Hi Maduranga, Few suggestions:
- In JS: Lets rename the primary function that starts the execution of the script to "main" (currently its anonymous). - There are two different Bindings: - Global Bindings - Visible to all scripts & engines in the JVM. - You can put stateless stuff in this bindings (e.g. a logger). - Engine Bindings - Associated with a particular engine. - Hence sharing engine instances among script leads to sharing engine scope bindings among those scripts. - So having an engine per script is advised. (if you really want to share a single engine, the you have to do specially care for bindings) - In [1], engine.createBindings() returns a new bindings object. But its not assigned to the engine instance. So putting stuff to the returned bindings object doesn't affects to the script execution until you set that bindings object to the engine object by calling engine.setBindings(bindings, ScriptContext.ENGINE_SCOPE) . - Its better to block global variables in a script as they can be exploited/misused to carry a sate between two execution of the same script. This can be achieved 'locking" Bindings. Basically we don' allow 'put' operation in bindings. Example at [2]. - As a guide, please follow [3]. [1] https://github.com/wso2/carbon-identity-framework/blob/v5.11.3/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsGraphBuilder.java#L111 [2] https://github.com/this/carbon-uuf/blob/0397fb857e6a78e087488ffb80309f10f54c50a7/components/uuf-renderablecreator-hbs/src/main/java/org/wso2/carbon/uuf/renderablecreator/hbs/impl/JsExecutable.java#L233-L239 [3] https://github.com/this/carbon-uuf/blob/0397fb857e6a78e087488ffb80309f10f54c50a7/components/uuf-renderablecreator-hbs/src/main/java/org/wso2/carbon/uuf/renderablecreator/hbs/impl/JsExecutable.java#L52 Thanks. On Wed, Jan 10, 2018 at 5:23 PM, Maduranga Siriwardena <[email protected]> wrote: > Hi Devs, > > For the implementation of Conditional Authentication Support on WSO2 > Identity Server (discussed in mail thread [1] @[email protected]), we > are using Nashorn to work with JavaScript based authentication script. > > At the moment single ScriptEngine object is created to handle > authentication scripts for all the requests comes in to the server. As per > [2] ScriptEngine and CompiledScript thread safe. We initially get the > bindings of the ScriptEngine object with GLOBAL_SCOPE and put few bindings. > This happens only one time. (see code segment [3]) > > After that, for every request we compile the authentication script with > previously created ScriptEngine instance (we need to consider about caching > the compiled script). Then we create bindings > (with engine.createBindings()) from the ScriptEngine object and put few > more bindings there. After that we evaluate the CompiledScript with the > bindings we created and invoke the function in the script. (see code > segment [4]) > > Function and object bindings we add to the nashorn engine and > specification we are planing for the authentication script does not > have/use any shared resources. As per [2], bindings are not thread safe. > But invoking engine.createBindings() always returns a new object of > ScriptObjectMirror. As we don't do any modification to the GLOBAL_SCOPE > bindings concurrently, this also seems to be not causing any issue. > > Do you see any possible issue? or any possible change we need to do for > the current implementation? > > [1] [Architecture] Conditional Authentication Support on WSO2 Identity > Server > [2] https://stackoverflow.com/a/30159424/1537365 > [3] https://github.com/wso2/carbon-identity-framework/ > blob/v5.11.3/components/authentication-framework/org.wso2.carbon.identity. > application.authentication.framework/src/main/java/org/ > wso2/carbon/identity/application/authentication/ > framework/config/model/graph/JsGraphBuilderFactory.java#L49-L54 > [4] https://github.com/wso2/carbon-identity-framework/ > blob/v5.11.3/components/authentication-framework/org.wso2.carbon.identity. > application.authentication.framework/src/main/java/org/ > wso2/carbon/identity/application/authentication/ > framework/config/model/graph/JsGraphBuilder.java#L101-L125 > > Thanks, > -- > Maduranga Siriwardena > Senior Software Engineer > WSO2 Inc; http://wso2.com/ > > Email: [email protected] > Mobile: +94718990591 <+94%2071%20899%200591> > Blog: *https://madurangasiriwardena.wordpress.com/ > <https://madurangasiriwardena.wordpress.com/>* > <http://wso2.com/signature> > -- Sajith Janaprasad Ariyarathna Senior Software Engineer; WSO2, Inc.; http://wso2.com/ <https://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
