Announcement Announcement Module
Collapse
No announcement yet.
Performance question Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Performance question

    Hello,
    recently I've begun learning Acegi Security framework and so far I am very pleased with it. Application I am now designing is supposed to use acl-based security at domain object level. The question I have is:

    has anyone tested existing implementation of acl-based security in larger system? I mean intranet enterprise system, 50-100 users (+/- 20 symultanous sessions) and 50 000 - 100 000 business objects in DB. Will acls 'survive' it ?

    Thanks in advance.

    Michael

    PS. my apologies for any English mistakes

  • #2
    50-100 sessions doesn't sound like a particularly heavy load so I don't see any obvious problems, not from Acegi at any rate. But your best bet is always an empirical approach - running your application with suitable tests on a similar spec machine to the one you're going to deploy on. A few sessions with a decent profiler will help too.

    Is there anything specific that you see as a potential issue?

    Luke.

    Comment


    • #3
      We use pluggable caching implementations along with all persistence operations, so the most glaring bottleneck (DB hits) is carefully minimised.

      Of course, the project uses a lot of Collections and the like, so it might be necessary to optimise in extreme cases. Although the application size you mention is pretty small.

      Carlos has done a bit of performance testing. A link is at http://acegisecurity.sourceforge.net/articles.html. I keep meaning to reproduce the tests with newer versions of the project. Perhaps I should include a Grinder 3 test with the Contacts Sample...

      The default ACL database schema could be more normalised. This is unlikely to impact performance greatly, but worth considering in very large systems.

      Comment


      • #4
        Ben,

        I had tested Contacts Sample and change DataSourcePopulate to test perfomance.

        I create 1000 contacts, and put them to marissa user.

        Than I try to see scott's Contacts (method getAll), and take 1 second to get (8 contacts). With 6 users, take 4 seconds to obtain contacts.

        What I do wrong ? Where I can optimize ?

        Comment


        • #5
          Igod,

          Just be sure you have indexed the acl entries in the DB.

          Cheers,
          Gustavo

          Comment


          • #6
            Well,

            Thats what I've done in DataSourcePopulate.java

            Code:
            template.execute("CREATE TABLE CONTACTS(ID INTEGER NOT NULL PRIMARY KEY, CONTACT_NAME VARCHAR_IGNORECASE(50) NOT NULL, EMAIL VARCHAR_IGNORECASE(50) NOT NULL)");
            
            &#91;b&#93;for&#40;int i=1;i<1010;i++&#41; &#123;
                        template.execute&#40;"INSERT INTO contacts VALUES &#40;"+i+", 'Contact "+i+"', 'mail_"+i+"@xyz.com'&#41;;"&#41;;
                    &#125;&#91;/b&#93;
            
            template.execute&#40;"CREATE TABLE ACL_OBJECT_IDENTITY&#40;ID INTEGER GENERATED BY DEFAULT AS IDENTITY&#40;START WITH 100&#41;  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE&#40;250&#41; NOT NULL,PARENT_OBJECT INTEGER,ACL_CLASS VARCHAR_IGNORECASE&#40;250&#41; NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE&#40;OBJECT_IDENTITY&#41;,CONSTRAINT SYS_FK_3 FOREIGN KEY&#40;PARENT_OBJECT&#41; REFERENCES ACL_OBJECT_IDENTITY&#40;ID&#41;&#41;"&#41;;
                    
            &#91;b&#93;        for&#40;int i=1;i<1010;i++&#41; &#123;            
                        template.execute&#40;"INSERT INTO acl_object_identity VALUES &#40;"+i+", 'sample.contact.Contact&#58;"+i+"', null, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry'&#41;;"&#41;;
                               &#125;&#91;/b&#93;
            
             template.execute&#40;"CREATE TABLE ACL_PERMISSION&#40;ID INTEGER GENERATED BY DEFAULT AS IDENTITY&#40;START WITH 100&#41;  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY INTEGER NOT NULL,RECIPIENT VARCHAR_IGNORECASE&#40;100&#41; NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE&#40;ACL_OBJECT_IDENTITY,RECIPIENT&#41;,CONSTRAINT SYS_FK_7 FOREIGN KEY&#40;ACL_OBJECT_IDENTITY&#41; REFERENCES ACL_OBJECT_IDENTITY&#40;ID&#41;&#41;"&#41;;
            &#91;b&#93;        for&#40;int i=1;i<1001;i++&#41; &#123;
                        template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, "+i+", 'marissa', 1&#41;;"&#41;; // administer                       
                    &#125;&#91;/b&#93;
                    
            template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 4, 'dianne', 1&#41;;"&#41;; // administer
                    template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 4, 'scott', 2&#41;;"&#41;; // read
                    template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 5, 'dianne', 2&#41;;"&#41;; // read
                    template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 6, 'dianne', 22&#41;;"&#41;; // read+write+delete
                    template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 6, 'scott', 2&#41;;"&#41;; // read
                    template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 7, 'scott', 1&#41;;"&#41;; // administer
                    template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 8, 'dianne', 2&#41;;"&#41;; // read
                    template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 8, 'scott', 2&#41;;"&#41;; // read
                    template.execute&#40;"INSERT INTO acl_permission VALUES &#40;null, 9, 'scott', 22&#41;;"&#41;; // read+write+delete
                    template.execute&#40;"CREATE TABLE USERS&#40;USERNAME VARCHAR_IGNORECASE&#40;50&#41; NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE&#40;50&#41; NOT NULL,ENABLED BOOLEAN NOT NULL&#41;;"&#41;;
                    template.execute&#40;"CREATE TABLE AUTHORITIES&#40;USERNAME VARCHAR_IGNORECASE&#40;50&#41; NOT NULL,AUTHORITY VARCHAR_IGNORECASE&#40;50&#41; NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY&#40;USERNAME&#41; REFERENCES USERS&#40;USERNAME&#41;&#41;;"&#41;;
                    template.execute&#40;"CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES&#40;USERNAME,AUTHORITY&#41;;"&#41;;
                    template.execute&#40;"CREATE INDEX IX_AOI_OBJECT_IDENTITY ON ACL_OBJECT_IDENTITY&#40;OBJECT_IDENTITY&#41;;"&#41;;
                    template.execute&#40;"CREATE INDEX IX_ACLP_OBJECT_IDENTITY ON ACL_PERMISSION&#40;ACL_OBJECT_IDENTITY&#41;;"&#41;;
            
                    /*
                               Passwords encoded using MD5, NOT in Base64 format, with null as salt
                               Encoded password for marissa is "koala"
                               Encoded password for dianne is "emu"
                               Encoded password for scott is "wombat"
                               Encoded password for peter is "opal" &#40;but user is disabled&#41;
                    
                     */
                    template.execute&#40;"INSERT INTO USERS VALUES&#40;'marissa','a564de63c2d0da68cf47586ee05984d7',TRUE&#41;;"&#41;;
                    template.execute&#40;"INSERT INTO USERS VALUES&#40;'dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE&#41;;"&#41;;
                    template.execute&#40;"INSERT INTO USERS VALUES&#40;'scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE&#41;;"&#41;;
                    template.execute&#40;"INSERT INTO USERS VALUES&#40;'peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE&#41;;"&#41;;
                    template.execute&#40;"INSERT INTO AUTHORITIES VALUES&#40;'marissa','ROLE_USER'&#41;;"&#41;;
                    template.execute&#40;"INSERT INTO AUTHORITIES VALUES&#40;'marissa','ROLE_SUPERVISOR'&#41;;"&#41;;
                    template.execute&#40;"INSERT INTO AUTHORITIES VALUES&#40;'dianne','ROLE_USER'&#41;;"&#41;;
                    template.execute&#40;"INSERT INTO AUTHORITIES VALUES&#40;'scott','ROLE_USER'&#41;;"&#41;;
                    template.execute&#40;"INSERT INTO AUTHORITIES VALUES&#40;'peter','ROLE_USER'&#41;;"&#41;;
            
            &#91;quote&#93;&#91;/quote&#93;
            I don't think thats index problem...but IMHO.

            Comment


            • #7
              Acegi will get all acl_permissions for a given RECIPIENT from ACL_PERMISSION to get the ACL_OBJECT_IDENTITY. I see a contraint there to avoid dups what is ok. But would that make fast query for a given recipient? IMHO I would check indexes again.


              Cheers,
              Gustavo.

              Comment


              • #8
                Problem resolved

                Hi Gustavo,

                Thanks for your help.

                My problem wasn't index.
                My problem was cache, because by default, acegi don't use cache NullAclEntryCache).
                When I put EhCacheBasedAclEntryCache second request speed up to 100 milliseconds.

                Thanks anyway,
                Paulo

                Comment


                • #9
                  Good to hear that!

                  Cheers,
                  Gustavo

                  Comment

                  Working...
                  X