-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Performance optimization #526
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with a minor suggestion.
If you don't have time to tweak it don't worry about out ;)
@@ -95,6 +95,8 @@ public class WebUtils { | |||
*/ | |||
public static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1"; | |||
|
|||
public static final boolean IS_ALLOW_BACKSLASH = Boolean.getBoolean(ALLOW_BACKSLASH); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: you may want to move this to just under the ALLOW_BACKSLASH
def above in this file.
I only mention this because it took my brain a sec to realize there was an IS_
prefix.
This isn't critical, I probably just need more caffeine 🤣
Through the system pressure test, this lock has a great impact on our system performance. //WebUtils.java
public static void retrieveSystemProperties(){
WebUtils.allowBackslash = Boolean.getBoolean(ALLOW_BACKSLASH);
} This method is slightly modified, but the test case needs to be modified. |
@zenglzh I'm guessing something like what you are suggesting is the easiest path forward. Possibly making it package protected in static void reloadSystemProperties(){
allowBackslash = Boolean.getBoolean(ALLOW_BACKSLASH);
} There is another test that checks the backslash logic too, but IIRC, that one is written in Groovy, and will allow access to that method anyway. |
Yes,@bdemers . by the way, can we delete the "ALLOW_BACKSLASH" attribute?Use //@see org.apache.catalina.webresources.AbstractFileResourceSet#normalize in Tomcat trunk
public static String normalize(String path) {
return normalize(path, File.separatorChar == '\\');
} |
Even on windows, you may want to block the use of backslashes, as they may be used to escape other chars. |
@@ -58,6 +58,7 @@ public class WebUtils { | |||
public static final String SERVLET_RESPONSE_KEY = ServletResponse.class.getName() + "_SHIRO_THREAD_CONTEXT_KEY"; | |||
|
|||
public static final String ALLOW_BACKSLASH = "org.apache.shiro.web.ALLOW_BACKSLASH"; | |||
private static boolean allowBackslash = Boolean.getBoolean(ALLOW_BACKSLASH); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: this static var should be upper case
I can't handle the build in openj9 check 🤕。Please anybody help me ... ☕ |
@zenglzh it happen only on MacOS so I would say that it's not mandatory to fix it as it's ok on Jenkins full workflow. |
@lprimak can you redo a review? |
@fpapon done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another nit :) Can you redo this PR with just one commit, with a good description?
The bunch of "Update WebUtils.java" is not descriptive enough.
git reset --soft origin/main
git commit
git push --force
Last one I promise :)
Change the acquisition of system properties to static variables to reduce contension in high concurrency environments. The Boolean.getBoolean method calls Hashtable to obtain system properties, and will lock.
@zenglzh never mind I did it for you :) |
@zenglzh Thanks for your contribution, we appreciate it! |
Change the acquisition of system attributes to static variables to reduce congestion in high concurrency environments. The Boolean.getBoolean method will call Hashtable to obtain system propertys ,and will lock.
Following this checklist to help us incorporate your contribution quickly and easily:
for the change (usually before you start working on it). Trivial changes like typos do not
require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
[SHIRO-XXX] - Fixes bug in SessionManager
,where you replace
SHIRO-XXX
with the appropriate JIRA issue. Best practiceis to use the JIRA issue title in the pull request title and in the first line of the commit message.
mvn clean install apache-rat:check
to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.git rebase -i
.Trivial changes like typos do not require a JIRA issue (javadoc, comments...).
In this case, just format the pull request title like
(DOC) - Add javadoc in SessionManager
.If this is your first contribution, you have to read the Contribution Guidelines
If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement
if you are unsure please ask on the developers list.
To make clear that you license your contribution under the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.