You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2018/11/05 13:21:14 UTC
svn commit: r1845787 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/
oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/
Author: angela
Date: Mon Nov 5 13:21:14 2018
New Revision: 1845787
URL: http://svn.apache.org/viewvc?rev=1845787&view=rev
Log:
OAK-7880 : Reduce Principal lookup in default access control code base
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1845787&r1=1845786&r2=1845787&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java Mon Nov 5 13:21:14 2018
@@ -16,8 +16,6 @@
*/
package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
-import static com.google.common.base.Preconditions.checkNotNull;
-
import java.security.Principal;
import java.text.ParseException;
import java.util.ArrayList;
@@ -29,7 +27,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
-
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
@@ -70,6 +67,7 @@ import org.apache.jackrabbit.oak.commons
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.memory.PropertyBuilder;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil;
import org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider;
import org.apache.jackrabbit.oak.spi.query.QueryConstants;
@@ -88,7 +86,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
-import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.util.ISO9075;
import org.apache.jackrabbit.util.Text;
import org.jetbrains.annotations.NotNull;
@@ -96,6 +93,8 @@ import org.jetbrains.annotations.Nullabl
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static com.google.common.base.Preconditions.checkNotNull;
+
/**
* Default implementation of the {@code JackrabbitAccessControlManager} interface.
* This implementation covers both editing access control content by path and
@@ -592,12 +591,7 @@ public class AccessControlManagerImpl ex
@NotNull
private Principal getPrincipal(@NotNull Tree aceTree) {
String principalName = checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
- Principal principal = principalManager.getPrincipal(principalName);
- if (principal == null) {
- log.debug("Unknown principal " + principalName);
- principal = new PrincipalImpl(principalName);
- }
- return principal;
+ return new PrincipalImpl(principalName);
}
private String getNodePath(ACE principalBasedAce) throws RepositoryException {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java?rev=1845787&r1=1845786&r2=1845787&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java Mon Nov 5 13:21:14 2018
@@ -55,18 +55,22 @@ final class Util implements AccessContro
if (name == null || name.isEmpty()) {
throw new AccessControlException("Invalid principal " + name);
}
- if (!(principal instanceof PrincipalImpl) && !principalManager.hasPrincipal(name)) {
- switch (importBehavior) {
- case ImportBehavior.ABORT:
- throw new AccessControlException("Unknown principal " + name);
- case ImportBehavior.IGNORE:
- return false;
- case ImportBehavior.BESTEFFORT:
- return true;
- default: throw new IllegalArgumentException("Invalid import behavior " + importBehavior);
+
+ if (importBehavior == ImportBehavior.BESTEFFORT) {
+ return true;
+ } else {
+ if (!(principal instanceof PrincipalImpl) && !principalManager.hasPrincipal(name)) {
+ switch (importBehavior) {
+ case ImportBehavior.ABORT:
+ throw new AccessControlException("Unknown principal " + name);
+ case ImportBehavior.IGNORE:
+ return false;
+ default:
+ throw new IllegalArgumentException("Invalid import behavior " + importBehavior);
+ }
}
+ return true;
}
- return true;
}
public static void checkValidPrincipals(@Nullable Set<Principal> principals,
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java?rev=1845787&r1=1845786&r2=1845787&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java Mon Nov 5 13:21:14 2018
@@ -325,7 +325,7 @@ public class AccessControlImporterTest e
assertEquals(1, entries.length);
AccessControlEntry entry = entries[0];
- assertEquals(EveryonePrincipal.getInstance(), entry.getPrincipal());
+ assertEquals(EveryonePrincipal.getInstance().getName(), entry.getPrincipal().getName());
List<Privilege> privs = Arrays.asList(entry.getPrivileges());
assertEquals(1, privs.size());
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);