[399480] [Security] Server should automatically reload the security

realm on commit https://bugs.eclipse.org/bugs/show_bug.cgi?id=399480
author: Eike Stepper 2013-10-01 09:38:48 +0000
committer: Eike Stepper 2013-10-01 09:38:48 +0000
commit: 04c53c1cb3132f7d3e674dfae3b7dbddafce6e03 (patch)
tree: 04c8e10aa3121eb39fede3b52986c3ae6387870d
parent: e62d9d1c70b3a699f1ffd5ec3e50cbe4c7c19eb2 (diff)
download: cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.tar.gz
cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.tar.xz
cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.zip
18 files changed, 214 insertions, 126 deletions
diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java
index 5be8ba2757..3d212f0f8a 100644
--- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java
+++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java
@@ -28,6 +28,7 @@ import org.eclipse.emf.cdo.common.lob.CDOLobInfo;
 import org.eclipse.emf.cdo.common.lock.CDOLockState;
 import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
 import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.revision.CDORevisionHandler;
 import org.eclipse.emf.cdo.common.revision.CDORevisionKey;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -555,7 +556,7 @@ public class CDOClientProtocol extends SignalProtocol<CDOSession> implements CDO
     send(new SetLockNotificationModeRequest(this, mode));
   }
 
-  public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
+  public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
   {
     return send(new LoadPermissionsRequest(this, revisions));
   }
diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java
index d72062c957..25ef8f885c 100644
--- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java
+++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java
@@ -339,7 +339,7 @@ public class CommitTransactionRequest extends CDOClientRequestWithMonitoring<Com
     result.setClearResourcePathCache(clearResourcePathCache);
     result.setBranchPoint(in.readCDOBranchPoint());
     result.setPreviousTimeStamp(in.readLong());
-    result.setClearPermissionCache(in.readBoolean());
+    result.setSecurityImpact(in.readByte());
     return result;
   }
 
diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java
index ec6479c795..897032044d 100644
--- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java
+++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java
@@ -14,6 +14,7 @@ import org.eclipse.emf.cdo.common.id.CDOID;
 import org.eclipse.emf.cdo.common.protocol.CDODataInput;
 import org.eclipse.emf.cdo.common.protocol.CDODataOutput;
 import org.eclipse.emf.cdo.common.protocol.CDOProtocolConstants;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
 import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision;
 
@@ -24,7 +25,7 @@ import java.util.Map;
 /**
  * @author Eike Stepper
  */
-public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevision, CDOPermission>>
+public class LoadPermissionsRequest extends CDOClientRequest<Map<CDORevision, CDOPermission>>
 {
   private InternalCDORevision[] revisions;
 
@@ -55,9 +56,9 @@ public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevi
   }
 
   @Override
-  protected Map<InternalCDORevision, CDOPermission> confirming(CDODataInput in) throws IOException
+  protected Map<CDORevision, CDOPermission> confirming(CDODataInput in) throws IOException
   {
-    Map<InternalCDORevision, CDOPermission> oldPermissions = new HashMap<InternalCDORevision, CDOPermission>();
+    Map<CDORevision, CDOPermission> oldPermissions = null;
 
     int length = revisions.length;
     for (int i = 0; i < length; i++)
@@ -89,6 +90,12 @@ public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevi
         }
 
         revision.setPermission(newPermission);
+
+        if (oldPermissions == null)
+        {
+          oldPermissions = new HashMap<CDORevision, CDOPermission>();
+        }
+
         oldPermissions.put(revision, oldPermission);
       }
     }
diff --git a/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java b/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java
index e328a7cc48..1dde0ebbff 100644
--- a/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java
+++ b/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java
@@ -18,9 +18,9 @@ import org.eclipse.emf.cdo.common.id.CDOID;
 import org.eclipse.emf.cdo.common.id.CDOIDReference;
 import org.eclipse.emf.cdo.common.id.CDOIDUtil;
 import org.eclipse.emf.cdo.common.lock.CDOLockState;
+import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo;
 import org.eclipse.emf.cdo.common.protocol.CDOProtocolConstants;
 import org.eclipse.emf.cdo.common.revision.CDORevision;
-import org.eclipse.emf.cdo.server.ISession;
 import org.eclipse.emf.cdo.server.IView;
 import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageRegistry;
 import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageUnit;
@@ -135,19 +135,9 @@ public class HibernateRawCommitContext implements InternalCommitContext
     return HibernateThreadContext.getCurrentStoreAccessor().getStore().getRepository().getPackageRegistry();
   }
 
-  public ISession getSender()
+  public byte getSecurityImpact()
   {
-    return null;
-  }
-
-  public CDOCommitInfo getCommitInfo()
-  {
-    return null;
-  }
-
-  public boolean isClearPermissionCache()
-  {
-    return false;
+    return CommitNotificationInfo.IMPACT_NONE;
   }
 
   public void setSecurityImpact(byte securityImpact, Set<? extends Object> impactedRules)
@@ -260,16 +250,6 @@ public class HibernateRawCommitContext implements InternalCommitContext
     return null;
   }
 
-  public void setDirtyObjects(List<InternalCDORevision> dirtyObjects)
-  {
-    this.dirtyObjects = dirtyObjects;
-  }
-
-  public void setNewObjects(List<InternalCDORevision> newObjects)
-  {
-    this.newObjects = newObjects;
-  }
-
   public void preWrite()
   {
   }
diff --git a/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java b/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java
index 830c040cc7..6177acfddf 100644
--- a/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java
+++ b/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java
@@ -378,7 +378,7 @@ public class CommitTransactionIndication extends CDOServerIndicationWithMonitori
   {
     out.writeCDOBranchPoint(commitContext.getBranchPoint());
     out.writeLong(commitContext.getPreviousTimeStamp());
-    out.writeBoolean(commitContext.isClearPermissionCache());
+    out.writeByte(commitContext.getSecurityImpact());
   }
 
   protected void respondingMappingNewObjects(CDODataOutput out) throws Exception
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 0ef4eaf529..08ba264124 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -57,6 +57,7 @@ import org.eclipse.emf.cdo.spi.server.InternalSessionManager;
 import org.eclipse.emf.cdo.transaction.CDOTransaction;
 import org.eclipse.emf.cdo.util.CommitException;
 import org.eclipse.emf.cdo.view.CDOView;
+import org.eclipse.emf.cdo.view.CDOViewInvalidationEvent;
 
 import org.eclipse.net4j.Net4jUtil;
 import org.eclipse.net4j.acceptor.IAcceptor;
@@ -67,6 +68,7 @@ import org.eclipse.net4j.util.collection.HashBag;
 import org.eclipse.net4j.util.container.ContainerEventAdapter;
 import org.eclipse.net4j.util.container.IContainer;
 import org.eclipse.net4j.util.container.IManagedContainer;
+import org.eclipse.net4j.util.event.IEvent;
 import org.eclipse.net4j.util.event.IListener;
 import org.eclipse.net4j.util.lifecycle.ILifecycle;
 import org.eclipse.net4j.util.lifecycle.Lifecycle;
@@ -77,6 +79,7 @@ import org.eclipse.net4j.util.security.IAuthenticator;
 import org.eclipse.net4j.util.security.IPasswordCredentials;
 
 import org.eclipse.emf.common.util.EList;
+import org.eclipse.emf.spi.cdo.InternalCDOSessionInvalidationEvent;
 
 import java.util.Arrays;
 import java.util.HashMap;
@@ -118,6 +121,31 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     }
   };
 
+  private final IListener systemListener = new IListener()
+  {
+    private boolean clearUserInfos;
+
+    public void notifyEvent(IEvent event)
+    {
+      if (event instanceof InternalCDOSessionInvalidationEvent)
+      {
+        InternalCDOSessionInvalidationEvent e = (InternalCDOSessionInvalidationEvent)event;
+        if (e.getSecurityImpact() == CommitNotificationInfo.IMPACT_REALM)
+        {
+          clearUserInfos = true;
+        }
+      }
+      else if (event instanceof CDOViewInvalidationEvent)
+      {
+        if (clearUserInfos)
+        {
+          clearUserInfos();
+          clearUserInfos = false;
+        }
+      }
+    }
+  };
+
   private final IAuthenticator authenticator = new Authenticator();
 
   private final IPermissionManager permissionManager = new PermissionManager();
@@ -148,7 +176,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 
   private CDONet4jSession systemSession;
 
-  private CDOView view;
+  private CDOView systemView;
 
   private Realm realm;
 
@@ -367,7 +395,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 
       if (waitUntilReadable)
       {
-        view.waitForUpdate(commit.getTimeStamp());
+        systemView.waitForUpdate(commit.getTimeStamp());
       }
     }
     catch (CommitException ex)
@@ -505,28 +533,30 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     config.setUserID(SYSTEM_USER_ID);
 
     systemSession = config.openNet4jSession();
-    CDOTransaction transaction = systemSession.openTransaction();
+    systemSession.addListener(systemListener);
 
-    boolean firstTime = !transaction.hasResource(realmPath);
+    CDOTransaction initialTransaction = systemSession.openTransaction();
+
+    boolean firstTime = !initialTransaction.hasResource(realmPath);
     if (firstTime)
     {
       realm = createRealm();
 
-      CDOResource resource = transaction.createResource(realmPath);
+      CDOResource resource = initialTransaction.createResource(realmPath);
       resource.getContents().add(realm);
 
       OM.LOG.info("Security realm created in " + realmPath);
     }
     else
     {
-      CDOResource resource = transaction.getResource(realmPath);
+      CDOResource resource = initialTransaction.getResource(realmPath);
       realm = (Realm)resource.getContents().get(0);
       OM.LOG.info("Security realm loaded from " + realmPath);
     }
 
     try
     {
-      transaction.commit();
+      initialTransaction.commit();
     }
     catch (Exception ex)
     {
@@ -534,11 +564,13 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     }
     finally
     {
-      transaction.close();
+      initialTransaction.close();
     }
 
-    view = systemSession.openView();
-    realm = view.getObject(realm);
+    systemView = systemSession.openView();
+    systemView.addListener(systemListener);
+
+    realm = systemView.getObject(realm);
     realmID = realm.cdoID();
 
     InternalSessionManager sessionManager = repository.getSessionManager();
@@ -740,6 +772,16 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     return userInfo;
   }
 
+  protected void clearUserInfos()
+  {
+    synchronized (userInfos)
+    {
+      userInfos.clear();
+      permissionBag.clear();
+      permissionArray = null;
+    }
+  }
+
   @Override
   protected void doActivate() throws Exception
   {
@@ -750,16 +792,14 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
   @Override
   protected void doDeactivate() throws Exception
   {
-    userInfos.clear();
-    permissionBag.clear();
-    permissionArray = null;
+    clearUserInfos();
 
     realm = null;
     realmID = null;
 
     systemSession.close();
     systemSession = null;
-    view = null;
+    systemView = null;
 
     connector.close();
     connector = null;
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java
index 75b3189233..4a52229b93 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java
@@ -951,7 +951,7 @@ public class ServerCDOView extends AbstractCDOView implements org.eclipse.emf.cd
     }
 
     public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache,
-        boolean clearPermissionCache, Map<CDOID, CDOPermission> permissions)
+        byte securityImpact, Map<CDOID, CDOPermission> newPermissions)
     {
       throw new UnsupportedOperationException();
     }
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java
index d4c16c6af9..32681ac6e1 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java
@@ -260,9 +260,9 @@ public class TransactionCommitContext implements InternalCommitContext
     return commitNotificationInfo.isClearResourcePathCache();
   }
 
-  public boolean isClearPermissionCache()
+  public byte getSecurityImpact()
   {
-    return commitNotificationInfo.getSecurityImpact() != CommitNotificationInfo.IMPACT_NONE;
+    return commitNotificationInfo.getSecurityImpact();
   }
 
   public boolean isUsingEcore()
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java
index a2f70b3867..e9754677a5 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java
@@ -29,6 +29,7 @@ import org.eclipse.emf.cdo.common.lock.CDOLockState;
 import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
 import org.eclipse.emf.cdo.common.protocol.CDOAuthenticator;
 import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.revision.CDORevisionHandler;
 import org.eclipse.emf.cdo.common.revision.CDORevisionKey;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -560,7 +561,7 @@ public class EmbeddedClientSessionProtocol extends Lifecycle implements CDOSessi
     throw new UnsupportedOperationException();
   }
 
-  public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
+  public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
   {
     throw new UnsupportedOperationException();
   }
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java
index 11bab73187..62059a2667 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java
@@ -331,7 +331,7 @@ public interface IStoreAccessor extends IQueryHandlerProvider, BranchLoader, Com
     /**
      * @since 4.3
      */
-    public boolean isClearPermissionCache();
+    public byte getSecurityImpact();
 
     /**
      * @since 4.2
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java
index 7f499fc318..c10fbc86fd 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java
@@ -14,10 +14,13 @@ package org.eclipse.emf.cdo.session;
 import org.eclipse.emf.cdo.CDOInvalidationNotification;
 import org.eclipse.emf.cdo.common.commit.CDOCommitInfo;
 import org.eclipse.emf.cdo.common.revision.CDORevision;
+import org.eclipse.emf.cdo.common.security.CDOPermission;
 import org.eclipse.emf.cdo.transaction.CDOTransaction;
 import org.eclipse.emf.cdo.view.CDOAdapterPolicy;
 import org.eclipse.emf.cdo.view.CDOView;
 
+import java.util.Map;
+
 /**
  * A {@link CDOSessionEvent session event} fired when passive updates (commit notifications) are being received from a
  * remote repository. {@link CDOSession.Options#setPassiveUpdateEnabled(boolean) Passive updates} must be enabled for
@@ -52,4 +55,9 @@ public interface CDOSessionInvalidationEvent extends CDOSessionEvent, CDOCommitI
    * @since 3.0
    */
   public boolean isRemote();
+
+  /**
+   * @since 4.3
+   */
+  public Map<CDORevision, CDOPermission> getOldPermissions();
 }
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java
index 59e121ab0f..6b09363aa6 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java
@@ -124,6 +124,7 @@ import org.eclipse.emf.spi.cdo.CDOSessionProtocol.RefreshSessionResult;
 import org.eclipse.emf.spi.cdo.InternalCDOObject;
 import org.eclipse.emf.spi.cdo.InternalCDORemoteSessionManager;
 import org.eclipse.emf.spi.cdo.InternalCDOSession;
+import org.eclipse.emf.spi.cdo.InternalCDOSessionInvalidationEvent;
 import org.eclipse.emf.spi.cdo.InternalCDOTransaction;
 import org.eclipse.emf.spi.cdo.InternalCDOView;
 
@@ -919,10 +920,10 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
       registerPackageUnits(commitInfo.getNewPackageUnits());
 
       boolean clearResourcePathCache = info.isClearResourcePathCache();
-      boolean clearPermissionCache = info.getSecurityImpact() != CommitNotificationInfo.IMPACT_NONE;
+      byte securityImpact = info.getSecurityImpact();
       Map<CDOID, CDOPermission> newPermissions = info.getNewPermissions();
 
-      invalidate(commitInfo, null, clearResourcePathCache, clearPermissionCache, newPermissions);
+      invalidate(commitInfo, null, clearResourcePathCache, securityImpact, newPermissions);
     }
     catch (RuntimeException ex)
     {
@@ -1056,9 +1057,9 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
   }
 
   public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache,
-      boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions)
+      byte securityImpact, Map<CDOID, CDOPermission> newPermissions)
   {
-    invalidator.reorderInvalidations(commitInfo, sender, clearResourcePathCache, clearPermissionCache, newPermissions);
+    invalidator.reorderInvalidations(commitInfo, sender, clearResourcePathCache, securityImpact, newPermissions);
   }
 
   public ILifecycle getInvalidator()
@@ -1749,14 +1750,14 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
     }
 
     public synchronized void reorderInvalidations(CDOCommitInfo commitInfo, InternalCDOTransaction sender,
-        boolean clearResourcePathCache, boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions)
+        boolean clearResourcePathCache, byte securityImpact, Map<CDOID, CDOPermission> newPermissions)
     {
       if (!isActive())
       {
         return;
       }
 
-      Invalidation invalidation = new Invalidation(commitInfo, sender, clearResourcePathCache, clearPermissionCache,
+      Invalidation invalidation = new Invalidation(commitInfo, sender, clearResourcePathCache, securityImpact,
           newPermissions);
 
       reorderQueue.add(invalidation);
@@ -1828,17 +1829,17 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
 
     private final boolean clearResourcePathCache;
 
-    private final boolean clearPermissionCache;
+    private final byte securityImpact;
 
     private final Map<CDOID, CDOPermission> newPermissions;
 
     public Invalidation(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache,
-        boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions)
+        byte securityImpact, Map<CDOID, CDOPermission> newPermissions)
     {
       this.commitInfo = commitInfo;
       this.sender = sender;
       this.clearResourcePathCache = clearResourcePathCache;
-      this.clearPermissionCache = clearPermissionCache;
+      this.securityImpact = securityImpact;
       this.newPermissions = newPermissions;
     }
 
@@ -1876,14 +1877,15 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
       try
       {
         InternalCDOView[] views = getViews();
+        Map<CDORevision, CDOPermission> oldPermissions = null;
         Map<CDOID, InternalCDORevision> oldRevisions = null;
 
         boolean success = commitInfo.getBranch() != null;
         if (success)
         {
-          if (clearPermissionCache)
+          if (securityImpact != CommitNotificationInfo.IMPACT_NONE)
           {
-            updatePermissions(views);
+            oldPermissions = updatePermissions(views);
           }
 
           oldRevisions = reviseRevisions();
@@ -1896,7 +1898,7 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
 
         if (success)
         {
-          CDOSessionImpl.this.fireEvent(new InvalidationEvent(sender, commitInfo));
+          CDOSessionImpl.this.fireEvent(new InvalidationEvent(sender, commitInfo, securityImpact, oldPermissions));
           commitInfoManager.notifyCommitInfoHandlers(commitInfo);
         }
 
@@ -1925,6 +1927,56 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
       }
     }
 
+    private Map<CDORevision, CDOPermission> updatePermissions(InternalCDOView[] views)
+    {
+      CDOPermissionUpdater permissionUpdater = options().getPermissionUpdater();
+      if (permissionUpdater != null)
+      {
+        CDOBranchPoint head = getBranchManager().getMainBranch().getHead();
+        Set<InternalCDORevision> revisions = new HashSet<InternalCDORevision>();
+
+        for (int i = 0; i < views.length; i++)
+        {
+          InternalCDOView view = views[i];
+          if (!head.equals(view))
+          {
+            throw new IllegalStateException("Security not supported with auditing or branching");
+          }
+
+          for (InternalCDOObject object : view.getObjects().values())
+          {
+            InternalCDORevision revision;
+
+            CDOState state = object.cdoState();
+            switch (state)
+            {
+            case CLEAN:
+              revision = object.cdoRevision();
+              break;
+
+            case DIRTY:
+            case CONFLICT:
+              CDOID id = object.cdoID();
+              revision = getRevisionManager().getRevision(id, head, 0, CDORevision.DEPTH_NONE, false);
+              break;
+
+            default:
+              continue;
+            }
+
+            if (revision != null)
+            {
+              revisions.add(revision);
+            }
+          }
+        }
+
+        return permissionUpdater.updatePermissions(CDOSessionImpl.this, revisions);
+      }
+
+      return null;
+    }
+
     private Map<CDOID, InternalCDORevision> reviseRevisions()
     {
       Map<CDOID, InternalCDORevision> oldRevisions = null;
@@ -2005,56 +2057,6 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
       return oldRevisions;
     }
 
-    private Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOView[] views)
-    {
-      CDOPermissionUpdater permissionUpdater = options().getPermissionUpdater();
-      if (permissionUpdater != null)
-      {
-        CDOBranchPoint head = getBranchManager().getMainBranch().getHead();
-        Set<InternalCDORevision> revisions = new HashSet<InternalCDORevision>();
-
-        for (int i = 0; i < views.length; i++)
-        {
-          InternalCDOView view = views[i];
-          if (!head.equals(view))
-          {
-            throw new IllegalStateException("Security not supported with auditing or branching");
-          }
-
-          for (InternalCDOObject object : view.getObjects().values())
-          {
-            InternalCDORevision revision;
-
-            CDOState state = object.cdoState();
-            switch (state)
-            {
-            case CLEAN:
-              revision = object.cdoRevision();
-              break;
-
-            case DIRTY:
-            case CONFLICT:
-              CDOID id = object.cdoID();
-              revision = getRevisionManager().getRevision(id, head, 0, CDORevision.DEPTH_NONE, false);
-              break;
-
-            default:
-              continue;
-            }
-
-            if (revision != null)
-            {
-              revisions.add(revision);
-            }
-          }
-        }
-
-        return permissionUpdater.updatePermissions(CDOSessionImpl.this, revisions);
-      }
-
-      return null;
-    }
-
     private void addNewRevision(InternalCDORevision newRevision)
     {
       if (newPermissions != null)
@@ -2111,7 +2113,7 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
   /**
    * @author Eike Stepper
    */
-  private final class InvalidationEvent extends Event implements CDOSessionInvalidationEvent
+  private final class InvalidationEvent extends Event implements InternalCDOSessionInvalidationEvent
   {
     private static final long serialVersionUID = 1L;
 
@@ -2119,11 +2121,18 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
 
     private CDOCommitInfo commitInfo;
 
-    public InvalidationEvent(InternalCDOTransaction sender, CDOCommitInfo commitInfo)
+    private byte securityImpact;
+
+    private Map<CDORevision, CDOPermission> oldPermissions;
+
+    public InvalidationEvent(InternalCDOTransaction sender, CDOCommitInfo commitInfo, byte securityImpact,
+        Map<CDORevision, CDOPermission> oldPermissions)
     {
       super(CDOSessionImpl.this);
       this.sender = sender;
       this.commitInfo = commitInfo;
+      this.securityImpact = securityImpact;
+      this.oldPermissions = oldPermissions;
     }
 
     @Override
@@ -2233,6 +2242,16 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
       return commitInfo.getChangeKind(id);
     }
 
+    public byte getSecurityImpact()
+    {
+      return securityImpact;
+    }
+
+    public Map<CDORevision, CDOPermission> getOldPermissions()
+    {
+      return oldPermissions;
+    }
+
     @Override
     public String toString()
     {
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java
index 31224e7359..af0b18fc1d 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java
@@ -28,6 +28,7 @@ import org.eclipse.emf.cdo.common.lob.CDOLobInfo;
 import org.eclipse.emf.cdo.common.lock.CDOLockState;
 import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
 import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.revision.CDORevisionHandler;
 import org.eclipse.emf.cdo.common.revision.CDORevisionKey;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -916,7 +917,7 @@ public class DelegatingSessionProtocol extends Lifecycle implements CDOSessionPr
     }
   }
 
-  public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
+  public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
   {
     int attempt = 0;
     for (;;)
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java
index 4ad46970b1..3193e5008e 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java
@@ -46,6 +46,7 @@ import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
 import org.eclipse.emf.cdo.common.model.EMFUtil;
 import org.eclipse.emf.cdo.common.protocol.CDODataInput;
 import org.eclipse.emf.cdo.common.protocol.CDODataOutput;
+import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo;
 import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
 import org.eclipse.emf.cdo.common.revision.CDOList;
 import org.eclipse.emf.cdo.common.revision.CDOListFactory;
@@ -2996,7 +2997,7 @@ public class CDOTransactionImpl extends CDOViewImpl implements InternalCDOTransa
         if (result.getRollbackMessage() != null)
         {
           CDOCommitInfo commitInfo = new FailureCommitInfo(timeStamp, result.getPreviousTimeStamp());
-          session.invalidate(commitInfo, transaction, clearResourcePathCache, false, null);
+          session.invalidate(commitInfo, transaction, clearResourcePathCache, CommitNotificationInfo.IMPACT_NONE, null);
           return;
         }
 
@@ -3029,9 +3030,9 @@ public class CDOTransactionImpl extends CDOViewImpl implements InternalCDOTransa
         CDOCommitInfo commitInfo = makeCommitInfo(timeStamp, result.getPreviousTimeStamp());
         if (!commitInfo.isEmpty())
         {
-          boolean clearPermissionCache = result.isClearPermissionCache();
+          byte securityImpact = result.getSecurityImpact();
           Map<CDOID, CDOPermission> newPermissions = result.getNewPermissions();
-          session.invalidate(commitInfo, transaction, clearResourcePathCache, clearPermissionCache, newPermissions);
+          session.invalidate(commitInfo, transaction, clearResourcePathCache, securityImpact, newPermissions);
         }
 
         // Bug 290032 - Sticky views
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java
index eea93477c9..c4cfce3e7a 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java
@@ -10,6 +10,7 @@
  */
 package org.eclipse.emf.spi.cdo;
 
+import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
 import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision;
 
@@ -24,7 +25,7 @@ public interface CDOPermissionUpdater
 {
   public static final CDOPermissionUpdater SERVER = new CDOPermissionUpdater()
   {
-    public Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOSession session,
+    public Map<CDORevision, CDOPermission> updatePermissions(InternalCDOSession session,
         Set<InternalCDORevision> revisions)
     {
       InternalCDORevision[] revisionArray = revisions.toArray(new InternalCDORevision[revisions.size()]);
@@ -33,6 +34,6 @@ public interface CDOPermissionUpdater
     }
   };
 
-  public Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOSession session,
+  public Map<CDORevision, CDOPermission> updatePermissions(InternalCDOSession session,
       Set<InternalCDORevision> revisions);
 }
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java
index fb3625cc19..c655a31c50 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java
@@ -30,6 +30,7 @@ import org.eclipse.emf.cdo.common.lock.CDOLockState;
 import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
 import org.eclipse.emf.cdo.common.protocol.CDOProtocol;
 import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.revision.CDORevisionKey;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
 import org.eclipse.emf.cdo.common.util.CDOCommonUtil;
@@ -293,7 +294,7 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo
   /**
    * @since 4.3
    */
-  public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions);
+  public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions);
 
   /**
    * If the meaning of this type isn't clear, there really should be more of a description here...
@@ -692,7 +693,7 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo
 
     private boolean clearResourcePathCache;
 
-    private boolean clearPermissionCache;
+    private byte securityImpact;
 
     private Map<CDOID, CDOPermission> newPermissions;
 
@@ -869,17 +870,17 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo
     /**
      * @since 4.3
      */
-    public boolean isClearPermissionCache()
+    public byte getSecurityImpact()
     {
-      return clearPermissionCache;
+      return securityImpact;
     }
 
     /**
      * @since 4.3
      */
-    public void setClearPermissionCache(boolean clearPermissionCache)
+    public void setSecurityImpact(byte securityImpact)
     {
-      this.clearPermissionCache = clearPermissionCache;
+      this.securityImpact = securityImpact;
     }
 
     /**
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java
index 433122350c..e5b1ac73b5 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java
@@ -235,7 +235,7 @@ public interface InternalCDOSession extends CDOSession, PackageProcessor, Packag
 
   /**
    * @since 4.2
-   * @deprecated As of 4.3 use {@link #invalidate(CDOCommitInfo, InternalCDOTransaction, boolean, boolean, Map)}.
+   * @deprecated As of 4.3 use {@link #invalidate(CDOCommitInfo, InternalCDOTransaction, boolean, byte, Map)}.
    */
   @Deprecated
   public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache);
@@ -244,7 +244,7 @@ public interface InternalCDOSession extends CDOSession, PackageProcessor, Packag
    * @since 4.3
    */
   public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache,
-      boolean clearPermissionCache, Map<CDOID, CDOPermission> permissions);
+      byte securityImpact, Map<CDOID, CDOPermission> newPermissions);
 
   /**
    * @since 3.0
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java
new file mode 100644
index 0000000000..a5b77d08e0
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *    Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.spi.cdo;
+
+import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo;
+import org.eclipse.emf.cdo.session.CDOSessionInvalidationEvent;
+
+/**
+ * @author Eike Stepper
+ * @since 4.3
+ */
+public interface InternalCDOSessionInvalidationEvent extends CDOSessionInvalidationEvent
+{
+  /**
+   * @see CommitNotificationInfo#IMPACT_NONE
+   * @see CommitNotificationInfo#IMPACT_PERMISSIONS
+   * @see CommitNotificationInfo#IMPACT_REALM
+   */
+  public byte getSecurityImpact();
+}
author	Eike Stepper	2013-10-01 09:38:48 +0000
committer	Eike Stepper	2013-10-01 09:38:48 +0000
commit	04c53c1cb3132f7d3e674dfae3b7dbddafce6e03 (patch)
tree	04c8e10aa3121eb39fede3b52986c3ae6387870d
parent	e62d9d1c70b3a699f1ffd5ec3e50cbe4c7c19eb2 (diff)
download	cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.tar.gz cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.tar.xz cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.zip