[OTDev] OpenAM performance
Nina Jeliazkova jeliazkova.nina at gmail.comMon Jul 11 09:04:58 CEST 2011
- Previous message: [OTDev] OpenAM performance
- Next message: [OTDev] OpenAM performance
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Andreas, All, > > So, can you find a StringIndexOutOfBoundsException in the logs? That > would mean the corresponding policy has no such substring "Policies". > It is unfortunately rather easy to feed OpenAM syntactically invalid > policies, perhaps this has happened in your case, too. > OpenAM seems to perform DTD based XML validation, and doesn't accept invalid syntax. <!DOCTYPE Policies PUBLIC \"-//Sun Java System Access Manager7.1 2006Q3 Admin CLI DTD//EN\" \"jar://com/sun/identity/policy/policyAdmin.dtd\"> We've found the DOCTYPE statement _must_ be present in the XML post-ed, otherwise the XML is rejected. What is interesting, if one retrieves the XML of an existing policy from the server, it _does_not_ contain the DOCTYPE statement, and attempt to import it in another server fails, just because of the missing DOCTYPE . Adding it resolves the problem. We have developed a client (https://github.com/vedina/opentox-aa-cli) , allowing to archive policy XMLs from a server, given user and password, and later import them into another instance. Hope this could be useful for the migration into a newer OpenAM version . This is also a generic OpenTox AA java client library (used in ambit services and an older version of it in Bioclipse) The modified version of Policy service is also available at https://github.com/vedina/Pol 1) table structure slightly modified 2) added connection pool (c3p0) for handling MySQL connection 3) the presence of tokens is verified first, then all other actions are taken (this solves the issue reported by Vedrin) 4) improved exception handling 5) refactored as a maven project (besides all the maven goodies, now one can test it locally by running mvn tomcat:run , without explicitly installing a servlet container) 6) other minor refactoring for better readability To summarize, an improved version of OpenTox AA (with the newest OpenAM and policies extracted from the current setup and imported into the new one) can be setup in few days, and will have a better response time and scalability than currently. There is still a problem with increased latency of bulk delete of policies (bulk means deleting several tens of thousands policies) , but as far as I understood, for few tens of policies (as is in the validation use case), there is no such problem. Vedrin will be sending more details about the outcome from the extensive OpenAM experiments he is performing since the last week. Regards, Nina > Andreas > _______________________________________________ > Development mailing list > Development at opentox.org > http://www.opentox.org/mailman/listinfo/development >
- Previous message: [OTDev] OpenAM performance
- Next message: [OTDev] OpenAM performance
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list