[418267] [Security] Cached permissions are not always properly updated

after commits 
https://bugs.eclipse.org/bugs/show_bug.cgi?id=418267

2 files changed, 23 insertions, 3 deletions

diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index a30f362278..fc4e8d5595 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -182,6 +182,8 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 
   private CDOID realmID;
 
+  private long lastRealmModification = CDOBranchPoint.UNSPECIFIED_DATE;
+
   public SecurityManager(String realmPath, IManagedContainer container)
   {
     this.realmPath = realmPath;
@@ -657,6 +659,12 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
   protected CDOPermission authorize(CDORevision revision, CDORevisionProvider revisionProvider,
       CDOBranchPoint securityContext, ISession session, Access defaultAccess, Permission[] permissions)
   {
+    if (lastRealmModification != CDOBranchPoint.UNSPECIFIED_DATE)
+    {
+      systemView.waitForUpdate(lastRealmModification);
+      lastRealmModification = CDOBranchPoint.UNSPECIFIED_DATE;
+    }
+
     boolean setUser = defaultAccess == null;
     if (setUser)
     {
@@ -777,6 +785,8 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
   {
     synchronized (userInfos)
     {
+      // System.out.println("clearUserInfos()");
+
       userInfos.clear();
       permissionBag.clear();
       permissionArray = null;
@@ -902,7 +912,9 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 
       try
       {
-        return authorize(revision, revisionProvider, securityContext, session, null, null);
+        CDOPermission permission = authorize(revision, revisionProvider, securityContext, session, null, null);
+        // System.out.println("Loading from " + session + ": " + permission + " --> " + revision);
+        return permission;
       }
       finally
       {
@@ -1060,6 +1072,11 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     public void handleTransactionAfterCommitted(ITransaction transaction, final CommitContext commitContext,
         OMMonitor monitor)
     {
+      if (commitContext.getSecurityImpact() == CommitNotificationInfo.IMPACT_REALM)
+      {
+        lastRealmModification = commitContext.getBranchPoint().getTimeStamp();
+      }
+
       handleCommitted(commitContext);
     }
   }
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java
index ad9fd74e3a..7b030e52f9 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java
@@ -208,8 +208,11 @@ public class HomeFolderHandler implements InternalSecurityManager.CommitHandler2
 
   protected void handleUser(CDOTransaction transaction, Realm realm, Role role, User user) throws Exception
   {
-    user.getRoles().add(role);
-    transaction.createResourceFolder(getHomeFolder() + "/" + user.getId());
+    EList<Role> roles = user.getRoles();
+    roles.add(role);
+
+    String path = getHomeFolder() + "/" + user.getId();
+    transaction.getOrCreateResourceFolder(path);
   }
 
   @Override