mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged V3.2 to HEAD
15388: ETHREEOH-1872: Better debug logging in authentication components
- Now each authentication component logs every step of the authentication process (including reason for failure) if you switch on debug logging for that component or the entire org.alfresco.repo.security.authentication package. E.g.
log4j.logger.org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl=debug
log4j.logger.org.alfresco.repo.security.authentication.AuthenticationComponentImpl=debug
log4j.logger.org.alfresco.repo.security.authentication=debug
15196: Further LDAP sync performance improvements
- Bunch user and group creations into small transactions (except for differential sync on login)
- Run a differential sync on startup (so that bulk of users are not brought over on first login)
- Can be disabled by synchronization.syncOnStartup property
15135: Node creation / ACL performance improvements
- When an ACL was set on a leaf node such as a person, redundant 'shared' ACLs were created for child nodes with getInheritedAccessControlList(), even though no child nodes existed.
- Now setInheritanceForChildren() makes a 'lazy' call to getInheritedAccessControlList(), only when it realises there are child nodes
15133: Changes to datasource definition for improved performance
- Enable caching and reuse of prepared statements (by default 40 for each connection)
- Removed custom-connection-pool-context.xml.sample and instead introduced complete property set into repository.properties
- Updated v3.2 Wiki docs http://wiki.alfresco.com/wiki/Database_Configuration#Overriding_the_Database_Connection_Properties
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15439 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2007 Alfresco Software Limited.
|
||||
* Copyright (C) 2005-2009 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
@@ -14,12 +14,14 @@
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have recieved a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing" */
|
||||
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have received a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing"
|
||||
*/
|
||||
|
||||
package org.alfresco.repo.domain.hibernate;
|
||||
|
||||
@@ -38,7 +40,6 @@ import org.alfresco.repo.domain.PropertyValue;
|
||||
import org.alfresco.repo.domain.hibernate.AclDaoComponentImpl.Indirection;
|
||||
import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptor;
|
||||
import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType;
|
||||
import org.alfresco.repo.search.impl.lucene.index.IndexInfo;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
||||
import org.alfresco.repo.security.permissions.ACLType;
|
||||
@@ -509,7 +510,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
|
||||
if (descriptor.isLayeredDirectory())
|
||||
{
|
||||
setInheritanceForDirectChildren(descriptor, changeMap, aclDaoComponent.getInheritedAccessControlList(getAclAsSystem(-1, descriptor.getPath()).getId()),
|
||||
setInheritanceForDirectChildren(descriptor, changeMap, getAclAsSystem(-1, descriptor.getPath()).getId(),
|
||||
indirections);
|
||||
}
|
||||
fixUpAcls(descriptor, changeMap, unchanged, unsetAcl, mode, indirections);
|
||||
@@ -586,10 +587,10 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
|
||||
}
|
||||
|
||||
private void setInheritanceForDirectChildren(AVMNodeDescriptor descriptor, Map<Long, Long> changeMap, Long mergeFrom, Map<Long, Set<Long>> indirections)
|
||||
private void setInheritanceForDirectChildren(AVMNodeDescriptor descriptor, Map<Long, Long> changeMap, Long inheritFrom, Map<Long, Set<Long>> indirections)
|
||||
{
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
setFixedAcls(descriptor, mergeFrom, changes, SetMode.DIRECT_ONLY, false, indirections);
|
||||
setFixedAcls(descriptor, inheritFrom, null, changes, SetMode.DIRECT_ONLY, false, indirections);
|
||||
for (AclChange change : changes)
|
||||
{
|
||||
if (!change.getBefore().equals(change.getAfter()))
|
||||
@@ -599,7 +600,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
}
|
||||
}
|
||||
|
||||
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long mergeFrom)
|
||||
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long inheritFrom)
|
||||
{
|
||||
// Walk children and fix up any that reference the given list ..
|
||||
// If previous is null we need to visit all descendants with a null acl and set
|
||||
@@ -615,7 +616,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
Map<Long, Set<Long>> indirections = buildIndirections();
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
AVMNodeDescriptor descriptor = fAVMService.lookup(version, path);
|
||||
setFixedAcls(descriptor, mergeFrom, changes, SetMode.ALL, false, indirections);
|
||||
setFixedAcls(descriptor, inheritFrom, null, changes, SetMode.ALL, false, indirections);
|
||||
return changes;
|
||||
|
||||
}
|
||||
@@ -626,16 +627,24 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
}
|
||||
|
||||
/**
|
||||
* Set and cascade ACls
|
||||
* Support to set a shared ACL on a node and all of its children.
|
||||
*
|
||||
* @param descriptor
|
||||
* the descriptor
|
||||
* @param inheritFrom
|
||||
* the parent node's ACL
|
||||
* @param mergeFrom
|
||||
* the shared ACL, if already known. If <code>null</code>, will be retrieved / created lazily
|
||||
* @param changes
|
||||
* the list in which to record changes
|
||||
* @param mode
|
||||
* the mode
|
||||
* @param set
|
||||
* set the shared ACL on the parent ?
|
||||
* @param indirections
|
||||
* the indirections
|
||||
*/
|
||||
public void setFixedAcls(AVMNodeDescriptor descriptor, Long mergeFrom, List<AclChange> changes, SetMode mode, boolean set, Map<Long, Set<Long>> indirections)
|
||||
public void setFixedAcls(AVMNodeDescriptor descriptor, Long inheritFrom, Long mergeFrom, List<AclChange> changes, SetMode mode, boolean set, Map<Long, Set<Long>> indirections)
|
||||
{
|
||||
if (descriptor == null)
|
||||
{
|
||||
@@ -645,6 +654,12 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
{
|
||||
if (set)
|
||||
{
|
||||
// Lazily retrieve/create the shared ACL
|
||||
if (mergeFrom == null)
|
||||
{
|
||||
mergeFrom = aclDaoComponent.getInheritedAccessControlList(inheritFrom);
|
||||
}
|
||||
|
||||
// Simple set does not require any special COW wire up
|
||||
// The AVM node will COW as required
|
||||
DbAccessControlList previous = getAclAsSystem(-1, descriptor.getPath());
|
||||
@@ -673,6 +688,12 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
|
||||
for (String key : children.keySet())
|
||||
{
|
||||
// Lazily retrieve/create the shared ACL
|
||||
if (mergeFrom == null)
|
||||
{
|
||||
mergeFrom = aclDaoComponent.getInheritedAccessControlList(inheritFrom);
|
||||
}
|
||||
|
||||
AVMNodeDescriptor child = children.get(key);
|
||||
|
||||
DbAccessControlList acl = getAclAsSystem(-1, child.getPath());
|
||||
@@ -682,7 +703,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
hibernateSessionHelper.mark();
|
||||
try
|
||||
{
|
||||
setFixedAcls(child, mergeFrom, changes, mode, true, indirections);
|
||||
setFixedAcls(child, inheritFrom, mergeFrom, changes, mode, true, indirections);
|
||||
}
|
||||
finally
|
||||
{
|
||||
@@ -709,7 +730,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
try
|
||||
{
|
||||
setAclAsSystem(child.getPath(), aclDaoComponent.getDbAccessControlList(change.getAfter()));
|
||||
setFixedAcls(child, aclDaoComponent.getInheritedAccessControlList(change.getAfter()), newChanges, SetMode.DIRECT_ONLY, false, indirections);
|
||||
setFixedAcls(child, change.getAfter(), null, newChanges, SetMode.DIRECT_ONLY, false, indirections);
|
||||
changes.addAll(newChanges);
|
||||
break;
|
||||
}
|
||||
@@ -725,7 +746,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
hibernateSessionHelper.mark();
|
||||
try
|
||||
{
|
||||
setFixedAcls(child, mergeFrom, changes, mode, true, indirections);
|
||||
setFixedAcls(child, inheritFrom, mergeFrom, changes, mode, true, indirections);
|
||||
}
|
||||
finally
|
||||
{
|
||||
@@ -863,7 +884,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
|
||||
setFixedAcls(node, aclDaoComponent.getInheritedAccessControlList(id), changes, SetMode.DIRECT_ONLY, false, indirections);
|
||||
setFixedAcls(node, id, null, changes, SetMode.DIRECT_ONLY, false, indirections);
|
||||
|
||||
for (AclChange change : changes)
|
||||
{
|
||||
@@ -909,7 +930,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
}
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
|
||||
setFixedAcls(node, aclDaoComponent.getInheritedAccessControlList(getAclAsSystem(-1, node.getPath()).getId()), changes, SetMode.DIRECT_ONLY, false, indirections);
|
||||
setFixedAcls(node, getAclAsSystem(-1, node.getPath()).getId(), null, changes, SetMode.DIRECT_ONLY, false, indirections);
|
||||
|
||||
for (AclChange change : changes)
|
||||
{
|
||||
@@ -949,7 +970,7 @@ public class AVMAccessControlListDAO implements AccessControlListDAO
|
||||
}
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
|
||||
setFixedAcls(node, aclDaoComponent.getInheritedAccessControlList(getAclAsSystem(-1, node.getPath()).getId()), changes, SetMode.DIRECT_ONLY, false, indirections);
|
||||
setFixedAcls(node, getAclAsSystem(-1, node.getPath()).getId(), null, changes, SetMode.DIRECT_ONLY, false, indirections);
|
||||
|
||||
for (AclChange change : changes)
|
||||
{
|
||||
|
||||
@@ -170,7 +170,6 @@ public class DMAccessControlListDAO implements AccessControlListDAO
|
||||
{
|
||||
if (!store.getProtocol().equals(StoreRef.PROTOCOL_AVM))
|
||||
{
|
||||
@SuppressWarnings("unused")
|
||||
CounterSet update;
|
||||
update = fixOldDmAcls(nodeService.getRootNode(store), null, true);
|
||||
result.add(update);
|
||||
@@ -316,10 +315,10 @@ public class DMAccessControlListDAO implements AccessControlListDAO
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long mergeFrom)
|
||||
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long inheritFrom)
|
||||
{
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
setFixedAcls(parent, mergeFrom, changes, false);
|
||||
setFixedAcls(parent, inheritFrom, null, changes, false);
|
||||
return changes;
|
||||
}
|
||||
|
||||
@@ -329,14 +328,20 @@ public class DMAccessControlListDAO implements AccessControlListDAO
|
||||
}
|
||||
|
||||
/**
|
||||
* Support to set ACLs and cascade fo required
|
||||
* Support to set a shared ACL on a node and all of its children
|
||||
*
|
||||
* @param nodeRef
|
||||
* the parent node
|
||||
* @param inheritFrom
|
||||
* the parent node's ACL
|
||||
* @param mergeFrom
|
||||
* the shared ACL, if already known. If <code>null</code>, will be retrieved / created lazily
|
||||
* @param changes
|
||||
* the list in which to record changes
|
||||
* @param set
|
||||
* set the shared ACL on the parent ?
|
||||
*/
|
||||
public void setFixedAcls(NodeRef nodeRef, Long mergeFrom, List<AclChange> changes, boolean set)
|
||||
public void setFixedAcls(NodeRef nodeRef, Long inheritFrom, Long mergeFrom, List<AclChange> changes, boolean set)
|
||||
{
|
||||
if (nodeRef == null)
|
||||
{
|
||||
@@ -346,6 +351,11 @@ public class DMAccessControlListDAO implements AccessControlListDAO
|
||||
{
|
||||
if (set)
|
||||
{
|
||||
// Lazily retrieve/create the shared ACL
|
||||
if (mergeFrom == null)
|
||||
{
|
||||
mergeFrom = aclDaoComponent.getInheritedAccessControlList(inheritFrom);
|
||||
}
|
||||
setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(mergeFrom));
|
||||
}
|
||||
|
||||
@@ -355,6 +365,12 @@ public class DMAccessControlListDAO implements AccessControlListDAO
|
||||
{
|
||||
if (child.isPrimary())
|
||||
{
|
||||
// Lazily retrieve/create the shared ACL
|
||||
if (mergeFrom == null)
|
||||
{
|
||||
mergeFrom = aclDaoComponent.getInheritedAccessControlList(inheritFrom);
|
||||
}
|
||||
|
||||
DbAccessControlList acl = getAccessControlList(child.getChildRef());
|
||||
|
||||
if (acl == null)
|
||||
@@ -362,7 +378,7 @@ public class DMAccessControlListDAO implements AccessControlListDAO
|
||||
hibernateSessionHelper.mark();
|
||||
try
|
||||
{
|
||||
setFixedAcls(child.getChildRef(), mergeFrom, changes, true);
|
||||
setFixedAcls(child.getChildRef(), inheritFrom, mergeFrom, changes, true);
|
||||
}
|
||||
finally
|
||||
{
|
||||
@@ -386,7 +402,7 @@ public class DMAccessControlListDAO implements AccessControlListDAO
|
||||
hibernateSessionHelper.mark();
|
||||
try
|
||||
{
|
||||
setFixedAcls(child.getChildRef(), mergeFrom, changes, true);
|
||||
setFixedAcls(child.getChildRef(), inheritFrom, mergeFrom, changes, true);
|
||||
}
|
||||
finally
|
||||
{
|
||||
|
||||
@@ -62,7 +62,7 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
DbAccessControlList acl = aclDaoComponent.getDbAccessControlList(id);
|
||||
changes.add(new AclDaoComponentImpl.AclChangeImpl(null, id, null, acl.getAclType()));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id));
|
||||
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
|
||||
return new CreationReport(acl, changes);
|
||||
}
|
||||
@@ -90,7 +90,7 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
|
||||
changes.add(new AclDaoComponentImpl.AclChangeImpl(existing.getId(), id, existing.getAclType(), acl.getAclType()));
|
||||
changes.addAll(aclDaoComponent.mergeInheritedAccessControlList(existing.getId(), id));
|
||||
// set this to inherit to children
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id));
|
||||
|
||||
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
|
||||
return new CreationReport(acl, changes);
|
||||
@@ -123,7 +123,6 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
|
||||
case DEFINING:
|
||||
if (acl.getInheritsFrom() != null)
|
||||
{
|
||||
@SuppressWarnings("unused")
|
||||
Long deleted = acl.getId();
|
||||
Long inheritsFrom = acl.getInheritsFrom();
|
||||
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
|
||||
@@ -135,7 +134,6 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
|
||||
else
|
||||
{
|
||||
// TODO: could just cear out existing
|
||||
@SuppressWarnings("unused")
|
||||
Long deleted = acl.getId();
|
||||
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
|
||||
properties = new SimpleAccessControlListProperties();
|
||||
@@ -146,7 +144,7 @@ public class DMPermissionsDaoComponentImpl extends AbstractPermissionsDaoCompone
|
||||
Long id = aclDaoComponent.createAccessControlList(properties);
|
||||
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id));
|
||||
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
|
||||
aclDaoComponent.deleteAccessControlList(acl.getId());
|
||||
}
|
||||
|
||||
@@ -102,7 +102,7 @@ public class NodeAccessControlListDAO extends HibernateDaoSupport implements Acc
|
||||
// Nothing to do here
|
||||
}
|
||||
|
||||
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long mergeFrom)
|
||||
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long inheritFrom)
|
||||
{
|
||||
// Nothing to do here
|
||||
return Collections.<AclChange> emptyList();
|
||||
|
||||
@@ -57,7 +57,7 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
DbAccessControlList acl = aclDaoComponent.getDbAccessControlList(id);
|
||||
changes.add(new AclDaoComponentImpl.AclChangeImpl(null, id, null, acl.getAclType()));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id));
|
||||
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
|
||||
return new CreationReport(acl, changes);
|
||||
}
|
||||
@@ -85,7 +85,7 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent
|
||||
changes.add(new AclDaoComponentImpl.AclChangeImpl(existing.getId(), id, existing.getAclType(), acl.getAclType()));
|
||||
changes.addAll(aclDaoComponent.mergeInheritedAccessControlList(existing.getId(), id));
|
||||
// set this to inherit to children
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id));
|
||||
|
||||
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
|
||||
return new CreationReport(acl, changes);
|
||||
@@ -122,7 +122,7 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent
|
||||
changes.addAll(aclDaoComponent.mergeInheritedAccessControlList(inheritedAclId, id));
|
||||
}
|
||||
// set this to inherit to children
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id));
|
||||
|
||||
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
|
||||
return new CreationReport(acl, changes);
|
||||
@@ -173,7 +173,7 @@ public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponent
|
||||
Long id = aclDaoComponent.createAccessControlList(properties);
|
||||
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
|
||||
List<AclChange> changes = new ArrayList<AclChange>();
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
|
||||
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id));
|
||||
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
|
||||
aclDaoComponent.deleteAccessControlList(acl.getId());
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user