myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Bieringer.Dominik...@gmx.net>
Subject AW: AW: AW: AW: AW: [O/T] JSF Best Practices for Authentication/Authorization
Date Tue, 07 Nov 2006 19:21:46 GMT
> Really? The examples I have seen all use the stack trace in some way. 
> How are you accessing the current method?

Hehe... to be honest, I've not yet tried it on Java, but I've used a similar
approach about a year ago on a .NET application and I've used something like
Method.getCurrentMethod(). This was pretty fast. I don't know how this
method internally works, but it was definitely not as slow as the way I've
done it in my current Java project via Stack traces.

I've thought that there is a similar method in Java too... but it seems that
this assumption was wrong.

Dominik


-----Urspr√ľngliche Nachricht-----
Von: Jeff Bischoff [mailto:jbischoff@klkurz.com] 
Gesendet: Dienstag, 7. November 2006 20:12
An: MyFaces Discussion
Betreff: Re: AW: AW: AW: AW: [O/T] JSF Best Practices for
Authentication/Authorization

Dominik,

Reponses inline:

Bieringer.Dominik.nf@gmx.net wrote:
>> Hmm, I wonder what kind of overhead that incurs. Of course, if you are 
>> only checking it once per HTTP request, I don't suppose it would matter. 
>> Sounds like it would be roughly equivalent to creating an exception (due 
>> to the stack trace manipulation).
> 
> You are totally right ;). At the beginning I've added this check to many
> methods (which is not necessary at all) and because the generation of the
> StackTrace is a very expensive operation, some pages needed long time to
get
> generated (about 1-2 seconds) (The check method was called more than a few
> thousand times).
>

Heh... I knew all those years toying with chess engines would pay off 
somehow - your brain gets wired to search for expensive code. ;p

This is also why logging frameworks like Log4j have big warning signs 
next to the output options that rely on the stack trace (e.g. to print 
out the method name, fully-qualified class name, line number). Those 
stack traces are best served in moderation. Then again, nothing exceeds 
like excess. ;)

> I've ended up in just adding the annotations to methods, which did not get
> called thousand times per request ;). Mostly I am checking the access
rights
> via the annotations on bean creation (e.g.: It does not make sense to
allow
> a customer to instantiate an administration bean).
> 
> But you can easily pass the current method as parameter to the check
method,
> so no stack trace has to be generated, which is solving the performance
> problem anyway.
> 

Really? The examples I have seen all use the stack trace in some way. 
How are you accessing the current method?

Regards,

Jeff Bischoff
Kenneth L Kurz & Associates, Inc.



Mime
View raw message