Permissions

classic Classic list List threaded Threaded
2 messages Options
hyc
Reply | Threaded
Open this post in threaded view
|

Permissions

hyc
Hi,

I've got a big taxonomy tree in my application with hundreds of nodes. Now the problem is that when i start my application with cms in one container and website in another container connecting via rmi when I first start the application, the cms starts checking all the taxonomy nodes for readyonly acess to siteuser. There is a security domain defined under hippo:domains/everywhere/all-nodes/match-all-types. This has a facet rule to match *. This causes cms to go through each and every taxonomy node and check permissions. In logs it displays something like:

Checking canRead for node: /content/taxonomies/mylist/category/one
Checking if node : 2e393774-354c-48f1-8eea-80b80fe0b80d is in domain of FacetAuthPrincipal: everywhere

this causes a delay in loading application and it takes about half an hour to go through every node after that the site works fine no delays.

Interesting is it only happens when site and cms are deployed to two different servers and connect via rmi. If i deploy both site and cms to the same container and access repo using vm:// then it works fine.

Is it possible to solve this problem? Is there a way to tell cms to not look for each node just check the read permission on the top node of taxonomy or just check if user can read /content/taxonomies node and thats it not go in the details of checking everything.

Please help !!

Thank you.
Reply | Threaded
Open this post in threaded view
|

Re: Permissions

Frank van Lankvelt-2

On 6 jan. 2013, at 22:07, hyc <[hidden email]> wrote:

> Hi,
>
> I've got a big taxonomy tree in my application with hundreds of nodes. Now
> the problem is that when i start my application with cms in one container
> and website in another container connecting via rmi when I first start the
> application, the cms starts checking all the taxonomy nodes for readyonly
> acess to siteuser. There is a security domain defined under
> hippo:domains/everywhere/all-nodes/match-all-types. This has a facet rule to
> match *. This causes cms to go through each and every taxonomy node and
> check permissions. In logs it displays something like:
>
> Checking canRead for node: /content/taxonomies/mylist/category/one
> Checking if node : 2e393774-354c-48f1-8eea-80b80fe0b80d is in domain of
> FacetAuthPrincipal: everywhere
>
> this causes a delay in loading application and it takes about half an hour
> to go through every node after that the site works fine no delays.
>
Yeah, rmi is terribly slow.  And probably the taxonomy manager loads a complete taxonomy at once.

The solution is to run cms and site in the same container, or with a clustered repository in different containers.  In both cases, the vm:// protocol can be used.

The rmi connection is useful for light access, e.g. in the jcr-shell.  The jcr-runners also use it, but I expect that their use will dwindle now that it's possible to execute groovy scripts using vm://.

Cheers, Frank

> Interesting is it only happens when site and cms are deployed to two
> different servers and connect via rmi. If i deploy both site and cms to the
> same container and access repo using vm:// then it works fine.
>
> Is it possible to solve this problem? Is there a way to tell cms to not look
> for each node just check the read permission on the top node of taxonomy or
> just check if user can read /content/taxonomies node and thats it not go in
> the details of checking everything.
>
> Please help !!
>
> Thank you.
>
>
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Permissions-tp7580119.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html