You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Nivedan Nadaraj <ni...@gmail.com> on 2011/05/04 08:39:08 UTC
Invalidating Authentication Cache slows performance
Hi All,
I have implemented Shiro with Wicket application and followed the steps to
invalidate the cache when a user's authorisation changes. So each time the
application recognises that the cache as to be invalidated it invokes the
realm and clears the cache and the following Authorisation check loads the
correct role/permissions for the user.
This clearing of cache greatly decreases the performance and in our case
every tab the user clicks the cache must be cleared because the user is tied
to each function and his roles and permissions change. Is there an
alternative way to increase the performance? I understand if the cache is
not invalidated it is fine but in this case I am forced to.
In another thread I noticed that my posts/our posts are not approved. Could
the administrator let us know what the issue is?
Many Thanks
Nivedan
Re: Invalidating Authentication Cache slows performance
Posted by Les Hazlewood <lh...@apache.org>.
Hi Niv,
This definitely sounds like a cache configuration issue to me.
Perhaps your cache is overflowing to disk and when you clear out an
entry, it needs to unserialize the data from disk before it clears
out? I'm not sure if this is what is happening, but disk IO *sounds*
like it might be the culprit.
Also, if you're not using the 'ehCacheManager' bean anywhere else in
your Spring config, you don't need to explicitly define it for Shiro's
benefit. The org.apache.shiro.cache.ehcache.EhCacheManager will
accept a config parameter for your ehcache.xml config and
set-up/tear-down the Ehcache CacheManager instance automatically.
HTH,
--
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com
On Wed, May 4, 2011 at 8:22 PM, Niv-4 <ni...@gmail.com> wrote:
> Hi Les
>
> Appreciate your time. I have configured the ecache like this in the
> applicationContext..xml in our wicket application.
>
> <bean id="cacheManager"
> class="org.apache.shiro.cache.ehcache.EhCacheManager">
> <property name="cacheManager" ref="ehCacheManager"/>
> </bean>
>
> <bean id="ehCacheManager" class="net.sf.ehcache.CacheManager"/>
>
> public class ArkLdapRealm extends AuthorizingRealm{
>
> ...
> @Override
> public void clearCachedAuthorizationInfo(PrincipalCollection principals)
> {
> super.clearCachedAuthorizationInfo(principals);
> }
> }
>
> Now when a user action is performed on the front end like selecting a
> particular Tab which represents a usecase..this is what I do..
> //I get a reference to the realm instance via Spring bean injection
> realm.clearCachedAuthorizationInfo(currentUser.getPrincipals());
>
> Next Authorization check: delegates the call to the Realm instance and as
> you mentioned in one of your posts executes the doGetAuthorizationInfo()..
>
> securityManager.isPermitted(currentUser.getPrincipals(),
> PermissionConstants.CREATE) (etc)
>
> With this in place..I am able to load the set of permissions for the
> selected usecase function so its very dynamic as its the feature of Shiro to
> widen a user permission or restrict without him having to log out. All this
> is nice.
>
> Probably the ecache implementation is incorrectly configured? Without
> clearning the cache..it was lot better so I am leaning on the fact that this
> behaviour is causing the issue.
>
> Any thoughts. Thanks again Les for the time.
>
> Regarding posts not being accepted, I posted this via an email and not via
> the forum and has gotten accepted. So i guess will follow suit in future.
>
> Many Thanks
> Niv
>
>
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Invalidating-Authentication-Cache-slows-performance-tp6329816p6333063.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: Invalidating Authentication Cache slows performance
Posted by Niv-4 <ni...@gmail.com>.
Hi Les
Appreciate your time. I have configured the ecache like this in the
applicationContext..xml in our wicket application.
<bean id="cacheManager"
class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManager" ref="ehCacheManager"/>
</bean>
<bean id="ehCacheManager" class="net.sf.ehcache.CacheManager"/>
public class ArkLdapRealm extends AuthorizingRealm{
...
@Override
public void clearCachedAuthorizationInfo(PrincipalCollection principals)
{
super.clearCachedAuthorizationInfo(principals);
}
}
Now when a user action is performed on the front end like selecting a
particular Tab which represents a usecase..this is what I do..
//I get a reference to the realm instance via Spring bean injection
realm.clearCachedAuthorizationInfo(currentUser.getPrincipals());
Next Authorization check: delegates the call to the Realm instance and as
you mentioned in one of your posts executes the doGetAuthorizationInfo()..
securityManager.isPermitted(currentUser.getPrincipals(),
PermissionConstants.CREATE) (etc)
With this in place..I am able to load the set of permissions for the
selected usecase function so its very dynamic as its the feature of Shiro to
widen a user permission or restrict without him having to log out. All this
is nice.
Probably the ecache implementation is incorrectly configured? Without
clearning the cache..it was lot better so I am leaning on the fact that this
behaviour is causing the issue.
Any thoughts. Thanks again Les for the time.
Regarding posts not being accepted, I posted this via an email and not via
the forum and has gotten accepted. So i guess will follow suit in future.
Many Thanks
Niv
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Invalidating-Authentication-Cache-slows-performance-tp6329816p6333063.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Invalidating Authentication Cache slows performance
Posted by Les Hazlewood <lh...@apache.org>.
What caching mechanism are you using? (i.e. what is your CacheManager
implementation)?
Are you clearing the entire cache? Or just the cache entry for that
particular user?
I've never heard of a cache being inefficient for removing a single
entry - that sounds extremely suspicious.
Finally, as to your posts being unapproved - I'm a list administrator
for all the Shiro lists and I haven't seen any pending posts awaiting
approval. If you've subscribed to the list, you can post to it.
Perhaps someone tried to post before the subscription process was
complete...
HTH,
--
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com
On Tue, May 3, 2011 at 11:39 PM, Nivedan Nadaraj <ni...@gmail.com> wrote:
> Hi All,
>
> I have implemented Shiro with Wicket application and followed the steps to
> invalidate the cache when a user's authorisation changes. So each time the
> application recognises that the cache as to be invalidated it invokes the
> realm and clears the cache and the following Authorisation check loads the
> correct role/permissions for the user.
>
> This clearing of cache greatly decreases the performance and in our case
> every tab the user clicks the cache must be cleared because the user is tied
> to each function and his roles and permissions change. Is there an
> alternative way to increase the performance? I understand if the cache is
> not invalidated it is fine but in this case I am forced to.
>
> In another thread I noticed that my posts/our posts are not approved. Could
> the administrator let us know what the issue is?
>
> Many Thanks
> Nivedan