You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by Ian Boston <ia...@caret.cam.ac.uk> on 2009/04/21 19:45:08 UTC
UserManager
I have been looking at user manager and the way in which it stores
users in the JCR.
Is there a suitable place to perform a storage abstraction. At the
moment users all go into 1 folder, and this might be ok for up to a
few 1000. But we typically have 25K to 200K users on current
installations, and are expecting in the region of 4-5M users on future
installations.
I can see that this is all in the UserManagerImpl which is really
part of jackrabbit core, so perhaps I should ask there, but since the
UI may be accessing the URL's directly I was hoping there was a
suitable place to put a hashed tree in so the UI didnt have to adjust
the URL's (like the webdav resource locator classes)
Ian
Re: UserManager
Posted by Ian Boston <ie...@tfd.co.uk>.
To answer my own question, for anyone else to travels the same route.
This makes no difference since the url the UI sees is an
AuthorizableResource produced by the AuthorizableResourceProvider
which is mapped onto the root path of /system/userManager/
so that
/system/userManager/user/ieb
is converted to a AuthorizableResource by the
UserManager.getAuthorizable("ieb"), which searches the subtree in the
repo for the user ieb.
So regardless of how ieb has been stored, the url will always resolve
to the location of the user in the /rep:system/rep:authorizables/
rep:users subtree.
Starting to understand more.
Ian
On 21 Apr 2009, at 20:21, Ian Boston wrote:
> Does this have impact elsewhere ? Like adding members to groups or
> is there an assumption that the UI will discover users and/or work
> from a list of found users ?
Re: UserManager
Posted by Ian Boston <ie...@tfd.co.uk>.
To be honest I hadn't spotted that subtlety,
from Sling's use of the core UserManager, users are created under the
location for the current user, and the same goes for the group
definition file resulting in a tree of who created which user or group.
So provided one user isn't used to create to many users or groups
there is more scalability.
This does however make the location of a user non predictable, and
doesn't really solve the initial problem where one user creates all
the other users, as might happen with self or auto registration.
Perhaps thats a good thing anyway, since IMHO an app shouldn't guess
where data might be stored.
If Sling used the intermediatePath version of the method, then the
user manager servlets on create would be able generate an initial
hashed path, however it would still live under the users subtree
eg
String pathHash = StringUtils.pathHashString("ieb");
// pathHash is 3e/fe
userManager.createUser("ieb","pass",principal,pathHash);
might result in
/rep:security/rep:authorizables/rep:users/3e/fe/ieb
for self registration or auto registration.
and
/rep:security/rep:authorizables/rep:users/od/ae/admin/3e/fe/ieb
if the admin user created ieb.
Does this have impact elsewhere ? Like adding members to groups or is
there an assumption that the UI will discover users and/or work from a
list of found users ?
Ian
(BTW, I am still very much learning how this part of Sling and JR
works).
On 21 Apr 2009, at 19:11, Marc Speck wrote:
>
> Did you see UserManager.createUser(String userID, String password,
> Principal
> principal, String intermediatePath) ? The userManager creates the
> nodes
> according to the intermediatePath and places the new user below
> those nodes.
> However, it seems that currently the root is
> /rep:security/rep:authorizables/rep:users/admin and not
> /rep:security/rep:authorizables/rep:users/ as I'd have expected.
> There is also an anlog method for groups.
>
> Marc
Re: UserManager
Posted by Marc Speck <ma...@gmail.com>.
Hi Ian
On Tue, Apr 21, 2009 at 7:45 PM, Ian Boston <ia...@caret.cam.ac.uk> wrote:
> I have been looking at user manager and the way in which it stores users in
> the JCR.
>
> Is there a suitable place to perform a storage abstraction. At the moment
> users all go into 1 folder, and this might be ok for up to a few 1000. But
> we typically have 25K to 200K users on current installations, and are
> expecting in the region of 4-5M users on future installations.
Did you see UserManager.createUser(String userID, String password, Principal
principal, String intermediatePath) ? The userManager creates the nodes
according to the intermediatePath and places the new user below those nodes.
However, it seems that currently the root is
/rep:security/rep:authorizables/rep:users/admin and not
/rep:security/rep:authorizables/rep:users/ as I'd have expected.
There is also an anlog method for groups.
Marc
>
>
> I can see that this is all in the UserManagerImpl which is really part of
> jackrabbit core, so perhaps I should ask there, but since the UI may be
> accessing the URL's directly I was hoping there was a suitable place to put
> a hashed tree in so the UI didnt have to adjust the URL's (like the webdav
> resource locator classes)
>
> Ian
>