Menu
I am currently in the process of testing out Spring Security's Access Control List and after reading the key concepts, something caught my attention: there is a table (ACL_ENTRY) that stores the individual permission for every single instance of domain object for every principal (assuming that principal has access to that instance). On a large system with lots of users and lots of domain objects, we can easily imagine that there will be lots of records in that table, which will likely be queried very often (when an instance of a domain object is loaded, created, updated, etc.).
Now with this in mind, I wonder how the performances could be affected. Does anybody have experience on this? Any feedback?
420
I actually just finished implementing a similar feature on a near real time application. If you cache your ACL entries and the results of the query that retrieves them (say only query them once an hour) It will improve dramatically. The bottle neck here would be how you retrieve the permissions not the actual authorization logic. Though the authorization logic will have an impact ofcourse but if you deal with in memory objects it should be acceptable even for real time applications.
111
You might want to check out how Apache Shiro handles permissions - Shiro has a lot of scaled implementations
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
