[jira] [Commented] (OAK-3003) Improve login performance with huge group membership

Tue, 28 Jul 2015 00:53:07 -0700 

    [ 
https://issues.apache.org/jira/browse/OAK-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14644025#comment-14644025
 ] 

angela commented on OAK-3003:
-----------------------------

[~mpetria], thanks for the info; afaik jackrabbit vault uses (or used) 
xml-import to install users/groups for the very reason that it contains 
protected items; xml import is covered with a dedicated test-case (the cache 
props don't get imported and the rep:cache node gets removed). [~tripod], i 
would be glad if you could quickly confirm or let me know if you see the 
possibility for regressions in jackrabbit vault caused by this improvement. if 
you want me to, i could also provide a test-case to properly verify this in 
addition to the xml-import test with oak (but would need some instructions wrt 
vault code base).

> Improve login performance with huge group membership
> ----------------------------------------------------
>
>                 Key: OAK-3003
>                 URL: https://issues.apache.org/jira/browse/OAK-3003
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: core
>            Reporter: angela
>            Assignee: angela
>         Attachments: OAK-3003.patch, OAK-3003_2.patch, 
> group_cache_in_userprincipalprovider.txt
>
>
> As visible when running {{LoginWithMembershipTest}} default login performance 
> (which uses the {{o.a.j.oak.security.principal.PrincipalProviderImpl}} to 
> lookup the complete set of principals) suffers when a given user is member of 
> a huge number of groups (see also OAK-2690 for benchmark data).
> While using dynamic group membership (and thus a custom {{PrincipalProvider}} 
> would be the preferable way to deal with this, we still want to optimize 
> {{PrincipalProvider.getPrincipals(String userId}} for the default 
> implementation.
> With the introduction of a less generic implementation in OAK-2690, we might 
> be able to come up with an optimization that makes use of the very 
> implementation details of the user management while at the same time being 
> able to properly secure it as we won't need to extend the public API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to