为什么将SecurityContext注入Jersey Singleton线程是安全的? [英] Why is injecting a SecurityContext into a Jersey Singleton thread safe?
问题描述
在Jersey文档中,示例16.2 显示了一个示例将SecurityContext注入Jersey资源单例中.
In the Jersey documentation, Example 16.2 shows an example of injecting a SecurityContext into a Jersey resource singleton.
当然,文档是正确的,并且给出的示例确实是线程安全的.
Surely the docs are correct, and the example given is indeed thread safe.
我怀疑SecurityContext的注入仅发生一次,并且在调用getUserPrincipal()时,它可能会从连接到线程本身的某个结构(可能是ThreadLocal对象?)中拾取用户数据.这是当有大量线程竞争时,我可以看到将正确的用户信息提供给最终用户的唯一方法.
I suspect that the injection of the SecurityContext happens exactly once, and when getUserPrincipal() is called, perhaps it picks up user data from some structure that is attached to the thread itself (maybe a ThreadLocal object?). That's the only way I can see that the correct user info be served to the end user when there are a ton of threads competing.
任何人都可以确认此行为,或者以其他方式解释Jersey示例的线程安全性吗?
Can anyone confirm this behavior, or otherwise explain the thread safety of the Jersey example?
推荐答案
动态代理与ThrealLocal支持一起使用.这是在JAX-RS规范中对某些请求范围内的可注入对象的某种解释(请参见有关此规范引用的帖子 )
Dynamic Proxies are used with a ThrealLocal backing. This is kinda explained in the JAX-RS spec, in regards to some request scoped injectable objects (See this post for spec quote)
我怀疑SecurityContext的注入恰好发生了一次
I suspect that the injection of the SecurityContext happens exactly once
是的,但实际上注入的是 proxy .您可以打印出类名,然后您会看到它实际上是一个代理.这篇文章中的第一个链接说明了它是如何工作的.当您在代理上调用方法时,它会将调用委派给线程本地安全上下文.
Yes this is true, but what's injected is actually a proxy. You can print out the class name and you will see that it is actually a Proxy. The first link in this post explains how it works. When you call methods on the proxy, it delegate the calls to the thread local security context.
另请参见:
这篇关于为什么将SecurityContext注入Jersey Singleton线程是安全的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
