Revision: glite-voms-admin-server--release--1.2.0--patch-61 Archive: lorentey@elte.hu--2004 Creator: Karoly Lorentey Date: Sat Jul 23 16:08:47 CEST 2005 Standard-date: 2005-07-23 14:08:47 GMT New-files: src/org/glite/security/voms/database/cache/.arch-ids/=id src/org/glite/security/voms/database/cache/Cacheable.java src/org/glite/security/voms/database/cache/DNCAKey.java src/org/glite/security/voms/database/cache/RowCache.java src/org/glite/security/voms/database/cache/TimedCacheable.java New-directories: src/org/glite/security/voms/database/cache src/org/glite/security/voms/database/cache/.arch-ids Modified-files: config/install/etc/voms.service.properties.template config/webapp/log4j.runtime.properties src/org/glite/security/voms/database/DBACL.java src/org/glite/security/voms/database/DBCA.java src/org/glite/security/voms/database/DBCapability.java src/org/glite/security/voms/database/DBGroup.java src/org/glite/security/voms/database/DBRole.java src/org/glite/security/voms/database/Database.java src/org/glite/security/voms/database/connection/Update.java src/org/glite/security/voms/operation/AddGroupMemberAction.java src/org/glite/security/voms/operation/CreateUserAction.java src/org/glite/security/voms/service/ACLEntry.java New-patches: lorentey@elte.hu--2004/glite-voms-admin-server--release--1.2.0--patch-61 Summary: Rewrite DBACL to radically reduce SQL queries during checkPermission(). Add row cache infrastructure. Keywords: * src/org/glite/security/voms/database/cache/Cacheable.java: New file. * src/org/glite/security/voms/database/cache/DNCAKey.java: New file. * src/org/glite/security/voms/database/cache/RowCache.java: New file. * src/org/glite/security/voms/database/cache/TimedCacheable.java: New file. * src/org/glite/security/voms/database/DBACL.java: Overhaul for performance. (rc, readOnly, entries, hasDeny): New members. (refresh, clone, equals, getKeys, getReadOnly, getReadOnlyGlobalACL) (isGlobalACL, isReadOnly, hasDeny): New methods. (checkPermission): Use hasDeny and reorganize order of checks to optimize for the common case (no deny rule, LIST to all). (constructor, getInstance, checkACLEntryForAdmin, copyACL) (countACLEntries, getACLEntry, getACLEntries, removeACLEntry) (removeAllACLEntries, addACLEntry, setACLEntries, deleteACL): Radical overhaul. Register changed DBACLs with Update.registerChange. (getAdminUsersForOperation): Remove. * src/org/glite/security/voms/database/connection/Update.java: (changedRows): New member. (registerChange): New method. (commit): Use changedRows to expire old rows from the cache. * config/install/etc/voms.service.properties.template (voms.default.cache.refresh.period, voms.acl.cache.maxsize) (voms.acl.cache.refresh.period, voms.admin.cache.maxsize): New parameters. (Undocumented so far.) * src/org/glite/security/voms/database/DBCA.java (equals): New method. * src/org/glite/security/voms/database/DBCapability.java (getACL): Update throws clause. (checkPermission): Use DBACL.getReadOnly. * src/org/glite/security/voms/database/DBGroup.java (getACL, getDefaultACL): Update throws clause. (checkPermission): Use DBACL.getReadOnly. (getAdminUsersForOperation): Remove. * src/org/glite/security/voms/database/DBRole.java (getACL): Update throws clause. (checkPermission): Use DBACL.getReadOnly. * src/org/glite/security/voms/database/Database.java (create): Create anyuser and public admins as well to speed up ACL checks. (We don't have a negative cache, so these guys would otherwise be queried over and over again.) * src/org/glite/security/voms/operation/AddGroupMemberAction.java (getAdminUsers): Remove. * src/org/glite/security/voms/operation/CreateUserAction.java (getAdminUsers): Remove. * src/org/glite/security/voms/service/ACLEntry.java (admin): New member. (constructors): Initialize it, if possible. (equals, mySetAdmin, myGetAdmin): New methods. * config/webapp/log4j.runtime.properties: Increase logging verbosity due to extensive changes.