You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@turbine.apache.org by Scott Eade <se...@backstagetech.com.au> on 2006/08/21 08:25:22 UTC

TorqueSecurityService optimizations for 2.3.x

My webapp runs Turbine 2.3.2 and uses the TorqueSecurityService.

While looking into an unrelated performance issue I finally got around 
to looking into why my SQL logs are always full of queries to the 
turbine security service tables.

Pretty much all of these can be eliminated by extending 
TorqueSecurityService thus:

package your.package.name.here.services.security.torque;

import org.apache.turbine.om.security.Role;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.GroupSet;
import org.apache.turbine.util.security.PermissionSet;
import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.security.UnknownEntityException;

public class TorqueSecurityService extends
        org.apache.turbine.services.security.torque.TorqueSecurityService
{
    static GroupSet allGroups;
    static PermissionSet allPermissions;
    static RoleSet allRoles;
   
    public GroupSet getAllGroups() throws DataBackendException
    {
        if (null == allGroups)
        {
            allGroups = super.getAllGroups();
        }
        return allGroups;
    }

    public PermissionSet getAllPermissions() throws DataBackendException
    {
        if (null == allPermissions)
        {
            allPermissions = super.getAllPermissions();
        }
        return allPermissions;
    }

    public RoleSet getAllRoles() throws DataBackendException
    {
        if (null == allRoles)
        {
            allRoles = super.getAllRoles();
        }
        return allRoles;
    }

    public Role getRoleByName(String name)
            throws DataBackendException, UnknownEntityException
    {
        Role role = getAllRoles().getRoleByName(name);
        if (role == null)
        {
            throw new UnknownEntityException(
                    "The specified role does not exist");
        }
        PermissionSet permissions = null;
        try
        {
            permissions = role.getPermissions();
        }
        catch (Exception e)
        {
            // Not thrown for Torque, not sure about other implementations.
        }
        if (permissions == null)
        {
            role.setPermissions(getPermissions(role));
        }
        return role;
    }

    public Role getRoleById(int id)
            throws DataBackendException,
                   UnknownEntityException
    {
        Role role = getAllRoles().getRoleById(id);
        if (role == null)
        {
            throw new UnknownEntityException(
                    "The specified role does not exist");
        }
        PermissionSet permissions = null;
        try
        {
            permissions = role.getPermissions();
        }
        catch (Exception e)
        {
            // Not thrown for Torque, not sure about other implementations.
        }
        if (permissions == null)
        {
            role.setPermissions(getPermissions(role));
        }
        return role;
    }

}


Don't forget to update TurbineResources.properties to point to your new 
SecurityService class.

Without the above change Turbine's ACLs would actually be mutable when 
according to the JavaDoc they should not be.

Apart from a very brief examination of the JavaDoc I haven't looked how 
this might apply to the trunk - IIRC the TorqueSecurityService is one of 
the items we need to address for a 2.4 release.  In the mean time, the 
code above can save a bunch of database hits on existing Turbine 2.3.x 
applications that use Torque.

Enjoy,

Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org

Re: TorqueSecurityService optimizations for 2.3.x

Posted by Thomas Vandahl <th...@tewisoft.de>.

Scott Eade wrote:

> My webapp runs Turbine 2.3.2 and uses the TorqueSecurityService.
Mine, too.

> While looking into an unrelated performance issue I finally got around 
> to looking into why my SQL logs are always full of queries to the 
> turbine security service tables.

When I do permission checks, I normally use

---8<---
AccessControlList acl = data.getACL();
PermissionSet ps = (acl != null) ? acl.getPermissions() : null;
boolean isAuthorized = (ps != null) &&
			ps.containsName(MyPermission.PERFORM_ACTION);
---8<---

This does not hit the database more than once per session.

> Apart from a very brief examination of the JavaDoc I haven't looked how 
> this might apply to the trunk - IIRC the TorqueSecurityService is one of 
> the items we need to address for a 2.4 release.  In the mean time, the 
> code above can save a bunch of database hits on existing Turbine 2.3.x 
> applications that use Torque.

I'm currently implementing the Torque flavour of the Fulcrum security 
service. I'm almost done, apart from the documentation stuff. The design 
seems to be a little bit Hibernate-biased, so I'm facing a couple of 
obstacles...

Bye, Thomas.


---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org