This is an automated email from the ASF dual-hosted git repository. penghui pushed a commit to branch branch-2.7 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit adba3f37ae00f675723ce5d9a28e5737ca654d2a Author: Addison Higham <[email protected]> AuthorDate: Fri May 21 03:59:37 2021 -0600 [Performance] Use single instance of parser (#10664) Fixes #10652 This is a minor change that optimizes the AuthProviderToken class to use the same instance of the parser instead of many instance. This minor change is covered by existing tests, with a small improvement to not use a deprecated method (cherry picked from commit a6bb98332224ca7ab3b5e9e76f60980a19d67b48) --- .../pulsar/broker/authentication/AuthenticationProviderToken.java | 6 +++++- .../broker/authentication/AuthenticationProviderTokenTest.java | 6 ++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java index 5071298..80b9978 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java @@ -30,6 +30,7 @@ import javax.naming.AuthenticationException; import javax.net.ssl.SSLSession; import io.jsonwebtoken.ExpiredJwtException; +import io.jsonwebtoken.JwtParser; import io.prometheus.client.Counter; import io.prometheus.client.Histogram; import org.apache.commons.lang3.StringUtils; @@ -88,6 +89,7 @@ public class AuthenticationProviderToken implements AuthenticationProvider { private SignatureAlgorithm publicKeyAlg; private String audienceClaim; private String audience; + private JwtParser parser; // config keys private String confTokenSecretKeySettingName; @@ -122,6 +124,8 @@ public class AuthenticationProviderToken implements AuthenticationProvider { this.audienceClaim = getTokenAudienceClaim(config); this.audience = getTokenAudience(config); + this.parser = Jwts.parserBuilder().setSigningKey(this.validationKey).build(); + if (audienceClaim != null && audience == null ) { throw new IllegalArgumentException("Token Audience Claim [" + audienceClaim + "] configured, but Audience stands for this broker not."); @@ -186,7 +190,7 @@ public class AuthenticationProviderToken implements AuthenticationProvider { @SuppressWarnings("unchecked") private Jwt<?, Claims> authenticateToken(final String token) throws AuthenticationException { try { - Jwt<?, Claims> jwt = Jwts.parserBuilder().setSigningKey(validationKey).build().parseClaimsJws(token); + Jwt<?, Claims> jwt = parser.parseClaimsJws(token); if (audienceClaim != null) { Object object = jwt.getBody().get(audienceClaim); diff --git a/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTokenTest.java b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTokenTest.java index fe4d6a7..5a2e1c4 100644 --- a/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTokenTest.java +++ b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTokenTest.java @@ -86,8 +86,9 @@ public class AuthenticationProviderTokenTest { .compact(); @SuppressWarnings("unchecked") - Jwt<?, Claims> jwt = Jwts.parser() + Jwt<?, Claims> jwt = Jwts.parserBuilder() .setSigningKey(AuthTokenUtils.decodeSecretKey(secretKey.getEncoded())) + .build() .parse(token); assertNotNull(jwt); @@ -107,8 +108,9 @@ public class AuthenticationProviderTokenTest { Optional.empty()); @SuppressWarnings("unchecked") - Jwt<?, Claims> jwt = Jwts.parser() + Jwt<?, Claims> jwt = Jwts.parserBuilder() .setSigningKey(AuthTokenUtils.decodePublicKey(Decoders.BASE64.decode(publicKey), SignatureAlgorithm.RS256)) + .build() .parse(token); assertNotNull(jwt);
