Authorization framework configuration in configuration.xml (#1465)

Author: tulinkry

src/org/opensolaris/opengrok/authorization/AuthorizationFramework.java

@@ -53,7 +53,7 @@
 public final class AuthorizationFramework {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationFramework.class);
-    private final File directory;
+    private File pluginDirectory;
     private AuthorizationPluginClassLoader loader;
 
     private volatile static AuthorizationFramework instance = new AuthorizationFramework();
@@ -70,6 +70,31 @@ public static AuthorizationFramework getInstance() {
         return instance;
     }
 
+    /**
+     * Get the plugin directory.
+     */
+    public synchronized File getPluginDirectory() {
+        return pluginDirectory;
+    }
+
+    /**
+     * Set the plugin directory.
+     *
+     * @param pluginDirectory the directory
+     */
+    public synchronized void setPluginDirectory(File pluginDirectory) {
+        this.pluginDirectory = pluginDirectory;
+    }
+
+    /**
+     * Set the plugin directory.
+     *
+     * @param directory the directory path
+     */
+    public void setPluginDirectory(String directory) {
+        AuthorizationFramework.this.setPluginDirectory(directory != null ? new File(directory) : null);
+    }
+
     /**
      * Checks if the request should have an access to project.
      *
@@ -113,22 +138,19 @@ public boolean test(IAuthorizationPlugin plugin) {
     private AuthorizationFramework() {
         String path = RuntimeEnvironment.getInstance()
                 .getPluginDirectory();
-        File directory = path == null ? null : new File(path);
-        if (path == null || directory == null || !directory.isDirectory() || !directory.canRead()) {
-            LOGGER.log(Level.INFO, "plugin directory not found or not readable: {0}. "
-                    + "The AuthorizationFramework will just pass requests through.", path);
-        }
         plugins = new ArrayList<>();
-        this.directory = directory;
+        setPluginDirectory(path);
         reload();
     }
 
     /**
      * Get available plugins.
      *
      * This and couple of following methods are declared as synchronized because
-     * 1) plugins can be reloaded at anytime 
-     * 2) requests are pretty asynchronous
+     * <ol>
+     *  <li>plugins can be reloaded at anytime</li>
+     *  <li>requests are pretty asynchronous</li>
+     * </ol>
      *
      * So this tries to ensure that there will be no
      * ConcurrentModificationException or other similar exceptions.
@@ -179,7 +201,7 @@ private void removeAll() {
      * @return list of file with suffix
      */
     private List<File> listFiles(String suffix) {
-        File[] files = directory.listFiles(new FilenameFilter() {
+        File[] files = pluginDirectory.listFiles(new FilenameFilter() {
             @Override
             public boolean accept(File dir, String name) {
                 return name.endsWith(suffix);
@@ -196,7 +218,7 @@ public boolean accept(File dir, String name) {
      * @return recursively traversed list of files with given suffix
      */
     private List<File> listFilesRec(String suffix) {
-        return listFilesClassesRec(directory, suffix);
+        return listFilesClassesRec(pluginDirectory, suffix);
     }
 
     private List<File> listFilesClassesRec(File start, String suffix) {
@@ -236,7 +258,7 @@ private void loadClass(String classname) throws ClassNotFoundException,
             SecurityException,
             InstantiationException,
             IllegalAccessException {
-        
+
         Class c = loader.loadClass(classname);
         // check for implemented interfaces
         Class[] intf = c.getInterfaces();
@@ -256,7 +278,7 @@ private void loadClass(String classname) throws ClassNotFoundException,
     }
 
     private String getClassName(File f) {
-        String classname = f.getAbsolutePath().substring(directory.getAbsolutePath().length() + 1, f.getAbsolutePath().length());
+        String classname = f.getAbsolutePath().substring(pluginDirectory.getAbsolutePath().length() + 1, f.getAbsolutePath().length());
         classname = classname.replace(File.separatorChar, '.'); // convert to package name
         classname = classname.substring(0, classname.lastIndexOf('.')); // strip .class
         return classname;
@@ -275,24 +297,27 @@ private String getClassName(JarEntry f) {
      * Old instances of plugins are removed and new list of plugins is
      * constructed. Unload and load event is fired on each plugin.
      *
-     * @see IAuthorizationPlugin#load() 
-     * @see IAuthorizationPlugin#unload() 
+     * @see IAuthorizationPlugin#load()
+     * @see IAuthorizationPlugin#unload()
      */
     @SuppressWarnings("unchecked")
     public synchronized void reload() {
-        if (directory == null || !directory.isDirectory() || !directory.canRead()) {
+        if (pluginDirectory == null || !pluginDirectory.isDirectory() || !pluginDirectory.canRead()) {
+            LOGGER.log(Level.WARNING, "plugin directory not found or not readable: {0}. "
+                    + "All requests allowed.", pluginDirectory);
             return;
         }
-        LOGGER.log(Level.INFO, "Plugins are being reloaded from " + directory.getAbsolutePath());
+        LOGGER.log(Level.INFO, "Plugins are being reloaded from {0}", pluginDirectory.getAbsolutePath());
         removeAll();
         // trashing out the old instance of the loaded enables us
         // to reaload the plugins at runtime
         loader = (AuthorizationPluginClassLoader) AccessController.doPrivileged(new PrivilegedAction() {
+            @Override
             public Object run() {
-                return new AuthorizationPluginClassLoader(directory);
+                return new AuthorizationPluginClassLoader(pluginDirectory);
             }
         });
-        
+
         removeAll();
         plugins = new ArrayList<>();
 
@@ -322,7 +347,7 @@ public Object run() {
                 LOGGER.log(Level.INFO, "Could not manipulate with file because of: ", ex);
             }
         }
-        
+
         for (IAuthorizationPlugin plugin : getPlugins()) {
             try {
                 plugin.load();

src/org/opensolaris/opengrok/configuration/Configuration.java

@@ -79,7 +79,17 @@ public final class Configuration {
     private int historyCacheTime;
 
     private int messageLimit;
+    /**
+     * Directory with authorization plugins. Default value is
+     * dataRoot/../plugins (can be /var/opengrok/plugins if dataRoot is
+     * /var/opengrok/data).
+     */
     private String pluginDirectory;
+    /**
+     * Enable watching the plugin directory for changes in real time. Suitable
+     * for development.
+     */
+    private boolean authorizationWatchdogEnabled;
     private List<Project> projects;
     private Set<Group> groups;
     private String sourceRoot;
@@ -323,6 +333,7 @@ public Configuration() {
         setRevisionMessageCollapseThreshold(200);
         setGroupsCollapseThreshold(4);
         setPluginDirectory(null);
+        setAuthorizationWatchdogEnabled(false);
         setMaxSearchThreadCount(2 * Runtime.getRuntime().availableProcessors());
         setIndexRefreshPeriod(3600);
         setMessageLimit(500);
@@ -374,6 +385,14 @@ public void setPluginDirectory(String pluginDirectory) {
         this.pluginDirectory = pluginDirectory;
     }
 
+    public boolean isAuthorizationWatchdogEnabled() {
+        return authorizationWatchdogEnabled;
+    }
+
+    public void setAuthorizationWatchdogEnabled(boolean authorizationWatchdogEnabled) {
+        this.authorizationWatchdogEnabled = authorizationWatchdogEnabled;
+    }
+
     public void setCmds(Map<String, String> cmds) {
         this.cmds.clear();
         this.cmds.putAll(cmds);

src/org/opensolaris/opengrok/configuration/RuntimeEnvironment.java

@@ -730,6 +730,14 @@ public String getPluginDirectory() {
         return threadConfig.get().getPluginDirectory();
     }
 
+    public boolean isAuthorizationWatchdog() {
+        return threadConfig.get().isAuthorizationWatchdogEnabled();
+    }
+
+    public void setAuthorizationWatchdog(boolean authorizationWatchdogEnabled) {
+        threadConfig.get().setAuthorizationWatchdogEnabled(authorizationWatchdogEnabled);
+    }
+
     /**
      * Is the verbosity flag turned on?
      *
@@ -1576,6 +1584,8 @@ public void applyConfig(Configuration config, boolean reindex) {
             // Force timestamp to update itself upon new config arrival.
             config.refreshDateForLastIndexRun();
         }
+        AuthorizationFramework.getInstance().setPluginDirectory(config.getPluginDirectory());
+        AuthorizationFramework.getInstance().reload();
     }
 
     /**
@@ -1691,10 +1701,11 @@ protected void handleMessage(Message m, final OutputStream output) throws IOExce
 
     /**
      * Starts a watch dog service for a directory. It automatically reloads the
-     * AuthorizationFramework if there was a change.
+     * AuthorizationFramework if there was a change in <b>real-time</b>.
+     * Suitable for plugin development.
      *
-     * You can control start of this service by context-parameter in web.xml
-     * param-name: enableAuthorizationWatchDog
+     * You can control start of this service by a configuration parameter
+     * {@link Configuration#authorizationWatchdogEnabled}
      *
      * @param directory root directory for plugins
      */

src/org/opensolaris/opengrok/web/WebappListener.java

@@ -41,8 +41,6 @@
 import org.opensolaris.opengrok.configuration.RuntimeEnvironment;
 import org.opensolaris.opengrok.logger.LoggerFactory;
 
-import static org.opensolaris.opengrok.configuration.Configuration.PLUGIN_DIRECTORY_DEFAULT;
-
 /**
  * Initialize webapp context
  *
@@ -98,22 +96,18 @@ public void contextInitialized(final ServletContextEvent servletContextEvent) {
             }
         }
 
-        String pluginDirectory = context.getInitParameter(AUTHORIZATION_PLUGIN_DIRECTORY);
-        if (pluginDirectory != null) {
-            env.getConfiguration().setPluginDirectory(pluginDirectory);
-            AuthorizationFramework.getInstance(); // start + load
-        } else {
-            if (env.getDataRootPath() == null) {
-                env.getConfiguration().setPluginDirectory(PLUGIN_DIRECTORY_DEFAULT);
-            } else {
-                env.getConfiguration().setPluginDirectory(env.getDataRootPath() + "/../" + PLUGIN_DIRECTORY_DEFAULT);
-            }
-            LOGGER.log(Level.INFO, AUTHORIZATION_PLUGIN_DIRECTORY + " is not set in web.xml. Default location will be used.");
+        try {
+            RuntimeEnvironment.getInstance().loadStatistics();
+        } catch (IOException ex) {
+            LOGGER.log(Level.INFO, "Could not load statistics from a file.", ex);
+        } catch (ParseException ex) {
+            LOGGER.log(Level.SEVERE, "Could not parse statistics from a file.", ex);
         }
 
-        String watchDog = context.getInitParameter(ENABLE_AUTHORIZATION_WATCH_DOG);
-        if (pluginDirectory != null && watchDog != null && Boolean.parseBoolean(watchDog)) {
-            RuntimeEnvironment.getInstance().startWatchDogService(new File(pluginDirectory));
+        AuthorizationFramework.getInstance(); // start + load
+
+        if (env.getConfiguration().getPluginDirectory() != null && env.isAuthorizationWatchdog()) {
+            RuntimeEnvironment.getInstance().startWatchDogService(new File(env.getConfiguration().getPluginDirectory()));
         }
 
         RuntimeEnvironment.getInstance().startIndexReopenThread();

web/WEB-INF/web.xml

@@ -14,25 +14,6 @@
     <param-value>localhost:2424</param-value>
   </context-param>
 
-  <context-param>
-      <description>
-          Directory with authorization plugins.
-          Default value is dataRoot/../plugins
-            (can be /var/opengrok/plugins if dataRoot is /var/opengrok/data).
-      </description>
-      <param-name>authorizationPluginDirectory</param-name>
-      <param-value>/var/opengrok/plugins</param-value>
-  </context-param>
-
-  <context-param>
-      <description>
-          Enable watching the plugin directory for changes in real time.
-          Suitable for development.
-      </description>
-      <param-name>enableAuthorizationWatchDog</param-name>
-      <param-value>false</param-value>
-  </context-param>
-
   <listener>
    <listener-class>org.opensolaris.opengrok.web.WebappListener</listener-class>
   </listener>