Ordering Security Context Processing
Can uPortal security contexts be processed in a particular order?
Yes. But it requires using keys that guarantee the ordering. Since the security.properties file gets read into a Property object, it is backed by a Hashtable object. So to guarentee ordering, you need to specify keys that get mapped into hash indexes in the desired order. The following keys guarentee that a root context with up to three subcontexts will be processed in the indicated order:
root.first-1760680784
root.second-1929346405
root.third-523229795
Note: this is only valid when running in a sun 1.4 or 1.5 jre. Other jre implementations may use a different hashing algorithm and thus not supported with this tool.
The keys remain valid for up to 7 total property entries in the security.properties file. If you need to specify more keys or want to generate keys that are more textually appropriate for the particular subcontext, you can use the attached java code. The first argument is the final capacity of the hashtable. The remaining arguments are the list of keys in order. By default, the Hashtable starts out with a capacity of 11 and a loadFactor of 0.75. It then increases the capacity in the following sequence: 11, 23, 47, 95 (2n+1), which translates to thresholds of 8, 17, 35, 71. So that should cover all cases. Remember the hashtable will get rehashed in the event the number of properties equals or exceeds the threshold, which initially is capacity*loadFactor=8. So if you have 8 or more total properties, you will need to bump up the table size to 23. This includes all properties in security.properties including principalToken.root, credentialToken.root, authorizationProvider, etc.
The GenerateOrderedHashedKeys tool outputs the keys with their corresponding hash index. They are in reverse order because Hashtable iterates/enumerates in reverse order.
Usage:
java GenerateOrderedHashedKeys 11 root.student-ldap-first root.faculty-ldap-second root.rdbm-third
root.student-ldap-first-710192198: 2
root.faculty-ldap-second-969577056: 1
root.rdbm-third-351315882: 0
Key enumeration:
root.student-ldap-first-710192198, root.faculty-ldap-second-969577056, root.rdbm-third-351315882,
Example of larger table size:
java GenerateOrderedHashedKeys 23 root.first root.second root.third root.fourth root.fifth
root.first-2043270586: 4
root.second-727087991: 3
root.third-319629378: 2
root.fourth-1685701573: 1
root.fifth-1638778811: 0
Key enumeration:
root.first-2043270586, root.second-727087991, root.third-319629378, root.fourth-1685701573, root.fifth-1638778811,
The table size was bumped up to 23 in this case because the total number of properties was 9.
# security.properties
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.first-2043270586=
root.second-727087991=
root.third-319629378=
root.fourth-1685701573=
root.fifth-1638778811=
principalToken.root=userName
credentialToken.root=password
authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl
# eof: security.properties
| Attachment | Size |
|---|---|
| GenerateOrderedHashedKeys.java | 1.31 KB |
