tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: AuthConfigProvider initialization while constructing the authenticator
Date Wed, 08 Feb 2017 16:24:42 GMT
On 07/02/17 21:54, Violeta Georgieva wrote:
> 2017-02-07 23:44 GMT+02:00 Mark Thomas <>:
>> On 06/02/17 20:35, Violeta Georgieva wrote:
>>> Hi,
>>> With the current implementation if there is AuthConfigProvider we will
>>> initialize it once and then we will use it. However if such
>>> AuthConfigProvider is not available, on every request we will spend time
> in
>>> redundant search operation to find AuthConfigProvider that is not
> available.
>>> What do you think about moving AuthConfigProvider initialization while
>>> constructing the authenticator?
>> Won't that break web applications that initialize their own JASPIC
> configuration on web application start?
> :( most probably
>> If performance is a concern we could store a static constant NO-OP
>> AuthConfigProvider in jaspicProvider if no provider is available and then
>> check for that on subsequent calls and return null if we find it. That
>> should be marginally quicker than the repeating the lookup.
> +1

I've been looking into this along with re-reading parts of the JASPIC 
spec and the current implementation isn't quite right. The good news is 
that, with the correct implementation, the proposal above will work.

The bad news is that AuthConfigFactoryImpl is going to need some 
non-trivial surgery to get it working correctly.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message