[Pki-devel] [PATCH] 202 Session-based nonces.
Endi Sukma Dewata
edewata at redhat.com
Thu Jan 31 15:37:43 UTC 2013
On 1/25/2013 3:22 PM, Endi Sukma Dewata wrote:
> On 1/25/2013 2:18 PM, Endi Sukma Dewata wrote:
>> Previously nonces were stored in a global map which might not scale
>> well due to some issues:
>> 1. The map used the nonces as map keys. There were possible nonce
>> collisions which required special handling.
>> 2. The collision handling code was not thread safe. There were
>> possible race conditions during concurrent modifications.
>> 3. The map was shared and size limited. If there were a lot of
>> users using the system, valid nonces could get pruned.
>> 4. The map mapped the nonces to client certificates. This limited
>> the possible authentication methods that could be supported.
>>
>> Now the code has been modified such that each user has a private map
>> in the user's session to store the nonces. Additional locking has been
>> implemented to protect against concurrent modifications. The map now
>> uses the target of the operation as the map key, eliminating possible
>> collisions and allowing the use of other authentication methods. Since
>> this is a private map, it's not affected by the number of users using
>> the system.
>>
>> Ticket #474
>
> New patch attached. Fixed the session attribute name in
> ProfileReviewServlet.java.
Rebased on top of patch #204. Fixed exception type.
--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-edewata-0202-2-Session-based-nonces.patch
Type: text/x-patch
Size: 51921 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130131/bbc215a3/attachment.bin>
More information about the Pki-devel
mailing list