You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by bilobag <bi...@hotmail.com> on 2007/09/27 06:22:55 UTC
Authorization with ACL and permissions
We have decided that our client requires user based authentication for our
app. Now i've seen some posts about people storing an acl list in each
node. However, I am wondering how the performance is for this. We
originally wanted to use a database with hibernate to manage the user node
permissions, but it seems like it could be a performance issue considering
that we may have to do inserts for hundreds of rows per node (number of
users x number of permissions). I think this would cause a significant
performance issue. If I were to do the same in jackrabbit and store these
user permissions in each node, would this be a performance issue? Is this
the recommended method of storing user node permissions? I currently am
using jackrabbit backed by an oracle database. Any advice is appreciated
since we've been discussing this issue for a week now. Thanks.
--
View this message in context: http://www.nabble.com/Authorization-with-ACL-and-permissions-tf4526345.html#a12914620
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
Re: Authorization with ACL and permissions
Posted by Torgeir Veimo <to...@pobox.com>.
On Thu, 2007-09-27 at 12:51 +0200, Paco Avila wrote:
> El mié, 26-09-2007 a las 21:22 -0700, bilobag escribió:
> > We have decided that our client requires user based authentication for our
> > app. Now i've seen some posts about people storing an acl list in each
> > node. However, I am wondering how the performance is for this. We
> > originally wanted to use a database with hibernate to manage the user node
> > permissions, but it seems like it could be a performance issue considering
> > that we may have to do inserts for hundreds of rows per node (number of
> > users x number of permissions). I think this would cause a significant
> > performance issue. If I were to do the same in jackrabbit and store these
> > user permissions in each node, would this be a performance issue? Is this
> > the recommended method of storing user node permissions? I currently am
> > using jackrabbit backed by an oracle database. Any advice is appreciated
> > since we've been discussing this issue for a week now. Thanks.
>
> In OpenKM we store user and role in a special node type:
>
> [mix:accessControlled]
> - okm:authUsersRead (string) multiple mandatory
> - okm:authUsersWrite (string) multiple mandatory
> - okm:authRolesRead (string) multiple mandatory
> - okm:authRolesWrite (string) multiple mandatory
Just to chime in.. We have the following node type defs for ACLs;
[nen:ace]
- nen:principal (string) mandatory
- nen:action (string) mandatory multiple
- nen:negative (boolean) mandatory
[nen:protected] > mix:referenceable mixin orderable
- nen:owner (string) mandatory multiple
+ *(nen:ace)=nen:ace multiple
since nen:protected is referenceable, you can have a cache with uuid as
key for these, and look up in your AccessManager.
Note that ACL support is being standardized in the next version of JCR,
so you might want to align whatever node type definitions you make with
what is coming, to make the transition easier.
--
-Tor
Re: Authorization with ACL and permissions
Posted by Paco Avila <pa...@git.es>.
El mié, 26-09-2007 a las 21:22 -0700, bilobag escribió:
> We have decided that our client requires user based authentication for our
> app. Now i've seen some posts about people storing an acl list in each
> node. However, I am wondering how the performance is for this. We
> originally wanted to use a database with hibernate to manage the user node
> permissions, but it seems like it could be a performance issue considering
> that we may have to do inserts for hundreds of rows per node (number of
> users x number of permissions). I think this would cause a significant
> performance issue. If I were to do the same in jackrabbit and store these
> user permissions in each node, would this be a performance issue? Is this
> the recommended method of storing user node permissions? I currently am
> using jackrabbit backed by an oracle database. Any advice is appreciated
> since we've been discussing this issue for a week now. Thanks.
In OpenKM we store user and role in a special node type:
[mix:accessControlled]
- okm:authUsersRead (string) multiple mandatory
- okm:authUsersWrite (string) multiple mandatory
- okm:authRolesRead (string) multiple mandatory
- okm:authRolesWrite (string) multiple mandatory
each node (Document and Folder node) has this mixing. JAckrabbit calls
the AccessManager a lot, but seems to be fast enough for us. We store
20-30 gigas of documents (5000-6000 nodes).
--
GIT CONSULTORS
www.git.es
Tel: +34 971 498 310
Fax: +34 971 496 189
C/ Francesc Rover, 2B.
07003 Palma de Mallorca – Illes Balears (España)
Re: Authorization with ACL and permissions
Posted by Jacco van Weert <11...@gmail.com>.
Hello,
We also implemented a permission system in Jackrabbit. We use a "permission"
mixin;
[jecars:permissionable] mixin
- jecars:Actions (String) multiple <
'(read|add_node|set_property|get_property|remove|acl_read|acl_edit)'
- jecars:Delegate (Boolean)
- jecars:Owner (Boolean)
- jecars:Principal (Reference) multiple
Our experience is that the custom accessmanager should cache results in
order to have a good performance.
Jackrabbit calls the accessmanager a lot(!).
You can see/download the code at http://sourceforge.net/projects/jecars/
Greetings,
Jacco
On 9/27/07, bilobag <bi...@hotmail.com> wrote:
>
>
> We have decided that our client requires user based authentication for our
> app. Now i've seen some posts about people storing an acl list in each
> node. However, I am wondering how the performance is for this. We
> originally wanted to use a database with hibernate to manage the user node
> permissions, but it seems like it could be a performance issue considering
> that we may have to do inserts for hundreds of rows per node (number of
> users x number of permissions). I think this would cause a significant
> performance issue. If I were to do the same in jackrabbit and store these
> user permissions in each node, would this be a performance issue? Is this
> the recommended method of storing user node permissions? I currently am
> using jackrabbit backed by an oracle database. Any advice is appreciated
> since we've been discussing this issue for a week now. Thanks.
> --
> View this message in context:
> http://www.nabble.com/Authorization-with-ACL-and-permissions-tf4526345.html#a12914620
> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
>
>