You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2017/02/08 15:00:52 UTC
svn commit: r1782196 - in /jackrabbit/oak/trunk:
oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/
oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/
oak-au...
Author: angela
Date: Wed Feb 8 15:00:52 2017
New Revision: 1782196
URL: http://svn.apache.org/viewvc?rev=1782196&view=rev
Log:
OAK-5210 : Ability to resolve principal name from ExternalIdentityRef without IDP roundtrip
Added:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest.java
jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/PrincipalNameResolutionTest.java
- copied, changed from r1778156, jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/SyncExternalUsersTest.java
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/external/dynamic.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/identitymanagement.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java
Added: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.java?rev=1782196&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.java (added)
+++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.java Wed Feb 8 15:00:52 2017
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication.external;
+
+import javax.annotation.Nonnull;
+
+/**
+ * Interface to obtain the name of the {@link java.security.Principal} from a
+ * given {@link ExternalIdentityRef}. The aim of this interface is to prevent
+ * potentially unnecessary round trips associated with the following sequence:
+ *
+ * <pre>
+ * String principalName = null;
+ * ExternalIdentity extId = externalIDP.getIdentity(externalIdentityRef);
+ * if (extId != null) {
+ * principalName = extid.getPrincipalName();
+ * }
+ * </pre>
+ *
+ * This interface is expected to be implemented by {@link ExternalIdentityProvider}s,
+ * that can deduce the principal name from the reference without the extra round trip.
+ */
+public interface PrincipalNameResolver {
+
+ /**
+ * Deduce the name of the {@link java.security.Principal} associated with the
+ * {@link ExternalIdentity} represented by the given {@link ExternalIdentityRef}.
+ *
+ * @param externalIdentityRef A valid {@link ExternalIdentityRef} to an existing {@link ExternalIdentity}
+ * @return The name of the {@link java.security.Principal} associated with the external identity referenced by the given {@code externalIdentityRef}.
+ * @throws ExternalIdentityException If the reference is not valid or another error occurs.
+ */
+ @Nonnull
+ String fromExternalIdentityRef(@Nonnull ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException;
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java Wed Feb 8 15:00:52 2017
@@ -32,6 +32,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
@@ -150,17 +151,22 @@ public class DynamicSyncContext extends
* @throws ExternalIdentityException If an error occurs while resolving the the external group references.
*/
private void collectPrincipalNames(@Nonnull Set<String> principalNames, @Nonnull Iterable<ExternalIdentityRef> declaredGroupIdRefs, long depth) throws ExternalIdentityException {
+ boolean shortcut = (depth <= 1 && idp instanceof PrincipalNameResolver);
for (ExternalIdentityRef ref : declaredGroupIdRefs) {
- // get group
- ExternalIdentity extId = idp.getIdentity(ref);
- if (extId instanceof ExternalGroup) {
- principalNames.add(extId.getPrincipalName());
- // recursively apply further membership until the configured depth is reached
- if (depth > 1) {
- collectPrincipalNames(principalNames, extId.getDeclaredGroups(), depth - 1);
- }
+ if (shortcut) {
+ principalNames.add(((PrincipalNameResolver) idp).fromExternalIdentityRef(ref));
} else {
- log.debug("Not an external group ({}) => ignore.", extId);
+ // get group from the IDP
+ ExternalIdentity extId = idp.getIdentity(ref);
+ if (extId instanceof ExternalGroup) {
+ principalNames.add(extId.getPrincipalName());
+ // recursively apply further membership until the configured depth is reached
+ if (depth > 1) {
+ collectPrincipalNames(principalNames, extId.getDeclaredGroups(), depth - 1);
+ }
+ } else {
+ log.debug("Not an external group ({}) => ignore.", extId);
+ }
}
}
}
Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java Wed Feb 8 15:00:52 2017
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("2.2.0")
+@Version("2.3.0")
@Export
package org.apache.jackrabbit.oak.spi.security.authentication.external;
Added: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest.java?rev=1782196&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest.java (added)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest.java Wed Feb 8 15:00:52 2017
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
+
+public class PrincipalResolutionTest extends DynamicSyncContextTest {
+
+ @Override
+ protected ExternalIdentityProvider createIDP() {
+ return new PrincipalResolvingIDP();
+ }
+
+ private final class PrincipalResolvingIDP extends TestIdentityProvider implements PrincipalNameResolver {
+
+ @Nonnull
+ @Override
+ public String fromExternalIdentityRef(@Nonnull ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
+ ExternalIdentity identity = getIdentity(externalIdentityRef);
+ if (identity == null) {
+ throw new ExternalIdentityException();
+ } else {
+ return identity.getPrincipalName();
+ }
+ }
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Wed Feb 8 15:00:52 2017
@@ -78,6 +78,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -93,7 +94,7 @@ import org.slf4j.LoggerFactory;
policy = ConfigurationPolicy.REQUIRE
)
@Service
-public class LdapIdentityProvider implements ExternalIdentityProvider {
+public class LdapIdentityProvider implements ExternalIdentityProvider, PrincipalNameResolver {
/**
* default logger
@@ -183,6 +184,15 @@ public class LdapIdentityProvider implem
}
}
+ //----------------------------------------------< PrincipalNameResolver >---
+ @Nonnull
+ @Override
+ public String fromExternalIdentityRef(@Nonnull ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
+ if (!isMyRef(externalIdentityRef)) {
+ throw new ExternalIdentityException("Foreign IDP " + externalIdentityRef.getString());
+ }
+ return externalIdentityRef.getId();
+ }
//-------------------------------------------< ExternalIdentityProvider >---
@Nonnull
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java Wed Feb 8 15:00:52 2017
@@ -35,6 +35,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.util.Text;
@@ -414,6 +415,26 @@ public class LdapProviderTest {
assertArrayEquals("Array must not contain empty strings", new String[] {"a", "b" }, providerConfig.getCustomAttributes());
}
+ @Test
+ public void testResolvePrincipalNameUser() throws ExternalIdentityException {
+ ExternalUser user = idp.getUser(TEST_USER5_UID);
+ assertNotNull(user);
+ assertEquals(user.getPrincipalName(), idp.fromExternalIdentityRef(user.getExternalId()));
+ }
+
+ @Test
+ public void testResolvePrincipalNameGroup() throws ExternalIdentityException {
+ ExternalGroup gr = idp.getGroup(TEST_GROUP1_NAME);
+ assertNotNull(gr);
+
+ assertEquals(gr.getPrincipalName(), idp.fromExternalIdentityRef(gr.getExternalId()));
+ }
+
+ @Test(expected = ExternalIdentityException.class)
+ public void testResolvePrincipalNameForeignExtId() throws Exception {
+ idp.fromExternalIdentityRef(new ExternalIdentityRef("anyId", "anotherProviderName"));
+ }
+
public static void assertIfEquals(String message, String[] expected, Iterable<ExternalIdentityRef> result) {
List<String> dns = new LinkedList<String>();
for (ExternalIdentityRef ref: result) {
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/external/dynamic.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/external/dynamic.md?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/external/dynamic.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/external/dynamic.md Wed Feb 8 15:00:52 2017
@@ -48,6 +48,12 @@ effects:
membership nesting depth)
- External groups will no longer be synchronised into the repository's user management
but will only be available as `Principal`s (see section _User Management_ below).
+
+Note: as a further improvement the [PrincipalNameResolver] interface was introduced
+in Oak 1.6.1 to allow for optimized resolution of a principal names from a given
+`ExternalIdentityRef`. In order to benefit from that shortcut a given implementation
+of `ExternalIdentityProvider` needs to also implement `PrincipalNameResolver`.
+See also [OAK-5210].
##### Automatic Membership
@@ -131,8 +137,10 @@ membership configuration.
[DefaultSyncContext]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.html
[DefaultSyncConfig]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncConfig.html
[ExternalIdentityProvider]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.html
+[PrincipalNameResolver]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.html
[OAK-4101]: https://issues.apache.org/jira/browse/OAK-4101
[OAK-2687]: https://issues.apache.org/jira/browse/OAK-2687
[OAK-4087]: https://issues.apache.org/jira/browse/OAK-4087
[OAK-5194]: https://issues.apache.org/jira/browse/OAK-5194
-[OAK-5195]: https://issues.apache.org/jira/browse/OAK-5195
\ No newline at end of file
+[OAK-5195]: https://issues.apache.org/jira/browse/OAK-5195
+[OAK-5210]: https://issues.apache.org/jira/browse/OAK-5210
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/identitymanagement.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/identitymanagement.md?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/identitymanagement.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/identitymanagement.md Wed Feb 8 15:00:52 2017
@@ -33,6 +33,7 @@ accounts such as needed for the [synchro
- [ExternalUser]
- [ExternalGroup]
- [ExternalIdentityRef]: reference to an external user/group consisting of id and provider name.
+- [PrincipalNameResolver]: optimized lookup of principal name from [ExternalIdentityRef]; see section [Dynamic Membership](external/dynamic.html) and [OAK-5210] for details)
### Default Implementation
@@ -83,4 +84,6 @@ OSGi environment, please make sure it ge
[ExternalUser]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalUser.html
[ExternalGroup]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroup.html
[ExternalIdentityRef]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityRef.html
-[CustomExternalIdentityProvider]: http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/external/CustomExternalIdentityProvider.java
\ No newline at end of file
+[CustomExternalIdentityProvider]: http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/external/CustomExternalIdentityProvider.java
+[PrincipalNameResolver]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.html
+[OAK-5210]: https://issues.apache.org/jira/browse/OAK-5210
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md Wed Feb 8 15:00:52 2017
@@ -39,6 +39,9 @@ Out of the box Oak comes with the follow
#### LDAP Identity Provider
The [LdapIdentityProvider] is a service implementing the [ExternalIdentityProvider] interface.
+Since Oak 1.6.1 it also implements the [PrincipalNameResolver] interface to allow
+for fast resolution from a given `ExternalIdentityRef` to a principal name as an
+optimization for the [dynamic membership](external/dynamic.html) feature.
In an OSGi-base setup the configuration options required in order to establish
connections to the LDAP are obtained form the properties associated with the service.
@@ -102,6 +105,7 @@ details about the external login module
<!-- references -->
[ExternalIdentityProvider]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.html
+[PrincipalNameResolver]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.html
[SyncHandler]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncHandler.html
[DefaultSyncHandler]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandler.html
[LdapIdentityProvider]: /oak/docs/apidocs/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.html
Modified: jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java (original)
+++ jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java Wed Feb 8 15:00:52 2017
@@ -40,6 +40,7 @@ import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.apache.commons.io.FileUtils;
import org.apache.jackrabbit.oak.benchmark.authentication.external.ExternalLoginTest;
+import org.apache.jackrabbit.oak.benchmark.authentication.external.PrincipalNameResolutionTest;
import org.apache.jackrabbit.oak.benchmark.authentication.external.SyncAllExternalUsersTest;
import org.apache.jackrabbit.oak.benchmark.authentication.external.SyncExternalUsersTest;
import org.apache.jackrabbit.oak.benchmark.authorization.AceCreationTest;
@@ -153,6 +154,8 @@ public class BenchmarkRunner {
.withOptionalArg().ofType(Boolean.class).defaultsTo(Boolean.FALSE);
OptionSpec<String> autoMembership = parser.accepts("autoMembership", "Ids of those groups a given external identity automatically become member of.")
.withOptionalArg().ofType(String.class).withValuesSeparatedBy(',');
+ OptionSpec<Integer> roundtripDelay = parser.accepts("roundtripDelay", "Use simplified principal name lookup from ExtIdRef by specifying roundtrip delay of value < 0.")
+ .withOptionalArg().ofType(Integer.class).defaultsTo(0);
OptionSpec<Boolean> transientWrites = parser.accepts("transient", "Do not save data.")
.withOptionalArg().ofType(Boolean.class)
.defaultsTo(Boolean.FALSE);
@@ -431,6 +434,8 @@ public class BenchmarkRunner {
new ExternalLoginTest(numberOfUsers.value(options), numberOfGroups.value(options), expiration.value(options), dynamicMembership.value(options), autoMembership.values(options)),
new SyncAllExternalUsersTest(numberOfUsers.value(options), numberOfGroups.value(options), expiration.value(options), dynamicMembership.value(options), autoMembership.values(options)),
new SyncExternalUsersTest(numberOfUsers.value(options), numberOfGroups.value(options), expiration.value(options), dynamicMembership.value(options), autoMembership.values(options), batchSize.value(options)),
+ new PrincipalNameResolutionTest(numberOfUsers.value(options), numberOfGroups.value(options), expiration.value(options), roundtripDelay.value(options)),
+
new HybridIndexTest(base.value(options), statsProvider),
new BundlingNodeTest(),
new PersistentCacheTest(statsProvider)
Modified: jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java?rev=1782196&r1=1782195&r2=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java (original)
+++ jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java Wed Feb 8 15:00:52 2017
@@ -23,6 +23,7 @@ import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
+import java.util.concurrent.TimeUnit;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
@@ -52,6 +53,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProviderManager;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManager;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
@@ -101,6 +103,7 @@ abstract class AbstractExternalTest exte
final SyncHandler syncHandler = new DefaultSyncHandler(syncConfig);
final ExternalIdentityProvider idp;
+ final long delay;
SyncManagerImpl syncManager;
ExternalIdentityProviderManager idpManager;
@@ -108,7 +111,16 @@ abstract class AbstractExternalTest exte
protected AbstractExternalTest(int numberOfUsers, int numberOfGroups,
long expTime, boolean dynamicMembership,
@Nonnull List<String> autoMembership) {
- idp = new TestIdentityProvider(numberOfUsers, numberOfGroups);
+ this(numberOfUsers, numberOfGroups, expTime, dynamicMembership, autoMembership, 0);
+ }
+
+ protected AbstractExternalTest(int numberOfUsers, int numberOfGroups,
+ long expTime, boolean dynamicMembership,
+ @Nonnull List<String> autoMembership,
+ int roundtripDelay) {
+
+ idp = (roundtripDelay < 0) ? new PrincipalResolvingProvider(numberOfUsers, numberOfGroups) : new TestIdentityProvider(numberOfUsers, numberOfGroups);
+ delay = roundtripDelay;
syncConfig.user()
.setMembershipNestingDepth(1)
.setDynamicMembership(dynamicMembership)
@@ -116,6 +128,7 @@ abstract class AbstractExternalTest exte
.setExpirationTime(expTime).setPathPrefix(PATH_PREFIX);
syncConfig.group()
.setExpirationTime(expTime).setPathPrefix(PATH_PREFIX);
+
}
protected abstract Configuration createConfiguration();
@@ -237,7 +250,7 @@ abstract class AbstractExternalTest exte
}
}
- private final class TestIdentityProvider implements ExternalIdentityProvider {
+ class TestIdentityProvider implements ExternalIdentityProvider {
private final int numberOfUsers;
private final int membershipSize;
@@ -261,6 +274,13 @@ abstract class AbstractExternalTest exte
if (id.charAt(0) == 'u') {
return new TestUser(index);
} else {
+ if (delay > 0) {
+ try {
+ TimeUnit.MILLISECONDS.sleep(delay);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
return new TestGroup(index);
}
}
@@ -316,6 +336,19 @@ abstract class AbstractExternalTest exte
}
}
+ private class PrincipalResolvingProvider extends TestIdentityProvider implements PrincipalNameResolver {
+
+ private PrincipalResolvingProvider(int numberOfUsers, int membershipSize) {
+ super(numberOfUsers, membershipSize);
+ }
+
+ @Nonnull
+ @Override
+ public String fromExternalIdentityRef(@Nonnull ExternalIdentityRef externalIdentityRef) {
+ return "p_" + externalIdentityRef.getId();
+ }
+ }
+
private class TestIdentity implements ExternalIdentity {
private final String userId;
Copied: jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/PrincipalNameResolutionTest.java (from r1778156, jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/SyncExternalUsersTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/PrincipalNameResolutionTest.java?p2=jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/PrincipalNameResolutionTest.java&p1=jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/SyncExternalUsersTest.java&r1=1778156&r2=1782196&rev=1782196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/SyncExternalUsersTest.java (original)
+++ jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/PrincipalNameResolutionTest.java Wed Feb 8 15:00:52 2017
@@ -16,10 +16,9 @@
*/
package org.apache.jackrabbit.oak.benchmark.authentication.external;
-import java.util.List;
-import javax.annotation.Nonnull;
import javax.security.auth.login.Configuration;
+import com.google.common.collect.ImmutableList;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
@@ -29,16 +28,12 @@ import org.apache.jackrabbit.oak.spi.sec
/**
* Benchmark for {@link SynchronizationMBean#syncExternalUsers(String[])}
*/
-public class SyncExternalUsersTest extends AbstractExternalTest {
+public class PrincipalNameResolutionTest extends AbstractExternalTest {
- private final int batchSize;
private SynchronizationMBean bean;
- public SyncExternalUsersTest(int numberOfUsers, int membershipSize, long expTime,
- boolean dynamicMembership, @Nonnull List<String> autoMembership,
- int batchSize) {
- super(numberOfUsers, membershipSize, expTime, dynamicMembership, autoMembership);
- this.batchSize = batchSize;
+ public PrincipalNameResolutionTest(int numberOfUsers, int membershipSize, long expTime, int roundtripDelay) {
+ super(numberOfUsers, membershipSize, expTime, true, ImmutableList.<String>of(), roundtripDelay);
}
@Override
@@ -54,10 +49,6 @@ public class SyncExternalUsersTest exten
@Override
protected void runTest() throws Exception {
- String[] externalIds = new String[batchSize];
- for (int i = 0; i < batchSize; i++) {
- externalIds[i] = new ExternalIdentityRef(getRandomUserId(), idp.getName()).getString();
- }
- bean.syncExternalUsers(externalIds);
+ bean.syncExternalUsers(new String[]{new ExternalIdentityRef(getRandomUserId(), idp.getName()).getString()});
}
}
\ No newline at end of file