jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mdue...@apache.org
Subject svn commit: r986297 - in /jackrabbit/trunk/jackrabbit-core/src/main: java/org/apache/jackrabbit/core/ java/org/apache/jackrabbit/core/security/user/ resources/org/apache/jackrabbit/core/nodetype/
Date Tue, 17 Aug 2010 12:47:22 GMT
Author: mduerig
Date: Tue Aug 17 12:47:22 2010
New Revision: 986297

URL: http://svn.apache.org/viewvc?rev=986297&view=rev
Log:
JCR-2710: Add support for large number of users in a group 
make rep:Members node/properties protected

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java?rev=986297&r1=986296&r2=986297&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
Tue Aug 17 12:47:22 2010
@@ -16,12 +16,6 @@
  */
 package org.apache.jackrabbit.core;
 
-import javax.jcr.AccessDeniedException;
-import javax.jcr.ItemExistsException;
-import javax.jcr.Property;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-
 import org.apache.jackrabbit.core.id.NodeId;
 import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
 import org.apache.jackrabbit.core.retention.RetentionManagerImpl;
@@ -29,12 +23,19 @@ import org.apache.jackrabbit.core.securi
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.acl.ACLEditor;
 import org.apache.jackrabbit.core.security.user.UserManagerImpl;
+import org.apache.jackrabbit.core.session.SessionOperation;
 import org.apache.jackrabbit.core.state.ChildNodeEntry;
 import org.apache.jackrabbit.core.state.NodeState;
 import org.apache.jackrabbit.core.value.InternalValue;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.spi.Path;
 
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemExistsException;
+import javax.jcr.Property;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+
 /**
  * <code>ProtectedItemModifier</code>: An abstract helper class to allow classes
  * residing outside of the core package to modify and remove protected items.
@@ -149,6 +150,11 @@ public abstract class ProtectedItemModif
         parentImpl.getOrCreateTransientItemState();
     }
 
+    protected <T> T performProtected(SessionImpl session, SessionOperation<T>
operation) throws RepositoryException {
+        ItemValidator itemValidator = session.context.getItemValidator();
+        return itemValidator.performRelaxed(operation, ItemValidator.CHECK_CONSTRAINTS);
+    }
+
     private void checkPermission(ItemImpl item, int perm) throws RepositoryException {
         if (perm > Permission.NONE) {
             SessionImpl sImpl = (SessionImpl) item.getSession();

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java?rev=986297&r1=986296&r2=986297&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java
Tue Aug 17 12:47:22 2010
@@ -27,6 +27,8 @@ import org.apache.jackrabbit.commons.fla
 import org.apache.jackrabbit.commons.flat.TreeManager;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.PropertyImpl;
+import org.apache.jackrabbit.core.session.SessionContext;
+import org.apache.jackrabbit.core.session.SessionOperation;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -450,68 +452,76 @@ class GroupImpl extends AuthorizableImpl
             this.node = node;
         }
 
-        public boolean addMember(AuthorizableImpl authorizable) throws RepositoryException
{
-            NodeImpl nMembers = (node.hasNode(N_MEMBERS)
-                    ? node.getNode(N_MEMBERS)
-                    : userManager.addProtectedNode(node, N_MEMBERS, NT_REP_MEMBERS));
-
-            try {
-                PropertySequence properties = getPropertySequence(nMembers);
-                String propName = Text.escapeIllegalJcrChars(authorizable.getID());
-                if (properties.hasItem(propName)) {
-                    log.debug("Authorizable {} is already member of {}", authorizable, this);
-                    return false;
-                } else {
-                    Value newMember = getSession().getValueFactory().createValue(authorizable.getNode(),
true);
-                    properties.addProperty(propName, newMember);
-                }
-
-                if (userManager.isAutoSave()) {
-                    node.save();
-                }
-                return true;
-            }
-            catch (RepositoryException e) {
-                log.debug("addMember failed. Reverting changes", e);
-                if (nMembers.isNew()) {
-                    node.refresh(false);
-                } else {
-                    nMembers.refresh(false);
+        public boolean addMember(final AuthorizableImpl authorizable) throws RepositoryException
{
+            return userManager.performProtectedOperation(getSession(), new SessionOperation<Boolean>()
{
+                public Boolean perform(SessionContext context) throws RepositoryException
{
+                    NodeImpl nMembers = (node.hasNode(N_MEMBERS)
+                            ? node.getNode(N_MEMBERS)
+                            : node.addNode(N_MEMBERS, NT_REP_MEMBERS, null));
+
+                    try {
+                        PropertySequence properties = getPropertySequence(nMembers);
+                        String propName = Text.escapeIllegalJcrChars(authorizable.getID());
+                        if (properties.hasItem(propName)) {
+                            log.debug("Authorizable {} is already member of {}", authorizable,
this);
+                            return false;
+                        } else {
+                            Value newMember = getSession().getValueFactory().createValue(authorizable.getNode(),
true);
+                            properties.addProperty(propName, newMember);
+                        }
+
+                        if (userManager.isAutoSave()) {
+                            node.save();
+                        }
+                        return true;
+                    }
+                    catch (RepositoryException e) {
+                        log.debug("addMember failed. Reverting changes", e);
+                        if (nMembers.isNew()) {
+                            node.refresh(false);
+                        } else {
+                            nMembers.refresh(false);
+                        }
+                        throw e;
+                    }
                 }
-                throw e;
-            }
+            });
         }
 
-        public boolean removeMember(AuthorizableImpl authorizable) throws RepositoryException
{
+        public boolean removeMember(final AuthorizableImpl authorizable) throws RepositoryException
{
             if (!node.hasNode(N_MEMBERS)) {
                 log.debug("Group has no members -> cannot remove member {}", authorizable.getID());
                 return false;
             }
 
-            NodeImpl nMembers = node.getNode(N_MEMBERS);
-            try {
-                PropertySequence properties = getPropertySequence(nMembers);
-                String propName = Text.escapeIllegalJcrChars(authorizable.getID());
-                if (properties.hasItem(propName)) {
-                    properties.removeProperty(propName);
-                    if (!properties.iterator().hasNext()) {
-                        userManager.removeProtectedItem(nMembers, node);
+            return userManager.performProtectedOperation(getSession(), new SessionOperation<Boolean>()
{
+                public Boolean perform(SessionContext context) throws RepositoryException
{
+                    NodeImpl nMembers = node.getNode(N_MEMBERS);
+                    try {
+                        PropertySequence properties = getPropertySequence(nMembers);
+                        String propName = Text.escapeIllegalJcrChars(authorizable.getID());
+                        if (properties.hasItem(propName)) {
+                            properties.removeProperty(propName);
+                            if (!properties.iterator().hasNext()) {
+                                nMembers.remove();
+                            }
+                        } else {
+                            log.debug("Authorizable {} was not member of {}", authorizable.getID(),
getID());
+                            return false;
+                        }
+
+                        if (userManager.isAutoSave()) {
+                            node.save();
+                        }
+                        return true;
+                    }
+                    catch (RepositoryException e) {
+                        log.debug("removeMember failed. Reverting changes", e);
+                        nMembers.refresh(false);
+                        throw e;
                     }
-                } else {
-                    log.debug("Authorizable {} was not member of {}", authorizable.getID(),
getID());
-                    return false;
-                }
-
-                if (userManager.isAutoSave()) {
-                    node.save();
                 }
-                return true;
-            }
-            catch (RepositoryException e) {
-                log.debug("removeMember failed. Reverting changes", e);
-                nMembers.refresh(false);
-                throw e;
-            }
+            });
         }
 
         public Collection<Authorizable> getMembers(boolean includeIndirect, int type)

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=986297&r1=986296&r2=986297&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
Tue Aug 17 12:47:22 2010
@@ -16,21 +16,6 @@
  */
 package org.apache.jackrabbit.core.security.user;
 
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.Node;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.observation.Event;
-import javax.jcr.observation.EventIterator;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.Privilege;
-
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.UserManager;
@@ -54,6 +39,21 @@ import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.observation.Event;
+import javax.jcr.observation.EventIterator;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.Privilege;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
 /**
  * Implementation of the <code>AccessControlProvider</code> interface that
  * is used to protected the 'security workspace' containing the user and
@@ -322,12 +322,12 @@ public class UserAccessControlProvider e
             implements SynchronousEventListener {
 
         private final String userNodePath;
-        private Set<Principal> principals;
+        private final Set<Principal> principals;
 
         protected CompiledPermissionsImpl(Set<Principal> principals, String userNodePath)
throws RepositoryException {
             this.userNodePath = userNodePath;
             this.principals = principals;
-            
+
             int events = Event.PROPERTY_CHANGED | Event.PROPERTY_ADDED | Event.PROPERTY_REMOVED;
             observationMgr.addEventListener(this, events, groupsPath, true, null, null, false);
         }
@@ -496,7 +496,6 @@ public class UserAccessControlProvider e
                 Event ev = events.nextEvent();
                 try {
                     String evPath = ev.getPath();
-                    int type = ev.getType();
                     String repMembers = session.getJCRName(UserConstants.P_MEMBERS);
                     if (repMembers.equals(Text.getName(evPath))) {
                         // invalidate the cached results

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java?rev=986297&r1=986296&r2=986297&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
Tue Aug 17 12:47:22 2010
@@ -30,6 +30,7 @@ import org.apache.jackrabbit.core.Sessio
 import org.apache.jackrabbit.core.id.NodeId;
 import org.apache.jackrabbit.core.security.SystemPrincipal;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.core.session.SessionOperation;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
@@ -662,6 +663,10 @@ public class UserManagerImpl extends Pro
         return n;
     }
 
+    <T> T performProtectedOperation(SessionImpl session, SessionOperation<T>
operation) throws RepositoryException {
+        return performProtected(session, operation);
+    }
+
     /**
      * Implementation specific method used to retrieve a user/group by Node.
      * <code>Null</code> is returned if

Modified: jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd?rev=986297&r1=986296&r2=986297&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
Tue Aug 17 12:47:22 2010
@@ -603,7 +603,7 @@
   - rep:disabled (STRING) protected
 
 [rep:Group] > rep:Authorizable
-  + rep:members (rep:Members) = rep:Members multiple VERSION
+  + rep:members (rep:Members) = rep:Members multiple protected VERSION
   - rep:members (WEAKREFERENCE) protected multiple < 'rep:Authorizable'
 
 [rep:AuthorizableFolder] > nt:hierarchyNode
@@ -612,8 +612,8 @@
 
 [rep:Members]
   orderable
-  + * (rep:Members) = rep:Members multiple
-  - * (WEAKREFERENCE) < 'rep:Authorizable'
+  + * (rep:Members) = rep:Members protected multiple
+  - * (WEAKREFERENCE) protected < 'rep:Authorizable'
     
 // -----------------------------------------------------------------------------
 // J A C K R A B B I T  R E T E N T I O N  M A N A G E M E N T



Mime
View raw message