You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-dev@jackrabbit.apache.org by Michael Dürig <md...@apache.org> on 2013/08/06 10:24:47 UTC
Propagation of Session auto refresh behaviour to e.g. UserManager
Hi,
With OAK-938 [1] Antonio uncovered another consequence of introducing
auto refreshing sessions [2]:
Acquiring a UserManager from a auto refreshing session, that UserManager
instance would not "inherit" the auto refresh setting. That is, although
the session itself might after a while see a newer revision due to an
automatic refresh, the UserManager will still stay on the revision the
session had when it was acquired. See
https://github.com/apache/jackrabbit-oak/blob/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java#L89
for a test case.
We might have similar issues with other entities tied to a session like
PrincipalManager, VersionManager, ... Basically all (indirect) callers
of SessionDelegate#getRoot() are suspect... and that's quite a list.
To me the cleanest solution seems to be changing
SessionDelegate#getRoot() to SessionDelegate#getRootProvider() thus
signalling to clients they need to acquire the root on an as need basis.
WDYT?
Michael
[1] https://issues.apache.org/jira/browse/OAK-938
[2] https://issues.apache.org/jira/browse/OAK-803
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Tue, Aug 6, 2013 at 12:51 PM, Angela Schreiber <an...@adobe.com> wrote:
> regarding attaching to the SessionDelegate: i definitely disagree.
> in contrast to the various plugins which are not really pluggable
> the various mgr security related implementations must be
> pluggable at runtime. therefore making the implementation depend
> on the internal SessionDelegate is not an option.
> in addition some of those classes are also used within the oak core
> (validators, commit hooks and so forth). i really don't want to
> add any dependency to oak-jcr nor the internals contained therein
> to the various security related parts. i deliberately avoided it.
> this wasn't a coincidence :-)
Fair enough.
My point here is that SessionDelegate.perform() would solve the
OAK-938 problem, and coming up with another solution seems like
unnecessary duplication to me. But I won't stand in the way if people
think that's a better approach.
BR,
Jukka Zitting
Re: Propagation of Session auto refresh behaviour to e.g.
UserManager
Posted by Angela Schreiber <an...@adobe.com>.
hi jukka
we are talking about 2 different sessions. with one single session
everything works as expected.
regarding attaching to the SessionDelegate: i definitely disagree.
in contrast to the various plugins which are not really pluggable
the various mgr security related implementations must be
pluggable at runtime. therefore making the implementation depend
on the internal SessionDelegate is not an option.
in addition some of those classes are also used within the oak core
(validators, commit hooks and so forth). i really don't want to
add any dependency to oak-jcr nor the internals contained therein
to the various security related parts. i deliberately avoided it.
this wasn't a coincidence :-)
angela
On 8/6/13 11:42 AM, "Jukka Zitting" <ju...@gmail.com> wrote:
>Hi,
>
>On Tue, Aug 6, 2013 at 12:23 PM, Angela Schreiber <an...@adobe.com>
>wrote:
>> but in this case as michael explained the setup is that one session
>> should be informed about modifications made by another session.
>
>Are we talking about two separate sessions (i.e. javax.jcr.Session
>instances) or a session and the UserManager associated with it?
>
>> this works for all operations that are 'attached' to the SessionDelegate
>> but the refresh doesn't work for those classes that are just associated
>> with the Root (such as e.g. the UserManager which btw. makes transient
>> modifications on the root associated with editing session. the
>>read-write
>> trick doesn't help here).
>
>It sounds to me as if the UserManager should also be attached to the
>SessionDelegate, and use the SessionOperation mechanism whenever
>accessing information bound to that session.
>
>BR,
>
>Jukka Zitting
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Tue, Aug 6, 2013 at 12:23 PM, Angela Schreiber <an...@adobe.com> wrote:
> but in this case as michael explained the setup is that one session
> should be informed about modifications made by another session.
Are we talking about two separate sessions (i.e. javax.jcr.Session
instances) or a session and the UserManager associated with it?
> this works for all operations that are 'attached' to the SessionDelegate
> but the refresh doesn't work for those classes that are just associated
> with the Root (such as e.g. the UserManager which btw. makes transient
> modifications on the root associated with editing session. the read-write
> trick doesn't help here).
It sounds to me as if the UserManager should also be attached to the
SessionDelegate, and use the SessionOperation mechanism whenever
accessing information bound to that session.
BR,
Jukka Zitting
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Tue, Aug 6, 2013 at 12:36 PM, Michael Dürig <md...@apache.org> wrote:
> There is no perform call in this case. That is the point of the whole story.
The way I see it, there *should* be a perform() call in this case.
BR,
Jukka Zitting
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Michael Dürig <md...@apache.org>.
On 6.8.13 11:33, Jukka Zitting wrote:
> Hi,
>
> On Tue, Aug 6, 2013 at 12:21 PM, Michael Dürig <md...@apache.org> wrote:
>> On 6.8.13 10:41, Jukka Zitting wrote:
>>> a) When making transient changes or reading information that can come
>>> from an earlier repository snapshot, use sessionDelegate.getRoot() so
>>> that you see the exact same state as the rest of the session.
>>
>> This is not sufficient for the current case however unless we add a session
>> refresh for every call to SessionDelegate.getRoot().
>
> The refresh (when needed) should happen already in
> SessionDelegate.perform(), before the getRoot() call is made.
>
There is no perform call in this case. That is the point of the whole story.
Michael
>> Furthermore the underlying (somewhat implicit) assumption back then was
>> sessions being stable (i.e. no auto refresh) such that the returned root and
>> trees retrieved from it can be cached. This is now not the case any more and
>> might render many such optimisations invalid.
>
> This is exactly the problem I was worried about when I tried to argue
> earlier that we shouldn't be caching information in memory and instead
> read any information directly from the underlying content tree when
> needed.
>
> BR,
>
> Jukka Zitting
>
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Tue, Aug 6, 2013 at 12:21 PM, Michael Dürig <md...@apache.org> wrote:
> On 6.8.13 10:41, Jukka Zitting wrote:
>> a) When making transient changes or reading information that can come
>> from an earlier repository snapshot, use sessionDelegate.getRoot() so
>> that you see the exact same state as the rest of the session.
>
> This is not sufficient for the current case however unless we add a session
> refresh for every call to SessionDelegate.getRoot().
The refresh (when needed) should happen already in
SessionDelegate.perform(), before the getRoot() call is made.
> Furthermore the underlying (somewhat implicit) assumption back then was
> sessions being stable (i.e. no auto refresh) such that the returned root and
> trees retrieved from it can be cached. This is now not the case any more and
> might render many such optimisations invalid.
This is exactly the problem I was worried about when I tried to argue
earlier that we shouldn't be caching information in memory and instead
read any information directly from the underlying content tree when
needed.
BR,
Jukka Zitting
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Michael Dürig <md...@apache.org>.
On 6.8.13 10:41, Jukka Zitting wrote:
> Hi,
>
> On Tue, Aug 6, 2013 at 11:24 AM, Michael Dürig <md...@apache.org> wrote:
>> We might have similar issues with other entities tied to a session like
>> PrincipalManager, VersionManager, ... Basically all (indirect) callers of
>> SessionDelegate#getRoot() are suspect... and that's quite a list.
>
> We sorted out a good pattern for doing stuff like this already with
> the namespace registry. Basically:
>
> a) When making transient changes or reading information that can come
> from an earlier repository snapshot, use sessionDelegate.getRoot() so
> that you see the exact same state as the rest of the session.
This is not sufficient for the current case however unless we add a
session refresh for every call to SessionDelegate.getRoot().
Furthermore the underlying (somewhat implicit) assumption back then was
sessions being stable (i.e. no auto refresh) such that the returned root
and trees retrieved from it can be cached. This is now not the case any
more and might render many such optimisations invalid.
Michael
>
> b) When persisting changes directly to the repository or reading from
> the latest repository state without interference from transient
> changes, use sessionDelegate.getContentSession().getLatestRoot() and
> follow up with a session.refresh(true) to force the rest of the
> session to keep up.
>
> The abstract method pattern in ReadWriteNamespaceRegistry (or
> something similar) can be used to avoid a direct oak-jcr /
> SessionDelegate dependency.
>
> That pattern should cover the needs of the UserManager and other
> places without the need to manage the states of multiple independent
> Root instances.
>
> BR,
>
> Jukka Zitting
>
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Tue, Aug 6, 2013 at 5:26 PM, Michael Dürig <md...@apache.org> wrote:
> I'll start looking into implementing those extra Delegate classes on an as
> need basis.
Great, thanks!
Perhaps it's worth it to try out the briefly discussed idea of
implementing at least some of the required wrappers using reflection
or static code generation, perhaps driven by annotations. If it works
out well, it might be possible to extend such a approach into an
elegant solution to OAK-662.
BR,
Jukka Zitting
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Michael Dürig <md...@apache.org>.
On 6.8.13 11:23, Angela Schreiber wrote:
> let's discuss that in the call this afternoon.
Quick summary from that call:
- We need some way of backwards compatibility re. sessions as discussed
in OAK-803. Otherwise client code could break in very subtle ways
creating a support legacy.
- Pushing the refresh logic down to Root and related is not a good
option since we want to keep oak-core strictly MVCC by keeping the
backwards compatibility tweaks in oak-jcr.
- Pulling the refresh logic up into a separate JCR wrapper would factor
the solution into a separate component. But it would introduce extra
complexity, a lot of new classes and duplicate much of the logic we have
in the current XyzDelegate classes.
- Introducing Delegate implementations for the problematic entities
(i.e. UserManger) was deemed the solution to go for now. The other
suspects that came up in a quick usage search are: PrincipalManager,
VersionManager, ACManager, PermissionProvider, ObservationManager, and
PrivilegeManager.
I'll start looking into implementing those extra Delegate classes on an
as need basis.
Michael
Re: Propagation of Session auto refresh behaviour to e.g.
UserManager
Posted by Angela Schreiber <an...@adobe.com>.
hi jukka
IMO the approach in the namespaceregistry is something different:
in that case you have a different write-root that needs to make
sure that the root (and the editing session) gets updated once
the changes are persisted.
but in this case as michael explained the setup is that one session
should be informed about modifications made by another session.
this works for all operations that are 'attached' to the SessionDelegate
but the refresh doesn't work for those classes that are just associated
with the Root (such as e.g. the UserManager which btw. makes transient
modifications on the root associated with editing session. the read-write
trick doesn't help here). btw: it's one of the fundamental design decisions
for the oak security code to build the implentations on top of the OAK API.
this contrasts to the Jackrabbit setup which lead to a lot of hacks and
at the end didn't work very well.
so, what we would need is a refresh on the Root instead of just refreshing
upon session access. i just discussed this with Michael and we both fear
that
this will open a huge can of worms...
what we are basically trying to do is to changing one of the fundamental
concepts of OAK (refresh only occurs if manually triggered), which IMHO
needs a careful analysis of the consequences.
let's discuss that in the call this afternoon.
angela
On 8/6/13 10:41 AM, "Jukka Zitting" <ju...@gmail.com> wrote:
>Hi,
>
>On Tue, Aug 6, 2013 at 11:24 AM, Michael Dürig <md...@apache.org> wrote:
>> We might have similar issues with other entities tied to a session like
>> PrincipalManager, VersionManager, ... Basically all (indirect) callers
>>of
>> SessionDelegate#getRoot() are suspect... and that's quite a list.
>
>We sorted out a good pattern for doing stuff like this already with
>the namespace registry. Basically:
>
>a) When making transient changes or reading information that can come
>from an earlier repository snapshot, use sessionDelegate.getRoot() so
>that you see the exact same state as the rest of the session.
>
>b) When persisting changes directly to the repository or reading from
>the latest repository state without interference from transient
>changes, use sessionDelegate.getContentSession().getLatestRoot() and
>follow up with a session.refresh(true) to force the rest of the
>session to keep up.
>
>The abstract method pattern in ReadWriteNamespaceRegistry (or
>something similar) can be used to avoid a direct oak-jcr /
>SessionDelegate dependency.
>
>That pattern should cover the needs of the UserManager and other
>places without the need to manage the states of multiple independent
>Root instances.
>
>BR,
>
>Jukka Zitting
Re: Propagation of Session auto refresh behaviour to e.g. UserManager
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Tue, Aug 6, 2013 at 11:24 AM, Michael Dürig <md...@apache.org> wrote:
> We might have similar issues with other entities tied to a session like
> PrincipalManager, VersionManager, ... Basically all (indirect) callers of
> SessionDelegate#getRoot() are suspect... and that's quite a list.
We sorted out a good pattern for doing stuff like this already with
the namespace registry. Basically:
a) When making transient changes or reading information that can come
from an earlier repository snapshot, use sessionDelegate.getRoot() so
that you see the exact same state as the rest of the session.
b) When persisting changes directly to the repository or reading from
the latest repository state without interference from transient
changes, use sessionDelegate.getContentSession().getLatestRoot() and
follow up with a session.refresh(true) to force the rest of the
session to keep up.
The abstract method pattern in ReadWriteNamespaceRegistry (or
something similar) can be used to avoid a direct oak-jcr /
SessionDelegate dependency.
That pattern should cover the needs of the UserManager and other
places without the need to manage the states of multiple independent
Root instances.
BR,
Jukka Zitting
Re: Propagation of Session auto refresh behaviour to e.g.
UserManager
Posted by Angela Schreiber <an...@adobe.com>.
hi michael
either we introduce the rootprovider or we create some sort of
refresh-listener behavior.
regards
angela
On 8/6/13 10:24 AM, "Michael Dürig" <md...@apache.org> wrote:
>
>Hi,
>
>With OAK-938 [1] Antonio uncovered another consequence of introducing
>auto refreshing sessions [2]:
>
>Acquiring a UserManager from a auto refreshing session, that UserManager
>instance would not "inherit" the auto refresh setting. That is, although
>the session itself might after a while see a newer revision due to an
>automatic refresh, the UserManager will still stay on the revision the
>session had when it was acquired. See
>https://github.com/apache/jackrabbit-oak/blob/trunk/oak-jcr/src/test/java/
>org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java#L89
>for a test case.
>
>We might have similar issues with other entities tied to a session like
>PrincipalManager, VersionManager, ... Basically all (indirect) callers
>of SessionDelegate#getRoot() are suspect... and that's quite a list.
>
>To me the cleanest solution seems to be changing
>SessionDelegate#getRoot() to SessionDelegate#getRootProvider() thus
>signalling to clients they need to acquire the root on an as need basis.
>
>WDYT?
>
>Michael
>
>
>[1] https://issues.apache.org/jira/browse/OAK-938
>[2] https://issues.apache.org/jira/browse/OAK-803