[jboss-user] [Security & JAAS/JBoss] - Is XACML PDP Thread Safe?

[ffaure32]

Hi all,

This is my first post; sorry if it is too or not enough precise.
I'm currently testing the JBoss XACML Implementation with the SAML Servlet enveloppe.
I first simply deployed the SAML Servlet and the PDP with my own policies on a JBoss Server 4.2.3GA
It was running fine (ie all my SAML requests were responding PERMIT or DENY appropriately) but the perf was very poor.
I realized that the PDP was loading the policy files from disk for each request and that was the reason of bad perfs.
Then, I modified the SOAPSAMLXACMLServlet to load the policies at start up (init method)

The perf improved really significally. Unfortunately, I stress tested my configuration with SOAP UI and I got unattended results. I mean, some request that had always returned PERMIT were returning few times a DENY (about 1/1000 times).

I added a synchronized block around the pdp call and the problem was fixed but again, the perf decreased...

Have you ever seen a synchronization problem on JBoss PDP? Am I missing something?

Many thanks in advance,

Fred

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4237803#4237803

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4237803