diff options
author | Eike Stepper | 2013-10-01 09:38:48 +0000 |
---|---|---|
committer | Eike Stepper | 2013-10-01 09:38:48 +0000 |
commit | 04c53c1cb3132f7d3e674dfae3b7dbddafce6e03 (patch) | |
tree | 04c8e10aa3121eb39fede3b52986c3ae6387870d | |
parent | e62d9d1c70b3a699f1ffd5ec3e50cbe4c7c19eb2 (diff) | |
download | cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.tar.gz cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.tar.xz cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.zip |
[399480] [Security] Server should automatically reload the security
realm on commit
https://bugs.eclipse.org/bugs/show_bug.cgi?id=399480
18 files changed, 214 insertions, 126 deletions
diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java index 5be8ba2757..3d212f0f8a 100644 --- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java +++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java @@ -28,6 +28,7 @@ import org.eclipse.emf.cdo.common.lob.CDOLobInfo; import org.eclipse.emf.cdo.common.lock.CDOLockState; import org.eclipse.emf.cdo.common.model.CDOPackageUnit; import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion; +import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.revision.CDORevisionHandler; import org.eclipse.emf.cdo.common.revision.CDORevisionKey; import org.eclipse.emf.cdo.common.security.CDOPermission; @@ -555,7 +556,7 @@ public class CDOClientProtocol extends SignalProtocol<CDOSession> implements CDO send(new SetLockNotificationModeRequest(this, mode)); } - public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions) + public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions) { return send(new LoadPermissionsRequest(this, revisions)); } diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java index d72062c957..25ef8f885c 100644 --- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java +++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java @@ -339,7 +339,7 @@ public class CommitTransactionRequest extends CDOClientRequestWithMonitoring<Com result.setClearResourcePathCache(clearResourcePathCache); result.setBranchPoint(in.readCDOBranchPoint()); result.setPreviousTimeStamp(in.readLong()); - result.setClearPermissionCache(in.readBoolean()); + result.setSecurityImpact(in.readByte()); return result; } diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java index ec6479c795..897032044d 100644 --- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java +++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java @@ -14,6 +14,7 @@ import org.eclipse.emf.cdo.common.id.CDOID; import org.eclipse.emf.cdo.common.protocol.CDODataInput; import org.eclipse.emf.cdo.common.protocol.CDODataOutput; import org.eclipse.emf.cdo.common.protocol.CDOProtocolConstants; +import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.security.CDOPermission; import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision; @@ -24,7 +25,7 @@ import java.util.Map; /** * @author Eike Stepper */ -public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevision, CDOPermission>> +public class LoadPermissionsRequest extends CDOClientRequest<Map<CDORevision, CDOPermission>> { private InternalCDORevision[] revisions; @@ -55,9 +56,9 @@ public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevi } @Override - protected Map<InternalCDORevision, CDOPermission> confirming(CDODataInput in) throws IOException + protected Map<CDORevision, CDOPermission> confirming(CDODataInput in) throws IOException { - Map<InternalCDORevision, CDOPermission> oldPermissions = new HashMap<InternalCDORevision, CDOPermission>(); + Map<CDORevision, CDOPermission> oldPermissions = null; int length = revisions.length; for (int i = 0; i < length; i++) @@ -89,6 +90,12 @@ public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevi } revision.setPermission(newPermission); + + if (oldPermissions == null) + { + oldPermissions = new HashMap<CDORevision, CDOPermission>(); + } + oldPermissions.put(revision, oldPermission); } } diff --git a/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java b/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java index e328a7cc48..1dde0ebbff 100644 --- a/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java +++ b/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java @@ -18,9 +18,9 @@ import org.eclipse.emf.cdo.common.id.CDOID; import org.eclipse.emf.cdo.common.id.CDOIDReference; import org.eclipse.emf.cdo.common.id.CDOIDUtil; import org.eclipse.emf.cdo.common.lock.CDOLockState; +import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo; import org.eclipse.emf.cdo.common.protocol.CDOProtocolConstants; import org.eclipse.emf.cdo.common.revision.CDORevision; -import org.eclipse.emf.cdo.server.ISession; import org.eclipse.emf.cdo.server.IView; import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageRegistry; import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageUnit; @@ -135,19 +135,9 @@ public class HibernateRawCommitContext implements InternalCommitContext return HibernateThreadContext.getCurrentStoreAccessor().getStore().getRepository().getPackageRegistry(); } - public ISession getSender() + public byte getSecurityImpact() { - return null; - } - - public CDOCommitInfo getCommitInfo() - { - return null; - } - - public boolean isClearPermissionCache() - { - return false; + return CommitNotificationInfo.IMPACT_NONE; } public void setSecurityImpact(byte securityImpact, Set<? extends Object> impactedRules) @@ -260,16 +250,6 @@ public class HibernateRawCommitContext implements InternalCommitContext return null; } - public void setDirtyObjects(List<InternalCDORevision> dirtyObjects) - { - this.dirtyObjects = dirtyObjects; - } - - public void setNewObjects(List<InternalCDORevision> newObjects) - { - this.newObjects = newObjects; - } - public void preWrite() { } diff --git a/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java b/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java index 830c040cc7..6177acfddf 100644 --- a/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java +++ b/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java @@ -378,7 +378,7 @@ public class CommitTransactionIndication extends CDOServerIndicationWithMonitori { out.writeCDOBranchPoint(commitContext.getBranchPoint()); out.writeLong(commitContext.getPreviousTimeStamp()); - out.writeBoolean(commitContext.isClearPermissionCache()); + out.writeByte(commitContext.getSecurityImpact()); } protected void respondingMappingNewObjects(CDODataOutput out) throws Exception diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java index 0ef4eaf529..08ba264124 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java @@ -57,6 +57,7 @@ import org.eclipse.emf.cdo.spi.server.InternalSessionManager; import org.eclipse.emf.cdo.transaction.CDOTransaction; import org.eclipse.emf.cdo.util.CommitException; import org.eclipse.emf.cdo.view.CDOView; +import org.eclipse.emf.cdo.view.CDOViewInvalidationEvent; import org.eclipse.net4j.Net4jUtil; import org.eclipse.net4j.acceptor.IAcceptor; @@ -67,6 +68,7 @@ import org.eclipse.net4j.util.collection.HashBag; import org.eclipse.net4j.util.container.ContainerEventAdapter; import org.eclipse.net4j.util.container.IContainer; import org.eclipse.net4j.util.container.IManagedContainer; +import org.eclipse.net4j.util.event.IEvent; import org.eclipse.net4j.util.event.IListener; import org.eclipse.net4j.util.lifecycle.ILifecycle; import org.eclipse.net4j.util.lifecycle.Lifecycle; @@ -77,6 +79,7 @@ import org.eclipse.net4j.util.security.IAuthenticator; import org.eclipse.net4j.util.security.IPasswordCredentials; import org.eclipse.emf.common.util.EList; +import org.eclipse.emf.spi.cdo.InternalCDOSessionInvalidationEvent; import java.util.Arrays; import java.util.HashMap; @@ -118,6 +121,31 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage } }; + private final IListener systemListener = new IListener() + { + private boolean clearUserInfos; + + public void notifyEvent(IEvent event) + { + if (event instanceof InternalCDOSessionInvalidationEvent) + { + InternalCDOSessionInvalidationEvent e = (InternalCDOSessionInvalidationEvent)event; + if (e.getSecurityImpact() == CommitNotificationInfo.IMPACT_REALM) + { + clearUserInfos = true; + } + } + else if (event instanceof CDOViewInvalidationEvent) + { + if (clearUserInfos) + { + clearUserInfos(); + clearUserInfos = false; + } + } + } + }; + private final IAuthenticator authenticator = new Authenticator(); private final IPermissionManager permissionManager = new PermissionManager(); @@ -148,7 +176,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage private CDONet4jSession systemSession; - private CDOView view; + private CDOView systemView; private Realm realm; @@ -367,7 +395,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage if (waitUntilReadable) { - view.waitForUpdate(commit.getTimeStamp()); + systemView.waitForUpdate(commit.getTimeStamp()); } } catch (CommitException ex) @@ -505,28 +533,30 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage config.setUserID(SYSTEM_USER_ID); systemSession = config.openNet4jSession(); - CDOTransaction transaction = systemSession.openTransaction(); + systemSession.addListener(systemListener); - boolean firstTime = !transaction.hasResource(realmPath); + CDOTransaction initialTransaction = systemSession.openTransaction(); + + boolean firstTime = !initialTransaction.hasResource(realmPath); if (firstTime) { realm = createRealm(); - CDOResource resource = transaction.createResource(realmPath); + CDOResource resource = initialTransaction.createResource(realmPath); resource.getContents().add(realm); OM.LOG.info("Security realm created in " + realmPath); } else { - CDOResource resource = transaction.getResource(realmPath); + CDOResource resource = initialTransaction.getResource(realmPath); realm = (Realm)resource.getContents().get(0); OM.LOG.info("Security realm loaded from " + realmPath); } try { - transaction.commit(); + initialTransaction.commit(); } catch (Exception ex) { @@ -534,11 +564,13 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage } finally { - transaction.close(); + initialTransaction.close(); } - view = systemSession.openView(); - realm = view.getObject(realm); + systemView = systemSession.openView(); + systemView.addListener(systemListener); + + realm = systemView.getObject(realm); realmID = realm.cdoID(); InternalSessionManager sessionManager = repository.getSessionManager(); @@ -740,6 +772,16 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage return userInfo; } + protected void clearUserInfos() + { + synchronized (userInfos) + { + userInfos.clear(); + permissionBag.clear(); + permissionArray = null; + } + } + @Override protected void doActivate() throws Exception { @@ -750,16 +792,14 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage @Override protected void doDeactivate() throws Exception { - userInfos.clear(); - permissionBag.clear(); - permissionArray = null; + clearUserInfos(); realm = null; realmID = null; systemSession.close(); systemSession = null; - view = null; + systemView = null; connector.close(); connector = null; diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java index 75b3189233..4a52229b93 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java @@ -951,7 +951,7 @@ public class ServerCDOView extends AbstractCDOView implements org.eclipse.emf.cd } public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache, - boolean clearPermissionCache, Map<CDOID, CDOPermission> permissions) + byte securityImpact, Map<CDOID, CDOPermission> newPermissions) { throw new UnsupportedOperationException(); } diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java index d4c16c6af9..32681ac6e1 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java @@ -260,9 +260,9 @@ public class TransactionCommitContext implements InternalCommitContext return commitNotificationInfo.isClearResourcePathCache(); } - public boolean isClearPermissionCache() + public byte getSecurityImpact() { - return commitNotificationInfo.getSecurityImpact() != CommitNotificationInfo.IMPACT_NONE; + return commitNotificationInfo.getSecurityImpact(); } public boolean isUsingEcore() diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java index a2f70b3867..e9754677a5 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java @@ -29,6 +29,7 @@ import org.eclipse.emf.cdo.common.lock.CDOLockState; import org.eclipse.emf.cdo.common.model.CDOPackageUnit; import org.eclipse.emf.cdo.common.protocol.CDOAuthenticator; import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion; +import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.revision.CDORevisionHandler; import org.eclipse.emf.cdo.common.revision.CDORevisionKey; import org.eclipse.emf.cdo.common.security.CDOPermission; @@ -560,7 +561,7 @@ public class EmbeddedClientSessionProtocol extends Lifecycle implements CDOSessi throw new UnsupportedOperationException(); } - public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions) + public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions) { throw new UnsupportedOperationException(); } diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java index 11bab73187..62059a2667 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java @@ -331,7 +331,7 @@ public interface IStoreAccessor extends IQueryHandlerProvider, BranchLoader, Com /** * @since 4.3 */ - public boolean isClearPermissionCache(); + public byte getSecurityImpact(); /** * @since 4.2 diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java index 7f499fc318..c10fbc86fd 100644 --- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java +++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java @@ -14,10 +14,13 @@ package org.eclipse.emf.cdo.session; import org.eclipse.emf.cdo.CDOInvalidationNotification; import org.eclipse.emf.cdo.common.commit.CDOCommitInfo; import org.eclipse.emf.cdo.common.revision.CDORevision; +import org.eclipse.emf.cdo.common.security.CDOPermission; import org.eclipse.emf.cdo.transaction.CDOTransaction; import org.eclipse.emf.cdo.view.CDOAdapterPolicy; import org.eclipse.emf.cdo.view.CDOView; +import java.util.Map; + /** * A {@link CDOSessionEvent session event} fired when passive updates (commit notifications) are being received from a * remote repository. {@link CDOSession.Options#setPassiveUpdateEnabled(boolean) Passive updates} must be enabled for @@ -52,4 +55,9 @@ public interface CDOSessionInvalidationEvent extends CDOSessionEvent, CDOCommitI * @since 3.0 */ public boolean isRemote(); + + /** + * @since 4.3 + */ + public Map<CDORevision, CDOPermission> getOldPermissions(); } diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java index 59e121ab0f..6b09363aa6 100644 --- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java +++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java @@ -124,6 +124,7 @@ import org.eclipse.emf.spi.cdo.CDOSessionProtocol.RefreshSessionResult; import org.eclipse.emf.spi.cdo.InternalCDOObject; import org.eclipse.emf.spi.cdo.InternalCDORemoteSessionManager; import org.eclipse.emf.spi.cdo.InternalCDOSession; +import org.eclipse.emf.spi.cdo.InternalCDOSessionInvalidationEvent; import org.eclipse.emf.spi.cdo.InternalCDOTransaction; import org.eclipse.emf.spi.cdo.InternalCDOView; @@ -919,10 +920,10 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme registerPackageUnits(commitInfo.getNewPackageUnits()); boolean clearResourcePathCache = info.isClearResourcePathCache(); - boolean clearPermissionCache = info.getSecurityImpact() != CommitNotificationInfo.IMPACT_NONE; + byte securityImpact = info.getSecurityImpact(); Map<CDOID, CDOPermission> newPermissions = info.getNewPermissions(); - invalidate(commitInfo, null, clearResourcePathCache, clearPermissionCache, newPermissions); + invalidate(commitInfo, null, clearResourcePathCache, securityImpact, newPermissions); } catch (RuntimeException ex) { @@ -1056,9 +1057,9 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme } public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache, - boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions) + byte securityImpact, Map<CDOID, CDOPermission> newPermissions) { - invalidator.reorderInvalidations(commitInfo, sender, clearResourcePathCache, clearPermissionCache, newPermissions); + invalidator.reorderInvalidations(commitInfo, sender, clearResourcePathCache, securityImpact, newPermissions); } public ILifecycle getInvalidator() @@ -1749,14 +1750,14 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme } public synchronized void reorderInvalidations(CDOCommitInfo commitInfo, InternalCDOTransaction sender, - boolean clearResourcePathCache, boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions) + boolean clearResourcePathCache, byte securityImpact, Map<CDOID, CDOPermission> newPermissions) { if (!isActive()) { return; } - Invalidation invalidation = new Invalidation(commitInfo, sender, clearResourcePathCache, clearPermissionCache, + Invalidation invalidation = new Invalidation(commitInfo, sender, clearResourcePathCache, securityImpact, newPermissions); reorderQueue.add(invalidation); @@ -1828,17 +1829,17 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme private final boolean clearResourcePathCache; - private final boolean clearPermissionCache; + private final byte securityImpact; private final Map<CDOID, CDOPermission> newPermissions; public Invalidation(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache, - boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions) + byte securityImpact, Map<CDOID, CDOPermission> newPermissions) { this.commitInfo = commitInfo; this.sender = sender; this.clearResourcePathCache = clearResourcePathCache; - this.clearPermissionCache = clearPermissionCache; + this.securityImpact = securityImpact; this.newPermissions = newPermissions; } @@ -1876,14 +1877,15 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme try { InternalCDOView[] views = getViews(); + Map<CDORevision, CDOPermission> oldPermissions = null; Map<CDOID, InternalCDORevision> oldRevisions = null; boolean success = commitInfo.getBranch() != null; if (success) { - if (clearPermissionCache) + if (securityImpact != CommitNotificationInfo.IMPACT_NONE) { - updatePermissions(views); + oldPermissions = updatePermissions(views); } oldRevisions = reviseRevisions(); @@ -1896,7 +1898,7 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme if (success) { - CDOSessionImpl.this.fireEvent(new InvalidationEvent(sender, commitInfo)); + CDOSessionImpl.this.fireEvent(new InvalidationEvent(sender, commitInfo, securityImpact, oldPermissions)); commitInfoManager.notifyCommitInfoHandlers(commitInfo); } @@ -1925,6 +1927,56 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme } } + private Map<CDORevision, CDOPermission> updatePermissions(InternalCDOView[] views) + { + CDOPermissionUpdater permissionUpdater = options().getPermissionUpdater(); + if (permissionUpdater != null) + { + CDOBranchPoint head = getBranchManager().getMainBranch().getHead(); + Set<InternalCDORevision> revisions = new HashSet<InternalCDORevision>(); + + for (int i = 0; i < views.length; i++) + { + InternalCDOView view = views[i]; + if (!head.equals(view)) + { + throw new IllegalStateException("Security not supported with auditing or branching"); + } + + for (InternalCDOObject object : view.getObjects().values()) + { + InternalCDORevision revision; + + CDOState state = object.cdoState(); + switch (state) + { + case CLEAN: + revision = object.cdoRevision(); + break; + + case DIRTY: + case CONFLICT: + CDOID id = object.cdoID(); + revision = getRevisionManager().getRevision(id, head, 0, CDORevision.DEPTH_NONE, false); + break; + + default: + continue; + } + + if (revision != null) + { + revisions.add(revision); + } + } + } + + return permissionUpdater.updatePermissions(CDOSessionImpl.this, revisions); + } + + return null; + } + private Map<CDOID, InternalCDORevision> reviseRevisions() { Map<CDOID, InternalCDORevision> oldRevisions = null; @@ -2005,56 +2057,6 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme return oldRevisions; } - private Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOView[] views) - { - CDOPermissionUpdater permissionUpdater = options().getPermissionUpdater(); - if (permissionUpdater != null) - { - CDOBranchPoint head = getBranchManager().getMainBranch().getHead(); - Set<InternalCDORevision> revisions = new HashSet<InternalCDORevision>(); - - for (int i = 0; i < views.length; i++) - { - InternalCDOView view = views[i]; - if (!head.equals(view)) - { - throw new IllegalStateException("Security not supported with auditing or branching"); - } - - for (InternalCDOObject object : view.getObjects().values()) - { - InternalCDORevision revision; - - CDOState state = object.cdoState(); - switch (state) - { - case CLEAN: - revision = object.cdoRevision(); - break; - - case DIRTY: - case CONFLICT: - CDOID id = object.cdoID(); - revision = getRevisionManager().getRevision(id, head, 0, CDORevision.DEPTH_NONE, false); - break; - - default: - continue; - } - - if (revision != null) - { - revisions.add(revision); - } - } - } - - return permissionUpdater.updatePermissions(CDOSessionImpl.this, revisions); - } - - return null; - } - private void addNewRevision(InternalCDORevision newRevision) { if (newPermissions != null) @@ -2111,7 +2113,7 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme /** * @author Eike Stepper */ - private final class InvalidationEvent extends Event implements CDOSessionInvalidationEvent + private final class InvalidationEvent extends Event implements InternalCDOSessionInvalidationEvent { private static final long serialVersionUID = 1L; @@ -2119,11 +2121,18 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme private CDOCommitInfo commitInfo; - public InvalidationEvent(InternalCDOTransaction sender, CDOCommitInfo commitInfo) + private byte securityImpact; + + private Map<CDORevision, CDOPermission> oldPermissions; + + public InvalidationEvent(InternalCDOTransaction sender, CDOCommitInfo commitInfo, byte securityImpact, + Map<CDORevision, CDOPermission> oldPermissions) { super(CDOSessionImpl.this); this.sender = sender; this.commitInfo = commitInfo; + this.securityImpact = securityImpact; + this.oldPermissions = oldPermissions; } @Override @@ -2233,6 +2242,16 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme return commitInfo.getChangeKind(id); } + public byte getSecurityImpact() + { + return securityImpact; + } + + public Map<CDORevision, CDOPermission> getOldPermissions() + { + return oldPermissions; + } + @Override public String toString() { diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java index 31224e7359..af0b18fc1d 100644 --- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java +++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java @@ -28,6 +28,7 @@ import org.eclipse.emf.cdo.common.lob.CDOLobInfo; import org.eclipse.emf.cdo.common.lock.CDOLockState; import org.eclipse.emf.cdo.common.model.CDOPackageUnit; import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion; +import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.revision.CDORevisionHandler; import org.eclipse.emf.cdo.common.revision.CDORevisionKey; import org.eclipse.emf.cdo.common.security.CDOPermission; @@ -916,7 +917,7 @@ public class DelegatingSessionProtocol extends Lifecycle implements CDOSessionPr } } - public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions) + public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions) { int attempt = 0; for (;;) diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java index 4ad46970b1..3193e5008e 100644 --- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java +++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java @@ -46,6 +46,7 @@ import org.eclipse.emf.cdo.common.model.CDOPackageUnit; import org.eclipse.emf.cdo.common.model.EMFUtil; import org.eclipse.emf.cdo.common.protocol.CDODataInput; import org.eclipse.emf.cdo.common.protocol.CDODataOutput; +import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo; import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion; import org.eclipse.emf.cdo.common.revision.CDOList; import org.eclipse.emf.cdo.common.revision.CDOListFactory; @@ -2996,7 +2997,7 @@ public class CDOTransactionImpl extends CDOViewImpl implements InternalCDOTransa if (result.getRollbackMessage() != null) { CDOCommitInfo commitInfo = new FailureCommitInfo(timeStamp, result.getPreviousTimeStamp()); - session.invalidate(commitInfo, transaction, clearResourcePathCache, false, null); + session.invalidate(commitInfo, transaction, clearResourcePathCache, CommitNotificationInfo.IMPACT_NONE, null); return; } @@ -3029,9 +3030,9 @@ public class CDOTransactionImpl extends CDOViewImpl implements InternalCDOTransa CDOCommitInfo commitInfo = makeCommitInfo(timeStamp, result.getPreviousTimeStamp()); if (!commitInfo.isEmpty()) { - boolean clearPermissionCache = result.isClearPermissionCache(); + byte securityImpact = result.getSecurityImpact(); Map<CDOID, CDOPermission> newPermissions = result.getNewPermissions(); - session.invalidate(commitInfo, transaction, clearResourcePathCache, clearPermissionCache, newPermissions); + session.invalidate(commitInfo, transaction, clearResourcePathCache, securityImpact, newPermissions); } // Bug 290032 - Sticky views diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java index eea93477c9..c4cfce3e7a 100644 --- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java +++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java @@ -10,6 +10,7 @@ */ package org.eclipse.emf.spi.cdo; +import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.security.CDOPermission; import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision; @@ -24,7 +25,7 @@ public interface CDOPermissionUpdater { public static final CDOPermissionUpdater SERVER = new CDOPermissionUpdater() { - public Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOSession session, + public Map<CDORevision, CDOPermission> updatePermissions(InternalCDOSession session, Set<InternalCDORevision> revisions) { InternalCDORevision[] revisionArray = revisions.toArray(new InternalCDORevision[revisions.size()]); @@ -33,6 +34,6 @@ public interface CDOPermissionUpdater } }; - public Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOSession session, + public Map<CDORevision, CDOPermission> updatePermissions(InternalCDOSession session, Set<InternalCDORevision> revisions); } diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java index fb3625cc19..c655a31c50 100644 --- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java +++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java @@ -30,6 +30,7 @@ import org.eclipse.emf.cdo.common.lock.CDOLockState; import org.eclipse.emf.cdo.common.model.CDOPackageUnit; import org.eclipse.emf.cdo.common.protocol.CDOProtocol; import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion; +import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.revision.CDORevisionKey; import org.eclipse.emf.cdo.common.security.CDOPermission; import org.eclipse.emf.cdo.common.util.CDOCommonUtil; @@ -293,7 +294,7 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo /** * @since 4.3 */ - public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions); + public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions); /** * If the meaning of this type isn't clear, there really should be more of a description here... @@ -692,7 +693,7 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo private boolean clearResourcePathCache; - private boolean clearPermissionCache; + private byte securityImpact; private Map<CDOID, CDOPermission> newPermissions; @@ -869,17 +870,17 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo /** * @since 4.3 */ - public boolean isClearPermissionCache() + public byte getSecurityImpact() { - return clearPermissionCache; + return securityImpact; } /** * @since 4.3 */ - public void setClearPermissionCache(boolean clearPermissionCache) + public void setSecurityImpact(byte securityImpact) { - this.clearPermissionCache = clearPermissionCache; + this.securityImpact = securityImpact; } /** diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java index 433122350c..e5b1ac73b5 100644 --- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java +++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java @@ -235,7 +235,7 @@ public interface InternalCDOSession extends CDOSession, PackageProcessor, Packag /** * @since 4.2 - * @deprecated As of 4.3 use {@link #invalidate(CDOCommitInfo, InternalCDOTransaction, boolean, boolean, Map)}. + * @deprecated As of 4.3 use {@link #invalidate(CDOCommitInfo, InternalCDOTransaction, boolean, byte, Map)}. */ @Deprecated public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache); @@ -244,7 +244,7 @@ public interface InternalCDOSession extends CDOSession, PackageProcessor, Packag * @since 4.3 */ public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache, - boolean clearPermissionCache, Map<CDOID, CDOPermission> permissions); + byte securityImpact, Map<CDOID, CDOPermission> newPermissions); /** * @since 3.0 diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java new file mode 100644 index 0000000000..a5b77d08e0 --- /dev/null +++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Eike Stepper - initial API and implementation + */ +package org.eclipse.emf.spi.cdo; + +import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo; +import org.eclipse.emf.cdo.session.CDOSessionInvalidationEvent; + +/** + * @author Eike Stepper + * @since 4.3 + */ +public interface InternalCDOSessionInvalidationEvent extends CDOSessionInvalidationEvent +{ + /** + * @see CommitNotificationInfo#IMPACT_NONE + * @see CommitNotificationInfo#IMPACT_PERMISSIONS + * @see CommitNotificationInfo#IMPACT_REALM + */ + public byte getSecurityImpact(); +} |