On 1/25/2013 3:22 PM, Endi Sukma Dewata wrote:
On 1/25/2013 2:18 PM, Endi Sukma Dewata wrote:
> Previously nonces were stored in a global map which might not scale
> well due to some issues:
> 1. The map used the nonces as map keys. There were possible nonce
> collisions which required special handling.
> 2. The collision handling code was not thread safe. There were
> possible race conditions during concurrent modifications.
> 3. The map was shared and size limited. If there were a lot of
> users using the system, valid nonces could get pruned.
> 4. The map mapped the nonces to client certificates. This limited
> the possible authentication methods that could be supported.
> Now the code has been modified such that each user has a private map
> in the user's session to store the nonces. Additional locking has been
> implemented to protect against concurrent modifications. The map now
> uses the target of the operation as the map key, eliminating possible
> collisions and allowing the use of other authentication methods. Since
> this is a private map, it's not affected by the number of users using
> the system.
> Ticket #474
New patch attached. Fixed the session attribute name in
Rebased on top of patch #204. Fixed exception type.
Endi S. Dewata