SEC-3131: JdbcMutableAclService can be very slow to update ACLs with many children, grandchildren etc #3330
Labels
in: acl
An issue in spring-security-acl
type: bug
A general bug
type: jira
An issue that was migrated from JIRA
Comments
|
Simon van der Sluis said: Attached my work around in case someone else wants it |
spring-projects-issues
added
in: acl
|
We have run into this same problem. Except we have about 1.5M entities, and for our hierarchy for some updates it can take as long as several minutes. The workaround looks promising for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Simon van der Sluis (Migrated from SEC-3131) said:
The JdbcMutableAclService method public MutableAcl updateAcl(MutableAcl acl)
calls clearCacheIncludingChildren(ObjectIdentity objectIdentity), which recursively works it's way through all of an ObjectIdentities children and their children etc.
We have a very hierarchical structure controlled by ACLS, when this structure gets large, and we update the ACLs of the root object, this recursion is a killer, as each call to clearCacheIncludingChildren(.) involves a DB query.
I have worked around this problem by implementing my own JdbcMutableAclService which instead of recursively clearing the ObjectIdentities simply calls aclCache.clearCache(). (Hooray for dependency injection.)
Performance improved from ~3 seconds to sub second on a smallish data set.
I'm not sure if the hammer approach to clearing the cache is suitable for all situations, but the current recursive approach isn't either.
Perhaps JdbcMutableAclService should support different strategies for controlling the cache.
The text was updated successfully, but these errors were encountered: