From 8e28bd9d960d091bc786edfc85224e06b53be2ac Mon Sep 17 00:00:00 2001
From: brinn <brinn>
Date: Fri, 11 Feb 2011 18:34:16 +0000
Subject: [PATCH] add: dataset authorization cache to avoid unnecessary
roundtrips between the openBIS application server and datastore server ported
from branch S99.x
SVN: 19913
---
datastore_server/dist/etc/service.properties | 11 +
.../dss/generic/server/ConfigParameters.java | 41 +++-
.../dss/generic/server/DataStoreServer.java | 10 +-
.../server/DatasetAuthorizationCache.java | 220 ++++++++++++++++++
.../server/DatasetSessionAuthorizer.java | 158 ++++++++++++-
.../internal/DataSetCodeStringPredicate.java | 13 --
.../internal/DataSetFileDTOPredicate.java | 13 --
.../internal/NewDataSetPredicate.java | 13 --
.../internal/DatasetIdentifierPredicate.java | 13 --
.../SingleDataSetIdentifierPredicate.java | 13 --
10 files changed, 426 insertions(+), 79 deletions(-)
create mode 100644 datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DatasetAuthorizationCache.java
diff --git a/datastore_server/dist/etc/service.properties b/datastore_server/dist/etc/service.properties
index 3e341012f5a..09b1441b9fb 100644
--- a/datastore_server/dist/etc/service.properties
+++ b/datastore_server/dist/etc/service.properties
@@ -21,6 +21,17 @@ use-nio-selector-socket = false
# Session timeout in minutes
session-timeout = 720
+#
+# Data set authorization cache
+#
+
+# The expiration time of entries in the dataset authorization cache in minutes
+# (set to 0 to disable the dataset authorization cache completely)
+authorization-cache-expiration-time = 5
+
+# The time period between two runs of the authorization cache cleanup timer in minutes
+authorization-cache-cleanup-timer-period = 180
+
# Path to the keystore
keystore.path = etc/openBIS.keystore
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ConfigParameters.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ConfigParameters.java
index 75ddd03a184..a5dcd254c29 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ConfigParameters.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ConfigParameters.java
@@ -56,9 +56,18 @@ final class ConfigParameters
private static final String KEYSTORE = "keystore.";
static final String USE_SSL = "use-ssl";
-
+
static final String USE_NIO = "use-nio-selector-socket";
+ static final String AUTH_CACHE_EXPIRATION_TIME = "authorization-cache-expiration-time";
+
+ private static final int DEFAULT_AUTH_CACHE_EXPIRATION_TIME_MINS = 5;
+
+ static final String AUTH_CACHE_CLEANUP_TIMER_PERIOD =
+ "authorization-cache-cleanup-timer-period";
+
+ private static final int DEFAULT_AUTH_CACHE_CLEANUP_TIMER_PERIOD_MINS = 3 * 60;
+
static final String KEYSTORE_PATH_KEY = KEYSTORE + "path";
static final String KEYSTORE_PASSWORD_KEY = KEYSTORE + "password";
@@ -86,7 +95,7 @@ final class ConfigParameters
private final int sessionTimeout;
private final boolean useSSL;
-
+
private final boolean useNIO;
private final String keystorePath;
@@ -95,6 +104,10 @@ final class ConfigParameters
private final String keystoreKeyPassword;
+ private final int authCacheExpirationTimeMins;
+
+ private final int authCacheCleanupTimerPeriodMins;
+
private final List<PluginServlet> pluginServlets;
private final Properties properties;
@@ -166,6 +179,12 @@ final class ConfigParameters
keystorePath = keystorePassword = keystoreKeyPassword = null;
}
useNIO = PropertyUtils.getBoolean(properties, USE_NIO, false);
+ authCacheExpirationTimeMins =
+ PropertyUtils.getInt(properties, AUTH_CACHE_EXPIRATION_TIME,
+ DEFAULT_AUTH_CACHE_EXPIRATION_TIME_MINS);
+ authCacheCleanupTimerPeriodMins =
+ PropertyUtils.getInt(properties, AUTH_CACHE_CLEANUP_TIMER_PERIOD,
+ DEFAULT_AUTH_CACHE_CLEANUP_TIMER_PERIOD_MINS);
pluginServlets = extractPluginServletsProperties(properties);
}
@@ -273,6 +292,16 @@ final class ConfigParameters
return useNIO;
}
+ public int getAuthCacheExpirationTimeMins()
+ {
+ return authCacheExpirationTimeMins;
+ }
+
+ public int getAuthCacheCleanupTimerPeriodMins()
+ {
+ return authCacheCleanupTimerPeriodMins;
+ }
+
public Properties getProperties()
{
return properties;
@@ -287,7 +316,13 @@ final class ConfigParameters
operationLog.info(String.format("Port number: %d.", port));
operationLog.info(String.format("URL of openBIS server: '%s'.", serverURL));
operationLog.info(String.format("Session timeout (seconds): %d.", sessionTimeout));
- operationLog.info(String.format("Use SSL: '%s'.", useSSL));
+ operationLog.info(String.format("Use SSL: %s.", useSSL));
+ operationLog.info(String.format("Use NIO sockets: %s", useNIO));
+ operationLog.info(String.format("Authorization cache expiration time (minutes): %s",
+ authCacheExpirationTimeMins));
+ operationLog.info(String.format(
+ "Authorization cache cleanup timer period (minutes): %s",
+ authCacheCleanupTimerPeriodMins));
operationLog.info(String.format("Keystore path: '%s'.", keystorePath));
for (PluginServlet pluginServlet : pluginServlets)
{
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
index d31d5ba2492..00eb14fa808 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
@@ -86,7 +86,6 @@ public class DataStoreServer
public void init() throws ServletException
{
target = ServiceProvider.getDataStoreServer();
- DssSessionAuthorizationHolder.setAuthorizer(new DatasetSessionAuthorizer());
}
// Code copied from org.springframework.web.context.support.HttpRequestHandlerServlet
@@ -130,9 +129,12 @@ public class DataStoreServer
{
assert server == null : "Server already started";
final ConfigParameters configParameters = getConfigParameters();
- IEncapsulatedOpenBISService openBISService = ServiceProvider.getOpenBISService();
+ final IEncapsulatedOpenBISService openBISService = ServiceProvider.getOpenBISService();
final ApplicationContext applicationContext =
new ApplicationContext(openBISService, configParameters);
+ DssSessionAuthorizationHolder.setAuthorizer(new DatasetSessionAuthorizer(configParameters
+ .getAuthCacheExpirationTimeMins(), configParameters
+ .getAuthCacheCleanupTimerPeriodMins()));
server = createServer(applicationContext);
try
{
@@ -297,10 +299,6 @@ public class DataStoreServer
private static Connector createSocketConnector(ConfigParameters configParameters)
{
- if (operationLog.isInfoEnabled())
- {
- operationLog.info("Use Java NIO selector-based socket: " + configParameters.isUseNIO());
- }
if (configParameters.isUseSSL())
{
final SslConnector socketConnector =
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DatasetAuthorizationCache.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DatasetAuthorizationCache.java
new file mode 100644
index 00000000000..104b1d0bb2e
--- /dev/null
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DatasetAuthorizationCache.java
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2011 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.dss.generic.server;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+import java.util.TimerTask;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * A thread-safe cache for whether a given session is authorized to access a given data set.
+ *
+ * @author Bernd Rinn
+ */
+public class DatasetAuthorizationCache
+{
+
+ private final static class KeyRecord
+ {
+ private final String sessionToken;
+
+ private final String datasetCode;
+
+ KeyRecord(String sessionToken, String datasetCode)
+ {
+ this.sessionToken = sessionToken;
+ this.datasetCode = datasetCode;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((datasetCode == null) ? 0 : datasetCode.hashCode());
+ result = prime * result + ((sessionToken == null) ? 0 : sessionToken.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ KeyRecord other = (KeyRecord) obj;
+ if (datasetCode == null)
+ {
+ if (other.datasetCode != null)
+ return false;
+ } else if (!datasetCode.equals(other.datasetCode))
+ return false;
+ if (sessionToken == null)
+ {
+ if (other.sessionToken != null)
+ return false;
+ } else if (!sessionToken.equals(other.sessionToken))
+ return false;
+ return true;
+ }
+ }
+
+ private final static class ValueRecord
+ {
+ private final boolean authorized;
+
+ private final long timestamp;
+
+ ValueRecord(boolean authorized)
+ {
+ this.authorized = authorized;
+ this.timestamp = System.currentTimeMillis();
+ }
+
+ boolean isAuthorized()
+ {
+ return authorized;
+ }
+
+ long getTimestamp()
+ {
+ return timestamp;
+ }
+ }
+
+ private final Map<KeyRecord, ValueRecord> cache =
+ new ConcurrentHashMap<KeyRecord, ValueRecord>();
+
+ private Timer expirationTimer = new Timer(true);
+
+ private final long cacheExpirationTimeMillis;
+
+ /**
+ * Create a new and empty cache and start an expiration timer for cleaning up.
+ * <p>
+ * <i>Note that the cache will never return stale authorization information. The expiration
+ * timer is only needed for freeing memory occupied by the cache.</i>
+ *
+ * @param cacheExpirationTimeMillis The time (in ms) after which an authorization value expires.
+ * @param timerPeriodMillis The time (in ms) after which the expiration timer runs.
+ */
+ public DatasetAuthorizationCache(long cacheExpirationTimeMillis, long timerPeriodMillis)
+ {
+ this.cacheExpirationTimeMillis = cacheExpirationTimeMillis;
+ this.expirationTimer.schedule(new TimerTask()
+ {
+ @Override
+ public void run()
+ {
+ runExpiration();
+ }
+ }, 0L, timerPeriodMillis);
+ }
+
+ private boolean isExpired(ValueRecord v, long now)
+ {
+ return now - v.getTimestamp() > cacheExpirationTimeMillis;
+ }
+
+ private void runExpiration()
+ {
+ final long now = System.currentTimeMillis();
+ final Iterator<Map.Entry<KeyRecord, ValueRecord>> it = cache.entrySet().iterator();
+ while (it.hasNext())
+ {
+ final Map.Entry<KeyRecord, ValueRecord> e = it.next();
+ if (isExpired(e.getValue(), now))
+ {
+ it.remove();
+ }
+ }
+ }
+
+ private ValueRecord tryGet(KeyRecord k)
+ {
+ final ValueRecord v = cache.get(k);
+ if (v != null && isExpired(v, System.currentTimeMillis()))
+ {
+ cache.remove(k);
+ return null;
+ } else
+ {
+ return v;
+ }
+ }
+
+ /**
+ * Puts a new authorization value in the cache.
+ *
+ * @param sessionToken The token of the session that is granted or denied access.
+ * @param datasetCode The code of the data set that the session is granted or denied access to.
+ * @param authorized Whether the session should be granted (<code>true</code>) or denied (
+ * <code>false</code>) access to the data set.
+ */
+ public void put(String sessionToken, String datasetCode, boolean authorized)
+ {
+ cache.put(new KeyRecord(sessionToken, datasetCode), new ValueRecord(authorized));
+ }
+
+ /**
+ * Puts new authorization values in the cache.
+ *
+ * @param sessionToken The token of the session that is granted or denied access.
+ * @param datasetCodes The codes of the data sets that the session is granted or denied access to.
+ * @param authorized Whether the session should be granted (<code>true</code>) or denied (
+ * <code>false</code>) access to the data seta.
+ */
+ public void putAll(String sessionToken, List<String> datasetCodes, boolean authorized)
+ {
+ final ValueRecord value = new ValueRecord(authorized);
+ for (String datasetCode : datasetCodes)
+ {
+ cache.put(new KeyRecord(sessionToken, datasetCode), value);
+ }
+ }
+
+ /**
+ * Returns authorization state of the <var>datasetCode</var> for the session specified by
+ * <var>sessionToken</var>.
+ *
+ * @param sessionToken The token of the session that the authorization information is for.
+ * @param datasetCode The code of the data set that the session wants to access.
+ * @return <code>true</code> if the session is granted access, <code>false</code> if the session
+ * is denied access and <code>null</code> if the cache has no information about this
+ * session and data set.
+ */
+ public Boolean tryGet(String sessionToken, String datasetCode)
+ {
+ final ValueRecord v = tryGet(new KeyRecord(sessionToken, datasetCode));
+ return v != null ? v.isAuthorized() : null;
+ }
+
+ /**
+ * Removes all entries from this cache.
+ */
+ public void clear()
+ {
+ cache.clear();
+ }
+
+}
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DatasetSessionAuthorizer.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DatasetSessionAuthorizer.java
index 1bd830546f6..53ab75d709f 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DatasetSessionAuthorizer.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DatasetSessionAuthorizer.java
@@ -18,52 +18,134 @@ package ch.systemsx.cisd.openbis.dss.generic.server;
import java.util.List;
+import org.apache.log4j.Logger;
+
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
+import ch.systemsx.cisd.common.logging.LogCategory;
+import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.openbis.dss.generic.shared.IEncapsulatedOpenBISService;
import ch.systemsx.cisd.openbis.dss.generic.shared.ServiceProvider;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.internal.IDssSessionAuthorizer;
import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
/**
- * Implementation of {@link IDssSessionAuthorizer} that asks the openBIS application server to
- * check the data set codes.
+ * Implementation of {@link IDssSessionAuthorizer} that asks the openBIS application server to check
+ * the data set codes.
*
* @author Bernd Rinn
*/
public class DatasetSessionAuthorizer implements IDssSessionAuthorizer
{
+ private static final int MILLIS_PER_MINUTE = 60 * 1000;
+
+ static protected final Logger operationLog = LogFactory.getLogger(LogCategory.OPERATION,
+ DatasetSessionAuthorizer.class);
+
+ private final DatasetAuthorizationCache authCacheOrNull;
+
+ /**
+ * Creates the authorizer with default timing parameters of <code>cacheExpirationMins=5</code>
+ * and <code>cleanupTimerMins=180</code> (3 hours).
+ */
+ public DatasetSessionAuthorizer()
+ {
+ this(5, 3 * 60);
+ }
+
+ /**
+ * Creates the authorizer.
+ *
+ * @param cacheExpirationMins Cache expiration time (in minutes). Set to 0 to disable the cache.
+ * @param cleanupTimerMins Time interval between two calls of the cache cleanup timer (in
+ * minutes).
+ */
+ public DatasetSessionAuthorizer(int cacheExpirationMins, int cleanupTimerMins)
+ {
+ authCacheOrNull =
+ (cacheExpirationMins == 0) ? null : new DatasetAuthorizationCache(
+ cacheExpirationMins * MILLIS_PER_MINUTE, cleanupTimerMins
+ * MILLIS_PER_MINUTE);
+ }
+
public Status checkDatasetAccess(String sessionToken, List<String> datasetCodes)
{
- final IEncapsulatedOpenBISService openBISService = ServiceProvider.getOpenBISService();
+ final Status cachedStatus = tryGetCached(sessionToken, datasetCodes);
+ if (cachedStatus != null)
+ {
+ if (operationLog.isDebugEnabled())
+ {
+ operationLog.debug(String.format(
+ "Access of session '%s' to data sets '%s' on openBIS "
+ + "application server (from authorization cache): %s.",
+ sessionToken, datasetCodes, cachedStatus));
+ }
+ return cachedStatus;
+ }
+ if (operationLog.isInfoEnabled())
+ {
+ operationLog.info(String.format("Checking access of session '%s' to data sets '%s' on "
+ + "openBIS application server.", sessionToken, datasetCodes));
+ }
+ final IEncapsulatedOpenBISService openBISService = ServiceProvider.getOpenBISService();
try
{
openBISService.checkDataSetCollectionAccess(sessionToken, datasetCodes);
+ cachePutAll(sessionToken, datasetCodes, true);
return Status.OK;
} catch (UserFailureException ex)
{
+ if (datasetCodes.size() == 1)
+ {
+ cachePut(sessionToken, datasetCodes.get(0), false);
+ }
return Status.createError(ex.getMessage());
}
}
public Status checkDatasetAccess(String sessionToken, String datasetCode)
{
- final IEncapsulatedOpenBISService openBISService = ServiceProvider.getOpenBISService();
+ final Status cachedStatus = tryGetCached(sessionToken, datasetCode);
+ if (cachedStatus != null)
+ {
+ if (operationLog.isDebugEnabled())
+ {
+ operationLog.debug(String.format(
+ "Access of session '%s' to data set '%s' on openBIS "
+ + "application server (from authorization cache): %s.",
+ sessionToken, datasetCode, cachedStatus));
+ }
+ return cachedStatus;
+ }
+ if (operationLog.isInfoEnabled())
+ {
+ operationLog.info(String.format("Checking access of session '%s' to data set '%s' on "
+ + "openBIS application server.", sessionToken, datasetCode));
+ }
+ final IEncapsulatedOpenBISService openBISService = ServiceProvider.getOpenBISService();
try
{
openBISService.checkDataSetAccess(sessionToken, datasetCode);
+ cachePut(sessionToken, datasetCode, true);
return Status.OK;
} catch (UserFailureException ex)
{
+ cachePut(sessionToken, datasetCode, false);
return Status.createError(ex.getMessage());
}
}
public Status checkSpaceWriteable(String sessionToken, SpaceIdentifier spaceId)
{
+ if (operationLog.isInfoEnabled())
+ {
+ operationLog.info(String.format(
+ "Checking whether space '%s' is writable to session '%s' on "
+ + "openBIS application server.", spaceId, sessionToken));
+ }
final IEncapsulatedOpenBISService openBISService = ServiceProvider.getOpenBISService();
try
@@ -78,6 +160,12 @@ public class DatasetSessionAuthorizer implements IDssSessionAuthorizer
public Status checkInstanceAdminAuthorization(String sessionToken)
{
+ if (operationLog.isInfoEnabled())
+ {
+ operationLog.info(String.format(
+ "Checking if session '%s' has instance admin privileges on "
+ + "openBIS application server.", sessionToken));
+ }
final IEncapsulatedOpenBISService openBISService = ServiceProvider.getOpenBISService();
try
@@ -90,4 +178,64 @@ public class DatasetSessionAuthorizer implements IDssSessionAuthorizer
}
}
-}
+ /**
+ * Clears all entries from the cache (for unit tests).
+ */
+ public void clearCache()
+ {
+ if (authCacheOrNull == null)
+ {
+ return;
+ }
+ authCacheOrNull.clear();
+ }
+
+ private void cachePut(String sessionToken, String datasetCode, boolean authorized)
+ {
+ if (authCacheOrNull == null)
+ {
+ return;
+ }
+ authCacheOrNull.put(sessionToken, datasetCode, authorized);
+ }
+
+ private void cachePutAll(String sessionToken, List<String> datasetCodes, boolean authorized)
+ {
+ if (authCacheOrNull == null)
+ {
+ return;
+ }
+ authCacheOrNull.putAll(sessionToken, datasetCodes, authorized);
+ }
+
+ private Status tryGetCached(String sessionToken, String datasetCode)
+ {
+ if (authCacheOrNull == null)
+ {
+ return null;
+ }
+ final Boolean authorized = authCacheOrNull.tryGet(sessionToken, datasetCode);
+ return (authorized == null) ? null : (authorized ? Status.OK : Status.createError());
+ }
+
+ private Status tryGetCached(String sessionToken, List<String> datasetCodes)
+ {
+ if (authCacheOrNull == null)
+ {
+ return null;
+ }
+ for (String code : datasetCodes)
+ {
+ final Boolean authorized = authCacheOrNull.tryGet(sessionToken, code);
+ if (authorized == null)
+ {
+ return null;
+ } else if (authorized == false)
+ {
+ return Status.createError();
+ }
+ }
+ return Status.OK;
+ }
+
+}
\ No newline at end of file
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/DataSetCodeStringPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/DataSetCodeStringPredicate.java
index 492e0ba9235..c3c41f85242 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/DataSetCodeStringPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/DataSetCodeStringPredicate.java
@@ -16,12 +16,8 @@
package ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.internal;
-import org.apache.log4j.Logger;
-
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.common.logging.LogCategory;
-import ch.systemsx.cisd.common.logging.LogFactory;
/**
* Predicate for checking that the current user has access to a data set specified by code.
@@ -33,18 +29,9 @@ import ch.systemsx.cisd.common.logging.LogFactory;
public class DataSetCodeStringPredicate implements
IAuthorizationGuardPredicate<IDssServiceRpcGenericInternal, String>
{
- static protected final Logger operationLog = LogFactory.getLogger(LogCategory.OPERATION,
- DataSetCodeStringPredicate.class);
-
public Status evaluate(IDssServiceRpcGenericInternal receiver, String sessionToken,
String datasetCode) throws UserFailureException
{
- if (operationLog.isInfoEnabled())
- {
- operationLog.info(String.format("Check access to the data set '%s' on openBIS server.",
- datasetCode));
- }
-
return DssSessionAuthorizationHolder.getAuthorizer().checkDatasetAccess(sessionToken,
datasetCode);
}
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/DataSetFileDTOPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/DataSetFileDTOPredicate.java
index b83118343ab..cdbe29f1f60 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/DataSetFileDTOPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/DataSetFileDTOPredicate.java
@@ -16,12 +16,8 @@
package ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.internal;
-import org.apache.log4j.Logger;
-
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.common.logging.LogCategory;
-import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.DataSetFileDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.IDssServiceRpcGeneric;
@@ -36,18 +32,9 @@ import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.IDssServiceRpcGeneric;
public class DataSetFileDTOPredicate implements
IAuthorizationGuardPredicate<IDssServiceRpcGeneric, DataSetFileDTO>
{
- static protected final Logger operationLog = LogFactory.getLogger(LogCategory.OPERATION,
- DataSetFileDTOPredicate.class);
-
public Status evaluate(IDssServiceRpcGeneric receiver, String sessionToken,
DataSetFileDTO dataSetFile) throws UserFailureException
{
- if (operationLog.isInfoEnabled())
- {
- operationLog.info(String.format(
- "Check access to the data set file '%s' on openBIS server.", dataSetFile));
- }
-
return DssSessionAuthorizationHolder.getAuthorizer().checkDatasetAccess(sessionToken,
dataSetFile.getDataSetCode());
}
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/NewDataSetPredicate.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/NewDataSetPredicate.java
index f5567625d73..e89dee43733 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/NewDataSetPredicate.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/api/authorization/internal/NewDataSetPredicate.java
@@ -16,12 +16,8 @@
package ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.internal;
-import org.apache.log4j.Logger;
-
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.common.logging.LogCategory;
-import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.IDssServiceRpcGeneric;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.v1.NewDataSetDTO.DataSetOwner;
@@ -42,19 +38,10 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
public class NewDataSetPredicate implements
IAuthorizationGuardPredicate<IDssServiceRpcGeneric, NewDataSetDTO>
{
- static protected final Logger operationLog = LogFactory.getLogger(LogCategory.OPERATION,
- NewDataSetPredicate.class);
-
public Status evaluate(IDssServiceRpcGeneric receiver, String sessionToken,
NewDataSetDTO newDataSet) throws UserFailureException
{
SpaceIdentifier spaceId = getSpaceIdentifier(newDataSet);
- if (operationLog.isInfoEnabled())
- {
- operationLog.info(String.format("Check write access to space '%s' on openBIS server.",
- spaceId));
- }
-
return DssSessionAuthorizationHolder.getAuthorizer().checkSpaceWriteable(sessionToken,
spaceId);
}
diff --git a/screening/source/java/ch/systemsx/cisd/openbis/dss/screening/shared/api/authorization/internal/DatasetIdentifierPredicate.java b/screening/source/java/ch/systemsx/cisd/openbis/dss/screening/shared/api/authorization/internal/DatasetIdentifierPredicate.java
index 958e1d19af2..a096664da6c 100644
--- a/screening/source/java/ch/systemsx/cisd/openbis/dss/screening/shared/api/authorization/internal/DatasetIdentifierPredicate.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/dss/screening/shared/api/authorization/internal/DatasetIdentifierPredicate.java
@@ -19,12 +19,8 @@ package ch.systemsx.cisd.openbis.dss.screening.shared.api.authorization.internal
import java.util.ArrayList;
import java.util.List;
-import org.apache.log4j.Logger;
-
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.common.logging.LogCategory;
-import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.internal.DssSessionAuthorizationHolder;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.internal.IAuthorizationGuardPredicate;
import ch.systemsx.cisd.openbis.dss.screening.shared.api.v1.IDssServiceRpcScreening;
@@ -41,18 +37,9 @@ public class DatasetIdentifierPredicate implements
IAuthorizationGuardPredicate<IDssServiceRpcScreening, List<? extends IDatasetIdentifier>>
{
- static protected final Logger operationLog = LogFactory.getLogger(LogCategory.OPERATION,
- DatasetIdentifierPredicate.class);
-
public Status evaluate(IDssServiceRpcScreening receiver, String sessionToken,
List<? extends IDatasetIdentifier> datasetIdentifiers) throws UserFailureException
{
- if (operationLog.isInfoEnabled())
- {
- operationLog.info(String.format(
- "Check access to the data sets '%s' on openBIS server.", datasetIdentifiers));
- }
-
return DssSessionAuthorizationHolder.getAuthorizer().checkDatasetAccess(
sessionToken, getDatasetCodes(datasetIdentifiers));
}
diff --git a/screening/source/java/ch/systemsx/cisd/openbis/dss/screening/shared/api/authorization/internal/SingleDataSetIdentifierPredicate.java b/screening/source/java/ch/systemsx/cisd/openbis/dss/screening/shared/api/authorization/internal/SingleDataSetIdentifierPredicate.java
index 24f9116aaae..bd1218c9456 100644
--- a/screening/source/java/ch/systemsx/cisd/openbis/dss/screening/shared/api/authorization/internal/SingleDataSetIdentifierPredicate.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/dss/screening/shared/api/authorization/internal/SingleDataSetIdentifierPredicate.java
@@ -16,12 +16,8 @@
package ch.systemsx.cisd.openbis.dss.screening.shared.api.authorization.internal;
-import org.apache.log4j.Logger;
-
import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.common.logging.LogCategory;
-import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.internal.DssSessionAuthorizationHolder;
import ch.systemsx.cisd.openbis.dss.generic.shared.api.authorization.internal.IAuthorizationGuardPredicate;
import ch.systemsx.cisd.openbis.dss.screening.shared.api.v1.IDssServiceRpcScreening;
@@ -38,18 +34,9 @@ public class SingleDataSetIdentifierPredicate implements
IAuthorizationGuardPredicate<IDssServiceRpcScreening, IDatasetIdentifier>
{
- static protected final Logger operationLog = LogFactory.getLogger(LogCategory.OPERATION,
- DatasetIdentifierPredicate.class);
-
public Status evaluate(IDssServiceRpcScreening receiver, String sessionToken,
IDatasetIdentifier datasetIdentifier) throws UserFailureException
{
- if (operationLog.isInfoEnabled())
- {
- operationLog.info(String.format(
- "Check access to the data set '%s' on openBIS server.", datasetIdentifier));
- }
-
return DssSessionAuthorizationHolder.getAuthorizer().checkDatasetAccess(
sessionToken, datasetIdentifier.getDatasetCode());
}
--
GitLab