDataPermission - hasRole - hasResourcePermission - findSecurityConstraint
A couple of months ago (search the tomcat-dev list) we have discussed the possibility of implementing jsr115 directly into Tomcat. Still on my plate (don't know when)....
J2EE 1.4 RI contains Tomcat 5 "powered by" jsr 115. The problem with jsr115 is you have to run under a Security Manager, and this is for sure slower than the current "native" implementation.
I think you'll have an opportunity to make your changes if you want to, since we'll have some refactoring to do on the realm before the next stable 5.0.x release occurs.
That's a pretty good opportunity....For reference, here is the link to my original proposal
http://www.mail-archive.com/[EMAIL PROTECTED]/msg39894.html
My original idea was to remove the current Authenticator <-> Realm dependency. Currently, the Realm is doing Authorization and Authentication, which I think should be splitted.
Did you do benches ? Comparing (4.1.x) vs (5.0.x) vs (5.0.x + sec manager), for example.
I wouldn't be surprised if the last one benches as well as the first one (which would be really cool).
Not yet, but it is one of the thing I want to do when I've found spare time. For sure (5.0.x + sec manager) is faster than (5.0.x + sec manager + jsr115) since with 115, the policy provider is called everytime hasUser/ResourcePermission are called, and this approach cannot beat the current way of doing.
On the original topic, I think I've missed the spec change from pfd3 and fcs. I was under the wrong impression that Bill's last changes on the RealmAdapter was related to that changes (I was completely wrong). I will try to find the reason whythe change was make...
Now the only problem I'm seeing with Phillipe's work is Strings are used everywhere and that may have a performance impact. It may be time to start using MessageByte.....
That's the idea. If you're inside the container and you consider it a critical section for whatever reason, then strings are really evil, and you should use MessageBytes instead (or even ByteChunks if manipulating header values) ;-)
I see supporing JSR 115 would be good, but making it disabled by default when there's a security manager would be the most reasonable.
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]