You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Ian Boston <ia...@caret.cam.ac.uk> on 2009/04/21 19:45:08 UTC

UserManager

I have been looking at user manager and the way in which it stores  
users in the JCR.

Is there a suitable place to perform a storage abstraction. At the  
moment users all go into 1 folder, and this might be ok for up to a  
few 1000. But we typically have 25K to 200K users on current  
installations, and are expecting in the region of 4-5M users on future  
installations.

I can see that this is all in  the UserManagerImpl which is really  
part of jackrabbit core, so perhaps I should ask there, but since the  
UI may be accessing the URL's directly I was hoping there was a  
suitable place to put a hashed tree in so the UI didnt have to adjust  
the URL's (like the webdav resource locator classes)

Ian

Re: UserManager

Posted by Ian Boston <ie...@tfd.co.uk>.

To answer my own question, for anyone else to travels the same route.

This makes no difference since the url the UI sees is an  
AuthorizableResource produced by the AuthorizableResourceProvider  
which is mapped onto the root path of /system/userManager/

so that
/system/userManager/user/ieb

  is converted to a AuthorizableResource by the  
UserManager.getAuthorizable("ieb"), which searches the subtree in the  
repo for the user ieb.

So regardless of how ieb has been stored, the url will always resolve  
to the location of the user in the /rep:system/rep:authorizables/ 
rep:users subtree.

Starting to understand more.
Ian

On 21 Apr 2009, at 20:21, Ian Boston wrote:

> Does this have impact elsewhere ? Like adding members to groups or  
> is there an assumption that the UI will discover users and/or work  
> from a list of found users ?

Re: UserManager

Posted by Ian Boston <ie...@tfd.co.uk>.

To be honest I hadn't spotted that subtlety,

from Sling's use of the core UserManager, users are created under the  
location for the current user, and the same goes for the group  
definition file resulting in a tree of who created which user or group.

So provided one user isn't used to create to many users or groups  
there is more scalability.

This does however make the location of a user non predictable, and  
doesn't really solve the initial problem where one user creates all  
the other users, as might happen with self or auto registration.  
Perhaps thats a good thing anyway, since IMHO an app shouldn't guess  
where data might be stored.

If Sling used the intermediatePath version of the method, then the  
user manager servlets on create would be able generate an initial  
hashed path, however it would still live under the users subtree
eg
String pathHash = StringUtils.pathHashString("ieb");
// pathHash is 3e/fe
userManager.createUser("ieb","pass",principal,pathHash);

might result in

/rep:security/rep:authorizables/rep:users/3e/fe/ieb

for self registration or auto registration.

and
/rep:security/rep:authorizables/rep:users/od/ae/admin/3e/fe/ieb

if the admin user created ieb.

Does this have impact elsewhere ? Like adding members to groups or is  
there an assumption that the UI will discover users and/or work from a  
list of found users ?

Ian

(BTW, I am still very much learning how this part of Sling and JR  
works).

On 21 Apr 2009, at 19:11, Marc Speck wrote:

>
> Did you see UserManager.createUser(String userID, String password,  
> Principal
> principal, String intermediatePath) ? The userManager creates the  
> nodes
> according to the intermediatePath and places the new user below  
> those nodes.
> However, it seems that currently the root is
> /rep:security/rep:authorizables/rep:users/admin and not
> /rep:security/rep:authorizables/rep:users/ as I'd have expected.
> There is also an anlog method for groups.
>
> Marc

Re: UserManager

Posted by Marc Speck <ma...@gmail.com>.

Hi Ian

On Tue, Apr 21, 2009 at 7:45 PM, Ian Boston <ia...@caret.cam.ac.uk> wrote:

> I have been looking at user manager and the way in which it stores users in
> the JCR.
>
> Is there a suitable place to perform a storage abstraction. At the moment
> users all go into 1 folder, and this might be ok for up to a few 1000. But
> we typically have 25K to 200K users on current installations, and are
> expecting in the region of 4-5M users on future installations.

Did you see UserManager.createUser(String userID, String password, Principal
principal, String intermediatePath) ? The userManager creates the nodes
according to the intermediatePath and places the new user below those nodes.
However, it seems that currently the root is
/rep:security/rep:authorizables/rep:users/admin and not
/rep:security/rep:authorizables/rep:users/ as I'd have expected.
There is also an anlog method for groups.

Marc

>
>
> I can see that this is all in  the UserManagerImpl which is really part of
> jackrabbit core, so perhaps I should ask there, but since the UI may be
> accessing the URL's directly I was hoping there was a suitable place to put
> a hashed tree in so the UI didnt have to adjust the URL's (like the webdav
> resource locator classes)
>
> Ian
>