Hi, we have some performance problems by communication with LDAP after switching from 4.3 to 5.0. I have two questions

  • were there any changes intern by calling API (see bellow)
  • are there any API methods which doesn't communicate with LDAP (using direct only ivy system database) ?

Especially we use the following method

  • ISecurityContext.findRole(...)
  • IWorkflowSession.hasRole(IRole, Boolean)

asked 30.01.2015 at 15:26

tauser's gravatar image

tauser
11131516
accept rate: 33%

edited 04.02.2015 at 11:48

Flavio%20Sadeghi's gravatar image

Flavio Sadeghi ♦♦
1.8k5723

Can you give some more context? Do you mean this with GDS: http://en.wikipedia.org/wiki/Global_Distribution_System? How you are using it in Ivy? What kind of performance problems you have and so on...

(04.02.2015 at 05:06) MichaelDänzer ♦ MichaelD%C3%A4nzer's gravatar image

we use LDAP (Novel) as Ivy Security system

(04.02.2015 at 09:07) tauser tauser's gravatar image

A call to the method ISecurityContext.findRole(...) will result in a query to the system database, because the roles are stored there, so no query to the external security system (LDAP) is needed.

The first call to the methode IWorkflowSession.hasRole(IRole, Boolean) could results in a query to the external security system (LDAP). Latest all following calls within 5 minutes will use the cache of the first call, independent of the parameter.

In fact the cache is initialized/handled by the method IUser.getRoles(), which is called internally by the method IWorkflowSession.hasRole(IRole, Boolean). The method IUser.getRoles() caches the result for 10 seconds on the user-instance (this means, further calls within 10 seconds on the same instance will return the cached result. The method ISecurityContext.findUser(...) will always return a new instance.). However, if the method is called on the current logged-in user the result is cached on the session and has therefore a timeout of 5 minutes.

In 4.3 only the cache for the current logged-in user exists. The ‘10 second cache’ on any user-instance was introduced with 5.0.15.

UPDATE: A code example for clarification:

IRole.getUsers() / IRole.getAllUsers() is NEVER cached

IRole role = ISecurityContext.findRole("RoleA"); // only access to system db
role.getUsers(); // first call not cached
role.getUsers(); // subsequent calls not cached

Cache of IUser.getRoles() / IUser.getAllRoles()

ISecuritySession.findUser("Max").getRoles(); // NOT cached
ISecuritySession.findUser("Max").getRoles(); // NOT cached, because findUser() returns a new instance

IUser user = IWorflowSession.findUser("Max"); // if user is not already synchronized, it will be looked up in the LDAP.
user.getRoles(); // first call NOT cached
user.getRoles(); // subsequent calls are cached, because called on the same instance
link

answered 04.02.2015 at 11:34

Flavio%20Sadeghi's gravatar image

Flavio Sadeghi ♦♦
1.8k5723
accept rate: 75%

edited 06.03.2015 at 12:45

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×37
×16
×12

Asked: 30.01.2015 at 15:26

Seen: 1,682 times

Last updated: 06.03.2015 at 12:45