jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Dürig (JIRA) <j...@apache.org>
Subject [jira] [Commented] (OAK-3003) Improve login performance with huge group membership
Date Thu, 09 Jul 2015 09:19:05 GMT

    [ https://issues.apache.org/jira/browse/OAK-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14620168#comment-14620168
] 

Michael Dürig commented on OAK-3003:
------------------------------------

Briefly looked into the patch:
* I'd make the unit of the cache expiration time minutes instead of milliseconds to avoid
hitting the repository with too many cache updates. 
* Not sure whether there is enough guarding in place against concurrent cache updates. 
* The current design seems to expose some inconsistency when group memberships change as this
doesn't seem to invalidate the cache. I wouldn't know how problematic this is though. 

> Improve login performance with huge group membership
> ----------------------------------------------------
>
>                 Key: OAK-3003
>                 URL: https://issues.apache.org/jira/browse/OAK-3003
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: core
>            Reporter: angela
>            Assignee: angela
>         Attachments: OAK-3003.patch, group_cache_in_userprincipalprovider.txt
>
>
> As visible when running {{LoginWithMembershipTest}} default login performance (which
uses the {{o.a.j.oak.security.principal.PrincipalProviderImpl}} to lookup the complete set
of principals) suffers when a given user is member of a huge number of groups (see also OAK-2690
for benchmark data).
> While using dynamic group membership (and thus a custom {{PrincipalProvider}} would be
the preferable way to deal with this, we still want to optimize {{PrincipalProvider.getPrincipals(String
userId}} for the default implementation.
> With the introduction of a less generic implementation in OAK-2690, we might be able
to come up with an optimization that makes use of the very implementation details of the user
management while at the same time being able to properly secure it as we won't need to extend
the public API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message