jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2842) Avoid excessive node access during ac evaluation (followup to JCR-2573)
Date Fri, 10 Dec 2010 12:18:01 GMT
Avoid excessive node access during ac evaluation (followup to JCR-2573)
-----------------------------------------------------------------------

                 Key: JCR-2842
                 URL: https://issues.apache.org/jira/browse/JCR-2842
             Project: Jackrabbit Content Repository
          Issue Type: Improvement
          Components: jackrabbit-core, security
            Reporter: angela
            Assignee: angela


the resource-based access control management in JR currently requires a lot of read operations
in order to collect the
relevant access control entries (walking up the node hierarchy).

this could be improved by various means such as e.g. :

1. define means to stop the entry collection if the required information is already found.
2. enhanced storage mechanism for access control content that allows to quickly determine
all accesscontrolled ancestors.

regarding 1)
this could be achieved without major refactoring for AccessControlProvider#canRead that solely
focusses on read permission. for any
other permission evaluation this may require some additional refactoring as currently the
complete set of permissions is calculated.

regarding 2)
we (david, michi, jukka and myself) had various discussions about this approach during the
last couple of month. possible solutions
brought up in initial brainstorming included modification on the persistence level as well
as "highlevel" changes simply additing
additional information to the ACL node. All approaches discussed so far would allow to determine
and collect more easily the AC
information effective at a given node in the hierarchy starting from a general "the evaluation
mechanism knows about all ac content" to 
"a single acl knows the next parent-acl in the hierarchy"... these just to mention some ideas
of our discussions.

starting next year i will spent some time on this and create one (or several) prototype(s)
in order to have something real to
discuss about.




-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message