DynamicSyncContext.java

baedke Thu, 01 Dec 2016 07:28:25 -0800

Author: baedke
Date: Thu Dec  1 15:27:44 2016
New Revision: 1772228

URL: http://svn.apache.org/viewvc?rev=1772228&view=rev
Log:
OAK-4930: External Principal Management:  DynamicSyncContext makes redundant 
calls to IdentityProvider.getIdentity()


Partially reverting c1764678 which incorrectly uses an external identifier as a 
principal name (see OAK-5200).

Modified:
    
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java?rev=1772228&r1=1772227&r2=1772228&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
 Thu Dec  1 15:27:44 2016
@@ -152,26 +152,16 @@ public class DynamicSyncContext extends
      */
     private void collectPrincipalNames(@Nonnull Set<String> principalNames, 
@Nonnull Iterable<ExternalIdentityRef> declaredGroupIdRefs, long depth) throws 
ExternalIdentityException {
         for (ExternalIdentityRef ref : declaredGroupIdRefs) {
-            if (ref instanceof ExternalGroupRef && depth < 2) {
-                // since the ExternalGroupRef marker already indicates that the
-                // ref points to an external group and we already reached the 
desired
-                // depth, we can avoid calling idp.getIdentity(), saving a 
roundtrip
-                // to the external IDP.
-                principalNames.add(ref.getId());
-            } else {
-                // resolve identity from the reference to
-                // - make sure we it is an external group
-                // - recursively collect group-group membership
-                ExternalIdentity extId = idp.getIdentity(ref);
-                if (extId instanceof ExternalGroup) {
-                    principalNames.add(ref.getId());
-                    // recursively apply further membership until the 
configured depth is reached
-                    if (depth > 1) {
-                        collectPrincipalNames(principalNames, 
extId.getDeclaredGroups(), depth - 1);
-                    }
-                } else {
-                    log.debug("Not an external group ({}) => ignore.", ref);
+            // get group
+            ExternalIdentity extId = idp.getIdentity(ref);
+            if (extId instanceof ExternalGroup) {
+                principalNames.add(extId.getPrincipalName());
+                // recursively apply further membership until the configured 
depth is reached
+                if (depth > 1) {
+                    collectPrincipalNames(principalNames, 
extId.getDeclaredGroups(), depth - 1);
                 }
+            } else {
+                log.debug("Not an external group ({}) => ignore.", extId);
             }
         }
     }

svn commit: r1772228 - /jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java

Reply via email to