SEC-3131: JdbcMutableAclService can be very slow to update ACLs with many children, grandchildren etc #3330
Labels
in: acl
An issue in spring-security-acl
type: bug
A general bug
type: jira
An issue that was migrated from JIRA
Simon van der Sluis (Migrated from SEC-3131) said:
The JdbcMutableAclService method public MutableAcl updateAcl(MutableAcl acl)
calls clearCacheIncludingChildren(ObjectIdentity objectIdentity), which recursively works it's way through all of an ObjectIdentities children and their children etc.
We have a very hierarchical structure controlled by ACLS, when this structure gets large, and we update the ACLs of the root object, this recursion is a killer, as each call to clearCacheIncludingChildren(.) involves a DB query.
I have worked around this problem by implementing my own JdbcMutableAclService which instead of recursively clearing the ObjectIdentities simply calls aclCache.clearCache(). (Hooray for dependency injection.)
Performance improved from ~3 seconds to sub second on a smallish data set.
I'm not sure if the hammer approach to clearing the cache is suitable for all situations, but the current recursive approach isn't either.
Perhaps JdbcMutableAclService should support different strategies for controlling the cache.
The text was updated successfully, but these errors were encountered: