Author: angela Date: Tue Aug 17 10:33:28 2010 New Revision: 986263 URL: http://svn.apache.org/viewvc?rev=986263&view=rev Log: JCR-2710 : Add support for large number of users in a group [fix UserAccessControlProvider] Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=986263&r1=986262&r2=986263&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java Tue Aug 17 10:33:28 2010 @@ -26,7 +26,6 @@ import javax.jcr.ItemNotFoundException; import javax.jcr.Node; import javax.jcr.RepositoryException; import javax.jcr.Session; -import javax.jcr.Value; import javax.jcr.observation.Event; import javax.jcr.observation.EventIterator; import javax.jcr.security.AccessControlPolicy; @@ -39,6 +38,7 @@ import org.apache.jackrabbit.core.ItemIm import org.apache.jackrabbit.core.NodeImpl; import org.apache.jackrabbit.core.SessionImpl; import org.apache.jackrabbit.core.id.ItemId; +import org.apache.jackrabbit.core.nodetype.NodeTypeImpl; import org.apache.jackrabbit.core.observation.SynchronousEventListener; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider; @@ -100,6 +100,7 @@ public class UserAccessControlProvider e private String userAdminGroupPath; private String groupAdminGroupPath; private String administratorsGroupPath; + private boolean membersInProperty; /** * @@ -160,6 +161,9 @@ public class UserAccessControlProvider e } usersPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getUsersPath() : UserConstants.USERS_PATH; groupsPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getGroupsPath() : UserConstants.GROUPS_PATH; + + membersInProperty = (!(uMgr instanceof UserManagerImpl)) || ((UserManagerImpl) uMgr).getGroupMembershipSplitSize() <= 0; + } else { throw new RepositoryException("SessionImpl (system session) expected."); } @@ -318,15 +322,12 @@ public class UserAccessControlProvider e implements SynchronousEventListener { private final String userNodePath; - - private boolean isUserAdmin; - private boolean isGroupAdmin; + private Set principals; protected CompiledPermissionsImpl(Set principals, String userNodePath) throws RepositoryException { this.userNodePath = userNodePath; - isUserAdmin = containsGroup(principals, userAdminGroup); - isGroupAdmin = containsGroup(principals, groupAdminGroup); - + this.principals = principals; + int events = Event.PROPERTY_CHANGED | Event.PROPERTY_ADDED | Event.PROPERTY_REMOVED; observationMgr.addEventListener(this, events, groupsPath, true, null, null, false); } @@ -369,6 +370,7 @@ public class UserAccessControlProvider e } if (Text.isDescendant(usersPath, jcrPath)) { + boolean isUserAdmin = containsGroup(principals, userAdminGroup); /* below the user-tree - determine position of target relative to the editing user @@ -409,6 +411,7 @@ public class UserAccessControlProvider e } // else: normal user that isn't allowed to modify another user. } } else if (Text.isDescendant(groupsPath, jcrPath)) { + boolean isGroupAdmin = containsGroup(principals, groupAdminGroup); /* below group-tree: - test if the user is group-administrator. @@ -493,36 +496,28 @@ public class UserAccessControlProvider e Event ev = events.nextEvent(); try { String evPath = ev.getPath(); + int type = ev.getType(); String repMembers = session.getJCRName(UserConstants.P_MEMBERS); if (repMembers.equals(Text.getName(evPath))) { - // recalculate the is...Admin flags - Node userNode = session.getNode(userNodePath); - String nodePath = Text.getRelativeParent(evPath, 1); - if (userAdminGroupPath.equals(nodePath)) { - isUserAdmin = false; - if (ev.getType() != Event.PROPERTY_REMOVED) { - Value[] vs = session.getProperty(evPath).getValues(); - for (int i = 0; i < vs.length && !isUserAdmin; i++) { - isUserAdmin = userNode.getIdentifier().equals(vs[i].getString()); - } - } - } else if (groupAdminGroupPath.equals(nodePath)) { - isGroupAdmin = false; - if (ev.getType() != Event.PROPERTY_REMOVED) { - Value[] vs = session.getProperty(evPath).getValues(); - for (int i = 0; i < vs.length && !isGroupAdmin; i++) { - isGroupAdmin = userNode.getIdentifier().equals(vs[i].getString()); - } - } - } // invalidate the cached results clearCache(); // only need to clear the cache once. stop processing break; - } + } else if (!membersInProperty) { + /* the affected property is not rep:Members and members are + stored in a tree structure (user manager configuration. + test if the parent node is of type rep:Members in order + to determine if any membership modification occurred.*/ + Node parent = session.getNodeByIdentifier(ev.getIdentifier()); + if (UserConstants.NT_REP_MEMBERS.equals(((NodeTypeImpl) parent.getPrimaryNodeType()).getQName())) { + clearCache(); + } + + } // else: not interested. } catch (RepositoryException e) { // should never get here - log.error("Internal error ", e.getMessage()); + log.warn("Internal error ", e.getMessage()); + clearCache(); } } } Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java?rev=986263&r1=986262&r2=986263&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java Tue Aug 17 10:33:28 2010 @@ -25,7 +25,6 @@ import org.apache.jackrabbit.core.securi import org.apache.jackrabbit.core.security.authorization.CompiledPermissions; import org.apache.jackrabbit.core.security.authorization.Permission; import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry; -import org.apache.jackrabbit.core.security.user.UserAccessControlProvider; import org.apache.jackrabbit.spi.Path; import org.apache.jackrabbit.test.NotExecutableException;