Re: [Pki-devel] [PATCH] 202 Session-based nonces.

On 1/25/2013 3:22 PM, Endi Sukma Dewata wrote: > On 1/25/2013 2:18 PM, Endi Sukma Dewata wrote: >> Previously nonces were stored in a global map which might not scale >> well due to some issues: >> 1. The map used the nonces as map keys. There were possible nonce >> collisions which required special handling. >> 2. The collision handling code was not thread safe. There were >> possible race conditions during concurrent modifications. >> 3. The map was shared and size limited. If there were a lot of >> users using the system, valid nonces could get pruned. >> 4. The map mapped the nonces to client certificates. This limited >> the possible authentication methods that could be supported. >> >> Now the code has been modified such that each user has a private map >> in the user's session to store the nonces. Additional locking has been >> implemented to protect against concurrent modifications. The map now >> uses the target of the operation as the map key, eliminating possible >> collisions and allowing the use of other authentication methods. Since >> this is a private map, it's not affected by the number of users using >> the system. >> >> Ticket #474 > > New patch attached. Fixed the session attribute name in > ProfileReviewServlet.java. Rebased on top of patch #204. Fixed exception type. _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel