You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2014/11/01 08:21:47 UTC
git commit: Fixed the concurrent accesses to the PolicySet field (see
https://issues.apache.org/jira/browse/FC-38)
Repository: directory-fortress-core
Updated Branches:
refs/heads/master f6faf5485 -> 51d94f189
Fixed the concurrent accesses to the PolicySet field (see
https://issues.apache.org/jira/browse/FC-38)
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/51d94f18
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/51d94f18
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/51d94f18
Branch: refs/heads/master
Commit: 51d94f189970a5bc90782891262010fc4347942e
Parents: f6faf54
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Sat Nov 1 08:21:36 2014 +0100
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Sat Nov 1 08:21:36 2014 +0100
----------------------------------------------------------------------
.../directory/fortress/core/rbac/PolicyP.java | 86 +++++++++++++++++---
1 file changed, 74 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/51d94f18/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java b/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
index bdd31ba..f095ecf 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
@@ -22,10 +22,11 @@ package org.apache.directory.fortress.core.rbac;
import java.util.List;
import java.util.Set;
+import java.util.concurrent.locks.ReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.GlobalIds;
import org.apache.directory.fortress.core.SecurityException;
@@ -66,7 +67,7 @@ public final class PolicyP
// DAO class for ol pw policy data sets must be initialized before the other statics:
private static final PolicyDAO olDao = new PolicyDAO();
// this field is used to synchronize access to the above static data set:
- private static final Object policySetSynchLock = new Object();
+ private static final ReadWriteLock policySetLock = new ReentrantReadWriteLock();
// static field holds the list of names for all valid pw policies in effect:
private static Cache policyCache;
private static final int MIN_PW_LEN = 20;
@@ -100,10 +101,24 @@ public final class PolicyP
final boolean isValid( PwPolicy policy )
{
boolean result = false;
- Set<String> policySet = getPolicySet( policy.getContextId() );
- if ( policySet != null )
- result = policySet.contains( policy.getName() );
- return result;
+
+ try
+ {
+ policySetLock.readLock().lock();
+
+ Set<String> policySet = getPolicySet( policy.getContextId() );
+
+ if ( policySet != null )
+ {
+ result = policySet.contains( policy.getName() );
+ }
+
+ return result;
+ }
+ finally
+ {
+ policySetLock.readLock().unlock();
+ }
}
@@ -133,11 +148,21 @@ public final class PolicyP
{
validate( policy );
olDao.create( policy );
- synchronized ( policySetSynchLock )
+
+ try
{
+ policySetLock.writeLock().lock();
+
Set<String> policySet = getPolicySet( policy.getContextId() );
+
if ( policySet != null )
+ {
policySet.add( policy.getName() );
+ }
+ }
+ finally
+ {
+ policySetLock.writeLock().unlock();
}
}
@@ -168,11 +193,21 @@ public final class PolicyP
final void delete( PwPolicy policy ) throws SecurityException
{
olDao.remove( policy );
- synchronized ( policySetSynchLock )
+
+ try
{
+ policySetLock.writeLock().lock();
+
Set<String> policySet = getPolicySet( policy.getContextId() );
+
if ( policySet != null )
+ {
policySet.remove( policy.getName() );
+ }
+ }
+ finally
+ {
+ policySetLock.writeLock().unlock();
}
}
@@ -201,12 +236,14 @@ public final class PolicyP
private void validate( PwPolicy policy ) throws ValidationException
{
int length = policy.getName().length();
+
if ( length < 1 || length > GlobalIds.PWPOLICY_NAME_LEN )
{
String error = "validate policy name [" + policy.getName() + "] INVALID LENGTH [" + length + "]";
LOG.error( error );
throw new ValidationException( GlobalErrIds.PSWD_NAME_INVLD_LEN, error );
}
+
if ( policy.getCheckQuality() != null )
{
try
@@ -227,6 +264,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_QLTY_INVLD, error );
}
}
+
if ( policy.getMaxAge() != null )
{
if ( policy.getMaxAge() > MAX_AGE )
@@ -237,6 +275,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_MAXAGE_INVLD, error );
}
}
+
if ( policy.getMinAge() != null )
{
// policy.minAge
@@ -248,6 +287,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_MINAGE_INVLD, error );
}
}
+
if ( policy.getMinLength() != null )
{
if ( policy.getMinLength() > MIN_PW_LEN )
@@ -258,6 +298,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_MINLEN_INVLD, error );
}
}
+
if ( policy.getFailureCountInterval() != null )
{
if ( policy.getFailureCountInterval() > MAX_AGE )
@@ -268,6 +309,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_INTERVAL_INVLD, error );
}
}
+
if ( policy.getMaxFailure() != null )
{
if ( policy.getMaxFailure() > MAX_FAILURE )
@@ -278,6 +320,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_MAXFAIL_INVLD, error );
}
}
+
if ( policy.getInHistory() != null )
{
if ( policy.getInHistory() > MAX_HISTORY )
@@ -288,6 +331,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_HISTORY_INVLD, error );
}
}
+
if ( policy.getGraceLoginLimit() != null )
{
if ( policy.getGraceLoginLimit() > MAX_GRACE_COUNT )
@@ -298,6 +342,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_GRACE_INVLD, error );
}
}
+
if ( policy.getLockoutDuration() != null )
{
if ( policy.getLockoutDuration() > MAX_AGE )
@@ -308,6 +353,7 @@ public final class PolicyP
throw new ValidationException( GlobalErrIds.PSWD_LOCKOUTDUR_INVLD, error );
}
}
+
if ( policy.getExpireWarning() != null )
{
if ( policy.getExpireWarning() > MAX_AGE )
@@ -330,6 +376,7 @@ public final class PolicyP
private static Set<String> loadPolicySet( String contextId )
{
Set<String> policySet = null;
+
try
{
policySet = olDao.getPolicies( contextId );
@@ -339,7 +386,9 @@ public final class PolicyP
String warning = "loadPolicySet static initializer caught SecurityException=" + se;
LOG.info( warning );
}
+
policyCache.put( getKey( contextId ), policySet );
+
return policySet;
}
@@ -351,12 +400,23 @@ public final class PolicyP
*/
private static Set<String> getPolicySet( String contextId )
{
- Set<String> policySet = ( Set<String> ) policyCache.get( getKey( contextId ) );
- if ( policySet == null )
+ try
{
- policySet = loadPolicySet( contextId );
+ policySetLock.readLock().lock();
+
+ Set<String> policySet = ( Set<String> ) policyCache.get( getKey( contextId ) );
+
+ if ( policySet == null )
+ {
+ policySet = loadPolicySet( contextId );
+ }
+
+ return policySet;
+ }
+ finally
+ {
+ policySetLock.readLock().unlock();
}
- return policySet;
}
@@ -368,10 +428,12 @@ public final class PolicyP
private static String getKey( String contextId )
{
String key = POLICIES;
+
if ( VUtil.isNotNullOrEmpty( contextId ) && !contextId.equalsIgnoreCase( GlobalIds.NULL ) )
{
key += ":" + contextId;
}
+
return key;
}
}
\ No newline at end of file