CSPACE-3070 - Added support to clear the Spring ACL cache when we make changes (addin...

author Patrick Schmitz <pschmitz@berkeley.edu>

Tue, 2 Nov 2010 20:16:51 +0000 (20:16 +0000)

committer Patrick Schmitz <pschmitz@berkeley.edu>

Tue, 2 Nov 2010 20:16:51 +0000 (20:16 +0000)
author Patrick Schmitz <pschmitz@berkeley.edu>
Tue, 2 Nov 2010 20:16:51 +0000 (20:16 +0000)
committer Patrick Schmitz <pschmitz@berkeley.edu>
Tue, 2 Nov 2010 20:16:51 +0000 (20:16 +0000)
diff --git a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java

index a2c216000aded6d28bcf470c60cff64df72a4412..bf4a385c1158ddeb462559998ebe89932be26443 100644 (file)
--- a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
+++ b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
@@ -333,6 +333,7 @@ public class AuthorizationGen {
          List<RoleValue> roleValues = new ArrayList<RoleValue>();
          for (Role role : roles) {
              RoleValue rv = new RoleValue();
+            // This needs to use the qualified name, not the display name
              rv.setRoleName(role.getRoleName().toUpperCase());
              rv.setRoleId(role.getCsid());
              roleValues.add(rv);
diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java

index c03d07099608e23e7c8bb3e793697fed527a23b0..2a3806f14c65552e0b948b6b15e98c335b2b27d7 100644 (file)
--- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java
+++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java
@@ -87,7 +87,9 @@ public class AuthorizationDelegate {
                  logger.error(msg);
                  throw new DocumentNotFoundException(msg);
              }
-            String[] roles = {r.getRoleName()}; //this ensures we're getting the "ROLE" prefix/qualified name
+            //using r not rv ensures we're getting the "ROLE" prefix/qualified name
+            // This needs to use the qualified name, not the display name
+            String[] roles = {r.getRoleName()};
              for (PermissionValue pv : pr.getPermissions()) {
                  Permission p = getPermission(pv.getPermissionId());
                  if (p == null) {
@@ -136,7 +138,9 @@ public class AuthorizationDelegate {
                  logger.error(msg);
                  throw new DocumentNotFoundException(msg);
              }
-            String[] roles = {rv.getRoleName()};
+            //using r not rv ensures we're getting the "ROLE" prefix/qualified name
+            // This needs to use the qualified name, not the display name
+            String[] roles = {r.getRoleName()}; 
              for (PermissionValue pv : pr.getPermissions()) {
                  Permission p = getPermission(pv.getPermissionId());
                  if (p == null) {
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java

index 15198681e7694dcca76a1a687cc2212d90a57eab..bc7dbe16f5c7222d005fa1eab28455da1109f012 100644 (file)
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
@@ -96,6 +96,7 @@ public class AuthZ {
      public void addPermissions(CSpaceResource res, CSpaceAction action, String[] principals, boolean grant)
              throws PermissionException {
          provider.getPermissionManager().addPermissions(res, action, principals, grant);
+        provider.clearAclCache();
      }
  
      /**
@@ -121,6 +122,7 @@ public class AuthZ {
      public void deletePermissions(CSpaceResource res, CSpaceAction action, String[] principals)
              throws PermissionNotFoundException, PermissionException {
          provider.getPermissionManager().deletePermissions(res, action, principals);
+        provider.clearAclCache();
      }
  
      /**
@@ -138,6 +140,7 @@ public class AuthZ {
              deletePermissions(res, action);
          } else {
              provider.getPermissionManager().deletePermissions(res);
+            provider.clearAclCache();
          }
      }
  
@@ -151,6 +154,7 @@ public class AuthZ {
      public void deletePermissions(CSpaceResource res, CSpaceAction action)
              throws PermissionNotFoundException, PermissionException {
          provider.getPermissionManager().deletePermissions(res, action);
+        provider.clearAclCache();
      }
  
      /**
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpaceAuthorizationProvider.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpaceAuthorizationProvider.java

index 9ea216eb2529cf3e97facb08744c8cfad849706a..3fabc32d422b33f8f3e999dbbfdae05a3048c27d 100644 (file)
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpaceAuthorizationProvider.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpaceAuthorizationProvider.java
@@ -42,4 +42,6 @@ public interface CSpaceAuthorizationProvider {
      public CSpacePermissionEvaluator getPermissionEvaluator();
  
      public CSpacePermissionManager getPermissionManager();
+    
+    public void clearAclCache();
  }
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java

index 996e879e865651dd6d70714e9c820ec9eb30eb50..20c73ce37e55f0e6f976aa88b80a7431c3a25985 100644 (file)
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
@@ -35,6 +35,7 @@ import org.springframework.beans.factory.annotation.Autowired;
  import org.springframework.jdbc.datasource.DataSourceTransactionManager;
  import org.springframework.security.access.PermissionEvaluator;
  import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.domain.EhCacheBasedAclCache;
  import org.springframework.security.acls.domain.GrantedAuthoritySid;
  import org.springframework.security.acls.domain.ObjectIdentityImpl;
  import org.springframework.security.acls.model.MutableAclService;
@@ -58,6 +59,8 @@ public class SpringAuthorizationProvider implements CSpaceAuthorizationProvider
      private PermissionEvaluator providerPermissionEvaluator;
      @Autowired
      private DataSourceTransactionManager txManager;
+               @Autowired
+               private EhCacheBasedAclCache providerAclCache;
      private SpringPermissionEvaluator permissionEvaluator;
      private SpringPermissionManager permissionManager;
      private String version = "1.0";
@@ -161,6 +164,34 @@ public class SpringAuthorizationProvider implements CSpaceAuthorizationProvider
          this.txManager = txManager;
      }
  
+    /**
+     * @return the providerAclCache
+     */
+    EhCacheBasedAclCache getProviderAclCache() {
+        return providerAclCache;
+    }
+
+    /**
+     * @param providerAclCache the providerAclCache to set
+     */
+    public void setProviderAclCache(EhCacheBasedAclCache providerAclCache) {
+        this.providerAclCache = providerAclCache;
+    }
+
+    /**
+     * clear the ACL Cache associated with the provider
+     */
+    public void clearAclCache() {
+       if(providerAclCache != null) {
+               providerAclCache.clearCache();
+            if (log.isDebugEnabled()) {
+                log.debug("Clearing providerAclCache.");
+            }
+       } else {
+            log.error("providerAclCache is NULL!");
+       }
+    }
+
      TransactionStatus beginTransaction(String name) {
          DefaultTransactionDefinition def = new DefaultTransactionDefinition();
          // explicitly setting the transaction name is something that can only be done programmatically
diff --git a/services/authorization/service/src/main/resources/applicationContext-authorization.xml b/services/authorization/service/src/main/resources/applicationContext-authorization.xml

index 346c78c368e5e29bc9eb28a0e90506c4603b8fe2..75972364fa2165123f98724c44638c17d235f68d 100644 (file)
--- a/services/authorization/service/src/main/resources/applicationContext-authorization.xml
+++ b/services/authorization/service/src/main/resources/applicationContext-authorization.xml
@@ -82,8 +82,9 @@
      <tx:annotation-driven transaction-manager="transactionManager" />
  
      <bean id="cspaceAuthorizationProvider" class="org.collectionspace.services.authorization.spring.SpringAuthorizationProvider">
-        <property name="providerAclService" ref="aclService"/>
-        <property name="providerPermissionEvaluator" ref="permissionEvaluator"/>
-        <property name="txManager" ref="transactionManager"/>
+       <property name="providerAclService" ref="aclService"/>
+       <property name="providerPermissionEvaluator" ref="permissionEvaluator"/>
+       <property name="txManager" ref="transactionManager"/>
+                        <property name="providerAclCache" ref="aclCache"/>
      </bean>
  </beans>
diff --git a/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java b/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java

index 8c0d9d10efd5b5ea5627a248773318e35a7b3f7f..4762d87356e511197005f5c8b54b7a16af4da695 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java
@@ -160,14 +160,17 @@ public class TenantBindingConfigReaderImpl
              throw new IllegalArgumentException("no service binding found for " + serviceName
                      + " of tenant with id=" + tenantId);
          }
-        if (serviceBinding.getRepositoryDomain() == null) {
+        String repoDomain = serviceBinding.getRepositoryDomain(); 
+        if (repoDomain == null) {
+               /* This is excessive - every call to a JPA based service dumps this msg.
              if (logger.isDebugEnabled()) {
                  logger.debug("No repository domain configured for " + serviceName
                          + " of tenant with id=" + tenantId);
              }
+            */
              return null;
          }
-        return domains.get(serviceBinding.getRepositoryDomain().trim());
+        return domains.get(repoDomain.trim());
      }
  
      /**
author	Patrick Schmitz <pschmitz@berkeley.edu>
	Tue, 2 Nov 2010 20:16:51 +0000 (20:16 +0000)
committer	Patrick Schmitz <pschmitz@berkeley.edu>
	Tue, 2 Nov 2010 20:16:51 +0000 (20:16 +0000)
services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java		patch \| blob \| history
services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java		patch \| blob \| history
services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java		patch \| blob \| history
services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpaceAuthorizationProvider.java		patch \| blob \| history
services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java		patch \| blob \| history
services/authorization/service/src/main/resources/applicationContext-authorization.xml		patch \| blob \| history
services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java		patch \| blob \| history