-
Notifications
You must be signed in to change notification settings - Fork 920
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ARTEMIS-1740: Add support for regex based certificate authentication #2011
Conversation
@jbertram can you look into this one? you have more miles on security than I do. :) |
This looks good except for a few things:
|
@@ -95,6 +99,21 @@ public synchronized ReloadableProperties obtained() { | |||
return invertedValueProps; | |||
} | |||
|
|||
public synchronized Map<String, Pattern> regexpPropertiesMap() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could use a Suppliers::memoize to allow a thread-safe lazy initialization without having that method synchronized even when you just need to get regexpProps
.
But is is needed?
String dn = getDistinguishedName(certs); | ||
String name = usersByDn.get(dn); | ||
if (name == null && regexpByUser != null) { | ||
name = getUserByRegexp(dn); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
getUserByRegexp
is synchronized but there are uses of usersByDn
and regexpByUser
, like these ones, that are not: what is the reason to have String getUserByRegexp(String dn)
synchronized?
- not using a separate file for regexps anymore - added negative caching - added more tests - added documentation
The intent of |
And it makes sense, but there are parts like: |
@franz1981 your comment goes beyond my modifications since the existing code already uses the |
|
||
return usersByDn.get(getDistinguishedName(certs)); | ||
String dn = getDistinguishedName(certs); | ||
String name = usersByDn.get(dn); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hence this userByDb
not synchronized access no longer exists in the new commit?
With github and multiple commits is not simple to do reviews :P
The final code can be seen here. Just like in the original code, both |
Thanks for the changes, @LionelCons. Can you squash your commits? |
@jbertram can you squash the commits when accepting the merge? |
@LionelCons I can.. if this is ready to be merged. |
done |
This adds the possibility to have an optional properties file containing regular expressions to match against the DN.