Author: baedke Date: Thu Dec 1 15:27:44 2016 New Revision: 1772228 URL: http://svn.apache.org/viewvc?rev=1772228&view=rev Log: OAK-4930: External Principal Management: DynamicSyncContext makes redundant calls to IdentityProvider.getIdentity()
Partially reverting c1764678 which incorrectly uses an external identifier as a principal name (see OAK-5200). Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java?rev=1772228&r1=1772227&r2=1772228&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java Thu Dec 1 15:27:44 2016 @@ -152,26 +152,16 @@ public class DynamicSyncContext extends */ private void collectPrincipalNames(@Nonnull Set<String> principalNames, @Nonnull Iterable<ExternalIdentityRef> declaredGroupIdRefs, long depth) throws ExternalIdentityException { for (ExternalIdentityRef ref : declaredGroupIdRefs) { - if (ref instanceof ExternalGroupRef && depth < 2) { - // since the ExternalGroupRef marker already indicates that the - // ref points to an external group and we already reached the desired - // depth, we can avoid calling idp.getIdentity(), saving a roundtrip - // to the external IDP. - principalNames.add(ref.getId()); - } else { - // resolve identity from the reference to - // - make sure we it is an external group - // - recursively collect group-group membership - ExternalIdentity extId = idp.getIdentity(ref); - if (extId instanceof ExternalGroup) { - principalNames.add(ref.getId()); - // recursively apply further membership until the configured depth is reached - if (depth > 1) { - collectPrincipalNames(principalNames, extId.getDeclaredGroups(), depth - 1); - } - } else { - log.debug("Not an external group ({}) => ignore.", ref); + // get group + ExternalIdentity extId = idp.getIdentity(ref); + if (extId instanceof ExternalGroup) { + principalNames.add(extId.getPrincipalName()); + // recursively apply further membership until the configured depth is reached + if (depth > 1) { + collectPrincipalNames(principalNames, extId.getDeclaredGroups(), depth - 1); } + } else { + log.debug("Not an external group ({}) => ignore.", extId); } } }