Author: remy.maucherat(a)jboss.com Date: 2010-07-20 10:17:23 -0400 (Tue, 20 Jul 2010) New Revision: 1509 Modified: trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java trunk/java/org/apache/catalina/connector/Request.java trunk/webapps/docs/changelog.xml Log: - 49613: Improve SSL attributes access performance when repeatedly accessing them if some are null. - Move certificate chain retrieval to the request. Modified: trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java =================================================================== --- trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java 2010-07-15 08:49:13 UTC (rev 1508) +++ trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java 2010-07-20 14:17:23 UTC (rev 1509) @@ -129,15 +129,8 @@ if (containerLog.isDebugEnabled()) containerLog.debug(" Looking up certificates"); - X509Certificate certs[] = (X509Certificate[]) - request.getAttribute(Globals.CERTIFICATES_ATTR); + X509Certificate certs[] = request.getCertificateChain(); if ((certs == null) || (certs.length < 1)) { - request.getCoyoteRequest().action - (ActionCode.ACTION_REQ_SSL_CERTIFICATE, null); - certs = (X509Certificate[]) - request.getAttribute(Globals.CERTIFICATES_ATTR); - } - if ((certs == null) || (certs.length < 1)) { if (containerLog.isDebugEnabled()) containerLog.debug(" No certificates included with this request"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, Modified: trunk/java/org/apache/catalina/connector/Request.java =================================================================== --- trunk/java/org/apache/catalina/connector/Request.java 2010-07-15 08:49:13 UTC (rev 1508) +++ trunk/java/org/apache/catalina/connector/Request.java 2010-07-20 14:17:23 UTC (rev 1509) @@ -53,6 +53,7 @@ import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.security.Principal; +import java.security.cert.X509Certificate; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Collection; @@ -471,6 +472,12 @@ protected boolean canStartAsync = true; + /** + * Get SSL attributes. + */ + protected boolean sslAttributes = false; + + // --------------------------------------------------------- Public Methods @@ -492,6 +499,7 @@ event = null; } + sslAttributes = false; asyncContext = null; asyncTimeout = 300000; canStartAsync = true; @@ -1071,7 +1079,8 @@ attr = coyoteRequest.getAttribute(name); if(attr != null) return attr; - if( isSSLAttribute(name) ) { + if( !sslAttributes && isSSLAttribute(name) ) { + sslAttributes = true; coyoteRequest.action(ActionCode.ACTION_REQ_SSL_ATTRIBUTE, coyoteRequest); attr = coyoteRequest.getAttribute(Globals.CERTIFICATES_ATTR); @@ -1095,6 +1104,20 @@ return attr; } + + public X509Certificate[] getCertificateChain() { + X509Certificate certs[] = (X509Certificate[]) getAttribute(Globals.CERTIFICATES_ATTR); + if ((certs == null) || (certs.length < 1)) { + coyoteRequest.action(ActionCode.ACTION_REQ_SSL_CERTIFICATE, + coyoteRequest); + certs = (X509Certificate[]) coyoteRequest.getAttribute(Globals.CERTIFICATES_ATTR); + if (certs != null) { + attributes.put(Globals.CERTIFICATES_ATTR, certs); + } + } + return certs; + } + /** * Test if a given name is one of the special Servlet-spec SSL attributes. Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2010-07-15 08:49:13 UTC (rev 1508) +++ trunk/webapps/docs/changelog.xml 2010-07-20 14:17:23 UTC (rev 1509) @@ -25,8 +25,21 @@ <fix> Various CSRF filter updates. (markt) </fix> + <fix> + <bug>49613</bug>: Improve getAttributeNames() performance when using SSL in some cases. (remm) + </fix> </changelog> </subsection> + <subsection name="Coyote"> + <changelog> + <fix> + Fix NPE recycling buffered input filter and reduce memory use. (remm) + </fix> + <fix> + Skip out invalid headers when writing the response. (remm) + </fix> + </changelog> + </subsection> </section> <section name="JBoss Web 3.0.0.Beta6 (remm)">