Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-8267

Limit number of values in 'nestedCugs' hidden property in NestedCugHook

    XMLWordPrintableJSON

Details

    • Wish
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • authorization-cug
    • None

    Description

      The logic in NestedCugHook.addNestedCugPath maintains a hidden multivalue string property at /:nestedCugs (see [1]).

      If a customer had many thousands of CUGs, this would result in many thousands of values on this string property which is unlikely to scale.

      From anchela:

      the reason for storing it is performance optimization i.e. minimizing reading from nodes to see if they hold a cug if the intended usages is that there are few and most nodes don't have a cug. i wouldn't not want to remove the hidden property for that default use case. but we could for sure take a look to see if we could introduce a threshold similar to the one at the root node i.e. using a counter instead of maintaining the complete list and in addition drop the list altogether in that case....

      [1]
      https://github.com/apache/jackrabbit-oak/blob/073f2b5378cd198a9cb30eb1f57958fb805ce508/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHook.java#L79

      Attachments

        Activity

          People

            Unassigned Unassigned
            rma61870@adobe.com Tom Blackford
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: