I'm not sure if many people have ever bridged this discussion. I work with a number of applications that use a common security model. It's home grown security application consisting mainly of EJBs and Read Only Entity Beans. In it we maintain credentials about a user: username/password, roles, permissions (Create, Read, Update, Delete, Execute), etc... I am finding that our ACL lookups for security are so expensive that our applications that extend these Security APIs suffer in performance and scalability. I am curious if anyone in the group can point me to a white paper or specification on implementing role-based security in Java for performance and scalability? I feel like we need a different approach to managing advanced level security. Regards, Steve
I am curious - can you explain *why* you are suffering in performance from your security model? That is, what *exactly* is the bottleneck?
The soul is dyed the color of its thoughts. Think only on those things that are in line with your principles and can bear the light of day. The content of your character is your choice. Day by day, what you do is who you become. Your integrity is your destiny - it is the light that guides your way. - Heraclitus