Re: [keycloak-user] Performance with a large number of resources
On Thu, Apr 20, 2017 at 3:38 PM, Scott Elliott <scottpelliott(a)gmail.com>
wrote:
Using the photoz application as an example, what is the expected
performance if there are a very large (say, 5M) number of albums? What
about if there are multiple resources per album? You quickly get a very
large number of resources. The OIDC adapters cache some number of these, so
what effect will that have on the resource server?
Right now we cache things based on a very simple LRU cache with some
expiration of entries. Number of cached entries is fixed though. Something
we can expose via configuration.
Ideally there would be a way to authorize any resource associated with an
album, so if /album/vacation were authorized by /album/{id},
/album/vacation/photo/1 was also authorized, i.e., the URI that selects the
resource to be authorized would always be /album/vacation.
All depends on how fined grained you want your config. For instance, if you
define a path "/album/{id}/*", the same resource (and associated
permissions) will also be related with resources like "/album/vacation" and
"/album/vacation/photo/1". However, if you have a resource on the server
with a path "/album/vacation/photo/1", the enforcer is going to use this
resource to check whether the user has access or not.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user