CNAuthorizationCache.java

package hudson.plugins.collabnet.auth;

import com.collabnet.ce.webservices.CTFList;
import com.collabnet.ce.webservices.CTFRole;
import com.collabnet.ce.webservices.CollabNetApp;
import hudson.model.Hudson;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;

import java.rmi.RemoteException;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 * Authorization cache.
 */
public class CNAuthorizationCache {

    private Map<String, Set<Permission>> mPermSetMap = new HashMap<String, Set<Permission>>();
    private long mCacheExpirationDate;

    /**
     * Constructor.
     */
    public CNAuthorizationCache() {
        mCacheExpirationDate = System.currentTimeMillis(); // first time we use the cache, we'd reset expiration
    }

    /**
     * Remove all cache entries and sets next expiration date
     */
    private void clearCache() {
        mPermSetMap.clear();

        AuthorizationStrategy authStrategy = Hudson.getInstance().getAuthorizationStrategy();
        CNAuthorizationStrategy cnAuthStrategy = (CNAuthorizationStrategy) authStrategy;
        long permCacheTimeoutMs = cnAuthStrategy.getAuthCacheTimeoutMs();

        mCacheExpirationDate = System.currentTimeMillis() + permCacheTimeoutMs;
    }

    /**
     * Get a user's permission available for a given project.
     * @return set containing all of the user's permissions
     */
    public synchronized Set<Permission> getUserProjectPermSet(String username, String projectId) {
        if (System.currentTimeMillis() >= mCacheExpirationDate) {
            clearCache();
        }
        String cacheKey = projectId + ":" + username;
        Set<Permission> userPermSet = mPermSetMap.get(cacheKey);
        if (userPermSet == null) {
            userPermSet = new HashSet<Permission>();
            try {
                CollabNetApp conn = CNConnection.getInstance();
                CTFList<CTFRole> roleNameSet = conn.getProjectById(projectId).getUserRoles(username);
                Collection<CollabNetRole> userRoles = CNProjectACL.CollabNetRoles.getMatchingRoles(roleNameSet);
                for (CollabNetRole role : userRoles) {
                    userPermSet.addAll(role.getPermissions());
                }
            } catch (RemoteException e) {
                LOGGER.log(Level.WARNING, "Failed to retrieve permissions for the user "+username+" on "+projectId);
                // fall back to zero permission
            }
            mPermSetMap.put(cacheKey, userPermSet);
        }
        return userPermSet;
    }

    private static final Logger LOGGER = Logger.getLogger(CNAuthorizationCache.class.getName());
}