portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Sean Taylor <da...@bluesunrise.com>
Subject Re: portal project deployment in WEB-INF/classes vs. WEB-INF/lib
Date Fri, 12 Nov 2004 19:05:11 GMT
Randy Watler wrote:

> Gang,
> The deployment of individual class files from the portal project in
> WEB-INF/classes instead of packaging as a jar and deploying in WEB-INF/lib
> is causing java Permission checks to be significantly slower than they could
> be.
> The reason for this is that each individual *.class file is being treated as
> a separate CodeSource/PermissionDomain and must be tested individually when
> AccessController.checkPermission() is invoked. All classes deployed in a jar
> file reuse a single CodeSource/PermissionDomain. Minimizing the number of
> CodeSources/PermissionDomains will limit the number of access to
> RdbmsPolicy.getPolicies(), because each unique CodeSource on the call stack
> between the SecurityValveImpl.invoke() and
> AccessController.checkPermission() invocations will result in an additional
> RdbmsPolicy.getPolicies() hit, (per each user/unique call stack).

> Do any of you have a problem with me modifying the maven build to package
> the class files into a single jar? Was there a reason to deploy in
> WEB-INF/classes instead of WEB-INF/lib in the first place?
> Any input or comments are appreciated. Thanks,
> Randy

I think this is (or was) Maven's standard way of packaging a war file.
Im not opposed to changing it, but if you do, please make sure nothing 
else breaks (such as the hotdeploy goal)

Looking at RdbmsPolicy.getDefaultPolicy():

private static String defaultPolicy = "sun.security.provider.PolicyFile";


           Class policyClass = Class.forName(RdbmsPolicy.defaultPolicy);
             return (Policy) policyClass.newInstance();

Is that where the performance hit is?

Or is it in getPermissons(). This code also looks suspect to me, 
especially the policy.refresh():

             // TODO Is there a better way to do this?
             // If the permission is not found here then delegate it
             // to the standard java Policy class instance.
             Policy policy = Policy.getPolicy();
             PermissionCollection defaultPerms = 
             // Revert back to the current policy.
             // Return the default permission collection.
             return defaultPerms;

David Sean Taylor
Bluesunrise Software
[office] +01 707 773 4646
[mobile] +01 707 529 9194

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

View raw message