portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Watler <rwat...@finali.com>
Subject Re: portal project deployment in WEB-INF/classes vs. WEB-INF/lib
Date Fri, 12 Nov 2004 21:13:12 GMT
David,

>
> I think this is (or was) Maven's standard way of packaging a war file.
> Im not opposed to changing it, but if you do, please make sure nothing 
> else breaks (such as the hotdeploy goal)

Really? Wow. I have never used WEB-INF/classes for anything other than 
properties files. Ok, I'll look into it more carefully.

>
> Looking at RdbmsPolicy.getDefaultPolicy():
>
> I
> private static String defaultPolicy = "sun.security.provider.PolicyFile";
>
> then
>
>           Class policyClass = Class.forName(RdbmsPolicy.defaultPolicy);
>             return (Policy) policyClass.newInstance();
>
> Is that where the performance hit is?
>
>
> Or is it in getPermissons(). This code also looks suspect to me, 
> especially the policy.refresh():
>
>             // TODO Is there a better way to do this?
>             // If the permission is not found here then delegate it
>             // to the standard java Policy class instance.
>             Policy.setPolicy(RdbmsPolicy.getDefaultPolicy());
>             Policy policy = Policy.getPolicy();
>             policy.refresh();
>             PermissionCollection defaultPerms = 
> policy.getPermissions(codeSource);
>             // Revert back to the current policy.
>             Policy.setPolicy(this);
>             // Return the default permission collection.
>             return defaultPerms;
>
The issue is that RdbmsPolicy.getPermissions() gets called many times 
for a single checkPermission() invocation, (once per 
CodeSource/PermissionDomain). In the AbstractPageManager case, it is 
called 4-6 instead of perhaps 2-3 times per unique checkPermission() per 
user session. Each time, it invokes PermissionManager.getPermissions() 
which hits the DB, (or look like it does anyway). Worse case, we might 
consider caching in the principal impls to eliminate redundant lookup. 
Ideally, I'd like to get it down to just one access 
RdbmsPolicy.getPermissions(), but I do not know how to use the 
Subject.doAs*() methods to accomplish that yet. DLS?

Randy




---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message