From users-return-5055-apmail-jackrabbit-users-archive=jackrabbit.apache.org@jackrabbit.apache.org Thu Sep 27 08:24:46 2007 Return-Path: Delivered-To: apmail-jackrabbit-users-archive@locus.apache.org Received: (qmail 66933 invoked from network); 27 Sep 2007 08:24:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Sep 2007 08:24:46 -0000 Received: (qmail 22857 invoked by uid 500); 27 Sep 2007 08:24:35 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 22843 invoked by uid 500); 27 Sep 2007 08:24:35 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 22834 invoked by uid 99); 27 Sep 2007 08:24:35 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Sep 2007 01:24:35 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of 1111software@gmail.com designates 209.85.198.189 as permitted sender) Received: from [209.85.198.189] (HELO rv-out-0910.google.com) (209.85.198.189) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Sep 2007 08:24:35 +0000 Received: by rv-out-0910.google.com with SMTP id k20so2174824rvb for ; Thu, 27 Sep 2007 01:24:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=gQeD3HYFPtFUbsc0r6OELb3KLEiNmPLdPuYO+CrQxk4=; b=jr/zEeN75Uj/Ig2ynplKrgmVgmNk0HrHN3s5wmirg36JHojlYX723UjASEI6vlj7sHnsRjc0hpkFbxWysVdqJRqx6j9+kw6mke4ia5WabrEpHp1BhuEJica8aWU5xSk0rj+iZjuWnhOgnGyb4ElHbw3vgCq9yw3UfOmjXusT8Ek= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=oCbiBb2PKTrhvB+55zeNLmxzN2mIg9+1iyVHj+CxClDZOR+zcYfj8xBZ+75U6s+DwKZJDYadnENlEmGQhbxssfAV6/Z/Ego1dIe6Zb2KkPplqIQWFvOiVCbakS6r649vsCKNWRwTTu8SqcfWMZR6EsmYh6vKXPHYyT0qKAoGVoE= Received: by 10.141.198.8 with SMTP id a8mr653007rvq.1190881454911; Thu, 27 Sep 2007 01:24:14 -0700 (PDT) Received: by 10.141.210.19 with HTTP; Thu, 27 Sep 2007 01:24:09 -0700 (PDT) Message-ID: Date: Thu, 27 Sep 2007 10:24:09 +0200 From: "Jacco van Weert" <1111software@gmail.com> To: users@jackrabbit.apache.org Subject: Re: Authorization with ACL and permissions In-Reply-To: <12914620.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_521_22639147.1190881454909" References: <12914620.post@talk.nabble.com> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_521_22639147.1190881454909 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello, We also implemented a permission system in Jackrabbit. We use a "permission" mixin; [jecars:permissionable] mixin - jecars:Actions (String) multiple < '(read|add_node|set_property|get_property|remove|acl_read|acl_edit)' - jecars:Delegate (Boolean) - jecars:Owner (Boolean) - jecars:Principal (Reference) multiple Our experience is that the custom accessmanager should cache results in order to have a good performance. Jackrabbit calls the accessmanager a lot(!). You can see/download the code at http://sourceforge.net/projects/jecars/ Greetings, Jacco On 9/27/07, bilobag wrote: > > > We have decided that our client requires user based authentication for our > app. Now i've seen some posts about people storing an acl list in each > node. However, I am wondering how the performance is for this. We > originally wanted to use a database with hibernate to manage the user node > permissions, but it seems like it could be a performance issue considering > that we may have to do inserts for hundreds of rows per node (number of > users x number of permissions). I think this would cause a significant > performance issue. If I were to do the same in jackrabbit and store these > user permissions in each node, would this be a performance issue? Is this > the recommended method of storing user node permissions? I currently am > using jackrabbit backed by an oracle database. Any advice is appreciated > since we've been discussing this issue for a week now. Thanks. > -- > View this message in context: > http://www.nabble.com/Authorization-with-ACL-and-permissions-tf4526345.html#a12914620 > Sent from the Jackrabbit - Users mailing list archive at Nabble.com. > > ------=_Part_521_22639147.1190881454909--