[jackrabbit-oak] branch trunk updated: OAK-10099 : DynamicSyncContext: skip warning for everyone group

[an...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

angela pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git


The following commit(s) were added to refs/heads/trunk by this push:
     new d807a6943c OAK-10099 : DynamicSyncContext: skip warning for everyone group
d807a6943c is described below

commit d807a6943cd35fd089b455f72cd2c05b52b0d298
Author: angela <an...@adobe.com>
AuthorDate: Wed Feb 1 18:40:32 2023 +0100

    OAK-10099 : DynamicSyncContext: skip warning for everyone group
---
 .../authentication/external/impl/DynamicSyncContext.java    | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
index 6662b86d30..b64e0bf42b 100644
--- a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
+++ b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
@@ -33,6 +33,7 @@ import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.Defa
 import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
 import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncResultImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
@@ -351,8 +352,8 @@ public class DynamicSyncContext extends DefaultSyncContext {
                 // clear auto-membership
                 grp.removeMember(authorizable);
                 clearGroupMembership(grp, groupPrincipalNames, toRemove);
-            } else {
-                // some other membership that has not been added by the sync process
+            } else if (!isEveryone(grp)){
+                // some other membership that has not been added by the sync process (but skip for dynamic 'everyone' group)
                 log.warn("Ignoring unexpected membership of '{}' in group '{}' crossing IDP boundary.", authorizable.getID(), grp.getID());
             }
         }
@@ -378,6 +379,14 @@ public class DynamicSyncContext extends DefaultSyncContext {
         return authorizable.hasProperty(REP_LAST_SYNCED) && !authorizable.hasProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES);
     }
 
+    private static boolean isEveryone(@NotNull Group group) {
+        try {
+            return EveryonePrincipal.NAME.equals(group.getPrincipal().getName());
+        } catch (RepositoryException e) {
+            return false;
+        }
+    }
+
     /**
      * Helper object to avoid repeated lookup of principalName, {@link ExternalGroup} and synchronized {@link Group} for 
      * a given {@link ExternalIdentityRef} during {@link #syncMembership(ExternalIdentity, Authorizable, long)}.