On 07/02/17 21:54, Violeta Georgieva wrote: > 2017-02-07 23:44 GMT+02:00 Mark Thomas <ma...@apache.org>: >> >> On 06/02/17 20:35, Violeta Georgieva wrote: >>> >>> Hi, >>> >>> With the current implementation if there is AuthConfigProvider we will >>> initialize it once and then we will use it. However if such >>> AuthConfigProvider is not available, on every request we will spend time > in >>> redundant search operation to find AuthConfigProvider that is not > available. >>> >>> What do you think about moving AuthConfigProvider initialization while >>> constructing the authenticator? >> >> >> Won't that break web applications that initialize their own JASPIC > configuration on web application start? > > :( most probably > >> If performance is a concern we could store a static constant NO-OP >> AuthConfigProvider in jaspicProvider if no provider is available and then >> check for that on subsequent calls and return null if we find it. That >> should be marginally quicker than the repeating the lookup. > > +1
I've been looking into this along with re-reading parts of the JASPIC spec and the current implementation isn't quite right. The good news is that, with the correct implementation, the proposal above will work. The bad news is that AuthConfigFactoryImpl is going to need some non-trivial surgery to get it working correctly. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
