tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: (TC7+) Why was the Realm argument removed for GenericPrincipal?
Date Tue, 01 Nov 2016 20:18:19 GMT
On 01/11/2016 18:12, calder wrote:
> We have an application that runs on Tomcat6. For Tomcat7+, two of our
> .java files require modification.   The modifications are mostly
> concerned with the invocation of the
> org.apache.catalina.realm.GenericPrincipal constructor - see the
> MyappRealm class just below - this is the TC6 version. For the TC7+
> version, we must remove the "this" (our Realm) argument.
> 
> Please see the MyappSpnegoFormAuth class just below - specifically the
> invoke() method.
> With Tomcat6, the super.invoke() method consumes ~2 milliseconds.
> With Tomcat7+, the super.invoke() method consumes ~28 milliseconds.
> super.invoke() is a call to org.apache.catalina.authenticator.AuthenticatorBase
> 
> We believe, somehow, that the "missing dependency" (admittedly, we
> don't know what the catalina GenericPrincipal class does with the
> passed-in Realm - ie, our Realm class) is causing the extended
> millisecond times.

That looks very much like jumping to a conclusion with insufficient
evidence to me.

If you want to know where the time is spent, you need to use a profiler.
I use YourKit because they give kindly Apache committers a free copy to
use for work on Apache projects.

> So, can anyone explain why the Realm arg was removed for the TC7+
> GenericPrincipal class?

The great thing about open source is that not only do you have access to
the source, you have access to the history as well.

In this case you want to start here:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/GenericPrincipal.java?view=log

A quick scan down that list leads you to this entry:
http://svn.apache.org/viewvc?view=revision&revision=797162

Which in turns points you to this bug report:
https://bz.apache.org/bugzilla/show_bug.cgi?id=40881

Read down to comment 11:
https://bz.apache.org/bugzilla/show_bug.cgi?id=40881#c11

And you find out the the Realm was essentially unused apart from when
logging a debug message.

All of which tells you that your theory about the Realm being related to
the performance change is unlikely to be correct.

Looking at a diff between 6.0.x and 7.0.x for AuthenticatorBase I can
see several changes that might be responsible for performance difference
but, again, a profiler is the tool to use to figure out what is actually
going on.

> And just as important, is there a way to match the functionality?
> Maybe we missed where our Realm class is passed to catalina code?

You are asking the wrong question here. Figure out where the time is
being spent then you can ask the right question which is how to reduce
that time.

Mark


> (if anyone is curious why we are concerned about the extra 26
> milliseconds, it's because this code is used during "report
> generation" and is called many times - example, with TC6, the report
> runs in 25 seconds, with TC7+, it takes 80 seconds!).
> 
> import java.security.Principal;
> import org.apache.catalina.realm.GenericPrincipal;
> import org.apache.catalina.realm.RealmBase;
> 
> public class MyappRealm extends RealmBase {
> 
>   @Override
>   protected Principal getPrincipal(String username) {
>    // in Tomcat6, all GenericPrincipal ctors required a Realm (1st) argument
>    // - Tomcat7+ no Realm arg
>     return new GenericPrincipal( this, username, getPassword(username), roles);
>   }
> 
>   public Principal authenticate(String alias, String uname, String creds,...) {
>     // setup code
>    return new GenericPrincipal( this, "myapp " + uname + "blah", creds, roles);
>   }
> 
>   @Override
>   public Principal authenticate(String uname, String creds) {
>    // setup code
>    return new GenericPrincipal( this, "myapp " +uname +"blah", creds, roles);
>   }
> }
> 
> import org.apache.catalina.Realm;
> import org.apache.catalina.authenticator.FormAuthenticator;
> import org.apache.catalina.realm.GenericPrincipal;
> 
> public class MyappSpnegoFormAuth extends FormAuthenticator {
>   @Override
>   public void invoke(Request request, Response response)
>  throws IOException, ServletException {
>  // setup code
>     if( (session = request.getSessionInternal(false)) != null) {
>       if( (prince = session.getPrincipal()) != null )
>         request.setUserPrincipal(prince); // prince is a Principal
>     }
> 
>     super.invoke(request, response);
>   }
> 
>   public boolean realmAuth(HttpServletRequest request,
>    String uname, String creds) {
>     Realm realm = context.getRealm();
>     Principal prince = realm.authenticate(uname, creds);
>     if (prince != null) {
>       this.register(req, res, prince, "FORM", uname, creds);
>       return true;
>     }
>     return false;
>   }
> 
>   @Override
>   public boolean authenticate(Request request,
>    Response response, LoginConfig cfg)  throws IOException {
>     // setup code
>      // various decisions and calls to super.authenticate() -
>     // if all are false, this last super call is made
>     return super.authenticate(request, response, cfg);
>   }
> }
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message