Re: [PR] OAK-11498: Expose Session-bound principals via JackrabbitSession [jackrabbit-oak]

Tue, 24 Jun 2025 22:44:15 -0700 


Amoratinos commented on code in PR #2093:
URL: https://github.com/apache/jackrabbit-oak/pull/2093#discussion_r2164266787


##########
oak-jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java:
##########
@@ -277,6 +279,15 @@ default Node getParentOrNull(@NotNull Item item) throws 
RepositoryException {
             return null;
         }
     }
+   
+    /**
+     * Returns the set of principals associated with this session.
+     * @return the set of principals associated with this session.
+     * @throws RepositoryException in case principal information cannot be 
retrieved.
+     * @since 1.81
+     */
+    @NotNull Set<Principal> getPrincipals() throws RepositoryException;

Review Comment:
   @kwin what do you think about: 
   
   ```java
       @NotNull
       default Set<Principal> getPrincipals() throws RepositoryException {
           String userId = getUserID();
           if (userId == null) {
               throw new UnsupportedRepositoryOperationException("No user ID 
associated with this session.");
           }
   
           Authorizable authorizable = getUserManager().getAuthorizable(userId);
           if (authorizable == null) {
               throw new UnsupportedRepositoryOperationException("No 
authorizable found for user ID: " + userId);
           }
   
           if (!authorizable.isGroup() && ((User) authorizable).isSystemUser()) 
{
               throw new UnsupportedRepositoryOperationException("Unable to 
calculate effective set of principals for system user " + userId);
               // alternatively:
               // return Collections.singleton(authorizable.getPrincipal));
           }
   
           Principal userPrincipal = authorizable.getPrincipal();
           Set<Principal> principals = new java.util.HashSet<>();
           principals.add(userPrincipal);
           PrincipalIterator iterator =  
getPrincipalManager().getGroupMembership(userPrincipal);
           while (iterator.hasNext()) {
               principals.add(iterator.nextPrincipal());
           }
           return principals;
       }
   ```
   
   I've aligned with @anchela about the implementation, we thought about 
returning an empty set instead of throwing an exception but this could be 
misleading.
   
   EDIT: I've edit the code to include a check for system user



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: oak-dev-unsubscr...@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to