堆栈内存溢出
  简体   繁体   English

政策评估需要很长时间

[英]Policy evaluation takes long time

 原文  2014-03-04 08:06:01       java/ ldap/ openam

问题描述

I am using OpenAM 9.5.3 to do authentication and authorization. 我正在使用OpenAM 9.5.3进行身份验证和授权。 For authorization, I have two policies set under Top Level Realm (only realm in the setup ). 为了进行授权,我在“顶级领域”下设置了两个策略(仅在设置中设置了领域)。 Each policy has two rules (URL policy agent) with one subject (OpenAM Identity Subject). 每个策略都有两个规则(URL策略代理),其中一个主题(OpenAM Identity Subject)。 The subject contains two LDAP group. 该主题包含两个LDAP组。 For example: 例如: 

Policy Name: my_policy
Rules:
   Rule1: some rule
   Rule2: some-other rule
Subject:
   Subject1: Contains two groups Group 1, Group 2. Total number of users,putting together is around 80.  Group 1 contains user A  who is notavailable in Group 2.

When user A logs in, authorization for User A against Group 2 takes long time, around 3 min. 用户A登录后,针对用户A的第2组授权需要很长时间,大约需要3分钟。 Group 2 has only 40 users in it. 组2中只有40个用户。 Log statements from policy log file, http://pastebin.com/kXSUXQ5F . 来自策略日志文件http://pastebin.com/kXSUXQ5F的日志语句。 As highlighted below, it takes 2 min for evaluation to complete. 如下所述,评估需要2分钟才能完成。 

**amPolicy:03/02/2014 09:34:52:592** AM PST: Thread[http-bio-8443-exec-12,5,main]
AMidentitySubject.isMember():user uuid = id=user-1,ou=user,dc=orgname,dc=com, subject uuid = id=group-2,ou=group,dc=orgname,dc=com
**amPolicy:03/02/2014 09:36:35:580** AM PST: Thread[http-bio-8443-exec-12,5,main]
AMIdentitySubject.isMember():userIdentity type IdType: user can be a member of subjectIdentityType IdType: group:membership=false

Note, that authorization for User A against Group 1 happens immediately. 请注意,针对组1对用户A的授权会立即发生。

Tried googling for this and made following changes, 尝试使用Google搜索,并进行了以下更改,

  1. Increased the LDAP connection pool size in the openAM sever, now minimum is 10 and maximum value is 65 在openAM服务器中增加了LDAP连接池的大小,现在最小值为10,最大值为65
  2. In the agent disabled the property, com.sun.identity.agents.config.fetch.from.root.resource. 在代理中,禁用属性com.sun.identity.agents.config.fetch.from.root.resource。 Now have set this to false, com.sun.identity.agents.config.fetch.from.root.resource = false 现在将其设置为false,com.sun.identity.agents.config.fetch.from.root.resource = false

None of these reduced the time for subject evaluation. 这些都没有减少受试者评估的时间。 I don't find any thing else related to this on googling. 我在Google上没有发现与此相关的任何其他内容。 Can you give pointers on other properties that needs to be checked/tuned ? 您是否可以提供其他需要检查/调整的属性的指针? Let me know if you need any further details on this. 让我知道您是否需要任何进一步的细节。

Thanks In Advance, Veerabahu 在此先感谢,Veerabahu

1 个解决方案

解决方案1
 1  2014-03-05 09:01:02

OpenAM 9.5.3 suffered from sub-optimal membership checking in AMIdentitySubject , see https://bugster.forgerock.org/jira/browse/OPENAM-1964 OpenAM 9.5.3在AMIdentitySubject中遭受次优成员资格检查,请参阅https://bugster.forgerock.org/jira/browse/OPENAM-1964

It's time to upgrade ... 是时候升级了...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 添加到hashmap需要很长时间 - Add to hashmap takes a long time 施工启发法需要很长时间 - Construction Heuristics takes long time Javers比较需要很长时间 - Javers comparison takes long time Java FileOutputStream连续关闭需要很长时间 - Java FileOutputStream consecutive close takes a long time 为什么GZIPInputStream需要很长时间? - Why GZIPInputStream takes quite long time? Hibernate 需要很长时间才能获取查询结果 - Hibernate takes a long time to get query result 为什么长字面量计算需要更多时间? - Why computation takes more time with long literal? 使用jpbc的程序需要很长时间 - Program that uses jpbc takes a long time JPQL构造函数执行需要很长时间 - JPQL Constructor execution takes long time isDisplayed()方法的执行时间过长 - isDisplayed() method execution time takes too long
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM