Cservenak, Tamas created SHIRO-440:
--------------------------------------
Summary: Improve Permission creation performance
Key: SHIRO-440
URL: https://issues.apache.org/jira/browse/SHIRO-440
Project: Shiro
Issue Type: Improvement
Reporter: Cservenak, Tamas
Priority: Minor
On complex systems, where many permissions (and complex recursive roles
exists), the generic WildcardPermissionResolver creates a LOT of different
instances even of same String permission representations. This might cause
spikes in heap usage, but also eats CPU (as WildcardPermission constructor does
a lot of string and collection operations too).
One possible solution would be "instance cache" of permissions, something like
used in Nexus:
https://github.com/sonatype/security/blob/master/security-system/src/main/java/org/sonatype/security/authorization/PermissionFactory.java
https://github.com/sonatype/security/blob/master/security-system/src/main/java/org/sonatype/security/authorization/WildcardPermissionFactory.java
https://github.com/sonatype/security/blob/master/security-system/src/main/java/org/sonatype/security/authorization/InstanceCachingPermissionFactory.java
Using instance cache, we see tremendous improvements in heap usage, but also
speed improvements as WildardPermission creation, as mentioned above, is (well,
somewhat) costly. It might be that Nexus uses too granular perms (hence deal
with a lot of permissions at once), but still this abstraction with these two
implementations would be welcome in Shiro core.
Also, it opens gates for future improvements in this area, without disturbing
the rest of codebase.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
