[Registry-dev] Re: UserManager Registry Merge Status

Tue Mar 4 05:13:50 PST 2008

Hi All,

Attached is the hotspot analysis of some initial profiling on a mashup 
server with the mooshup databases. It was just a simple run through the 
startup, initial login and retrieving a list of mashups - not an 
exhaustive set of tests by any means. Although I want to do a few more 
scenarios (eg. ignoring the startup hotspot, more types of activities) 
this does show a clear trend, so I thought it would be useful for both 
teams.

Mashup team, I guess we need to consider some caching of data at the 
front end, maybe using the session a bit more for information about the 
current user etc.

Bye,
Channa.

Chathura C. Ekanayake wrote:
> Currently each resource path is checked for permissions before 
> exposing it out from the Registry interface. User manager API call is 
> done to perform this permission check. It may appear that we can avoid 
> this API call and execute a single SQL statement to get authorized 
> resources after merging the databases. It would be possible is 
> permissions are only based on users. But there are some algorithms 
> executed in the user manager to determine the permissions based on 
> users, roles and configuration parameters (prioritize allow or deny). 
> It is very hard (if not impossible) to implement all these algorithms 
> in SQL. So I think we can't gain performance increase by using 
> combined SQLs to check permissions.
>
> But as Dimuthu, Channa and I discussed, the performance issue of 
> Mooshup shouldn't be caused by checking permissions. Number of users 
> does not affect the permission tables and performance of checking 
> permissions. Krishantha is doing a performance test on Registry by 
> adding large number (> 150) of users. We will be able to determine the 
> cause of the problem by profiling the Mooshup and the Registry.
>
> Thanks,
> Chathura
>
> Dimuthu Leelarathne wrote:
>> Hi All,
>>
>> I have moved all the usermanager code into the registry and updated
>> Mashup.
>>
>> We have left couple of major things to do,
>>
>> -implement the the foreign key constraints on the registry
>> (this is to be done as soon as handlers problem is fixed)
>>
>> -implement the hybrid realm - I can start right away
>>
>> We have observed that Mooshup performance decrease when the number of
>> users increase.
>> Current Implementation
>> =====================
>> Given the resource_id, user_id and action, we ask from the API whether
>> there are permissions. The algorithm complexity is linear on the 
>> number of Roles[1]. As the
>> number of roles in user increases, it will consume more time. But in
>> Mooshup number of roles per user has not increased.
>>
>> Another Implementation
>> ======================
>> We have resource_id and action. We can load all the users and roles
>> allowed to perform the action on resource_id.
>>
>> We have decided to do a profiling test. Maybe a caching technique needs
>> to be implemented.
>>
>> Regards,
>> Dimuthu
>>
>>
>> [1]
>> if(user has permission){
>>     return;
>> }else{
>>   for all users in the role{
>>     check role has permission
>>   }   
>>
>> }
>>
>>
>>   
>
>
>

-- 
********************************************
Channa Gunawardena
Technical Lead, WSO2 Inc.
channa at wso2.com; Mobile: +94 71 306 2722
"Oxygenating the Web Service Platform." 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: perf.rar
Type: application/octet-stream
Size: 9071 bytes
Desc: not available
Url : http://wso2.org/pipermail/registry-dev/attachments/20080304/f5f6fbcd/perf.obj