Return-Path: X-Original-To: apmail-jackrabbit-dev-archive@www.apache.org Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 78DE5FEFA for ; Wed, 27 Mar 2013 16:29:16 +0000 (UTC) Received: (qmail 90240 invoked by uid 500); 27 Mar 2013 16:29:16 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 90162 invoked by uid 500); 27 Mar 2013 16:29:16 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 90154 invoked by uid 99); 27 Mar 2013 16:29:16 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Mar 2013 16:29:16 +0000 Date: Wed, 27 Mar 2013 16:29:16 +0000 (UTC) From: "Cameron Hinkle (JIRA)" To: dev@jackrabbit.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (JCR-2950) CachingEntryCollector ineffective if number of accessed policies exceeds cache size MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/JCR-2950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13615456#comment-13615456 ] Cameron Hinkle commented on JCR-2950: ------------------------------------- Can anyone summarize the state of this ticket? We ran into this condition when our CQ5 servers received a huge wall of traffic all at once and even when the traffic levels went back down to normal, the servers never recovered. There were couple hundred AJP threads on each server all waiting for the same locked object. I'm not clear on whether a patch has been committed that eases this contention in a later release (we're on CQ5.5, Jackrabbit 2.4) or are there steps we can take our current version to help in this scenario? Thanks. > CachingEntryCollector ineffective if number of accessed policies exceeds cache size > ----------------------------------------------------------------------------------- > > Key: JCR-2950 > URL: https://issues.apache.org/jira/browse/JCR-2950 > Project: Jackrabbit Content Repository > Issue Type: Improvement > Components: jackrabbit-core, security > Affects Versions: 2.2.12, 2.4.2, 2.6 > Environment: Repository with ACEs > 1000 > Reporter: Honwai Wong > Assignee: Julian Reschke > Attachments: auth-prefilled-cache.csv, cache-empty-aces.csv, cache-empty-aces.png, cache-empty-aces-scfixed.csv, CachingEntryCollector.ConcurrentCache-trunk.patch, jcr-2950-2.csv, jcr-2950-2.png, JCR-2950-concurrent-cache-2.patch, jcr-2950.csv, jcr-2950-csv.sh, JCR-2950_entryseparation-multisessionhack.patch, JCR-2950_entryseparation.patch, JCR-2950-futures_2.patch, JCR-2950-futures_3.patch, JCR-2950-futures_4.patch, JCR-2950-futures.patch, JCR-2950_performance_tests.patch.gz, jcr-2950.png, JCR-2950-refactor.patch, JCR-2950-refactor+rootnode_2.patch , JCR-2950-refactor+rootnode_3.patch, JCR-2950-refactor+rootnode_4.patch, JCR-2950-refactor+rootnode_5.patch, JCR-2950-refactor+rootnode_6.patch, JCR-2950-refactor+rootnode_7.patch, JCR-2950-refactor+rootnode.patch, JCR-2950-throttle2.patch, JCR-2950-throttle.patch, syssessioncomparison.csv, test2950.sh > > > The CachingEntryCollector's cache (LRUMap, max size: 1000) seems to become ineffective in case there are more than 1000 ACEs present in the repository. Since access to the cache is synchronized, many threads are basically blocked, waiting to get access to the cache. > Java callstack: > at org/apache/jackrabbit/core/security/authorization/acl/CachingEntryCollector.getEntries(CachingEntryCollector.java:99(Compiled Code)) > at org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.collectEntries(EntryCollector.java:134(Compiled Code)) > at org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.canRead(CompiledPermissionsImpl.java:250(Compiled Code)) > at org/apache/jackrabbit/core/security/DefaultAccessManager.canRead(DefaultAccessManager.java:251(Compiled Code)) > at org/apache/jackrabbit/core/ItemManager.canRead(ItemManager.java:426(Compiled Code)) > at org/apache/jackrabbit/core/ItemManager.createItemData(ItemManager.java(Compiled Code)) > at org/apache/jackrabbit/core/ItemManager.getItemData(ItemManager.java:379(Compiled Code)) > at org/apache/jackrabbit/core/ItemManager.itemExists(ItemManager.java:292(Compiled Code)) > at org/apache/jackrabbit/core/ItemManager.itemExists(ItemManager.java:464(Compiled Code)) > at org/apache/jackrabbit/core/session/SessionItemOperation$1.perform(SessionItemOperation.java:49(Compiled Code)) > at org/apache/jackrabbit/core/session/SessionItemOperation$1.perform(SessionItemOperation.java:46(Compiled Code)) > at org/apache/jackrabbit/core/session/SessionItemOperation.perform(SessionItemOperation.java:187(Compiled Code)) > at org/apache/jackrabbit/core/session/SessionState.perform(SessionState.java:200(Compiled Code)) > at org/apache/jackrabbit/core/SessionImpl.perform(SessionImpl.java:355(Compiled Code)) > at org/apache/jackrabbit/core/SessionImpl.itemExists(SessionImpl.java:751(Compiled Code)) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira