Author: baedke
Date: Thu Oct 13 13:54:24 2016
New Revision: 1764678
URL: http://svn.apache.org/viewvc?rev=1764678&view=rev
Log:
OAK-4930: External Principal Management: DynamicSyncContext makes redundant
calls to IdentityProvider.getIdentity()
Added:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
Added:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java?rev=1764678&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java
(added)
+++
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroupRef.java
Thu Oct 13 13:54:24 2016
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication.external;
+
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
+
+public class ExternalGroupRef extends ExternalIdentityRef {
+
+ /**svn st
+ *
+ * Creates a new external group ref with the given id and provider name
+ * @param id the id of the identity.
+ * @param providerName the name of the identity provider
+ */
+ public ExternalGroupRef(@Nonnull String id, @CheckForNull String
providerName) {
+ super(id, providerName);
+ }
+}
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java?rev=1764678&r1=1764677&r2=1764678&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
Thu Oct 13 13:54:24 2016
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroupRef;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
@@ -151,16 +152,22 @@ public class DynamicSyncContext extends
*/
private void collectPrincipalNames(@Nonnull Set<String> principalNames,
@Nonnull Iterable<ExternalIdentityRef> declaredGroupIdRefs, long depth) throws
ExternalIdentityException {
for (ExternalIdentityRef ref : declaredGroupIdRefs) {
- // get group
- ExternalIdentity extId = idp.getIdentity(ref);
- if (extId instanceof ExternalGroup) {
- principalNames.add(extId.getPrincipalName());
- // recursively apply further membership until the configured
depth is reached
- if (depth > 1) {
- collectPrincipalNames(principalNames,
extId.getDeclaredGroups(), depth - 1);
+ if (ref instanceof ExternalGroupRef && depth < 2) {
+ //in this case we can avoid calling idp.getIdentity(), saving
a roundtrip
+ principalNames.add(ref.getId());
+ }
+ else {
+ ExternalIdentity extId = idp.getIdentity(ref);
+ if (extId instanceof ExternalGroup) {
+ principalNames.add(ref.getId());
+ // recursively apply further membership until the
configured depth is reached
+ if (depth > 1) {
+ collectPrincipalNames(principalNames,
extId.getDeclaredGroups(), depth - 1);
+ }
+ }
+ else {
+ log.debug("Not an external group ({}) => ignore.", ref);
}
- } else {
- log.debug("Not an external group ({}) => ignore.", extId);
}
}
}
