-
1. Re: Is XACML PDP Thread Safe?
anil.saldhana Jun 16, 2009 1:02 PM (in response to ffaure)What version of JBossXACML?
Also are you referring to the SOAPSAMLXACMLServlet from JBoss Identity 1.0.0.alpha3? -
2. Re: Is XACML PDP Thread Safe?
anil.saldhana Jun 16, 2009 4:34 PM (in response to ffaure)http://snapshots.jboss.org/maven2/org/jboss/identity/jboss-identity-bindings/1.0.0.alpha3-SNAPSHOT/
Can you use the snapshot jar and tell me how the performance is and the thread safety issue?
The performance of the servlet needs to be improved because I am unsure whether we have optimal parsing yet. -
3. Re: Is XACML PDP Thread Safe?
ffaure Jun 17, 2009 4:25 AM (in response to ffaure)"anil.saldhana@jboss.com" wrote:
What version of JBossXACML?
Also are you referring to the SOAPSAMLXACMLServlet from JBoss Identity 1.0.0.alpha3?
Hi Anil and thank you for your prompt response!
I'm actually using jboss-xacml-2.0.3 and jboss-xacml-saml-2.0.3-aplha from JBoss Maven Repository.
I had a look to the new version of your SAML Servlet and it is very similar to what I did to make it work (that is load the pdp at init and put a lock on evaluate() method).
The performance is OK for the moment but this lock would be a bottleneck in case of huge load, wouldn't it?
Whatever, regarding your solutions, I guess you confirm the PDP evaluate method is not thread safe? This is the most important to know for me as in my architecture, the PDP won't be used only through the SAML servlet but also through an EJB and other "clients" (Spring). I need to confirm if each PDP instance access has to be synchronized or not.
Thanks again,
Fred -
4. Re: Is XACML PDP Thread Safe?
anil.saldhana Jun 17, 2009 12:22 PM (in response to ffaure)Servlets are by nature multi threaded. The PDP evaluate method needs to be threadsafe. I will be making the change for a quick release of JBossXACMLv2.0.3.SP2 today.
-
5. Re: Is XACML PDP Thread Safe?
ffaure Jun 17, 2009 12:30 PM (in response to ffaure)"anil.saldhana@jboss.com" wrote:
Servlets are by nature multi threaded. The PDP evaluate method needs to be threadsafe. I will be making the change for a quick release of JBossXACMLv2.0.3.SP2 today.
Hi Anil,
Thanks again for the effort. I know that servlets are multi threaded. What I wanted to know was if the PDP evaluate method had to be threadsafe. I get the answer. I have to consider this for my various PDP clients.
Thanks a lot,
Fred -
6. Re: Is XACML PDP Thread Safe?
anil.saldhana Jun 17, 2009 12:54 PM (in response to ffaure)http://www.jboss.org/jbosssecurity/downloads/JBoss%20XACML/?action=a&windowstate=maximized
Pick the JBossXACML v2.0.3.SP2 in about 10 minutes.
Fred, thanks for your questions. That got me thinking a bit.
I made the pdp.evaluate method thread safe by moving the lock there. I am going to remove the lock from the SOAPSAMLXACMLServlet as the pdp eval is thread safe.
Consulted some concurrency experts and they also feel that when the number of locks is small, the Lock construct is the most efficient for synchronization.
Also, pick up the JBoss Identity Bindings 1.0.0.alpha3-SNAPSHOT from the
http://snapshots.jboss.org/maven2/org/jboss/identity/jboss-identity-bindings/1.0.0.alpha3-SNAPSHOT/
So, two things for your performance tests - pick JBossXACML v2.0.3.SP2 and updated snapshot for JBoss Identity bindings. Tell me how good the thread safety is in your load test results.
Regarding improving the performance, currently we are validating the request while parsing. We can improve by providing an option to disable the validation while parsing. -
7. Re: Is XACML PDP Thread Safe?
jdiep Mar 18, 2011 12:12 AM (in response to anil.saldhana)Anil,
Where do you set the option to disable the validation while parsing?
Thanks,
Johnny