You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2023/02/01 17:40:46 UTC
[jackrabbit-oak] branch trunk updated: OAK-10099 : DynamicSyncContext: skip warning for everyone group
This is an automated email from the ASF dual-hosted git repository.
angela pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
The following commit(s) were added to refs/heads/trunk by this push:
new d807a6943c OAK-10099 : DynamicSyncContext: skip warning for everyone group
d807a6943c is described below
commit d807a6943cd35fd089b455f72cd2c05b52b0d298
Author: angela <an...@adobe.com>
AuthorDate: Wed Feb 1 18:40:32 2023 +0100
OAK-10099 : DynamicSyncContext: skip warning for everyone group
---
.../authentication/external/impl/DynamicSyncContext.java | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
index 6662b86d30..b64e0bf42b 100644
--- a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
+++ b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
@@ -33,6 +33,7 @@ import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.Defa
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncResultImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
@@ -351,8 +352,8 @@ public class DynamicSyncContext extends DefaultSyncContext {
// clear auto-membership
grp.removeMember(authorizable);
clearGroupMembership(grp, groupPrincipalNames, toRemove);
- } else {
- // some other membership that has not been added by the sync process
+ } else if (!isEveryone(grp)){
+ // some other membership that has not been added by the sync process (but skip for dynamic 'everyone' group)
log.warn("Ignoring unexpected membership of '{}' in group '{}' crossing IDP boundary.", authorizable.getID(), grp.getID());
}
}
@@ -378,6 +379,14 @@ public class DynamicSyncContext extends DefaultSyncContext {
return authorizable.hasProperty(REP_LAST_SYNCED) && !authorizable.hasProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES);
}
+ private static boolean isEveryone(@NotNull Group group) {
+ try {
+ return EveryonePrincipal.NAME.equals(group.getPrincipal().getName());
+ } catch (RepositoryException e) {
+ return false;
+ }
+ }
+
/**
* Helper object to avoid repeated lookup of principalName, {@link ExternalGroup} and synchronized {@link Group} for
* a given {@link ExternalIdentityRef} during {@link #syncMembership(ExternalIdentity, Authorizable, long)}.