From 3366a9ebd955b09b0bcb110d25e7f438cbe668cf Mon Sep 17 00:00:00 2001 From: Jason Zaugg Date: Tue, 28 Aug 2018 12:00:57 +1000 Subject: [PATCH 1/2] Reduce overhead of the security manager Continues the work started in #11 by systematically overriding all the other methods of SecurityManager for a fast path when the base security manager is null. Fixes #134 --- .../nailgun/NGSecurityManager.java | 138 +++++++++++++++++- 1 file changed, 137 insertions(+), 1 deletion(-) diff --git a/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSecurityManager.java b/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSecurityManager.java index 005e8ca9..7a9390e9 100644 --- a/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSecurityManager.java +++ b/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSecurityManager.java @@ -18,6 +18,8 @@ package com.martiansoftware.nailgun; +import java.io.FileDescriptor; +import java.net.InetAddress; import java.security.Permission; /** @@ -58,10 +60,144 @@ public void checkPermission(Permission perm, Object context) { } } - /** Avoid constructing a FilePermission object in checkRead if base manager is null. */ + // Overrides below avoid the cost of creating Permissions objects if base manager is null. + // FilePermission, in particular, is expensive to create. + public void checkRead(String file) { if (base != null) { super.checkRead(file); } } + + public void checkCreateClassLoader() { + if (base != null) { + super.checkCreateClassLoader(); + } + } + + public void checkAccess(Thread t) { + if (base != null) { + super.checkAccess(t); + } + } + + public void checkAccess(ThreadGroup g) { + if (base != null) { + super.checkAccess(g); + } + } + + public void checkExec(String cmd) { + if (base != null) { + super.checkExec(cmd); + } + } + + public void checkLink(String lib) { + if (base != null) { + super.checkLink(lib); + } + } + + public void checkRead(FileDescriptor fd) { + if (base != null) { + super.checkRead(fd); + } + } + + public void checkRead(String file, Object context) { + if (base != null) { + super.checkRead(file, context); + } + } + + public void checkWrite(FileDescriptor fd) { + if (base != null) { + super.checkWrite(fd); + } + } + + public void checkWrite(String file) { + if (base != null) { + super.checkWrite(file); + } + } + + public void checkDelete(String file) { + if (base != null) { + super.checkDelete(file); + } + } + + public void checkConnect(String host, int port) { + if (base != null) { + super.checkConnect(host, port); + } + } + + public void checkConnect(String host, int port, Object context) { + if (base != null) { + super.checkConnect(host, port, context); + } + } + + public void checkListen(int port) { + if (base != null) { + super.checkListen(port); + } + } + + public void checkAccept(String host, int port) { + if (base != null) { + super.checkAccept(host, port); + } + } + + public void checkMulticast(InetAddress maddr) { + if (base != null) { + super.checkMulticast(maddr); + } + } + + public void checkPropertiesAccess() { + if (base != null) { + super.checkPropertiesAccess(); + } + } + + public void checkPropertyAccess(String key) { + if (base != null) { + super.checkPropertyAccess(key); + } + } + + public void checkPrintJobAccess() { + if (base != null) { + super.checkPrintJobAccess(); + } + } + + public void checkPackageAccess(String pkg) { + if (base != null) { + super.checkPackageAccess(pkg); + } + } + + public void checkPackageDefinition(String pkg) { + if (base != null) { + super.checkPackageDefinition(pkg); + } + } + + public void checkSetFactory() { + if (base != null) { + super.checkSetFactory(); + } + } + + public void checkSecurityAccess(String target) { + if (base != null) { + super.checkSecurityAccess(target); + } + } } From 995fc5e2de7dc4bb6e303db0c7cda5cb86b39d49 Mon Sep 17 00:00:00 2001 From: Jason Zaugg Date: Thu, 13 Sep 2018 13:32:42 +1000 Subject: [PATCH 2/2] Overrides of checkXXX delegate to the corresponding method in base --- .../nailgun/NGSecurityManager.java | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSecurityManager.java b/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSecurityManager.java index 7a9390e9..e7cff06c 100644 --- a/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSecurityManager.java +++ b/nailgun-server/src/main/java/com/martiansoftware/nailgun/NGSecurityManager.java @@ -65,139 +65,139 @@ public void checkPermission(Permission perm, Object context) { public void checkRead(String file) { if (base != null) { - super.checkRead(file); + base.checkRead(file); } } public void checkCreateClassLoader() { if (base != null) { - super.checkCreateClassLoader(); + base.checkCreateClassLoader(); } } public void checkAccess(Thread t) { if (base != null) { - super.checkAccess(t); + base.checkAccess(t); } } public void checkAccess(ThreadGroup g) { if (base != null) { - super.checkAccess(g); + base.checkAccess(g); } } public void checkExec(String cmd) { if (base != null) { - super.checkExec(cmd); + base.checkExec(cmd); } } public void checkLink(String lib) { if (base != null) { - super.checkLink(lib); + base.checkLink(lib); } } public void checkRead(FileDescriptor fd) { if (base != null) { - super.checkRead(fd); + base.checkRead(fd); } } public void checkRead(String file, Object context) { if (base != null) { - super.checkRead(file, context); + base.checkRead(file, context); } } public void checkWrite(FileDescriptor fd) { if (base != null) { - super.checkWrite(fd); + base.checkWrite(fd); } } public void checkWrite(String file) { if (base != null) { - super.checkWrite(file); + base.checkWrite(file); } } public void checkDelete(String file) { if (base != null) { - super.checkDelete(file); + base.checkDelete(file); } } public void checkConnect(String host, int port) { if (base != null) { - super.checkConnect(host, port); + base.checkConnect(host, port); } } public void checkConnect(String host, int port, Object context) { if (base != null) { - super.checkConnect(host, port, context); + base.checkConnect(host, port, context); } } public void checkListen(int port) { if (base != null) { - super.checkListen(port); + base.checkListen(port); } } public void checkAccept(String host, int port) { if (base != null) { - super.checkAccept(host, port); + base.checkAccept(host, port); } } public void checkMulticast(InetAddress maddr) { if (base != null) { - super.checkMulticast(maddr); + base.checkMulticast(maddr); } } public void checkPropertiesAccess() { if (base != null) { - super.checkPropertiesAccess(); + base.checkPropertiesAccess(); } } public void checkPropertyAccess(String key) { if (base != null) { - super.checkPropertyAccess(key); + base.checkPropertyAccess(key); } } public void checkPrintJobAccess() { if (base != null) { - super.checkPrintJobAccess(); + base.checkPrintJobAccess(); } } public void checkPackageAccess(String pkg) { if (base != null) { - super.checkPackageAccess(pkg); + base.checkPackageAccess(pkg); } } public void checkPackageDefinition(String pkg) { if (base != null) { - super.checkPackageDefinition(pkg); + base.checkPackageDefinition(pkg); } } public void checkSetFactory() { if (base != null) { - super.checkSetFactory(); + base.checkSetFactory(); } } public void checkSecurityAccess(String target) { if (base != null) { - super.checkSecurityAccess(target); + base.checkSecurityAccess(target); } } }