You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@usergrid.apache.org by "Todd Nine (JIRA)" <ji...@apache.org> on 2014/12/09 22:45:12 UTC

[jira] [Created] (USERGRID-270) [SPIKE] Re-investigate permission caching

Todd Nine created USERGRID-270:
----------------------------------

             Summary: [SPIKE] Re-investigate permission caching
                 Key: USERGRID-270
                 URL: https://issues.apache.org/jira/browse/USERGRID-270
             Project: Usergrid
          Issue Type: Improvement
          Components: Stack
            Reporter: Todd Nine
         Attachments: Realm.zip

Forever ago, I changed a branch in 1.0 to being using permissions caching.  I never finished it because our priorities changed.  We should try to resume the work on this branch, and fix caching for permissions.  See the line in the profiler results.

 [Wall Time] org.apache.usergrid.security.shiro.Realm.doGetAuthorizationInfo(PrincipalCollection) Realm.java

As you can see, a cache would eliminate the graph traversal for permissions calculation.  I propose the following simple implementation to start with.

# A bucketed cache per application.  The number of buckets is always static and configured via properties
# Users are consistently hashed into these buckets based on their userId (which is immutable)
# When a group, role, or permission changes for an application, all shards in the cache are deleted.
# When permissions are calculated on the first initial call in the realm, they are inserted into the cache

Note that invalidating an entire app's cache is not efficient, but it is an easy first step towards a system which can later more intelligently invalidate caches.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)