As part of work here at Mimos, I have been working a lot with Spring Security. Some of my previous posts are testament for this. I even got the chance to work with Spring Security ACL which is a project which also comes under Spring Security eco-system and covers the "Authorization" part of Security. I feel Spring Security ACL project is seriously under-rated and one factor which stops it from reaching its fullest potential is in my opinion its Data store end.
Predominantly design to work with a Relational Database, Spring Security ACL Team have done a great job to reduce the round trips to fetch data from Database by using Caching extensively which decreases data read time heavily. Yet in a production system where ACL data also tend to change rapidly and with higher volume of users, ACLs and Objects to Protect, Bottleneck at Data end is inevitable.
Furthermore Spring Security ACL Data is distributed in 4 tables named acl_sid, acl_class, acl_object_identity and acl_entry. So to query and retrieve ACL entries for a Principal or Role for a Particular class instance, Joining of these 4 tables is required.
Also I got the exposure to do a Research and Development on Neo4j Graph Database which is a NoSQL, Schema-less, Graph Database which stores Data in the form of Property Nodes and Edges.
Neo4j is widely used in the Industry from Courier Route Decision Making to Finding a Date Match. Neo4j is said to be really good to represent Highly Connected Data because it stores all the Data in a Graph and said to be able to Model the real world as close as possible.
While reading through Neo4j Use Cases, I found that a Telecommunication company has used Neo4j for its Identity and Access Management system to improve performance. With Neo4j they have managed to reduce load time from Minutes to Milliseconds.
This got me thinking and lit a light bulb over my head. What if I can write a Data backend for Spring Security ACL using Neo4j? Easier said than done. Neo4j being a Graph Database is a completely different paradigm with its own query language to named Cypher.