Author: angela
Date: Thu Nov 7 19:32:41 2013
New Revision: 1539774
URL: http://svn.apache.org/r1539774
Log:
OAK-527: permissions (minor improvement)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractEntryIterator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractEntryIterator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractEntryIterator.java?rev=1539774&r1=1539773&r2=1539774&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractEntryIterator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractEntryIterator.java
Thu Nov 7 19:32:41 2013
@@ -20,7 +20,7 @@ import java.util.Iterator;
import java.util.NoSuchElementException;
/**
- * Base class for PermissionEntry iterators.
+ * Base class for {@code PermissionEntry} iterators.
*/
abstract class AbstractEntryIterator implements Iterator<PermissionEntry> {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java?rev=1539774&r1=1539773&r2=1539774&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java
Thu Nov 7 19:32:41 2013
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
+import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -51,6 +52,7 @@ final class EntryPredicate implements Pr
this.path = null;
}
+ @CheckForNull
public String getPath() {
return path;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java?rev=1539774&r1=1539773&r2=1539774&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
Thu Nov 7 19:32:41 2013
@@ -23,15 +23,18 @@ import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.ConcurrentHashMap;
+import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
/**
- * {@code PermissionEntryCache} caches the permission entries of principals.
The cache is held globally and contains
- * a version of the principal permission entries of the session that read them
last. each session gets a lazy copy of
- * the cache and needs to verify if each cached principal permission set still
reflects the state that the session sees.
- * every newly loaded principal permission set can be pushed down to the base
cache if it does not exist there yet, or
- * if it's newer.
+ * {@code PermissionEntryCache} caches the permission entries of principals.
+ * The cache is held globally and contains a version of the principal
permission
+ * entries of the session that read them last. Each session gets a lazy copy of
+ * the cache and needs to verify if each cached principal permission set still
+ * reflects the state that the session sees.
+ * Every newly loaded principal permission set can be pushed down to the base
+ * cache if it does not exist there yet, or if it's newer.
*
* Todo:
* - currently only the entries of 'everyone' are globally cached. this should
be improved to dynamically cache those
@@ -46,11 +49,12 @@ public class PermissionEntryCache {
private final Map<String, PrincipalPermissionEntries> base = new
ConcurrentHashMap<String, PrincipalPermissionEntries>();
+ @Nonnull
public Local createLocalCache() {
return new Local();
}
- public void flush(Set<String> principalNames) {
+ public void flush(@Nonnull Set<String> principalNames) {
base.keySet().removeAll(principalNames);
}
@@ -60,11 +64,13 @@ public class PermissionEntryCache {
private final Set<String> verified = new HashSet<String>();
- public Local() {
+ private Local() {
entries.putAll(base);
}
- public PrincipalPermissionEntries getEntries(PermissionStore store,
String principalName) {
+ @Nonnull
+ public PrincipalPermissionEntries getEntries(@Nonnull PermissionStore
store,
+ @Nonnull String
principalName) {
PrincipalPermissionEntries ppe = entries.get(principalName);
if (ppe == null) {
ppe = store.load(principalName);
@@ -79,8 +85,10 @@ public class PermissionEntryCache {
}
}
- // currently we only cache 'everyones' entries. but the cache
should dynamically cache the principals
- // that are used often.
+ /*
+ Currently this cache only handles entries for the Everyone
principal.
+ TODO: the cache should dynamically cache the principals that are
used often.
+ */
if (EveryonePrincipal.NAME.equals(principalName)) {
// check if base cache has the entries
PrincipalPermissionEntries baseppe = base.get(principalName);
@@ -91,7 +99,9 @@ public class PermissionEntryCache {
return ppe;
}
- public void load(PermissionStore store, Map<String,
Collection<PermissionEntry>> pathEntryMap, String principalName) {
+ public void load(@Nonnull PermissionStore store,
+ @Nonnull Map<String, Collection<PermissionEntry>>
pathEntryMap,
+ @Nonnull String principalName) {
// todo: conditionally load entries if too many
PrincipalPermissionEntries ppe = getEntries(store, principalName);
for (Map.Entry<String, Collection<PermissionEntry>> e:
ppe.getEntries().entrySet()) {
@@ -105,23 +115,28 @@ public class PermissionEntryCache {
}
}
- public void load(PermissionStore store, Collection<PermissionEntry>
ret, String principalName, String path) {
+ public void load(@Nonnull PermissionStore store,
+ @Nonnull Collection<PermissionEntry> ret,
+ @Nonnull String principalName,
+ @Nonnull String path) {
// todo: conditionally load entries if too many
PrincipalPermissionEntries ppe = getEntries(store, principalName);
ret.addAll(ppe.getEntries(path));
}
- public boolean hasEntries(PermissionStore store, String principalName)
{
+ public boolean hasEntries(@Nonnull PermissionStore store,
+ @Nonnull String principalName) {
// todo: conditionally load entries if too many
return getNumEntries(store, principalName) > 0;
}
- public long getNumEntries(PermissionStore store, String principalName)
{
+ public long getNumEntries(@Nonnull PermissionStore store,
+ @Nonnull String principalName) {
// todo: conditionally load entries if too many
return getEntries(store, principalName).getEntries().size();
}
- public void flush(Set<String> principalNames) {
+ public void flush(@Nonnull Set<String> principalNames) {
verified.removeAll(principalNames);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java?rev=1539774&r1=1539773&r2=1539774&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java
Thu Nov 7 19:32:41 2013
@@ -27,12 +27,15 @@ import org.apache.jackrabbit.oak.api.Tre
* {@code PermissionEntryProvider} provides permission entries for a given set
of principals.
* It may internally hold a cache to improve performance and usually operates
on the permission store.
*/
-public interface PermissionEntryProvider {
+interface PermissionEntryProvider {
+ @Nonnull
Iterator<PermissionEntry> getEntryIterator(@Nonnull EntryPredicate
predicate);
+ @Nonnull
Collection<PermissionEntry> getEntries(@Nonnull Tree accessControlledTree);
+ @Nonnull
Collection<PermissionEntry> getEntries(@Nonnull String
accessControlledPath);
void flush();
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java?rev=1539774&r1=1539773&r2=1539774&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
Thu Nov 7 19:32:41 2013
@@ -34,9 +34,9 @@ import com.google.common.base.Strings;
import com.google.common.collect.Iterators;
/**
- * {@code PermissionEntryProviderImpl} ...
+ * {@code PermissionEntryProviderImpl} ... TODO
*/
-public class PermissionEntryProviderImpl implements PermissionEntryProvider {
+class PermissionEntryProviderImpl implements PermissionEntryProvider {
private static final long MAX_SIZE = 250; // TODO define size or make
configurable
@@ -50,8 +50,8 @@ public class PermissionEntryProviderImpl
private final PermissionEntryCache.Local cache;
- protected PermissionEntryProviderImpl(@Nonnull PermissionStore store,
@Nonnull PermissionEntryCache.Local cache,
- @Nonnull Set<String> principalNames)
{
+ PermissionEntryProviderImpl(@Nonnull PermissionStore store, @Nonnull
PermissionEntryCache.Local cache,
+ @Nonnull Set<String> principalNames) {
this.store = store;
this.cache = cache;
this.principalNames = Collections.unmodifiableSet(principalNames);
@@ -90,6 +90,7 @@ public class PermissionEntryProviderImpl
init();
}
+ @Nonnull
public Iterator<PermissionEntry> getEntryIterator(@Nonnull EntryPredicate
predicate) {
if (existingNames.isEmpty()) {
return Iterators.emptyIterator();
@@ -98,6 +99,7 @@ public class PermissionEntryProviderImpl
}
}
+ @Nonnull
public Collection<PermissionEntry> getEntries(@Nonnull Tree
accessControlledTree) {
if (existingNames.isEmpty()) {
return Collections.emptyList();
