Alon Bar-Lev has uploaded a new change for review.
Change subject: aaa: make AuthenticationProfileRepository observable
......................................................................
aaa: make AuthenticationProfileRepository observable
cleanup negotiation filter to update dynamically, as it is not enough to
do lazy, per early requests.
modify observer usage to use local inline object instead of effecting
entire class.
Topic: AAA
Change-Id: I04db3fcb60a2199d5a4af042b589a30023e29ff5
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java
2 files changed, 49 insertions(+), 51 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/83/32883/1
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java
index 78a686b..f8a18fb 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfileRepository.java
@@ -16,7 +16,7 @@
import org.ovirt.engine.core.extensions.mgr.ExtensionProxy;
import org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager;
-public class AuthenticationProfileRepository implements Observer {
+public class AuthenticationProfileRepository extends Observable {
private static final Logger log =
LoggerFactory.getLogger(AuthenticationProfileRepository.class);
@@ -54,15 +54,22 @@
}
public void registerProfile(AuthenticationProfile profile) {
- registerProfile(profiles, profile);
+ profiles.put(profile.getName(), profile);
}
private AuthenticationProfileRepository() {
- EngineExtensionsManager.getInstance().addObserver(this);
- profiles = createProfiles();
+ EngineExtensionsManager.getInstance().addObserver(
+ new Observer() {
+ @Override
+ public void update(Observable o, Object arg) {
+ createProfiles();
+ }
+ }
+ );
+ createProfiles();
}
- private Map<String, AuthenticationProfile> createProfiles() {
+ private void createProfiles() {
// Get the extensions that correspond to authn (authentication)
service.
// For each extension - get the relevant authn extension.
@@ -83,16 +90,9 @@
log.debug("Ignoring", e);
}
}
- return results;
- }
-
- private void registerProfile(Map<String, AuthenticationProfile> map,
AuthenticationProfile profile) {
- map.put(profile.getName(), profile);
- }
-
- @Override
- public void update(Observable o, Object arg) {
- profiles = createProfiles();
+ profiles = results;
+ setChanged();
+ notifyObservers();
}
}
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java
index 8e05e22..c95ba1f 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java
@@ -8,6 +8,8 @@
import java.util.Comparator;
import java.util.Deque;
import java.util.List;
+import java.util.Observable;
+import java.util.Observer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -45,10 +47,8 @@
*/
private static final String STACK_ATTR = NegotiationFilter.class.getName()
+ ".stack";
- /**
- * The authentication profiles used to perform the authentication process.
- */
- private volatile List<AuthenticationProfile> profiles;
+ private Collection<String> schemes;
+ private List<AuthenticationProfile> profiles;
private long caps = 0;
@Override
@@ -63,47 +63,45 @@
}
}
}
+
+ AuthenticationProfileRepository.getInstance().addObserver(
+ new Observer() {
+ @Override
+ public void update(Observable o, Object arg) {
+ cacheNegotiatingProfiles();
+ }
+ }
+ );
+ cacheNegotiatingProfiles();
}
@Override
public void destroy() {
}
- /**
- * Lazily find all the profiles that support negotiation and store them
reversed to simplify the creation of the
- * stacks of profiles later when processing requests.
- */
- private void findNegotiatingProfiles(ServletRequest req) {
- Collection<String> schemes = new ArrayList<String>();
- if (profiles == null) {
- synchronized (this) {
- if (profiles == null) {
- schemes = new ArrayList<>();
- profiles = new ArrayList<AuthenticationProfile>();
+ private void cacheNegotiatingProfiles() {
+ synchronized (this) {
+ schemes = new ArrayList<String>();
+ profiles = new ArrayList<AuthenticationProfile>();
- for (AuthenticationProfile profile :
AuthenticationProfileRepository.getInstance().getProfiles()) {
- if (profile != null) {
- ExtMap authnContext =
profile.getAuthn().getContext();
- if ((authnContext.<Long>
get(Authn.ContextKeys.CAPABILITIES).longValue() & caps) != 0) {
- profiles.add(profile);
-
schemes.addAll(authnContext.<Collection<String>>get(Authn.ContextKeys.HTTP_AUTHENTICATION_SCHEME,
Collections.<String>emptyList()));
- }
- }
- }
-
- Collections.sort(
- profiles,
- new Comparator<AuthenticationProfile>() {
- @Override
- public int compare(AuthenticationProfile o1,
AuthenticationProfile o2) {
- return
Integer.valueOf(o1.getNegotiationPriority()).compareTo(o2.getNegotiationPriority());
- }
- }
- );
+ for (AuthenticationProfile profile :
AuthenticationProfileRepository.getInstance().getProfiles()) {
+ ExtMap authnContext = profile.getAuthn().getContext();
+ if ((authnContext.<Long>
get(Authn.ContextKeys.CAPABILITIES).longValue() & caps) != 0) {
+ profiles.add(profile);
+
schemes.addAll(authnContext.<Collection<String>>get(Authn.ContextKeys.HTTP_AUTHENTICATION_SCHEME,
Collections.<String>emptyList()));
}
}
+
+ Collections.sort(
+ profiles,
+ new Comparator<AuthenticationProfile>() {
+ @Override
+ public int compare(AuthenticationProfile o1,
AuthenticationProfile o2) {
+ return
Integer.valueOf(o1.getNegotiationPriority()).compareTo(o2.getNegotiationPriority());
+ }
+ }
+ );
}
- ((HttpServletRequest)
req).setAttribute(FiltersHelper.Constants.REQUEST_SCHEMES_KEY, schemes);
}
@Override
@@ -115,7 +113,7 @@
if (FiltersHelper.isAuthenticated(httpreq) ||
httpreq.getAttribute(FiltersHelper.Constants.REQUEST_AUTH_RECORD_KEY) != null) {
chain.doFilter(req, rsp);
} else {
- findNegotiatingProfiles(httpreq);
+ ((HttpServletRequest)
req).setAttribute(FiltersHelper.Constants.REQUEST_SCHEMES_KEY, schemes);
HttpSession session = httpreq.getSession(false);
Deque<AuthenticationProfile> stack = null;
if (session != null) {
--
To view, visit http://gerrit.ovirt.org/32883
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I04db3fcb60a2199d5a4af042b589a30023e29ff5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
