You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2020/09/01 08:52:27 UTC
svn commit: r1881352 - in
/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark:
./ authorization/ authorization/permission/ authorization/principalbased/
Author: angela
Date: Tue Sep 1 08:52:26 2020
New Revision: 1881352
URL: http://svn.apache.org/viewvc?rev=1881352&view=rev
Log:
OAK-9186 : AbstractAccessControlManager improve refresh strategy of PermissionProvider - create benchmarks
Added:
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/AbstractHasItemGetItemTest.java (with props)
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPermissionHasItemGetItemTest.java (with props)
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPrivilegesHasItemGetItemTest.java (with props)
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/Utils.java (with props)
Modified:
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/ReadDeepTreeTest.java
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/permission/EagerCacheSizeTest.java
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/HasItemGetItemIsModifiedTest.java
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PermissionEvaluationTest.java
jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PrinicipalBasedReadTest.java
Modified: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java?rev=1881352&r1=1881351&r2=1881352&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java (original)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java Tue Sep 1 08:52:26 2020
@@ -47,6 +47,8 @@ import org.apache.jackrabbit.oak.benchma
import org.apache.jackrabbit.oak.benchmark.authentication.external.SyncExternalUsersTest;
import org.apache.jackrabbit.oak.benchmark.authorization.AceCreationTest;
import org.apache.jackrabbit.oak.benchmark.authorization.CanReadNonExisting;
+import org.apache.jackrabbit.oak.benchmark.authorization.HasPermissionHasItemGetItemTest;
+import org.apache.jackrabbit.oak.benchmark.authorization.HasPrivilegesHasItemGetItemTest;
import org.apache.jackrabbit.oak.benchmark.authorization.permission.EagerCacheSizeTest;
import org.apache.jackrabbit.oak.benchmark.authorization.principalbased.HasItemGetItemIsModifiedTest;
import org.apache.jackrabbit.oak.benchmark.authorization.principalbased.PermissionEvaluationTest;
@@ -256,6 +258,16 @@ public class BenchmarkRunner {
benchmarkOptions.getNumberOfUsers().value(options),
cacheSize,
benchmarkOptions.getReport().value(options)),
+ new HasPrivilegesHasItemGetItemTest(
+ benchmarkOptions.getItemsToRead().value(options),
+ benchmarkOptions.getNumberOfInitialAce().value(options),
+ benchmarkOptions.getNumberOfGroups().value(options),
+ benchmarkOptions.getReport().value(options)),
+ new HasPermissionHasItemGetItemTest(
+ benchmarkOptions.getItemsToRead().value(options),
+ benchmarkOptions.getNumberOfInitialAce().value(options),
+ benchmarkOptions.getNumberOfGroups().value(options),
+ benchmarkOptions.getReport().value(options)),
new ConcurrentReadDeepTreeTest(
benchmarkOptions.getRunAsAdmin().value(options),
benchmarkOptions.getItemsToRead().value(options),
Modified: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/ReadDeepTreeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/ReadDeepTreeTest.java?rev=1881352&r1=1881351&r2=1881352&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/ReadDeepTreeTest.java (original)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/ReadDeepTreeTest.java Tue Sep 1 08:52:26 2020
@@ -16,10 +16,11 @@
*/
package org.apache.jackrabbit.oak.benchmark;
-import java.io.InputStream;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import org.apache.jackrabbit.util.Text;
+import org.jetbrains.annotations.NotNull;
import javax.jcr.ImportUUIDBehavior;
import javax.jcr.Item;
@@ -31,12 +32,13 @@ import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.jcr.util.TraversingItemVisitor;
-
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
-import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
-import org.apache.jackrabbit.util.Text;
-import org.jetbrains.annotations.NotNull;
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
/**
* Randomly read 1000 items from the deep tree.
@@ -59,6 +61,7 @@ public class ReadDeepTreeTest extends Ab
protected Session testSession;
protected List<String> allPaths = new ArrayList<String>();
+ protected List<String> nodePaths = new ArrayList<>();
protected ReadDeepTreeTest(boolean runAsAdmin, int itemsToRead, boolean doReport) {
this(runAsAdmin, itemsToRead, doReport, true);
@@ -124,7 +127,11 @@ public class ReadDeepTreeTest extends Ab
}
protected void visitingNode(Node node, int i) throws RepositoryException {
- allPaths.add(node.getPath());
+ String path = node.getPath();
+ allPaths.add(path);
+ if (!path.contains(AccessControlConstants.REP_POLICY)) {
+ nodePaths.add(path);
+ }
}
protected void visitingProperty(Property property, int i) throws RepositoryException {
Added: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/AbstractHasItemGetItemTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/AbstractHasItemGetItemTest.java?rev=1881352&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/AbstractHasItemGetItemTest.java (added)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/AbstractHasItemGetItemTest.java Tue Sep 1 08:52:26 2020
@@ -0,0 +1,172 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.benchmark.authorization;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.benchmark.ReadDeepTreeTest;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.jetbrains.annotations.NotNull;
+
+import javax.jcr.Item;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.List;
+
+import static javax.jcr.security.Privilege.JCR_ALL;
+
+abstract class AbstractHasItemGetItemTest extends ReadDeepTreeTest {
+
+ private final int numberOfACEs;
+
+ private final int numberOfGroups;
+ private Subject subject;
+
+ List<Privilege> allPrivileges;
+
+ AbstractHasItemGetItemTest(int itemsToRead, int numberOfACEs, int numberOfGroups, boolean doReport) {
+ super(false, itemsToRead, doReport, false);
+
+ this.numberOfACEs = numberOfACEs;
+ this.numberOfGroups = numberOfGroups;
+ }
+
+ @Override
+ protected void beforeSuite() throws Exception {
+ super.beforeSuite();
+
+ // populate subject
+ subject = new Subject();
+ UserManager userManager = ((JackrabbitSession) adminSession).getUserManager();
+ User user = userManager.createUser("testuser", "pw");
+ subject.getPrincipals().add(user.getPrincipal());
+
+ for (int i = 0; i < numberOfGroups; i++) {
+ Group gr = userManager.createGroup("group" +i);
+ subject.getPrincipals().add(gr.getPrincipal());
+ }
+ adminSession.save();
+
+ JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) adminSession.getAccessControlManager();
+
+ // grant read at the root for one of the principals
+ Privilege[] readPrivs = AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ);
+ Principal principal = subject.getPrincipals().iterator().next();
+ Utils.addEntry(acMgr, principal, PathUtils.ROOT_PATH, readPrivs);
+
+ // create additional ACEs according to benchmark configuration
+ allPrivileges = Lists.newArrayList(acMgr.privilegeFromName(JCR_ALL).getAggregatePrivileges());
+ createForEachPrincipal(principal, acMgr, allPrivileges);
+
+ adminSession.save();
+ }
+
+ private void createForEachPrincipal(@NotNull Principal pGrantedRead, @NotNull JackrabbitAccessControlManager acMgr, @NotNull List<Privilege> allPrivileges) throws RepositoryException {
+ for (Principal principal : subject.getPrincipals()) {
+ int cnt = 0;
+ int targetCnt = (principal.getName().equals(pGrantedRead.getName())) ? numberOfACEs-1 : numberOfACEs;
+ while (cnt < targetCnt) {
+ if (Utils.addEntry(acMgr, principal, getRandom(nodePaths), (Privilege[]) Utils.getRandom(allPrivileges, 3).toArray(new Privilege[0]))) {
+ cnt++;
+ }
+ }
+ }
+ }
+
+ @Override
+ protected void afterSuite() throws Exception {
+ try {
+ Utils.removePrincipals(subject.getPrincipals(), adminSession);
+ } finally {
+ super.afterSuite();
+ }
+ }
+
+ @Override
+ protected void randomRead(Session testSession, List<String> allPaths, int cnt) throws RepositoryException {
+ boolean logout = false;
+ if (testSession == null) {
+ testSession = getTestSession();
+ logout = true;
+ }
+ try {
+ int nodeCnt = 0;
+ int propertyCnt = 0;
+ int addCnt = 0;
+ int noAccess = 0;
+ int size = allPaths.size();
+
+ AccessControlManager acMgr = testSession.getAccessControlManager();
+
+ long start = System.currentTimeMillis();
+ for (int i = 0; i < cnt; i++) {
+ double rand = size * Math.random();
+ int index = (int) Math.floor(rand);
+ String path = allPaths.get(index);
+ if (i % 100 == 0) {
+ addCnt++;
+ additionalRead(path, testSession, acMgr);
+ }
+ if (testSession.itemExists(path)) {
+ Item item = testSession.getItem(path);
+ if (item.isNode()) {
+ nodeCnt++;
+ } else {
+ propertyCnt++;
+ }
+ } else {
+ noAccess++;
+ }
+ }
+ long end = System.currentTimeMillis();
+ if (doReport) {
+ System.out.println("Session " + testSession.getUserID() + " reading " + cnt + " (Nodes: "+ nodeCnt +"; Properties: "+propertyCnt+"; no access: "+noAccess+"; "+ additionalMethodName()+": "+addCnt+") completed in " + (end - start));
+ }
+ } finally {
+ if (logout) {
+ logout(testSession);
+ }
+ }
+ }
+
+ abstract String additionalMethodName();
+
+ abstract void additionalRead(String path, Session s, AccessControlManager acMgr);
+
+ @NotNull
+ @Override
+ protected Session getTestSession() {
+ return loginSubject(subject);
+ }
+
+ @NotNull
+ @Override
+ protected String getImportFileName() {
+ return "deepTree.xml";
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/AbstractHasItemGetItemTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPermissionHasItemGetItemTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPermissionHasItemGetItemTest.java?rev=1881352&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPermissionHasItemGetItemTest.java (added)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPermissionHasItemGetItemTest.java Tue Sep 1 08:52:26 2020
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.benchmark.authorization;
+
+import com.google.common.collect.Lists;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import org.apache.jackrabbit.util.Text;
+import org.jetbrains.annotations.NotNull;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.security.AccessControlManager;
+import java.util.List;
+
+public class HasPermissionHasItemGetItemTest extends AbstractHasItemGetItemTest {
+
+ private static final List<String> PERMISSIONS = Lists.newArrayList(Permissions.PERMISSION_NAMES.values());
+
+ public HasPermissionHasItemGetItemTest(int itemsToRead, int numberOfACEs, int numberOfGroups, boolean doReport) {
+ super(itemsToRead, numberOfACEs, numberOfGroups, doReport);
+ }
+
+ @Override
+ String additionalMethodName() {
+ return "hasPermission";
+ }
+
+ @Override
+ void additionalRead(String path, Session s, AccessControlManager acMgr) {
+ try {
+ String actions = Text.implode((String[]) Utils.getRandom(PERMISSIONS, 3).toArray(new String[0]), ",");
+ s.hasPermission(path, actions);
+ } catch (RepositoryException e) {
+ if (doReport) {
+ e.printStackTrace(System.out);
+ }
+ }
+ }
+
+ @NotNull
+ @Override
+ protected String getTestNodeName() {
+ return "HasPermissionHasItemGetItemTest";
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPermissionHasItemGetItemTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPrivilegesHasItemGetItemTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPrivilegesHasItemGetItemTest.java?rev=1881352&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPrivilegesHasItemGetItemTest.java (added)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPrivilegesHasItemGetItemTest.java Tue Sep 1 08:52:26 2020
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.benchmark.authorization;
+
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import org.jetbrains.annotations.NotNull;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+import java.util.Set;
+
+public class HasPrivilegesHasItemGetItemTest extends AbstractHasItemGetItemTest {
+
+ private Set<String> nodeSet;
+
+ public HasPrivilegesHasItemGetItemTest(int itemsToRead, int numberOfACEs, int numberOfGroups, boolean doReport) {
+ super(itemsToRead, numberOfACEs, numberOfGroups, doReport);
+ }
+
+ @Override
+ protected void beforeSuite() throws Exception {
+ super.beforeSuite();
+ nodeSet = ImmutableSet.copyOf(nodePaths);
+ }
+
+ @Override
+ String additionalMethodName() {
+ return "hasPrivileges";
+ }
+
+ @Override
+ void additionalRead(String path, Session s, AccessControlManager acMgr) {
+ String np = path;
+ if (!nodeSet.contains(path)) {
+ int ind = path.indexOf(AccessControlConstants.REP_POLICY);
+ if (ind == -1) {
+ np = PathUtils.getParentPath(path);
+ } else {
+ np = path.substring(0, ind);
+ }
+ }
+ try {
+ acMgr.hasPrivileges(np, (Privilege[]) Utils.getRandom(allPrivileges, 3).toArray(new Privilege[0]));
+ } catch (RepositoryException e) {
+ if (doReport) {
+ e.printStackTrace(System.out);
+ }
+ }
+ }
+
+ @NotNull
+ @Override
+ protected String getTestNodeName() {
+ return "HasPrivilegesHasItemGetItemTest";
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/HasPrivilegesHasItemGetItemTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/Utils.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/Utils.java?rev=1881352&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/Utils.java (added)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/Utils.java Tue Sep 1 08:52:26 2020
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.benchmark.authorization;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.jetbrains.annotations.NotNull;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.security.Privilege;
+import java.security.Principal;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+public class Utils {
+
+ private static final Logger log = LoggerFactory.getLogger(Utils.class);
+
+
+ @NotNull
+ public static Collection getRandom(@NotNull List<?> objects, int len) {
+ int size = objects.size();
+ if (len > size) {
+ throw new IllegalArgumentException();
+ } else if (len == size) {
+ return objects;
+ } else {
+ Set s = new HashSet(len);
+ while (s.size() < len) {
+ int index = (int) Math.floor(size * Math.random());
+ s.add(objects.get(index));
+ }
+ return s;
+ }
+ }
+
+ public static boolean addEntry(@NotNull JackrabbitAccessControlManager acMgr, @NotNull Principal principal, @NotNull String path, @NotNull Privilege[] privileges) throws RepositoryException {
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
+ if (acl == null) {
+ throw new IllegalStateException("No policy to setup ACE.");
+ }
+ boolean added = acl.addAccessControlEntry(principal, privileges);
+ if (added) {
+ acMgr.setPolicy(acl.getPath(), acl);
+ }
+ return added;
+ }
+
+ public static void removePrincipals(@NotNull Set<Principal> principalSet, @NotNull Session session) throws RepositoryException {
+ UserManager userManager = ((JackrabbitSession) session).getUserManager();
+ for (Principal p : principalSet) {
+ Authorizable a = userManager.getAuthorizable(p);
+ if (a != null) {
+ a.remove();
+ }
+ }
+ session.save();
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/Utils.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/permission/EagerCacheSizeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/permission/EagerCacheSizeTest.java?rev=1881352&r1=1881351&r2=1881352&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/permission/EagerCacheSizeTest.java (original)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/permission/EagerCacheSizeTest.java Tue Sep 1 08:52:26 2020
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.benchmark.ReadDeepTreeTest;
+import org.apache.jackrabbit.oak.benchmark.authorization.Utils;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.fixture.JcrCreator;
import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture;
@@ -62,8 +63,6 @@ public class EagerCacheSizeTest extends
private final int numberOfACEs;
private final int subjectSize;
private final long eagerCacheSize;
-
- private final List<String> nodePaths = new ArrayList<>();
private Subject subject;
public EagerCacheSizeTest(int itemsToRead, int repeatedRead, int numberOfACEs, int subjectSize, long eagerCacheSize, boolean doReport) {
@@ -107,7 +106,7 @@ public class EagerCacheSizeTest extends
// grant read at the root
Principal principal = subject.getPrincipals().iterator().next();
Privilege[] readPrivs = AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ);
- addEntry(acMgr, principal, PathUtils.ROOT_PATH, readPrivs);
+ Utils.addEntry(acMgr, principal, PathUtils.ROOT_PATH, readPrivs);
// create additional ACEs for each principal in the subject
List<Privilege> allPrivileges = Lists.newArrayList(acMgr.privilegeFromName(JCR_ALL).getAggregatePrivileges());
@@ -117,51 +116,23 @@ public class EagerCacheSizeTest extends
if (!principalIterator.hasNext()) {
throw new IllegalStateException("Cannot setup ACE. no principals available.");
}
- if (addEntry(acMgr, principalIterator.next(), getRandom(nodePaths), getRandomPrivileges(allPrivileges))) {
+ if (Utils.addEntry(acMgr, principalIterator.next(), getRandom(nodePaths), getRandomPrivileges(allPrivileges))) {
cnt++;
}
}
adminSession.save();
}
- @Override
- protected void visitingNode(Node node, int i) throws RepositoryException {
- super.visitingNode(node, i);
- String path = node.getPath();
- if (!path.contains(AccessControlConstants.REP_POLICY)) {
- nodePaths.add(path);
- }
- }
-
@NotNull
private static Privilege[] getRandomPrivileges(@NotNull List<Privilege> allPrivileges) {
Collections.shuffle(allPrivileges);
return allPrivileges.subList(0, 3).toArray(new Privilege[0]);
}
- private static boolean addEntry(@NotNull JackrabbitAccessControlManager acMgr, @NotNull Principal principal, @NotNull String path, @NotNull Privilege[] privileges) throws RepositoryException {
- JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
- if (acl == null) {
- throw new IllegalStateException("No policy to setup ACE.");
- }
- boolean added = acl.addAccessControlEntry(principal, privileges);
- if (added) {
- acMgr.setPolicy(acl.getPath(), acl);
- }
- return added;
- }
-
@Override
protected void afterSuite() throws Exception {
try {
- UserManager userManager = ((JackrabbitSession) adminSession).getUserManager();
- for (Principal p : subject.getPrincipals()) {
- Authorizable a = userManager.getAuthorizable(p);
- if (a != null) {
- a.remove();
- }
- }
- adminSession.save();
+ Utils.removePrincipals(subject.getPrincipals(), adminSession);
} finally {
super.afterSuite();
}
Modified: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/HasItemGetItemIsModifiedTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/HasItemGetItemIsModifiedTest.java?rev=1881352&r1=1881351&r2=1881352&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/HasItemGetItemIsModifiedTest.java (original)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/HasItemGetItemIsModifiedTest.java Tue Sep 1 08:52:26 2020
@@ -29,6 +29,7 @@ public class HasItemGetItemIsModifiedTes
super(itemsToRead, numberOfACEs, subjectSize, entriesForEachPrincipal, testDefault, compositionType, useAggregationFilter, doReport);
}
+ @Override
protected void randomRead(Session testSession, List<String> allPaths, int cnt) throws RepositoryException {
boolean logout = false;
if (testSession == null) {
Modified: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PermissionEvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PermissionEvaluationTest.java?rev=1881352&r1=1881351&r2=1881352&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PermissionEvaluationTest.java (original)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PermissionEvaluationTest.java Tue Sep 1 08:52:26 2020
@@ -30,6 +30,7 @@ public class PermissionEvaluationTest ex
super(itemsToRead, numberOfACEs, subjectSize, entriesForEachPrincipal, testDefault, compositionType, useAggregationFilter, doReport);
}
+ @Override
protected void randomRead(Session testSession, List<String> allPaths, int cnt) throws RepositoryException {
boolean logout = false;
if (testSession == null) {
Modified: jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PrinicipalBasedReadTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PrinicipalBasedReadTest.java?rev=1881352&r1=1881351&r2=1881352&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PrinicipalBasedReadTest.java (original)
+++ jackrabbit/oak/trunk/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authorization/principalbased/PrinicipalBasedReadTest.java Tue Sep 1 08:52:26 2020
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.benchmark.ReadDeepTreeTest;
+import org.apache.jackrabbit.oak.benchmark.authorization.Utils;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.composite.MountInfoProviderService;
import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture;
@@ -78,8 +79,6 @@ public class PrinicipalBasedReadTest ext
private final String compositionType;
private final boolean useAggregationFilter;
- private List<String> nodePaths = new ArrayList<>();
-
public PrinicipalBasedReadTest(int itemsToRead, int numberOfACEs, int subjectSize, boolean entriesForEachPrincipal, boolean testDefault, @NotNull String compositionType, boolean useAggregationFilter, boolean doReport) {
super(false, itemsToRead, doReport, false);
@@ -126,15 +125,6 @@ public class PrinicipalBasedReadTest ext
adminSession.save();
}
- @Override
- protected void visitingNode(Node node, int i) throws RepositoryException {
- super.visitingNode(node, i);
- String path = node.getPath();
- if (!path.contains(AccessControlConstants.REP_POLICY)) {
- nodePaths.add(path);
- }
- }
-
private void createForRotatingPrincipal(@NotNull JackrabbitAccessControlManager acMgr, @NotNull List<Privilege> allPrivileges) throws RepositoryException {
Iterator<Principal> principalIterator = Iterators.cycle(subject.getPrincipals());
int cnt = 0;
@@ -195,14 +185,7 @@ public class PrinicipalBasedReadTest ext
@Override
protected void afterSuite() throws Exception {
try {
- UserManager userManager = ((JackrabbitSession) adminSession).getUserManager();
- for (Principal p : subject.getPrincipals()) {
- Authorizable a = userManager.getAuthorizable(p);
- if (a != null) {
- a.remove();
- }
- }
- adminSession.save();
+ Utils.removePrincipals(subject.getPrincipals(), adminSession);
} finally {
super.afterSuite();
}