8 Replies Latest reply on Jan 1, 2011 2:04 PM by Mariusz Smykula

    how can I do seam permission cache?

    Tyshan Shi Newbie

      HI


      In my app, I will add seam permission,


      I do as follows;


      1) create permission model




      @org.hibernate.annotations.Cache(usage=org.hibernate.annotations.CacheConcurrencyStrategy.NONSTRICT_READ_WRITE)
      public class PermissionModel





      add Hibernate cache support annotation


      2)create a new class extends JpaPermissionStore


      and the codes in the method


      protected Query createPermissionQuery(Object target, Set targets, Principal recipient, Discrimination discrimination) {
             
                      // --add cache
                      query.setHint(org.hibernate.cacheable, Boolean.valueOf(true));
                      query.setHint(org.hibernate.flushMode, NEVER);
                      return query;
      before return the query.


      3)in component.xml


      add




      security:cacheable-jpa-permission-store user-permission-class





      for the permission class.


      4)persistence.xml


      add cache provider, second leve cache and query cache support



      Question


      1) It is safety for the permission cache?
      2) what else to do for performance?


      Sincerely



      Tyshan

        • 1. Re: how can I do seam permission cache?
          Mariusz Smykula Newbie

          You cant, because Discrimination is private Enum in protected method (???). Simpler is to patch Seam and build fixed version...


          JpaPermissionStore implementation in Seam is useless because is super slow.

          • 2. Re: how can I do seam permission cache?
            Syed Mahdi Apprentice

            Hello Tyshan,


            I would really be interested to know what did you guys do for caching the permissions. and did it work. I am not sure What Mariusz is talking about cos I have not very deep knowledge of Seam security but what you are ssuggesting looks very do able, were you able to cache the permisssions for users and was Seam security able to retrieve the permissions for a specific user.


            I have the same issue, I have a permission table and everytime a user clicks on a component that has hasPermission defined, seam hits the DB to see if the user has permission. This can become big bottle neck for performance.


            I would appreciate your reply.


            Thanks
            Syed...

            • 3. Re: how can I do seam permission cache?
              Syed Mahdi Apprentice

              Hello Mariusz,


              What do you or any one suggest if you think JpaPermissionStore is slow, what do ppl usually use then, I am asking cos I am new on Seam.


              how is Discriminator being a private Enum in protected method going to stop me from extending the JpaPermissionStore.


              and lastly: what do you mean by Simpler is to patch Seam and build fixed version...


              can you please elaborate on this. will appreciate your help on this.


              Thanks
              Syed...

              • 4. Re: how can I do seam permission cache?
                Mariusz Smykula Newbie
                Look at JpaPermissionStore.java, there is variable:
                `
                private enum Discrimination { user, role, either }
                `
                The solution for making JpaPermissionStore faster is to override protected method
                `
                protected Query createPermissionQuery(Object target, Set targets, Principal recipient, Discrimination discrimination)
                `
                but this is impossible, because this method has private argument.

                http://grepcode.com/file/repository.jboss.com/maven2/org.jboss.seam/jboss-seam/2.1.0.BETA1/org/jboss/seam/security/permission/JpaPermissionStore.java

                If we can do this, then we can simple cache method execution. But to do this, we need to fix this in Seam source and build our custom jars.


                Other solution is to used technique described by Marek Goldmann, read about this here:
                http://ordinarythoughts.org/2008/11/16/permissionstore-w-jboss-seam-21-ograniczanie-odwolan-do-bazy-przy-sprawdzaniu-uprawnien/


                Sorry for my english.
                • 5. Re: how can I do seam permission cache?
                  Syed Mahdi Apprentice

                  I greatly appreciate your reply. What I am doing is extending the jpapermissionstore and only changing the creatQuerymethod but first I will call super.init() to actually fill the private arguments. WIll that work I dont know yet?


                  I saw the article, google did a good job translating it for me. And I think it will work i guess, but i need to be sure conceptually: How do I tell SEAM security that this is the new permissionresolver
                  Where do I tell Seam to use this and not the PersistentPermissionResolver which it uses by default meaning do not use the built in PersistentPermissionResolver but actually the customPersistentPermissionResolver, is : @ Name ( org.jboss.seam.security.persistentPermissionResolver )
                  going to be sufficient. As per my knowledge the @Name with a name can only be used once and @ Name ( org.jboss.seam.security.persistentPermissionResolver )
                  is already used with the builtin default persistentPermissionResolver. SO will that give conflict?



                  I will really appreciate your help. Thanks a Million.


                  Syed...

                  • 6. Re: how can I do seam permission cache?
                    Syed Mahdi Apprentice

                    I tried the link you gave me and created the SystemPermissionresolver. I have permissions on the UI meaning my delete, update and create buttons have hasPermission ELs defined for them and each time I load the page for the same entity, the hasPermission hits the database ( I am using hibernate with show sql to true.)I thought it was supposed to see if its already downloaded then it will not download from the db again.


                    How can i tell what the the permissionResolver being used at this time. Is there any way to figure it out.


                    Thanks
                    Syed...

                    • 7. Re: how can I do seam permission cache?
                      Mariusz Smykula Newbie

                      There is no problem with @Name, because of @Install



                      The @Install annotation lets you control conditional installation of components that are required in some deployment scenarios and not in others. This is useful if:


                      You want change the implementation of a component in certain deployment scenarios.

                      I have my own implementation of PermissionResolver, so I cant help you with this code. But my work was based on idea of Marek Goldmann.

                      • 8. Re: how can I do seam permission cache?
                        Mariusz Smykula Newbie

                        The major problem with SystemPermissionResolver implementation is usage of action String. Rules like:



                        if (permission != null && permission.equals(action)) {


                        is wrong, because action column in db looks like read,write,delete etc (many actions in one columns).


                        and i'm not sure, but there was others problems too, so you need to clean this up.