From: Mathieu Baudier Date: Sun, 14 Oct 2012 15:02:45 +0000 (+0000) Subject: De-Revert caching of users and roles X-Git-Tag: argeo-commons-2.1.30~818 X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=ab67f29f68578db72f4a95d5e9e3cb5d2db232f8;p=lgpl%2Fargeo-commons.git De-Revert caching of users and roles git-svn-id: https://svn.argeo.org/commons/trunk@5602 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java index 9d3708ed3..858786636 100644 --- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java +++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java @@ -40,14 +40,14 @@ import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; -/** Integrates Spring Security and Jackrabbit Security user and roles. */ +/** Integrates Spring Security and Jackrabbit Security users and roles. */ public class ArgeoSecurityManager extends DefaultSecurityManager { private final static Log log = LogFactory .getLog(ArgeoSecurityManager.class); /** TODO? use a bounded buffer */ -// private Map userRolesCache = Collections -// .synchronizedMap(new HashMap()); + private Map userRolesCache = Collections + .synchronizedMap(new HashMap()); /** * Since this is called once when the session is created, we take the @@ -90,15 +90,15 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { } // do not sync if not changed -// if (userRolesCache.containsKey(userId) -// && userRolesCache.get(userId).equals(roles.toString())) -// return userId; + if (userRolesCache.containsKey(userId) + && userRolesCache.get(userId).equals(roles.toString())) + return userId; // sync Spring and Jackrabbit // workspace is irrelevant here UserManager systemUm = getSystemUserManager(null); syncSpringAndJackrabbitSecurity(systemUm, authen); -// userRolesCache.put(userId, roles.toString()); + userRolesCache.put(userId, roles.toString()); } return userId; } @@ -116,10 +116,6 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { if (user == null) { user = systemUm.createUser(userId, authen.getCredentials() .toString(), authen, null); - // SecurityJcrUtils.createUserHomeIfNeeded(getSystemSession(), - // userId); - // getSystemSession().save(); - // setSecurityHomeAuthorizations(user); log.info(userId + " added as " + user); } @@ -149,50 +145,6 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { + " ms"); } - // protected synchronized void setSecurityHomeAuthorizations(User user) { - // // give read privileges on user security home - // String userId = ""; - // try { - // userId = user.getID(); - // Node userHome = SecurityJcrUtils.getUserHome(getSystemSession(), userId); - // if (userHome == null) - // throw new ArgeoException("No security home available for user " - // + userId); - // - // String path = userHome.getPath(); - // Principal principal = user.getPrincipal(); - // - // JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager) - // getSystemSession() - // .getAccessControlManager(); - // JackrabbitAccessControlPolicy[] ps = acm - // .getApplicablePolicies(principal); - // if (ps.length == 0) { - // // log.warn("No ACL found for " + user); - // return; - // } - // - // JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0]; - // - // // add entry - // Privilege[] privileges = new Privilege[] { acm - // .privilegeFromName(Privilege.JCR_READ) }; - // Map restrictions = new HashMap(); - // ValueFactory vf = getSystemSession().getValueFactory(); - // restrictions.put("rep:nodePath", - // vf.createValue(path, PropertyType.PATH)); - // restrictions.put("rep:glob", vf.createValue("*")); - // list.addEntry(principal, privileges, true /* allow or deny */, - // restrictions); - // } catch (Exception e) { - // e.printStackTrace(); - // throw new ArgeoException( - // "Cannot set authorization on security home for " + userId - // + ": " + e.getMessage()); - // } - // - // } - @Override protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() { WorkspaceAccessManager wam = super @@ -204,8 +156,6 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { WorkspaceAccessManager { private final WorkspaceAccessManager wam; - // private String defaultWorkspace; - public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam) { super(); this.wam = wam; @@ -213,8 +163,6 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { public void init(Session systemSession) throws RepositoryException { wam.init(systemSession); - // defaultWorkspace = ((RepositoryImpl) getRepository()).getConfig() - // .getDefaultWorkspaceName(); } public void close() throws RepositoryException { @@ -222,22 +170,8 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { public boolean grants(Set principals, String workspaceName) throws RepositoryException { - // everybody has access to all workspaces // TODO: implements finer access to workspaces return true; - - // anonymous has access to the default workspace (required for - // remoting which does a default login when initializing the - // repository) - // Boolean anonymous = false; - // for (Principal principal : principals) - // if (principal instanceof AnonymousPrincipal) - // anonymous = true; - // - // if (anonymous && workspaceName.equals(defaultWorkspace)) - // return true; - // else - // return wam.grants(principals, workspaceName); } }