From 7abea79fee4787580e26cfb1f01a845767cce504 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Thu, 23 Aug 2012 20:29:36 +0000
Subject: [PATCH] Cache user/roles in Jackrabbit security manager

git-svn-id: https://svn.argeo.org/commons/trunk@5540 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../jackrabbit/ArgeoSecurityManager.java      | 22 ++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
index efd19b87d..244207bc5 100644
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -17,8 +17,11 @@ package org.argeo.security.jackrabbit;
 
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import javax.jcr.RepositoryException;
@@ -43,6 +46,10 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 	private final static Log log = LogFactory
 			.getLog(ArgeoSecurityManager.class);
 
+	/** TODO? use a bounded buffer */
+	private Map<String, String> userRolesCache = Collections
+			.synchronizedMap(new HashMap<String, String>());
+
 	/**
 	 * Since this is called once when the session is created, we take the
 	 * opportunity to make sure that Jackrabbit users and groups reflect Spring
@@ -71,12 +78,25 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 		else
 			authen = authens.iterator().next();
 
+		String userId = authen.getName();
+		StringBuffer roles = new StringBuffer("");
+		GrantedAuthority[] authorities = authen.getAuthorities();
+		for (GrantedAuthority ga : authorities) {
+			roles.append(ga.toString());
+		}
+
+		// do not sync if not changed
+		if (userRolesCache.containsKey(userId)
+				&& userRolesCache.get(userId).equals(roles.toString()))
+			return userId;
+
 		// sync Spring and Jackrabbit
 		// workspace is irrelevant here
 		UserManager systemUm = getSystemUserManager(null);
 		syncSpringAndJackrabbitSecurity(systemUm, authen);
+		userRolesCache.put(userId, roles.toString());
 
-		return authen.getName();
+		return userId;
 	}
 
 	/**
-- 
2.30.2