On Wed, Jun 23, 2021 at 11:18 AM Mark Thomas <ma...@apache.org> wrote: > > On 04/06/2021 09:14, r...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git repository. > > > > remm pushed a commit to branch 10.0.x > > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > > > > The following commit(s) were added to refs/heads/10.0.x by this push: > > new 2fe9eb5 Avoid synchronization on roles verification > > 2fe9eb5 is described below > > > > commit 2fe9eb5ce61b3153ca13d32d9b000db8322d8ffd > > Author: remm <r...@apache.org> > > AuthorDate: Fri Jun 4 10:08:20 2021 +0200 > > > > Avoid synchronization on roles verification > > > > For the memory UserDatabase. The amount of synchronization blocks > > needed > > to browse through groups and check roles looked excessive. > > This commit has triggered a handful of SpotBugs warnings. > > SpotBugs is complaining about syncing on CopyOnWriteArrayList. The > actual problem is that the toString() methods are no longer thread safe > because roles can be added or removed between the "roles.size() > 0" > test and the subsequent use of roles. > > I have a fix in mind for the toString()/toXml() methods. It may have a > marginal performance impact but given that these methods are only used > when debugging and/or persisting configuration to disk I don't think > that is a concern.
Ooops. Looking at the code, syncing for isInRole seemed really bad to me. Kinda demonstrated this is not meant for production. Here, since it's "ok" to have an empty groups list, I would just skip the check which would result in groups="" and roles="". Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
