Hi Devs, For the implementation of Conditional Authentication Support on WSO2 Identity Server (discussed in mail thread [1] @[email protected]), we are using Nashorn to work with JavaScript based authentication script.
At the moment single ScriptEngine object is created to handle authentication scripts for all the requests comes in to the server. As per [2] ScriptEngine and CompiledScript thread safe. We initially get the bindings of the ScriptEngine object with GLOBAL_SCOPE and put few bindings. This happens only one time. (see code segment [3]) After that, for every request we compile the authentication script with previously created ScriptEngine instance (we need to consider about caching the compiled script). Then we create bindings (with engine.createBindings()) from the ScriptEngine object and put few more bindings there. After that we evaluate the CompiledScript with the bindings we created and invoke the function in the script. (see code segment [4]) Function and object bindings we add to the nashorn engine and specification we are planing for the authentication script does not have/use any shared resources. As per [2], bindings are not thread safe. But invoking engine.createBindings() always returns a new object of ScriptObjectMirror. As we don't do any modification to the GLOBAL_SCOPE bindings concurrently, this also seems to be not causing any issue. Do you see any possible issue? or any possible change we need to do for the current implementation? [1] [Architecture] Conditional Authentication Support on WSO2 Identity Server [2] https://stackoverflow.com/a/30159424/1537365 [3] https://github.com/wso2/carbon-identity-framework/blob/v5.11.3/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsGraphBuilderFactory.java#L49-L54 [4] https://github.com/wso2/carbon-identity-framework/blob/v5.11.3/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsGraphBuilder.java#L101-L125 Thanks, -- Maduranga Siriwardena Senior Software Engineer WSO2 Inc; http://wso2.com/ Email: [email protected] Mobile: +94718990591 Blog: *https://madurangasiriwardena.wordpress.com/ <https://madurangasiriwardena.wordpress.com/>* <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
