Author: baedke Date: Thu Oct 13 13:54:24 2016 New Revision: 1764678 URL: http://svn.apache.org/viewvc?rev=1764678&view=rev Log: OAK-4930: External Principal Management: DynamicSyncContext makes redundant calls to IdentityProvider.getIdentity()
Added: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java Added: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java?rev=1764678&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java Thu Oct 13 13:54:24 2016 @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.authentication.external; + +import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; + +public class ExternalGroupRef extends ExternalIdentityRef { + + /**svn st + * + * Creates a new external group ref with the given id and provider name + * @param id the id of the identity. + * @param providerName the name of the identity provider + */ + public ExternalGroupRef(@Nonnull String id, @CheckForNull String providerName) { + super(id, providerName); + } +} Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java?rev=1764678&r1=1764677&r2=1764678&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java Thu Oct 13 13:54:24 2016 @@ -27,6 +27,7 @@ import org.apache.jackrabbit.api.securit import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup; +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroupRef; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider; @@ -151,16 +152,22 @@ public class DynamicSyncContext extends */ private void collectPrincipalNames(@Nonnull Set<String> principalNames, @Nonnull Iterable<ExternalIdentityRef> declaredGroupIdRefs, long depth) throws ExternalIdentityException { for (ExternalIdentityRef ref : declaredGroupIdRefs) { - // get group - ExternalIdentity extId = idp.getIdentity(ref); - if (extId instanceof ExternalGroup) { - principalNames.add(extId.getPrincipalName()); - // recursively apply further membership until the configured depth is reached - if (depth > 1) { - collectPrincipalNames(principalNames, extId.getDeclaredGroups(), depth - 1); + if (ref instanceof ExternalGroupRef && depth < 2) { + //in this case we can avoid calling idp.getIdentity(), saving a roundtrip + principalNames.add(ref.getId()); + } + else { + ExternalIdentity extId = idp.getIdentity(ref); + if (extId instanceof ExternalGroup) { + principalNames.add(ref.getId()); + // recursively apply further membership until the configured depth is reached + if (depth > 1) { + collectPrincipalNames(principalNames, extId.getDeclaredGroups(), depth - 1); + } + } + else { + log.debug("Not an external group ({}) => ignore.", ref); } - } else { - log.debug("Not an external group ({}) => ignore.", extId); } } }