Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Here are my notes from some internal design work on PD2.0, the primary goals are:

  • Simplify configuration, this will likely involved a custom Spring namespace handler to provide a more complete XML configuration language.
  • Improve lookup speed, adding in an ExecutorService to allow for parallel lookup of attributes from various sources.
  • Simplify the API, provide a try criteria API for complex searches in addition to the ability to lookup attributes for a single user.

Secondary goals:

  • Add JMX monitoring of performance of each attribute source.

 

 

 

QUESTIONS
    - are attribute names case insensitive? YES according to PD1.5 behavior


api - public interface
    need to think/design the query builder API, something fluent would be good
        http://static.springsource.org/spring-ldap/site/apidocs/org/springframework/ldap/filter/package-frame.html
    do we need an Attribute class or are Attributes just Strings?
    
    
Complex queries and multiple attribute sources
    default root query object ORs its parts together?
    break root query object up by OR clause?
    the problem:
        Given a query like (firstName=Jane && (isStudent=Y || lastName=Doe))
        How do we handle sources that do not support all of the attributes in the query?
            do a multi pass query, query sources that support all attributes first
            query sources that support a subset of the attributes second, during merge filter these in code using the attributes that were not passed to the source
            query non-searchable sources
            
General Query Logic
    attribute query
        ex: by username, [foo=bar, name=smith, ....]
        Run MS & PS sources
            turn map into OR() criteria for MS
        Run S sources once per existing result
    criteria query
        ex: (firstName=jane && (lastName==smith || lastName=doe))
        Run MS sources
            merge results
        Run PS sources
            merge results
        Run S sources once per existing result
            
attribute source classes - how do we tell/config the difference?
    fully searchable (MS) - CriteriaSearchAttributeSource
        uses a query template (supports arbitrary logic)
        ldap or primary use directories go here
    partial searchable (PS) - SimpleSearchAttributeSource
        uses named placeholders but still can return multiple people for one query
        small associated sources go here
    single-person only (S)
        will only ever return a single result ... is this useful?
        in=memory sources like for shib go here


spi - what code in support implements to provide data


core - big ugly guts
    core code that does
        dependency tree calc of sources
        determine query order and potential for parallelism, probably better to figure it with always parallel and having "block" spots that wait for other sources to complete
        caching of results from each source
        handling of query timeouts
        merging results from various sources
        mapping attribute names from the API side to the SPI side
        jmx metrics for per-source usage & performance
        primaryId
            Used when a find person by primary id query is run
            Used to merge data from multiple sources (each result must have a primaryId set)
        
    add a list of AttributeSourceFilter
        these are called in order (sorted by ordered)
        if any filter returns false the filtered source is not executed
        filterchain style API that allows for modification of search?
        
    dependency tree calculation on configured attribute sources
        needs to fail to init if something is wrong with the tree
        this probably needs to be calculated and cached for each query since the tree will look different every time based on the input

    caching of results - part of XML config support
        for each configured source, set cache name or reference to Ehcache bean
        optional cache name/ref for misses
        optional cache name/ref for exceptions

    query timeout - part of XML config support
        set maximum wait for query result
        set behavior on timeout? (ignore, fail)
        
    merge behavior - part of XML config
        does it work for each source to have a "prepend/append/overwrite" flag?
        if so we probably need support for Spring's Orderable on the SPI impl
        
    attribute name mapping - part of XML config support
        for each configured source, option to allow for saying api attr "username" is actually "uid" in this spi
        
    attribute lists
        - in the config are these the PD side or the source side of the attr mapping?
        - at least one required or optional search attribute must be specified
        required search
            ALL of these attributes must be include in a query for this source to be able to run the query 
        optional search
            This plus the required set make up the collection of attributes that can be used to search, attributes outside this set are ignored
        available return 
            The list of attributes the source returns, this is a best-effort set and the source may return more attributes than are named in the set

support
    attribute sources
        jdbc (MS,MP,S)
            single row
            multi row
        ldap (MS,MP,S)
        xml (MS)
        request attribute (S)
    filters
        regex
        spel
  • No labels