Index: oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java (revision 1579988) +++ oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java (revision ) @@ -16,17 +16,12 @@ */ package org.apache.jackrabbit.oak.jcr.session; -import static com.google.common.base.Preconditions.checkNotNull; -import static com.google.common.collect.Sets.newHashSet; -import static com.google.common.collect.Sets.newTreeSet; - import java.util.ArrayList; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.atomic.AtomicLong; - import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import javax.jcr.PathNotFoundException; @@ -62,7 +57,6 @@ import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; -import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; @@ -72,6 +66,10 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static com.google.common.base.Preconditions.checkNotNull; +import static com.google.common.collect.Sets.newHashSet; +import static com.google.common.collect.Sets.newTreeSet; + /** * Instances of this class are passed to all JCR implementation classes * (e.g. {@code SessionImpl}, {@code NodeImpl}, etc.) and provide access to @@ -98,7 +96,6 @@ private SessionImpl session = null; private WorkspaceImpl workspace = null; - private PermissionProvider permissionProvider; private AccessControlManager accessControlManager; private AccessManager accessManager; private PrincipalManager principalManager; @@ -270,7 +267,7 @@ observationManager = new ObservationManagerImpl( this, ReadOnlyNodeTypeManager.getInstance(delegate.getRoot(), namePathMapper), - getPermissionProvider(), whiteboard, observationQueueLength, commitRateLimiter); + delegate.getPermissionProvider(), whiteboard, observationQueueLength, commitRateLimiter); } return observationManager; } @@ -365,7 +362,7 @@ @Nonnull public AccessManager getAccessManager() throws RepositoryException { if (accessManager == null) { - accessManager = new AccessManager(delegate, getPermissionProvider()); + accessManager = new AccessManager(delegate, delegate.getPermissionProvider()); } return accessManager; } @@ -420,18 +417,6 @@ @Nonnull private T getConfig(Class clss) { return securityProvider.getConfiguration(clss); - } - - private PermissionProvider getPermissionProvider() { - // FIXME: review whether 'auto-refresh' should rather be made on a wrapping - // permission provider instead of doing this in the access manager - // since this permission provider is also passed to the observation manager. - if (permissionProvider == null) { - permissionProvider = checkNotNull(securityProvider) - .getConfiguration(AuthorizationConfiguration.class) - .getPermissionProvider(delegate.getRoot(), delegate.getWorkspaceName(), delegate.getAuthInfo().getPrincipals()); - } - return permissionProvider; } } Index: oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java (revision 1579988) +++ oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java (revision ) @@ -44,7 +44,6 @@ return delegate.safePerform(new SessionOperation() { @Override public Boolean perform() { - permissionProvider.refresh(); return permissionProvider.isGranted(oakPath, actions); } }); @@ -54,7 +53,6 @@ return delegate.safePerform(new SessionOperation() { @Override public Boolean perform() { - permissionProvider.refresh(); return permissionProvider.isGranted(tree, property, permissions); } }); Index: oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java (revision 1579988) +++ oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java (revision ) @@ -16,21 +16,10 @@ */ package org.apache.jackrabbit.oak.jcr.delegate; -import static com.google.common.base.Preconditions.checkNotNull; -import static java.util.concurrent.TimeUnit.MILLISECONDS; -import static java.util.concurrent.TimeUnit.NANOSECONDS; -import static java.util.concurrent.TimeUnit.SECONDS; -import static org.apache.jackrabbit.api.stats.RepositoryStatistics.Type.SESSION_READ_COUNTER; -import static org.apache.jackrabbit.api.stats.RepositoryStatistics.Type.SESSION_READ_DURATION; -import static org.apache.jackrabbit.api.stats.RepositoryStatistics.Type.SESSION_WRITE_COUNTER; -import static org.apache.jackrabbit.api.stats.RepositoryStatistics.Type.SESSION_WRITE_DURATION; -import static org.apache.jackrabbit.oak.commons.PathUtils.denotesRoot; - import java.io.IOException; import java.util.Date; import java.util.Iterator; import java.util.concurrent.atomic.AtomicLong; - import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import javax.jcr.ItemExistsException; @@ -39,7 +28,6 @@ import javax.jcr.nodetype.ConstraintViolationException; import com.google.common.collect.ImmutableMap; - import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.CommitFailedException; import org.apache.jackrabbit.oak.api.ContentSession; @@ -52,6 +40,9 @@ import org.apache.jackrabbit.oak.jcr.session.SessionStats; import org.apache.jackrabbit.oak.jcr.session.operation.SessionOperation; import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager; +import org.apache.jackrabbit.oak.spi.security.SecurityProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider; import org.apache.jackrabbit.oak.stats.Clock; import org.apache.jackrabbit.oak.stats.StatisticManager; import org.slf4j.Logger; @@ -59,6 +50,16 @@ import org.slf4j.Marker; import org.slf4j.MarkerFactory; +import static com.google.common.base.Preconditions.checkNotNull; +import static java.util.concurrent.TimeUnit.MILLISECONDS; +import static java.util.concurrent.TimeUnit.NANOSECONDS; +import static java.util.concurrent.TimeUnit.SECONDS; +import static org.apache.jackrabbit.api.stats.RepositoryStatistics.Type.SESSION_READ_COUNTER; +import static org.apache.jackrabbit.api.stats.RepositoryStatistics.Type.SESSION_READ_DURATION; +import static org.apache.jackrabbit.api.stats.RepositoryStatistics.Type.SESSION_WRITE_COUNTER; +import static org.apache.jackrabbit.api.stats.RepositoryStatistics.Type.SESSION_WRITE_DURATION; +import static org.apache.jackrabbit.oak.commons.PathUtils.denotesRoot; + /** * TODO document */ @@ -67,6 +68,7 @@ static final Logger operationLogger = LoggerFactory.getLogger("org.apache.jackrabbit.oak.jcr.operations"); private final ContentSession contentSession; + private final SecurityProvider securityProvider; private final RefreshStrategy refreshStrategy; private boolean refreshAtNextAccess = false; @@ -115,6 +117,8 @@ private String userData = null; + private PermissionProvider permissionProvider; + /** * Create a new session delegate for a {@code ContentSession}. The refresh behaviour of the * session is governed by the value of the {@code refreshInterval} argument: if the session @@ -124,16 +128,19 @@ * dispatcher in order. * * @param contentSession the content session + * @param securityProvider the security provider * @param refreshStrategy the refresh strategy used for auto refreshing this session * @param statisticManager the statistics manager for tracking session operations */ public SessionDelegate( @Nonnull ContentSession contentSession, + @Nonnull SecurityProvider securityProvider, @Nonnull RefreshStrategy refreshStrategy, @Nonnull ThreadLocal threadSaveCount, @Nonnull StatisticManager statisticManager, @Nonnull Clock clock) { this.contentSession = checkNotNull(contentSession); + this.securityProvider = checkNotNull(securityProvider); this.refreshStrategy = checkNotNull(refreshStrategy); this.threadSaveCount = checkNotNull(threadSaveCount); this.sessionSaveCount = getThreadSaveCount(); @@ -355,7 +362,10 @@ info.put(EventFactory.USER_DATA, userData); } root.commit(info.build()); + if (permissionProvider != null) { + permissionProvider.refresh(); - } + } + } /** * Commits the changes currently in the transient space. @@ -513,7 +523,10 @@ } else { root.refresh(); } + if (permissionProvider != null) { + permissionProvider.refresh(); - } + } + } //----------------------------------------------------------< Workspace >--- @@ -572,6 +585,16 @@ @Nonnull public QueryEngine getQueryEngine() { return root.getQueryEngine(); + } + + @Nonnull + public PermissionProvider getPermissionProvider() { + if (permissionProvider == null) { + permissionProvider = checkNotNull(securityProvider) + .getConfiguration(AuthorizationConfiguration.class) + .getPermissionProvider(root, getWorkspaceName(), getAuthInfo().getPrincipals()); + } + return permissionProvider; } /** Index: oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java (revision 1579988) +++ oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java (revision ) @@ -16,14 +16,11 @@ */ package org.apache.jackrabbit.oak.jcr.repository; -import static com.google.common.base.Preconditions.checkNotNull; - import java.util.Collections; import java.util.Map; import java.util.concurrent.Callable; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; - import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import javax.annotation.Nullable; @@ -40,28 +37,29 @@ import com.google.common.util.concurrent.ListenableScheduledFuture; import com.google.common.util.concurrent.ListeningScheduledExecutorService; import com.google.common.util.concurrent.MoreExecutors; - import org.apache.jackrabbit.api.JackrabbitRepository; import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials; import org.apache.jackrabbit.commons.SimpleValueFactory; import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.jmx.SessionMBean; -import org.apache.jackrabbit.oak.plugins.observation.CommitRateLimiter; -import org.apache.jackrabbit.oak.stats.Clock; -import org.apache.jackrabbit.oak.stats.StatisticManager; import org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate; import org.apache.jackrabbit.oak.jcr.session.RefreshStrategy; import org.apache.jackrabbit.oak.jcr.session.SessionContext; import org.apache.jackrabbit.oak.jcr.session.SessionStats; +import org.apache.jackrabbit.oak.plugins.observation.CommitRateLimiter; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.whiteboard.Registration; import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard; import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardUtils; +import org.apache.jackrabbit.oak.stats.Clock; +import org.apache.jackrabbit.oak.stats.StatisticManager; import org.apache.jackrabbit.oak.util.GenericDescriptors; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static com.google.common.base.Preconditions.checkNotNull; + /** * TODO document */ @@ -257,7 +255,7 @@ final RefreshStrategy refreshStrategy, final ContentSession contentSession) { return new SessionDelegate( - contentSession, refreshStrategy, + contentSession, securityProvider, refreshStrategy, threadSaveCount, statisticManager, clock) { // Defer session MBean registration to avoid cluttering the // JMX name space with short lived sessions