Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2013-10-01 05:38:48 -0400
committerEike Stepper2013-10-01 05:38:48 -0400
commit04c53c1cb3132f7d3e674dfae3b7dbddafce6e03 (patch)
tree04c8e10aa3121eb39fede3b52986c3ae6387870d
parente62d9d1c70b3a699f1ffd5ec3e50cbe4c7c19eb2 (diff)
downloadcdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.tar.gz
cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.tar.xz
cdo-04c53c1cb3132f7d3e674dfae3b7dbddafce6e03.zip
[399480] [Security] Server should automatically reload the security
realm on commit https://bugs.eclipse.org/bugs/show_bug.cgi?id=399480
-rw-r--r--plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java3
-rw-r--r--plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java2
-rw-r--r--plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java13
-rw-r--r--plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java26
-rw-r--r--plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java2
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java68
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java2
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java4
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java3
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java2
-rw-r--r--plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java8
-rw-r--r--plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java147
-rw-r--r--plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java3
-rw-r--r--plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java7
-rw-r--r--plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java5
-rw-r--r--plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java13
-rw-r--r--plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java4
-rw-r--r--plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java28
18 files changed, 214 insertions, 126 deletions
diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java
index 5be8ba2757..3d212f0f8a 100644
--- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java
+++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CDOClientProtocol.java
@@ -28,6 +28,7 @@ import org.eclipse.emf.cdo.common.lob.CDOLobInfo;
import org.eclipse.emf.cdo.common.lock.CDOLockState;
import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionHandler;
import org.eclipse.emf.cdo.common.revision.CDORevisionKey;
import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -555,7 +556,7 @@ public class CDOClientProtocol extends SignalProtocol<CDOSession> implements CDO
send(new SetLockNotificationModeRequest(this, mode));
}
- public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
+ public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
{
return send(new LoadPermissionsRequest(this, revisions));
}
diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java
index d72062c957..25ef8f885c 100644
--- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java
+++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/CommitTransactionRequest.java
@@ -339,7 +339,7 @@ public class CommitTransactionRequest extends CDOClientRequestWithMonitoring<Com
result.setClearResourcePathCache(clearResourcePathCache);
result.setBranchPoint(in.readCDOBranchPoint());
result.setPreviousTimeStamp(in.readLong());
- result.setClearPermissionCache(in.readBoolean());
+ result.setSecurityImpact(in.readByte());
return result;
}
diff --git a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java
index ec6479c795..897032044d 100644
--- a/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java
+++ b/plugins/org.eclipse.emf.cdo.net4j/src/org/eclipse/emf/cdo/internal/net4j/protocol/LoadPermissionsRequest.java
@@ -14,6 +14,7 @@ import org.eclipse.emf.cdo.common.id.CDOID;
import org.eclipse.emf.cdo.common.protocol.CDODataInput;
import org.eclipse.emf.cdo.common.protocol.CDODataOutput;
import org.eclipse.emf.cdo.common.protocol.CDOProtocolConstants;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision;
@@ -24,7 +25,7 @@ import java.util.Map;
/**
* @author Eike Stepper
*/
-public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevision, CDOPermission>>
+public class LoadPermissionsRequest extends CDOClientRequest<Map<CDORevision, CDOPermission>>
{
private InternalCDORevision[] revisions;
@@ -55,9 +56,9 @@ public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevi
}
@Override
- protected Map<InternalCDORevision, CDOPermission> confirming(CDODataInput in) throws IOException
+ protected Map<CDORevision, CDOPermission> confirming(CDODataInput in) throws IOException
{
- Map<InternalCDORevision, CDOPermission> oldPermissions = new HashMap<InternalCDORevision, CDOPermission>();
+ Map<CDORevision, CDOPermission> oldPermissions = null;
int length = revisions.length;
for (int i = 0; i < length; i++)
@@ -89,6 +90,12 @@ public class LoadPermissionsRequest extends CDOClientRequest<Map<InternalCDORevi
}
revision.setPermission(newPermission);
+
+ if (oldPermissions == null)
+ {
+ oldPermissions = new HashMap<CDORevision, CDOPermission>();
+ }
+
oldPermissions.put(revision, oldPermission);
}
}
diff --git a/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java b/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java
index e328a7cc48..1dde0ebbff 100644
--- a/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java
+++ b/plugins/org.eclipse.emf.cdo.server.hibernate/src/org/eclipse/emf/cdo/server/internal/hibernate/HibernateRawCommitContext.java
@@ -18,9 +18,9 @@ import org.eclipse.emf.cdo.common.id.CDOID;
import org.eclipse.emf.cdo.common.id.CDOIDReference;
import org.eclipse.emf.cdo.common.id.CDOIDUtil;
import org.eclipse.emf.cdo.common.lock.CDOLockState;
+import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo;
import org.eclipse.emf.cdo.common.protocol.CDOProtocolConstants;
import org.eclipse.emf.cdo.common.revision.CDORevision;
-import org.eclipse.emf.cdo.server.ISession;
import org.eclipse.emf.cdo.server.IView;
import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageRegistry;
import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageUnit;
@@ -135,19 +135,9 @@ public class HibernateRawCommitContext implements InternalCommitContext
return HibernateThreadContext.getCurrentStoreAccessor().getStore().getRepository().getPackageRegistry();
}
- public ISession getSender()
+ public byte getSecurityImpact()
{
- return null;
- }
-
- public CDOCommitInfo getCommitInfo()
- {
- return null;
- }
-
- public boolean isClearPermissionCache()
- {
- return false;
+ return CommitNotificationInfo.IMPACT_NONE;
}
public void setSecurityImpact(byte securityImpact, Set<? extends Object> impactedRules)
@@ -260,16 +250,6 @@ public class HibernateRawCommitContext implements InternalCommitContext
return null;
}
- public void setDirtyObjects(List<InternalCDORevision> dirtyObjects)
- {
- this.dirtyObjects = dirtyObjects;
- }
-
- public void setNewObjects(List<InternalCDORevision> newObjects)
- {
- this.newObjects = newObjects;
- }
-
public void preWrite()
{
}
diff --git a/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java b/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java
index 830c040cc7..6177acfddf 100644
--- a/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java
+++ b/plugins/org.eclipse.emf.cdo.server.net4j/src/org/eclipse/emf/cdo/server/internal/net4j/protocol/CommitTransactionIndication.java
@@ -378,7 +378,7 @@ public class CommitTransactionIndication extends CDOServerIndicationWithMonitori
{
out.writeCDOBranchPoint(commitContext.getBranchPoint());
out.writeLong(commitContext.getPreviousTimeStamp());
- out.writeBoolean(commitContext.isClearPermissionCache());
+ out.writeByte(commitContext.getSecurityImpact());
}
protected void respondingMappingNewObjects(CDODataOutput out) throws Exception
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 0ef4eaf529..08ba264124 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -57,6 +57,7 @@ import org.eclipse.emf.cdo.spi.server.InternalSessionManager;
import org.eclipse.emf.cdo.transaction.CDOTransaction;
import org.eclipse.emf.cdo.util.CommitException;
import org.eclipse.emf.cdo.view.CDOView;
+import org.eclipse.emf.cdo.view.CDOViewInvalidationEvent;
import org.eclipse.net4j.Net4jUtil;
import org.eclipse.net4j.acceptor.IAcceptor;
@@ -67,6 +68,7 @@ import org.eclipse.net4j.util.collection.HashBag;
import org.eclipse.net4j.util.container.ContainerEventAdapter;
import org.eclipse.net4j.util.container.IContainer;
import org.eclipse.net4j.util.container.IManagedContainer;
+import org.eclipse.net4j.util.event.IEvent;
import org.eclipse.net4j.util.event.IListener;
import org.eclipse.net4j.util.lifecycle.ILifecycle;
import org.eclipse.net4j.util.lifecycle.Lifecycle;
@@ -77,6 +79,7 @@ import org.eclipse.net4j.util.security.IAuthenticator;
import org.eclipse.net4j.util.security.IPasswordCredentials;
import org.eclipse.emf.common.util.EList;
+import org.eclipse.emf.spi.cdo.InternalCDOSessionInvalidationEvent;
import java.util.Arrays;
import java.util.HashMap;
@@ -118,6 +121,31 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
}
};
+ private final IListener systemListener = new IListener()
+ {
+ private boolean clearUserInfos;
+
+ public void notifyEvent(IEvent event)
+ {
+ if (event instanceof InternalCDOSessionInvalidationEvent)
+ {
+ InternalCDOSessionInvalidationEvent e = (InternalCDOSessionInvalidationEvent)event;
+ if (e.getSecurityImpact() == CommitNotificationInfo.IMPACT_REALM)
+ {
+ clearUserInfos = true;
+ }
+ }
+ else if (event instanceof CDOViewInvalidationEvent)
+ {
+ if (clearUserInfos)
+ {
+ clearUserInfos();
+ clearUserInfos = false;
+ }
+ }
+ }
+ };
+
private final IAuthenticator authenticator = new Authenticator();
private final IPermissionManager permissionManager = new PermissionManager();
@@ -148,7 +176,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
private CDONet4jSession systemSession;
- private CDOView view;
+ private CDOView systemView;
private Realm realm;
@@ -367,7 +395,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
if (waitUntilReadable)
{
- view.waitForUpdate(commit.getTimeStamp());
+ systemView.waitForUpdate(commit.getTimeStamp());
}
}
catch (CommitException ex)
@@ -505,28 +533,30 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
config.setUserID(SYSTEM_USER_ID);
systemSession = config.openNet4jSession();
- CDOTransaction transaction = systemSession.openTransaction();
+ systemSession.addListener(systemListener);
- boolean firstTime = !transaction.hasResource(realmPath);
+ CDOTransaction initialTransaction = systemSession.openTransaction();
+
+ boolean firstTime = !initialTransaction.hasResource(realmPath);
if (firstTime)
{
realm = createRealm();
- CDOResource resource = transaction.createResource(realmPath);
+ CDOResource resource = initialTransaction.createResource(realmPath);
resource.getContents().add(realm);
OM.LOG.info("Security realm created in " + realmPath);
}
else
{
- CDOResource resource = transaction.getResource(realmPath);
+ CDOResource resource = initialTransaction.getResource(realmPath);
realm = (Realm)resource.getContents().get(0);
OM.LOG.info("Security realm loaded from " + realmPath);
}
try
{
- transaction.commit();
+ initialTransaction.commit();
}
catch (Exception ex)
{
@@ -534,11 +564,13 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
}
finally
{
- transaction.close();
+ initialTransaction.close();
}
- view = systemSession.openView();
- realm = view.getObject(realm);
+ systemView = systemSession.openView();
+ systemView.addListener(systemListener);
+
+ realm = systemView.getObject(realm);
realmID = realm.cdoID();
InternalSessionManager sessionManager = repository.getSessionManager();
@@ -740,6 +772,16 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
return userInfo;
}
+ protected void clearUserInfos()
+ {
+ synchronized (userInfos)
+ {
+ userInfos.clear();
+ permissionBag.clear();
+ permissionArray = null;
+ }
+ }
+
@Override
protected void doActivate() throws Exception
{
@@ -750,16 +792,14 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
@Override
protected void doDeactivate() throws Exception
{
- userInfos.clear();
- permissionBag.clear();
- permissionArray = null;
+ clearUserInfos();
realm = null;
realmID = null;
systemSession.close();
systemSession = null;
- view = null;
+ systemView = null;
connector.close();
connector = null;
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java
index 75b3189233..4a52229b93 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/ServerCDOView.java
@@ -951,7 +951,7 @@ public class ServerCDOView extends AbstractCDOView implements org.eclipse.emf.cd
}
public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache,
- boolean clearPermissionCache, Map<CDOID, CDOPermission> permissions)
+ byte securityImpact, Map<CDOID, CDOPermission> newPermissions)
{
throw new UnsupportedOperationException();
}
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java
index d4c16c6af9..32681ac6e1 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java
@@ -260,9 +260,9 @@ public class TransactionCommitContext implements InternalCommitContext
return commitNotificationInfo.isClearResourcePathCache();
}
- public boolean isClearPermissionCache()
+ public byte getSecurityImpact()
{
- return commitNotificationInfo.getSecurityImpact() != CommitNotificationInfo.IMPACT_NONE;
+ return commitNotificationInfo.getSecurityImpact();
}
public boolean isUsingEcore()
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java
index a2f70b3867..e9754677a5 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/embedded/EmbeddedClientSessionProtocol.java
@@ -29,6 +29,7 @@ import org.eclipse.emf.cdo.common.lock.CDOLockState;
import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
import org.eclipse.emf.cdo.common.protocol.CDOAuthenticator;
import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionHandler;
import org.eclipse.emf.cdo.common.revision.CDORevisionKey;
import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -560,7 +561,7 @@ public class EmbeddedClientSessionProtocol extends Lifecycle implements CDOSessi
throw new UnsupportedOperationException();
}
- public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
+ public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
{
throw new UnsupportedOperationException();
}
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java
index 11bab73187..62059a2667 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IStoreAccessor.java
@@ -331,7 +331,7 @@ public interface IStoreAccessor extends IQueryHandlerProvider, BranchLoader, Com
/**
* @since 4.3
*/
- public boolean isClearPermissionCache();
+ public byte getSecurityImpact();
/**
* @since 4.2
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java
index 7f499fc318..c10fbc86fd 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/cdo/session/CDOSessionInvalidationEvent.java
@@ -14,10 +14,13 @@ package org.eclipse.emf.cdo.session;
import org.eclipse.emf.cdo.CDOInvalidationNotification;
import org.eclipse.emf.cdo.common.commit.CDOCommitInfo;
import org.eclipse.emf.cdo.common.revision.CDORevision;
+import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.transaction.CDOTransaction;
import org.eclipse.emf.cdo.view.CDOAdapterPolicy;
import org.eclipse.emf.cdo.view.CDOView;
+import java.util.Map;
+
/**
* A {@link CDOSessionEvent session event} fired when passive updates (commit notifications) are being received from a
* remote repository. {@link CDOSession.Options#setPassiveUpdateEnabled(boolean) Passive updates} must be enabled for
@@ -52,4 +55,9 @@ public interface CDOSessionInvalidationEvent extends CDOSessionEvent, CDOCommitI
* @since 3.0
*/
public boolean isRemote();
+
+ /**
+ * @since 4.3
+ */
+ public Map<CDORevision, CDOPermission> getOldPermissions();
}
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java
index 59e121ab0f..6b09363aa6 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/CDOSessionImpl.java
@@ -124,6 +124,7 @@ import org.eclipse.emf.spi.cdo.CDOSessionProtocol.RefreshSessionResult;
import org.eclipse.emf.spi.cdo.InternalCDOObject;
import org.eclipse.emf.spi.cdo.InternalCDORemoteSessionManager;
import org.eclipse.emf.spi.cdo.InternalCDOSession;
+import org.eclipse.emf.spi.cdo.InternalCDOSessionInvalidationEvent;
import org.eclipse.emf.spi.cdo.InternalCDOTransaction;
import org.eclipse.emf.spi.cdo.InternalCDOView;
@@ -919,10 +920,10 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
registerPackageUnits(commitInfo.getNewPackageUnits());
boolean clearResourcePathCache = info.isClearResourcePathCache();
- boolean clearPermissionCache = info.getSecurityImpact() != CommitNotificationInfo.IMPACT_NONE;
+ byte securityImpact = info.getSecurityImpact();
Map<CDOID, CDOPermission> newPermissions = info.getNewPermissions();
- invalidate(commitInfo, null, clearResourcePathCache, clearPermissionCache, newPermissions);
+ invalidate(commitInfo, null, clearResourcePathCache, securityImpact, newPermissions);
}
catch (RuntimeException ex)
{
@@ -1056,9 +1057,9 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
}
public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache,
- boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions)
+ byte securityImpact, Map<CDOID, CDOPermission> newPermissions)
{
- invalidator.reorderInvalidations(commitInfo, sender, clearResourcePathCache, clearPermissionCache, newPermissions);
+ invalidator.reorderInvalidations(commitInfo, sender, clearResourcePathCache, securityImpact, newPermissions);
}
public ILifecycle getInvalidator()
@@ -1749,14 +1750,14 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
}
public synchronized void reorderInvalidations(CDOCommitInfo commitInfo, InternalCDOTransaction sender,
- boolean clearResourcePathCache, boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions)
+ boolean clearResourcePathCache, byte securityImpact, Map<CDOID, CDOPermission> newPermissions)
{
if (!isActive())
{
return;
}
- Invalidation invalidation = new Invalidation(commitInfo, sender, clearResourcePathCache, clearPermissionCache,
+ Invalidation invalidation = new Invalidation(commitInfo, sender, clearResourcePathCache, securityImpact,
newPermissions);
reorderQueue.add(invalidation);
@@ -1828,17 +1829,17 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
private final boolean clearResourcePathCache;
- private final boolean clearPermissionCache;
+ private final byte securityImpact;
private final Map<CDOID, CDOPermission> newPermissions;
public Invalidation(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache,
- boolean clearPermissionCache, Map<CDOID, CDOPermission> newPermissions)
+ byte securityImpact, Map<CDOID, CDOPermission> newPermissions)
{
this.commitInfo = commitInfo;
this.sender = sender;
this.clearResourcePathCache = clearResourcePathCache;
- this.clearPermissionCache = clearPermissionCache;
+ this.securityImpact = securityImpact;
this.newPermissions = newPermissions;
}
@@ -1876,14 +1877,15 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
try
{
InternalCDOView[] views = getViews();
+ Map<CDORevision, CDOPermission> oldPermissions = null;
Map<CDOID, InternalCDORevision> oldRevisions = null;
boolean success = commitInfo.getBranch() != null;
if (success)
{
- if (clearPermissionCache)
+ if (securityImpact != CommitNotificationInfo.IMPACT_NONE)
{
- updatePermissions(views);
+ oldPermissions = updatePermissions(views);
}
oldRevisions = reviseRevisions();
@@ -1896,7 +1898,7 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
if (success)
{
- CDOSessionImpl.this.fireEvent(new InvalidationEvent(sender, commitInfo));
+ CDOSessionImpl.this.fireEvent(new InvalidationEvent(sender, commitInfo, securityImpact, oldPermissions));
commitInfoManager.notifyCommitInfoHandlers(commitInfo);
}
@@ -1925,6 +1927,56 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
}
}
+ private Map<CDORevision, CDOPermission> updatePermissions(InternalCDOView[] views)
+ {
+ CDOPermissionUpdater permissionUpdater = options().getPermissionUpdater();
+ if (permissionUpdater != null)
+ {
+ CDOBranchPoint head = getBranchManager().getMainBranch().getHead();
+ Set<InternalCDORevision> revisions = new HashSet<InternalCDORevision>();
+
+ for (int i = 0; i < views.length; i++)
+ {
+ InternalCDOView view = views[i];
+ if (!head.equals(view))
+ {
+ throw new IllegalStateException("Security not supported with auditing or branching");
+ }
+
+ for (InternalCDOObject object : view.getObjects().values())
+ {
+ InternalCDORevision revision;
+
+ CDOState state = object.cdoState();
+ switch (state)
+ {
+ case CLEAN:
+ revision = object.cdoRevision();
+ break;
+
+ case DIRTY:
+ case CONFLICT:
+ CDOID id = object.cdoID();
+ revision = getRevisionManager().getRevision(id, head, 0, CDORevision.DEPTH_NONE, false);
+ break;
+
+ default:
+ continue;
+ }
+
+ if (revision != null)
+ {
+ revisions.add(revision);
+ }
+ }
+ }
+
+ return permissionUpdater.updatePermissions(CDOSessionImpl.this, revisions);
+ }
+
+ return null;
+ }
+
private Map<CDOID, InternalCDORevision> reviseRevisions()
{
Map<CDOID, InternalCDORevision> oldRevisions = null;
@@ -2005,56 +2057,6 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
return oldRevisions;
}
- private Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOView[] views)
- {
- CDOPermissionUpdater permissionUpdater = options().getPermissionUpdater();
- if (permissionUpdater != null)
- {
- CDOBranchPoint head = getBranchManager().getMainBranch().getHead();
- Set<InternalCDORevision> revisions = new HashSet<InternalCDORevision>();
-
- for (int i = 0; i < views.length; i++)
- {
- InternalCDOView view = views[i];
- if (!head.equals(view))
- {
- throw new IllegalStateException("Security not supported with auditing or branching");
- }
-
- for (InternalCDOObject object : view.getObjects().values())
- {
- InternalCDORevision revision;
-
- CDOState state = object.cdoState();
- switch (state)
- {
- case CLEAN:
- revision = object.cdoRevision();
- break;
-
- case DIRTY:
- case CONFLICT:
- CDOID id = object.cdoID();
- revision = getRevisionManager().getRevision(id, head, 0, CDORevision.DEPTH_NONE, false);
- break;
-
- default:
- continue;
- }
-
- if (revision != null)
- {
- revisions.add(revision);
- }
- }
- }
-
- return permissionUpdater.updatePermissions(CDOSessionImpl.this, revisions);
- }
-
- return null;
- }
-
private void addNewRevision(InternalCDORevision newRevision)
{
if (newPermissions != null)
@@ -2111,7 +2113,7 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
/**
* @author Eike Stepper
*/
- private final class InvalidationEvent extends Event implements CDOSessionInvalidationEvent
+ private final class InvalidationEvent extends Event implements InternalCDOSessionInvalidationEvent
{
private static final long serialVersionUID = 1L;
@@ -2119,11 +2121,18 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
private CDOCommitInfo commitInfo;
- public InvalidationEvent(InternalCDOTransaction sender, CDOCommitInfo commitInfo)
+ private byte securityImpact;
+
+ private Map<CDORevision, CDOPermission> oldPermissions;
+
+ public InvalidationEvent(InternalCDOTransaction sender, CDOCommitInfo commitInfo, byte securityImpact,
+ Map<CDORevision, CDOPermission> oldPermissions)
{
super(CDOSessionImpl.this);
this.sender = sender;
this.commitInfo = commitInfo;
+ this.securityImpact = securityImpact;
+ this.oldPermissions = oldPermissions;
}
@Override
@@ -2233,6 +2242,16 @@ public abstract class CDOSessionImpl extends CDOTransactionContainerImpl impleme
return commitInfo.getChangeKind(id);
}
+ public byte getSecurityImpact()
+ {
+ return securityImpact;
+ }
+
+ public Map<CDORevision, CDOPermission> getOldPermissions()
+ {
+ return oldPermissions;
+ }
+
@Override
public String toString()
{
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java
index 31224e7359..af0b18fc1d 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/session/DelegatingSessionProtocol.java
@@ -28,6 +28,7 @@ import org.eclipse.emf.cdo.common.lob.CDOLobInfo;
import org.eclipse.emf.cdo.common.lock.CDOLockState;
import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionHandler;
import org.eclipse.emf.cdo.common.revision.CDORevisionKey;
import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -916,7 +917,7 @@ public class DelegatingSessionProtocol extends Lifecycle implements CDOSessionPr
}
}
- public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
+ public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions)
{
int attempt = 0;
for (;;)
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java
index 4ad46970b1..3193e5008e 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/internal/cdo/transaction/CDOTransactionImpl.java
@@ -46,6 +46,7 @@ import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
import org.eclipse.emf.cdo.common.model.EMFUtil;
import org.eclipse.emf.cdo.common.protocol.CDODataInput;
import org.eclipse.emf.cdo.common.protocol.CDODataOutput;
+import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo;
import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
import org.eclipse.emf.cdo.common.revision.CDOList;
import org.eclipse.emf.cdo.common.revision.CDOListFactory;
@@ -2996,7 +2997,7 @@ public class CDOTransactionImpl extends CDOViewImpl implements InternalCDOTransa
if (result.getRollbackMessage() != null)
{
CDOCommitInfo commitInfo = new FailureCommitInfo(timeStamp, result.getPreviousTimeStamp());
- session.invalidate(commitInfo, transaction, clearResourcePathCache, false, null);
+ session.invalidate(commitInfo, transaction, clearResourcePathCache, CommitNotificationInfo.IMPACT_NONE, null);
return;
}
@@ -3029,9 +3030,9 @@ public class CDOTransactionImpl extends CDOViewImpl implements InternalCDOTransa
CDOCommitInfo commitInfo = makeCommitInfo(timeStamp, result.getPreviousTimeStamp());
if (!commitInfo.isEmpty())
{
- boolean clearPermissionCache = result.isClearPermissionCache();
+ byte securityImpact = result.getSecurityImpact();
Map<CDOID, CDOPermission> newPermissions = result.getNewPermissions();
- session.invalidate(commitInfo, transaction, clearResourcePathCache, clearPermissionCache, newPermissions);
+ session.invalidate(commitInfo, transaction, clearResourcePathCache, securityImpact, newPermissions);
}
// Bug 290032 - Sticky views
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java
index eea93477c9..c4cfce3e7a 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOPermissionUpdater.java
@@ -10,6 +10,7 @@
*/
package org.eclipse.emf.spi.cdo;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision;
@@ -24,7 +25,7 @@ public interface CDOPermissionUpdater
{
public static final CDOPermissionUpdater SERVER = new CDOPermissionUpdater()
{
- public Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOSession session,
+ public Map<CDORevision, CDOPermission> updatePermissions(InternalCDOSession session,
Set<InternalCDORevision> revisions)
{
InternalCDORevision[] revisionArray = revisions.toArray(new InternalCDORevision[revisions.size()]);
@@ -33,6 +34,6 @@ public interface CDOPermissionUpdater
}
};
- public Map<InternalCDORevision, CDOPermission> updatePermissions(InternalCDOSession session,
+ public Map<CDORevision, CDOPermission> updatePermissions(InternalCDOSession session,
Set<InternalCDORevision> revisions);
}
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java
index fb3625cc19..c655a31c50 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/CDOSessionProtocol.java
@@ -30,6 +30,7 @@ import org.eclipse.emf.cdo.common.lock.CDOLockState;
import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
import org.eclipse.emf.cdo.common.protocol.CDOProtocol;
import org.eclipse.emf.cdo.common.revision.CDOIDAndVersion;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionKey;
import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.common.util.CDOCommonUtil;
@@ -293,7 +294,7 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo
/**
* @since 4.3
*/
- public Map<InternalCDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions);
+ public Map<CDORevision, CDOPermission> loadPermissions(InternalCDORevision[] revisions);
/**
* If the meaning of this type isn't clear, there really should be more of a description here...
@@ -692,7 +693,7 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo
private boolean clearResourcePathCache;
- private boolean clearPermissionCache;
+ private byte securityImpact;
private Map<CDOID, CDOPermission> newPermissions;
@@ -869,17 +870,17 @@ public interface CDOSessionProtocol extends CDOProtocol, PackageLoader, BranchLo
/**
* @since 4.3
*/
- public boolean isClearPermissionCache()
+ public byte getSecurityImpact()
{
- return clearPermissionCache;
+ return securityImpact;
}
/**
* @since 4.3
*/
- public void setClearPermissionCache(boolean clearPermissionCache)
+ public void setSecurityImpact(byte securityImpact)
{
- this.clearPermissionCache = clearPermissionCache;
+ this.securityImpact = securityImpact;
}
/**
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java
index 433122350c..e5b1ac73b5 100644
--- a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSession.java
@@ -235,7 +235,7 @@ public interface InternalCDOSession extends CDOSession, PackageProcessor, Packag
/**
* @since 4.2
- * @deprecated As of 4.3 use {@link #invalidate(CDOCommitInfo, InternalCDOTransaction, boolean, boolean, Map)}.
+ * @deprecated As of 4.3 use {@link #invalidate(CDOCommitInfo, InternalCDOTransaction, boolean, byte, Map)}.
*/
@Deprecated
public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache);
@@ -244,7 +244,7 @@ public interface InternalCDOSession extends CDOSession, PackageProcessor, Packag
* @since 4.3
*/
public void invalidate(CDOCommitInfo commitInfo, InternalCDOTransaction sender, boolean clearResourcePathCache,
- boolean clearPermissionCache, Map<CDOID, CDOPermission> permissions);
+ byte securityImpact, Map<CDOID, CDOPermission> newPermissions);
/**
* @since 3.0
diff --git a/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java
new file mode 100644
index 0000000000..a5b77d08e0
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo/src/org/eclipse/emf/spi/cdo/InternalCDOSessionInvalidationEvent.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.spi.cdo;
+
+import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo;
+import org.eclipse.emf.cdo.session.CDOSessionInvalidationEvent;
+
+/**
+ * @author Eike Stepper
+ * @since 4.3
+ */
+public interface InternalCDOSessionInvalidationEvent extends CDOSessionInvalidationEvent
+{
+ /**
+ * @see CommitNotificationInfo#IMPACT_NONE
+ * @see CommitNotificationInfo#IMPACT_PERMISSIONS
+ * @see CommitNotificationInfo#IMPACT_REALM
+ */
+ public byte getSecurityImpact();
+}

Back to the top