Tom Blackford created OAK-8267: ---------------------------------- Summary: Limit number of values in 'nestedCugs' hidden property in NestedCugHook Key: OAK-8267 URL: https://issues.apache.org/jira/browse/OAK-8267 Project: Jackrabbit Oak Issue Type: Bug Components: authorization-cug Reporter: Tom Blackford
The logic in NestedCugHook.addNestedCugPath maintains a hidden multivalue string property at /:nestedCugs (see [1]). If a customer had many thousands of CUGs, this would result in many thousands of values on this string property which is unlikely to scale. >From [~anchela]: {quote} the reason for storing it is performance optimization i.e. minimizing reading from nodes to see if they hold a cug if the intended usages is that there are few and most nodes don't have a cug. i wouldn't not want to remove the hidden property for that default use case. but we could for sure take a look to see if we could introduce a threshold similar to the one at the root node i.e. using a counter instead of maintaining the complete list and in addition drop the list altogether in that case.... {quote} [1] https://github.com/apache/jackrabbit-oak/blob/073f2b5378cd198a9cb30eb1f57958fb805ce508/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHook.java#L79 -- This message was sent by Atlassian JIRA (v7.6.3#76005)