Hi Brian, I am trying to do what you have suggested and conceptually it looks okay. However I am having some trouble with the distinction between Group/TurbineGroup and User/TurbineUser. I obviously don't understand how these go together and how you can get one from the other (if at all).
They both seem to be referencing the same data but are derived from different base classes for different purposes. Can someone explain their purposes and which is the most appropriate in this circumstance? And in you code you reference a user type RedwoodUser which I assume is you own class, and a getGroups method. Do I extend org.apache.turbine.on.security.TurbineUser or the generated TurbineUser in my own 'om' directory?? I would like to build a more specific SQL call into the database, using something like getTurbineUserGroupRole() but can't seem to get from User to TurbineUser to make this available. Can anyone put these classes into context for, how they sit/work together in turbine etc? Thanks Peter > -----Original Message----- > From: Brian Lawler [mailto:[EMAIL PROTECTED] > Sent: 21 November 2003 9:29 > To: Turbine Users List > Subject: Re: Large number of groups impacts performance > > > We ran into that exact same problem and to fix it, I extended the > SecurityService to override those bad behaviors. The main culprit is > getACL(), which goes through the nightmarish task of selecting all > groups a few times which became generally displeasurable on our > application. I changed this to call getMyGroups(), which is > a method I > added to this service that gets your groups in a more > efficient manner. > All you have to do then is go to TR.props and change your > SecurityService to point to your new class and you should be good to > go... > > HTH. > > -Brian > > ++++++ > > Here is the code that I used: > > package com.tribe.security; > > import java.util.Hashtable; > import java.util.Iterator; > > import org.apache.torque.util.Criteria; > > import org.apache.turbine.om.security.Group; > import org.apache.turbine.om.security.Permission; > import org.apache.turbine.om.security.Role; > import org.apache.turbine.om.security.User; > import org.apache.turbine.om.security.RedwoodUser; > import org.apache.turbine.om.security.peer.GroupPeer; > import org.apache.turbine.om.security.peer.PermissionPeer; > import org.apache.turbine.om.security.peer.RolePeer; > import org.apache.turbine.services.security.TurbineSecurity; > import org.apache.turbine.services.security.db.DBSecurityService; > import org.apache.turbine.util.Log; > import org.apache.turbine.util.security.AccessControlList; > import org.apache.turbine.util.security.DataBackendException; > import org.apache.turbine.util.security.GroupSet; > import org.apache.turbine.util.security.PermissionSet; > import org.apache.turbine.util.security.RoleSet; > import org.apache.turbine.util.security.UnknownEntityException; > > public class SecurityService extends DBSecurityService { > public AccessControlList getACL(User user) > throws DataBackendException, UnknownEntityException > { > if (!TurbineSecurity.accountExists(user)) > { > throw new UnknownEntityException("The account '" > + user.getName() + "' does not exist"); > } > try > { > Hashtable roles = new Hashtable(); > Hashtable permissions = new Hashtable(); > // notify the state modifiers (writers) that we want to > create > // the snapshot. > lockShared(); > > // construct the snapshot: > > // foreach group in the system > for (Iterator groupsIterator = > getMyGroups(user).elements(); > groupsIterator.hasNext();) > { > Group group = (Group) groupsIterator.next(); > // get roles of user in the group > RoleSet groupRoles = > RolePeer.retrieveSet(user, group); > // put the Set into roles(group) > roles.put(group, groupRoles); > // collect all permissions in this group > PermissionSet groupPermissions = new PermissionSet(); > // foreach role in Set > for (Iterator rolesIterator = groupRoles.elements(); > rolesIterator.hasNext();) > { > Role role = (Role) rolesIterator.next(); > // get permissions of the role > PermissionSet rolePermissions > = PermissionPeer.retrieveSet(role); > groupPermissions.add(rolePermissions); > } > // put the Set into permissions(group) > permissions.put(group, groupPermissions); > } > return new AccessControlList(roles, permissions); > } > catch (Exception e) > { > throw new DataBackendException("Failed to build ACL for > user '" > + user.getName() + "'", e); > } > finally > { > // notify the state modifiers that we are done > creating the > snapshot > unlockShared(); > } > } > > private GroupSet getMyGroups(User u) throws DataBackendException, > UnknownEntityException { > return ((RedwoodUser)u).getGroups(); > } > > public Group getGroup(String name) throws DataBackendException, > UnknownEntityException { > Log.debug("Retrieving a group named: " + name); > Group result = null; > Criteria crit = new Criteria(); > crit.add(GroupPeer.NAME, name); > GroupSet groups = getGroups(crit); > if(groups.size() == 0) { > throw new UnknownEntityException("Did not find a group > named " + > name); > } else { > result = (Group) groups.elements().next(); > } > return result; > } > > } > > > On Thursday, November 20, 2003, at 02:04 PM, EXT-McTaggart, Peter > wrote: > > > Hi, > > > > Env: TDK 2.3/Flux, MySQL 4/Oracle, JDK 1.4.1 > > > > In the system I am building I need to have data dependent > security, ie > > security access to particular fields etc depends on the the > > application data in the fields. > > I'm using Flux > > to do this. > > > > To accomplish this I am creating a group per Item that the > > applicationd deals with and assigning users that require access to > > that item into the group. While I > > haven't measured yet I am worried about the performance of this > > approach. > > > > here are the numbers: > > > > #roles: 7 > > #permissions: 50 > > #groups: 2500 growing by about 1000 per year > > #users: 1000 > > > > Now in the debug log I see a large number of seemingly identifcal > > repetitive SQL calls. And there are now sizeable delays > when logging > > in and generating screeens etc. Has anyone implemented turbine with > > these orer of numbers , if so, were there any tricks , > tips, mods that > > you used to improve performance? > > > > Any thoughts or suggestions would be appreciated. > > > > Thanks > > Peter > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
