You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2018/11/05 13:21:14 UTC
svn commit: r1845787 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/

Author: angela
Date: Mon Nov  5 13:21:14 2018
New Revision: 1845787

URL: http://svn.apache.org/viewvc?rev=1845787&view=rev
Log:
OAK-7880 : Reduce Principal lookup in default access control code base

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1845787&r1=1845786&r2=1845787&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java Mon Nov  5 13:21:14 2018
@@ -16,8 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 import java.security.Principal;
 import java.text.ParseException;
 import java.util.ArrayList;
@@ -29,7 +27,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import javax.jcr.AccessDeniedException;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
@@ -70,6 +67,7 @@ import org.apache.jackrabbit.oak.commons
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.memory.PropertyBuilder;
 import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
 import org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil;
 import org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider;
 import org.apache.jackrabbit.oak.spi.query.QueryConstants;
@@ -88,7 +86,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
-import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
 import org.apache.jackrabbit.util.ISO9075;
 import org.apache.jackrabbit.util.Text;
 import org.jetbrains.annotations.NotNull;
@@ -96,6 +93,8 @@ import org.jetbrains.annotations.Nullabl
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * Default implementation of the {@code JackrabbitAccessControlManager} interface.
  * This implementation covers both editing access control content by path and
@@ -592,12 +591,7 @@ public class AccessControlManagerImpl ex
     @NotNull
     private Principal getPrincipal(@NotNull Tree aceTree) {
         String principalName = checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
-        Principal principal = principalManager.getPrincipal(principalName);
-        if (principal == null) {
-            log.debug("Unknown principal " + principalName);
-            principal = new PrincipalImpl(principalName);
-        }
-        return principal;
+        return new PrincipalImpl(principalName);
     }
 
     private String getNodePath(ACE principalBasedAce) throws RepositoryException {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java?rev=1845787&r1=1845786&r2=1845787&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java Mon Nov  5 13:21:14 2018
@@ -55,18 +55,22 @@ final class Util implements AccessContro
         if (name == null || name.isEmpty()) {
             throw new AccessControlException("Invalid principal " + name);
         }
-        if (!(principal instanceof PrincipalImpl) && !principalManager.hasPrincipal(name)) {
-            switch (importBehavior) {
-                case ImportBehavior.ABORT:
-                    throw new AccessControlException("Unknown principal " + name);
-                case ImportBehavior.IGNORE:
-                    return false;
-                case ImportBehavior.BESTEFFORT:
-                    return true;
-                default: throw new IllegalArgumentException("Invalid import behavior " + importBehavior);
+
+        if (importBehavior == ImportBehavior.BESTEFFORT) {
+            return true;
+        } else {
+            if (!(principal instanceof PrincipalImpl) && !principalManager.hasPrincipal(name)) {
+                switch (importBehavior) {
+                    case ImportBehavior.ABORT:
+                        throw new AccessControlException("Unknown principal " + name);
+                    case ImportBehavior.IGNORE:
+                        return false;
+                    default:
+                        throw new IllegalArgumentException("Invalid import behavior " + importBehavior);
+                }
             }
+            return true;
         }
-        return true;
     }
 
     public static void checkValidPrincipals(@Nullable Set<Principal> principals,

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java?rev=1845787&r1=1845786&r2=1845787&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java Mon Nov  5 13:21:14 2018
@@ -325,7 +325,7 @@ public class AccessControlImporterTest e
             assertEquals(1, entries.length);
 
             AccessControlEntry entry = entries[0];
-            assertEquals(EveryonePrincipal.getInstance(), entry.getPrincipal());
+            assertEquals(EveryonePrincipal.getInstance().getName(), entry.getPrincipal().getName());
             List<Privilege> privs = Arrays.asList(entry.getPrivileges());
             assertEquals(1, privs.size());
             assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);