Hi All,
Can someone please help me to understand following part of code in API
manager component.
Following method is available inside APIKeyValidator class. There i can see
we check in database
even we had cached key. AFAIU isAccessTokenExists() method should not call
if info object is
not null. Also we can see same code repeated inside synchronized block and
outside it. My suggestion
is we shouldn't look at db for each api call as far as we have cached
info(this adds additional overhead).
Also we have to remove repeated code from synchronized block.
public APIKeyValidationInfoDTO getKeyValidationInfo(String context, String
apiKey,String apiVersion) throws APISecurityException {
String cacheKey = apiKey + ":" + context + ":" + apiVersion;
APIKeyValidationInfoDTO info = (APIKeyValidationInfoDTO)
infoCache.get(cacheKey);
ApiMgtDAO dao=new ApiMgtDAO();
try {
if (info != null) {
if (dao.isAccessTokenExists(apiKey)) {
This call doesn't make any sense because its just check is there a token
in IDN_OAUTH2_ACCESS_TOKEN table.
SQL > SELECT ACCESS_TOKEN FROM IDN_OAUTH2_ACCESS_TOKEN WHERE
ACCESS_TOKEN= apikey
if we have cached info object associated with that token then obviously
that token is in database as well. Please
correct me if i understood this in a wrong way.
Thanks.
--
*Sanjeewa Malalgoda*
WSO2 Inc.
Mobile : +14084122715 | +94713068779
<http://sanjeewamalalgoda.blogspot.com/>blog
:http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
