[
https://issues.apache.org/jira/browse/FC-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18060047#comment-18060047
]
Shawn McKinney commented on FC-327:
-----------------------------------
[~ben.manes]
Not quite a year ago, attempted to convert Fortress from ehcache to caffeine
and got stuck. As I recall, it was because of this search issue. I have
retained a local branch and am willing to revisit this issue assuming we can
get some traction on it.
As for how it works currently:
Checkout this example: [Fortress Core DSD
Test](https://github.com/apache/directory-fortress-core/blob/master/src/test/java/org/apache/directory/fortress/core/impl/CacheSample.java#L101-L129)
The use case:
Cache to maintain Dynamic Separation of Duty (DSD) records. The data structure
is contained within the sample. It's a map between a role name and its
associated DSD constraints, that it's a 'member' of. The idea is, one or more
role names can be used to search for associated constraints. The same role can
be in multiple constraints. One constraint may have multiple roles (members).
This test case is simpler than the actual requirement where the cache has an
additional attribute of contextId, which is used for multitenancy. So, the
actual cache entry's key would be:
name
contextId
meaning the same DSD set name could be found under numerous 'tenants', each
with its own list of members, and cardinality.
The actual data set that is being cached:
- [Fortress separation of
duty](https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/model/SDSet.java)
Here is the cache entry:
- [Fortress DSD cache
entry](https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/util/cache/DsdCacheEntry.java)
Some sample data
```
Add DSD key: oamT7Dsd5:tenant123, role: oamT16SDR1, members: [oamT16SDR1,
oamT16SDR10, oamT16SDR2, oamT16SDR3, oamT16SDR4, oamT16SDR5, oamT16SDR6,
oamT16SDR7, oamT16SDR8, oamT16SDR9]
Add DSD key: oamT7Dsd5:tenant123, role: oamT16SDR10, members: [oamT16SDR1,
oamT16SDR10, oamT16SDR2, oamT16SDR3, oamT16SDR4, oamT16SDR5, oamT16SDR6,
oamT16SDR7, oamT16SDR8, oamT16SDR9]
```
The searchable attributes:
role, contextId
Here is the query using ehcache semantics:
```
// Search on roleName attribute which maps to 'member' attr on the
cache record:
Attribute<String> member =
m_dsdCache.getSearchAttribute(SchemaConstants.MEMBER_AT);
Attribute<String> context =
m_dsdCache.getSearchAttribute(CONTEXT_ID);
Query query = m_dsdCache.createQuery();
query.includeKeys();
query.includeValues();
// Add the passed in authorized Role names to this cache query:
Set<String> roles = new HashSet<>(authorizedRoleSet);
query.addCriteria(member.in(roles).and(context.eq(contextId)));
// Return all DSD cache entries that match roleName to the 'member'
attribute in cache entry:
Results results = query.execute();
```
Link to source code of query:
-[Fortress DSD
Util](https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/impl/SDUtil.java#L357-L367)
> Upgrade from ehcache v2
> -----------------------
>
> Key: FC-327
> URL: https://issues.apache.org/jira/browse/FC-327
> Project: FORTRESS
> Issue Type: Improvement
> Affects Versions: 3.0.0
> Reporter: Shawn McKinney
> Priority: Major
> Fix For: 4.0.0
>
>
> Fortress core uses ehcache v2. It is getting long in tooth, has a number of
> CVE's, and needs to be replaced. Here we'll look at alternatives.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
