on 6/18/01 11:03 AM, "Dan Diephouse" <[EMAIL PROTECTED]> wrote:
> I am a bit hesitant to reply without knowing too much about the system,
> but would it be possible to write an ACL implementation that did not
> load permissions from the database until a check was needed? That is
> only when it needs to know whether I'm in group "project10001" with role
> "staff" and permission "project_modify" does it check the database.
>
> Thanks,
>
> Dan Diephouse <http://www.compassarts.org/>
The solution is to just cache things and provide a way to invalidate the
cache remotely. This is what CollabNet did.
The reason why you need to be able to remotely invalidate the cache (or
portions of it) is that if you have a distributed JVM system, then you need
to be able to tell the other JVM's that their security information is
invalid and to refresh it.
If you noticed, recently Leonard submitted a patch to the Services framework
that added the ability for a Service to return status information. CollabNet
uses that in order to allow the caching service to return information about
itself for this express purpose. :-)
Note: The CollabNet code that I'm talking about is all in CVS over on
helm.tigris.org. Have a look for yourself.
:-)
-jon
--
"Open source is not available to commercial companies."
-Steve Ballmer, CEO Microsoft
<http://www.suntimes.com/output/tech/cst-fin-micro01.html>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
