[jira] [Comment Edited] (OAK-3003) Improve login performance with huge group membership

Tue, 28 Jul 2015 01:12:45 -0700 

    [ 
https://issues.apache.org/jira/browse/OAK-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14640644#comment-14640644
 ] 

angela edited comment on OAK-3003 at 7/28/15 8:11 AM:
------------------------------------------------------

updated patch with more tests and draft for documentation update.
in the updated patch, i also removed the mandatory flag from the rep:expiration 
property definition. given the fact that it's system maintained content but the 
parent node is not protected, i just fear this might a source for trouble... 
will add another test to verify that the cache is defensive enough to not NPE 
in case the rep:expiration would go missing. (/)


was (Author: anchela):
updated patch with more tests and draft for documentation update.
in the updated patch, i also removed the mandatory flag from the rep:expiration 
property definition. given the fact that it's system maintained content but the 
parent node is not protected, i just fear this might a source for trouble... 
will add another test to verify that the cache is defensive enough to not NPE 
in case the rep:expiration would go missing.

> Improve login performance with huge group membership
> ----------------------------------------------------
>
>                 Key: OAK-3003
>                 URL: https://issues.apache.org/jira/browse/OAK-3003
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: core
>            Reporter: angela
>            Assignee: angela
>              Labels: performance
>         Attachments: OAK-3003.patch, OAK-3003_2.patch, 
> group_cache_in_userprincipalprovider.txt
>
>
> As visible when running {{LoginWithMembershipTest}} default login performance 
> (which uses the {{o.a.j.oak.security.principal.PrincipalProviderImpl}} to 
> lookup the complete set of principals) suffers when a given user is member of 
> a huge number of groups (see also OAK-2690 for benchmark data).
> While using dynamic group membership (and thus a custom {{PrincipalProvider}} 
> would be the preferable way to deal with this, we still want to optimize 
> {{PrincipalProvider.getPrincipals(String userId}} for the default 
> implementation.
> With the introduction of a less generic implementation in OAK-2690, we might 
> be able to come up with an optimization that makes use of the very 
> implementation details of the user management while at the same time being 
> able to properly secure it as we won't need to extend the public API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to