Announcement Announcement Module
Collapse
No announcement yet.
ACL Filter Performance Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ACL Filter Performance

    Dear Friends,

    We are using spring security framework in our web application, Where we r using
    Code:
    AclEntryAfterInvocationCollectionFilteringProvider
    But during Filteration it takes much time to filterout that List corresponding to loging user.

    example..

    for filtering 1000 records it take 1 minute 10 seconds, and for
    2000 records it takes 1 minute 53 seconds and time goes on increasing as number of records increases.

    what I have done is that I m calling

    Code:
    <sec:intercept-methods access-decision-manager-ref="businessAccessDecisionManager">         
               <sec:protect method="com....class.getDetailsList"  access="ROLE_USER,AFTER_ACL_COLLECTION_READ" />
            </sec:intercept-methods>
    and

    Code:
    <bean id="afterAclCollectionRead"
            class="org.springframework.security.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider" lazy-init="true">
        <constructor-arg ref="aclService"/>
        <constructor-arg>
          <list>
            <ref local="org.springframework.security.acls.domain.BasePermission.ADMINISTRATION"/>
            <ref local="org.springframework.security.acls.domain.BasePermission.READ"/>
            <ref local="org.springframework.security.acls.domain.BasePermission.DELETE"/>        
          </list>
        </constructor-arg>
      </bean>
    As it take much more time to filter out that List connection from client machine aborted....Is it takes that much of time 2 minutes to filter a 2000 records List. so what happened if records be in 10,000 and more....

    Can we resolve this problem by applying any techniques or we already have and i m going in wrong direction to filter out.

    please let me know if their be any solution related to this.

    Yours,

  • #2
    It sounds like the application is hitting the database for every row. If this is the case, you might want to see if you can prevent that.

    Can you reduce the number of rows returned by modifying the query that returns the original collection? (You might need to remove the ACL and do the "filtering" via your own queries in the business logic).

    Comment


    • #3
      ACL Filter Performance

      Thank's Bron...

      As your reply we have to create query which can filter out the collection of records from Db after matching/comparing with ACL Tables which returns the only collection related to that login user...

      So I have to remove ACL Filters and do change in our business logic....

      ok

      thank's again Bron...

      Regards,

      Comment


      • #4
        Hello All,

        As from getting reply by Bron and from other forums I removed ACl Filter from our code and implement our Business logic to improve the performance of ACl..

        Instead of fetching record from tableA first I fire a query on ACl table first to get the list of records whose authority is valid for login user than I fire a query to tableA and getting corresponding record..

        for this I made a sub query as
        Code:
        JPA QUERY 
               String aclQuery =  "SELECT distinct aoi.objectIdIdentity"+ 
        		                  " from AclObjectIdentityVO as aoi, AclEntryVO as ae "+
        		                  " Where aoi.objectIdClass="+classId+
        		                  " AND aoi.id =  ae.aclObjectIdentity and ae.sid in ("+sids+")";
        Where

        sids : All Sids corresponding to login user from ACL_SID Table query as..
        Code:
        "SELECT ASID FROM AclSidVO AS ASID WHERE ASID.sid IN ("+sidParameters+")"
        sidParameters = principal and roles of loging user taken from securityContext.

        And

        classId = id of class from ACL_CLASS as

        Code:
        SELECT AC FROM AclClassVO AS AC WHERE AC.className = ?1
        parameter 1 passing through method

        And finally To fetch record from any table I use

        Code:
        "Select * from Any Table Where some_condition IN ("+aclQuery+")";
        Is it correct way to approch...
        If i m doing some thing wrong please suggest me correct way..

        Regards,
        Last edited by vijay kumar chauhan; Jan 16th, 2009, 06:10 AM. Reason: previous query returns ids of acl_object_identity but we need corresponding OBJECT_ID_IDENTITY

        Comment

        Working...
        X