You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-dev@jackrabbit.apache.org by Angela Schreiber <an...@adobe.com> on 2013/07/30 09:29:04 UTC
Re: svn commit: r1508182 -
/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java
hi michael
that's the kind of extensions i was referring to when proposing
to use variant 3) for the read-only session (i.e. the proposal
with an extra JackrabbitRepository#login method that takes an extra
attributes map).
limiting the refresh interval to simplecredentials and tokencredentials
and checking for instanceof looks quite clumsy to me. in addition
it will cause extra maintenance effort or odd behaviour for authentication
setup scenarios that want to use other credentials implementations,
which is perfectly legal from a JCR point of view.
kind regards
angela
On 7/29/13 9:02 PM, "mduerig@apache.org" <md...@apache.org> wrote:
>Author: mduerig
>Date: Mon Jul 29 19:02:56 2013
>New Revision: 1508182
>
>URL: http://svn.apache.org/r1508182
>Log:
>OAK-803: Backwards compatibility of long-lived sessions
>Evaluate refresh-interval attribute on SimpleCredentials and
>TokenCredentials
>
>Modified:
>
>jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>epositoryImpl.java
>
>Modified:
>jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>epositoryImpl.java
>URL:
>http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/or
>g/apache/jackrabbit/oak/jcr/RepositoryImpl.java?rev=1508182&r1=1508181&r2=
>1508182&view=diff
>==========================================================================
>====
>---
>jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>epositoryImpl.java (original)
>+++
>jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>epositoryImpl.java Mon Jul 29 19:02:56 2013
>@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.jcr;
>
> import static com.google.common.base.Preconditions.checkNotNull;
>
>-import java.security.Principal;
> import java.util.concurrent.TimeUnit;
>
> import javax.annotation.Nonnull;
>@@ -27,15 +26,16 @@ import javax.jcr.Credentials;
> import javax.jcr.Repository;
> import javax.jcr.RepositoryException;
> import javax.jcr.Session;
>+import javax.jcr.SimpleCredentials;
> import javax.jcr.Value;
> import javax.security.auth.login.LoginException;
>
>+import
>org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
> import org.apache.jackrabbit.commons.SimpleValueFactory;
> import org.apache.jackrabbit.oak.api.ContentRepository;
> import org.apache.jackrabbit.oak.api.ContentSession;
> import org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate;
> import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
>-import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
> import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
> import org.slf4j.Logger;
> import org.slf4j.LoggerFactory;
>@@ -50,8 +50,18 @@ public class RepositoryImpl implements R
> */
> private static final Logger log =
>LoggerFactory.getLogger(RepositoryImpl.class);
>
>- // TODO implement auto refresh configuration. See OAK-803, OAK-88
>- private static final long AUTO_REFRESH_INTERVAL =
>TimeUnit.SECONDS.toMillis(1);
>+ /**
>+ * Name of the session attribute value determining the session
>refresh
>+ * behaviour.
>+ *
>+ * @see SessionDelegate#SessionDelegate(ContentSession, long)
>+ */
>+ public static final String REFRESH_INTERVAL = "refresh-interval";
>+
>+ /**
>+ * Default value for {@link #REFRESH_INTERVAL}.
>+ */
>+ private static final long DEFAULT_REFRESH_INTERVAL =
>TimeUnit.SECONDS.toMillis(1);
>
> private final Descriptors descriptors = new Descriptors(new
>SimpleValueFactory());
> private final ContentRepository contentRepository;
>@@ -123,33 +133,58 @@ public class RepositoryImpl implements R
> return descriptors.isSingleValueDescriptor(key);
> }
>
>- /**
>- * @see javax.jcr.Repository#login(javax.jcr.Credentials, String)
>- */
>- @Override
>- public Session login(@Nullable Credentials credentials, @Nullable
>String workspaceName) throws RepositoryException {
>+ private Session login(
>+ @Nullable Credentials credentials, @Nullable String
>workspaceName,
>+ long refreshInterval) throws RepositoryException {
> try {
>- ContentSession contentSession =
>- contentRepository.login(credentials, workspaceName);
>-
>- // For better backwards compatibility admin sessions should
>always
>- // be on the latest revision: set refresh interval to 0. See
>OAK-803.
>- SessionContext context = new SessionContext(
>- this, whiteboard, new SessionDelegate(
>- contentSession, /* isAdmin(contentSession) ?
>0 : */ AUTO_REFRESH_INTERVAL));
>+ ContentSession contentSession =
>contentRepository.login(credentials, workspaceName);
>+ SessionContext context = new SessionContext(this, whiteboard,
>+ new SessionDelegate(contentSession,
>refreshInterval));
> return context.getSession();
> } catch (LoginException e) {
> throw new javax.jcr.LoginException(e.getMessage(), e);
> }
> }
>
>- private static boolean isAdmin(ContentSession contentSession) {
>- for (Principal p : contentSession.getAuthInfo().getPrincipals())
>{
>- if (p instanceof AdminPrincipal) {
>- return true;
>+ private static long getRefreshInterval(Credentials credentials) {
>+ if (credentials instanceof SimpleCredentials) {
>+ Object refreshAttribute = ((SimpleCredentials) credentials)
>+ .getAttribute(REFRESH_INTERVAL);
>+ if (refreshAttribute instanceof Long) {
>+ return (Long) refreshAttribute;
>+ } else if (refreshAttribute instanceof Integer) {
>+ return (Integer) refreshAttribute;
>+ } else if (refreshAttribute instanceof String) {
>+ return toLong((String) refreshAttribute);
> }
>+ } else if (credentials instanceof TokenCredentials) {
>+ String refreshAttribute = ((TokenCredentials) credentials)
>+ .getAttribute(REFRESH_INTERVAL);
>+ if (refreshAttribute != null) {
>+ return toLong(refreshAttribute);
>+ }
>+ }
>+ return DEFAULT_REFRESH_INTERVAL;
>+ }
>+
>+ private static long toLong(String longValue) {
>+ try {
>+ return Long.parseLong(longValue);
>+ } catch (NumberFormatException e) {
>+ log.warn("Invalid value '" + longValue + "' for " +
>REFRESH_INTERVAL +
>+ ". Expected long. Defaulting to '" +
>DEFAULT_REFRESH_INTERVAL +
>+ "' seconds .", e);
>+ return DEFAULT_REFRESH_INTERVAL;
> }
>- return false;
>+ }
>+
>+ /**
>+ * @see javax.jcr.Repository#login(javax.jcr.Credentials, String)
>+ */
>+ @Override
>+ public Session login(@Nullable Credentials credentials, @Nullable
>String workspaceName)
>+ throws RepositoryException {
>+ return login(credentials, workspaceName,
>getRefreshInterval(credentials));
> }
>
> /**
>
>
Re: svn commit: r1508182 - /jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java
Posted by Michael Dürig <md...@apache.org>.
On 30.7.13 9:29, Angela Schreiber wrote:
> hi michael
>
> that's the kind of extensions i was referring to when proposing
> to use variant 3) for the read-only session (i.e. the proposal
> with an extra JackrabbitRepository#login method that takes an extra
> attributes map).
>
> limiting the refresh interval to simplecredentials and tokencredentials
> and checking for instanceof looks quite clumsy to me. in addition
> it will cause extra maintenance effort or odd behaviour for authentication
> setup scenarios that want to use other credentials implementations,
> which is perfectly legal from a JCR point of view.
Yes I'm aware of that. I'll try to implement something along the lines
of 3) also. The reason for doing 1) is that 3) has an impact on APIs and
Jackrabbit 2 as well and will therefore certainly take longer to get done.
With 1) we unblock clients that need a way to experiment with different
refresh intervals for sorting out their issues.
Going forward we could either document 1) to only work for for said
credential types, or add some wrapper that turn other credentials into
attribute carrying credentials, or even remove it again once we have 3)
established.
Michael
>
> kind regards
> angela
>
>
> On 7/29/13 9:02 PM, "mduerig@apache.org" <md...@apache.org> wrote:
>
>> Author: mduerig
>> Date: Mon Jul 29 19:02:56 2013
>> New Revision: 1508182
>>
>> URL: http://svn.apache.org/r1508182
>> Log:
>> OAK-803: Backwards compatibility of long-lived sessions
>> Evaluate refresh-interval attribute on SimpleCredentials and
>> TokenCredentials
>>
>> Modified:
>>
>> jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>> epositoryImpl.java
>>
>> Modified:
>> jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>> epositoryImpl.java
>> URL:
>> http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/or
>> g/apache/jackrabbit/oak/jcr/RepositoryImpl.java?rev=1508182&r1=1508181&r2=
>> 1508182&view=diff
>> ==========================================================================
>> ====
>> ---
>> jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>> epositoryImpl.java (original)
>> +++
>> jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>> epositoryImpl.java Mon Jul 29 19:02:56 2013
>> @@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.jcr;
>>
>> import static com.google.common.base.Preconditions.checkNotNull;
>>
>> -import java.security.Principal;
>> import java.util.concurrent.TimeUnit;
>>
>> import javax.annotation.Nonnull;
>> @@ -27,15 +26,16 @@ import javax.jcr.Credentials;
>> import javax.jcr.Repository;
>> import javax.jcr.RepositoryException;
>> import javax.jcr.Session;
>> +import javax.jcr.SimpleCredentials;
>> import javax.jcr.Value;
>> import javax.security.auth.login.LoginException;
>>
>> +import
>> org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
>> import org.apache.jackrabbit.commons.SimpleValueFactory;
>> import org.apache.jackrabbit.oak.api.ContentRepository;
>> import org.apache.jackrabbit.oak.api.ContentSession;
>> import org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate;
>> import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
>> -import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
>> import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
>> import org.slf4j.Logger;
>> import org.slf4j.LoggerFactory;
>> @@ -50,8 +50,18 @@ public class RepositoryImpl implements R
>> */
>> private static final Logger log =
>> LoggerFactory.getLogger(RepositoryImpl.class);
>>
>> - // TODO implement auto refresh configuration. See OAK-803, OAK-88
>> - private static final long AUTO_REFRESH_INTERVAL =
>> TimeUnit.SECONDS.toMillis(1);
>> + /**
>> + * Name of the session attribute value determining the session
>> refresh
>> + * behaviour.
>> + *
>> + * @see SessionDelegate#SessionDelegate(ContentSession, long)
>> + */
>> + public static final String REFRESH_INTERVAL = "refresh-interval";
>> +
>> + /**
>> + * Default value for {@link #REFRESH_INTERVAL}.
>> + */
>> + private static final long DEFAULT_REFRESH_INTERVAL =
>> TimeUnit.SECONDS.toMillis(1);
>>
>> private final Descriptors descriptors = new Descriptors(new
>> SimpleValueFactory());
>> private final ContentRepository contentRepository;
>> @@ -123,33 +133,58 @@ public class RepositoryImpl implements R
>> return descriptors.isSingleValueDescriptor(key);
>> }
>>
>> - /**
>> - * @see javax.jcr.Repository#login(javax.jcr.Credentials, String)
>> - */
>> - @Override
>> - public Session login(@Nullable Credentials credentials, @Nullable
>> String workspaceName) throws RepositoryException {
>> + private Session login(
>> + @Nullable Credentials credentials, @Nullable String
>> workspaceName,
>> + long refreshInterval) throws RepositoryException {
>> try {
>> - ContentSession contentSession =
>> - contentRepository.login(credentials, workspaceName);
>> -
>> - // For better backwards compatibility admin sessions should
>> always
>> - // be on the latest revision: set refresh interval to 0. See
>> OAK-803.
>> - SessionContext context = new SessionContext(
>> - this, whiteboard, new SessionDelegate(
>> - contentSession, /* isAdmin(contentSession) ?
>> 0 : */ AUTO_REFRESH_INTERVAL));
>> + ContentSession contentSession =
>> contentRepository.login(credentials, workspaceName);
>> + SessionContext context = new SessionContext(this, whiteboard,
>> + new SessionDelegate(contentSession,
>> refreshInterval));
>> return context.getSession();
>> } catch (LoginException e) {
>> throw new javax.jcr.LoginException(e.getMessage(), e);
>> }
>> }
>>
>> - private static boolean isAdmin(ContentSession contentSession) {
>> - for (Principal p : contentSession.getAuthInfo().getPrincipals())
>> {
>> - if (p instanceof AdminPrincipal) {
>> - return true;
>> + private static long getRefreshInterval(Credentials credentials) {
>> + if (credentials instanceof SimpleCredentials) {
>> + Object refreshAttribute = ((SimpleCredentials) credentials)
>> + .getAttribute(REFRESH_INTERVAL);
>> + if (refreshAttribute instanceof Long) {
>> + return (Long) refreshAttribute;
>> + } else if (refreshAttribute instanceof Integer) {
>> + return (Integer) refreshAttribute;
>> + } else if (refreshAttribute instanceof String) {
>> + return toLong((String) refreshAttribute);
>> }
>> + } else if (credentials instanceof TokenCredentials) {
>> + String refreshAttribute = ((TokenCredentials) credentials)
>> + .getAttribute(REFRESH_INTERVAL);
>> + if (refreshAttribute != null) {
>> + return toLong(refreshAttribute);
>> + }
>> + }
>> + return DEFAULT_REFRESH_INTERVAL;
>> + }
>> +
>> + private static long toLong(String longValue) {
>> + try {
>> + return Long.parseLong(longValue);
>> + } catch (NumberFormatException e) {
>> + log.warn("Invalid value '" + longValue + "' for " +
>> REFRESH_INTERVAL +
>> + ". Expected long. Defaulting to '" +
>> DEFAULT_REFRESH_INTERVAL +
>> + "' seconds .", e);
>> + return DEFAULT_REFRESH_INTERVAL;
>> }
>> - return false;
>> + }
>> +
>> + /**
>> + * @see javax.jcr.Repository#login(javax.jcr.Credentials, String)
>> + */
>> + @Override
>> + public Session login(@Nullable Credentials credentials, @Nullable
>> String workspaceName)
>> + throws RepositoryException {
>> + return login(credentials, workspaceName,
>> getRefreshInterval(credentials));
>> }
>>
>> /**
>>
>>
>
Re: svn commit: r1508182 - /jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java
Posted by Chetan Mehrotra <ch...@gmail.com>.
How about if we expose this meta information part of ContentSession
interface via getAttribute method. Later some other Oak features
might require such hints
Internally it can perform logic which supports both #1 and #3
- Check in explicit sessionParameters maps provided via the new
method/interface as mentioned in #3
- Check for attribute as part of various known credential type
Chetan Mehrotra
On Tue, Jul 30, 2013 at 12:59 PM, Angela Schreiber <an...@adobe.com> wrote:
> hi michael
>
> that's the kind of extensions i was referring to when proposing
> to use variant 3) for the read-only session (i.e. the proposal
> with an extra JackrabbitRepository#login method that takes an extra
> attributes map).
>
> limiting the refresh interval to simplecredentials and tokencredentials
> and checking for instanceof looks quite clumsy to me. in addition
> it will cause extra maintenance effort or odd behaviour for authentication
> setup scenarios that want to use other credentials implementations,
> which is perfectly legal from a JCR point of view.
>
> kind regards
> angela
>
>
> On 7/29/13 9:02 PM, "mduerig@apache.org" <md...@apache.org> wrote:
>
>>Author: mduerig
>>Date: Mon Jul 29 19:02:56 2013
>>New Revision: 1508182
>>
>>URL: http://svn.apache.org/r1508182
>>Log:
>>OAK-803: Backwards compatibility of long-lived sessions
>>Evaluate refresh-interval attribute on SimpleCredentials and
>>TokenCredentials
>>
>>Modified:
>>
>>jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>>epositoryImpl.java
>>
>>Modified:
>>jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>>epositoryImpl.java
>>URL:
>>http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/or
>>g/apache/jackrabbit/oak/jcr/RepositoryImpl.java?rev=1508182&r1=1508181&r2=
>>1508182&view=diff
>>==========================================================================
>>====
>>---
>>jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>>epositoryImpl.java (original)
>>+++
>>jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/R
>>epositoryImpl.java Mon Jul 29 19:02:56 2013
>>@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.jcr;
>>
>> import static com.google.common.base.Preconditions.checkNotNull;
>>
>>-import java.security.Principal;
>> import java.util.concurrent.TimeUnit;
>>
>> import javax.annotation.Nonnull;
>>@@ -27,15 +26,16 @@ import javax.jcr.Credentials;
>> import javax.jcr.Repository;
>> import javax.jcr.RepositoryException;
>> import javax.jcr.Session;
>>+import javax.jcr.SimpleCredentials;
>> import javax.jcr.Value;
>> import javax.security.auth.login.LoginException;
>>
>>+import
>>org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
>> import org.apache.jackrabbit.commons.SimpleValueFactory;
>> import org.apache.jackrabbit.oak.api.ContentRepository;
>> import org.apache.jackrabbit.oak.api.ContentSession;
>> import org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate;
>> import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
>>-import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
>> import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
>> import org.slf4j.Logger;
>> import org.slf4j.LoggerFactory;
>>@@ -50,8 +50,18 @@ public class RepositoryImpl implements R
>> */
>> private static final Logger log =
>>LoggerFactory.getLogger(RepositoryImpl.class);
>>
>>- // TODO implement auto refresh configuration. See OAK-803, OAK-88
>>- private static final long AUTO_REFRESH_INTERVAL =
>>TimeUnit.SECONDS.toMillis(1);
>>+ /**
>>+ * Name of the session attribute value determining the session
>>refresh
>>+ * behaviour.
>>+ *
>>+ * @see SessionDelegate#SessionDelegate(ContentSession, long)
>>+ */
>>+ public static final String REFRESH_INTERVAL = "refresh-interval";
>>+
>>+ /**
>>+ * Default value for {@link #REFRESH_INTERVAL}.
>>+ */
>>+ private static final long DEFAULT_REFRESH_INTERVAL =
>>TimeUnit.SECONDS.toMillis(1);
>>
>> private final Descriptors descriptors = new Descriptors(new
>>SimpleValueFactory());
>> private final ContentRepository contentRepository;
>>@@ -123,33 +133,58 @@ public class RepositoryImpl implements R
>> return descriptors.isSingleValueDescriptor(key);
>> }
>>
>>- /**
>>- * @see javax.jcr.Repository#login(javax.jcr.Credentials, String)
>>- */
>>- @Override
>>- public Session login(@Nullable Credentials credentials, @Nullable
>>String workspaceName) throws RepositoryException {
>>+ private Session login(
>>+ @Nullable Credentials credentials, @Nullable String
>>workspaceName,
>>+ long refreshInterval) throws RepositoryException {
>> try {
>>- ContentSession contentSession =
>>- contentRepository.login(credentials, workspaceName);
>>-
>>- // For better backwards compatibility admin sessions should
>>always
>>- // be on the latest revision: set refresh interval to 0. See
>>OAK-803.
>>- SessionContext context = new SessionContext(
>>- this, whiteboard, new SessionDelegate(
>>- contentSession, /* isAdmin(contentSession) ?
>>0 : */ AUTO_REFRESH_INTERVAL));
>>+ ContentSession contentSession =
>>contentRepository.login(credentials, workspaceName);
>>+ SessionContext context = new SessionContext(this, whiteboard,
>>+ new SessionDelegate(contentSession,
>>refreshInterval));
>> return context.getSession();
>> } catch (LoginException e) {
>> throw new javax.jcr.LoginException(e.getMessage(), e);
>> }
>> }
>>
>>- private static boolean isAdmin(ContentSession contentSession) {
>>- for (Principal p : contentSession.getAuthInfo().getPrincipals())
>>{
>>- if (p instanceof AdminPrincipal) {
>>- return true;
>>+ private static long getRefreshInterval(Credentials credentials) {
>>+ if (credentials instanceof SimpleCredentials) {
>>+ Object refreshAttribute = ((SimpleCredentials) credentials)
>>+ .getAttribute(REFRESH_INTERVAL);
>>+ if (refreshAttribute instanceof Long) {
>>+ return (Long) refreshAttribute;
>>+ } else if (refreshAttribute instanceof Integer) {
>>+ return (Integer) refreshAttribute;
>>+ } else if (refreshAttribute instanceof String) {
>>+ return toLong((String) refreshAttribute);
>> }
>>+ } else if (credentials instanceof TokenCredentials) {
>>+ String refreshAttribute = ((TokenCredentials) credentials)
>>+ .getAttribute(REFRESH_INTERVAL);
>>+ if (refreshAttribute != null) {
>>+ return toLong(refreshAttribute);
>>+ }
>>+ }
>>+ return DEFAULT_REFRESH_INTERVAL;
>>+ }
>>+
>>+ private static long toLong(String longValue) {
>>+ try {
>>+ return Long.parseLong(longValue);
>>+ } catch (NumberFormatException e) {
>>+ log.warn("Invalid value '" + longValue + "' for " +
>>REFRESH_INTERVAL +
>>+ ". Expected long. Defaulting to '" +
>>DEFAULT_REFRESH_INTERVAL +
>>+ "' seconds .", e);
>>+ return DEFAULT_REFRESH_INTERVAL;
>> }
>>- return false;
>>+ }
>>+
>>+ /**
>>+ * @see javax.jcr.Repository#login(javax.jcr.Credentials, String)
>>+ */
>>+ @Override
>>+ public Session login(@Nullable Credentials credentials, @Nullable
>>String workspaceName)
>>+ throws RepositoryException {
>>+ return login(credentials, workspaceName,
>>getRefreshInterval(credentials));
>> }
>>
>> /**
>>
>>
>