review: improv logging of cache invalidation

Author: dcleao

core/src/main/java/org/pentaho/platform/engine/security/authorization/PentahoAuthorizationRuleLevel.java

@@ -22,6 +22,8 @@
 import org.pentaho.platform.api.engine.security.authorization.IAuthorizationRule;
 import org.pentaho.platform.api.engine.security.authorization.decisions.IAuthorizationDecision;
 import org.pentaho.platform.engine.core.system.PentahoSystem;
+import org.pentaho.platform.engine.security.authorization.core.rules.AbstractAuthorizationRule;
+import org.pentaho.platform.engine.security.authorization.core.rules.AbstractCompositeAuthorizationRule;
 import org.pentaho.platform.engine.security.authorization.core.rules.AllAuthorizationRule;
 import org.pentaho.platform.engine.security.authorization.core.rules.AnyAuthorizationRule;
 import org.springframework.util.Assert;
@@ -33,7 +35,7 @@
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
-public class PentahoAuthorizationRuleLevel implements IAuthorizationRule<IAuthorizationRequest> {
+public class PentahoAuthorizationRuleLevel extends AbstractAuthorizationRule<IAuthorizationRequest> {
   private static final String RULE_LEVEL_ATTRIBUTE = "ruleLevel";
 
   public enum RuleLevelType {
@@ -58,7 +60,7 @@ public enum RuleLevelType {
   private final Supplier<List<IPentahoObjectReference<IAuthorizationRule>>> authorizationRuleReferencesSupplier;
 
   @NonNull
-  private IAuthorizationRule<IAuthorizationRequest> delegateRule;
+  private AbstractCompositeAuthorizationRule delegateRule;
 
   public PentahoAuthorizationRuleLevel( @NonNull IPluginManager pluginManager,
                                         @NonNull RuleLevelType ruleLevelType,
@@ -119,12 +121,12 @@ private void updateDelegateRule() {
 
   @VisibleForTesting
   @NonNull
-  protected IAuthorizationRule<IAuthorizationRequest> getDelegateRule() {
+  protected AbstractCompositeAuthorizationRule getDelegateRule() {
     return this.delegateRule;
   }
 
   @NonNull
-  private IAuthorizationRule<IAuthorizationRequest> buildDelegateRule() {
+  private AbstractCompositeAuthorizationRule buildDelegateRule() {
     var rules = getLevelAuthorizationRules( levelRulePredicate );
     rules.addAll( postRules );
 
@@ -174,12 +176,20 @@ protected static Predicate<IPentahoObjectReference<?>> buildLevelRulePredicate(
     // normalize null to ""
     final String normalizedRuleLevel = getDefaultValue( ruleLevel, "" );
 
-    return ruleRef -> {
-      String value = getDefaultValue(
-        ruleRef.getAttributes().get( RULE_LEVEL_ATTRIBUTE ),
-        isDefaultRuleLevel ? normalizedRuleLevel : "" );
+    return new Predicate<>() {
+      @Override
+      public boolean test( IPentahoObjectReference<?> ruleRef ) {
+        String value = getDefaultValue(
+          ruleRef.getAttributes().get( RULE_LEVEL_ATTRIBUTE ),
+          isDefaultRuleLevel ? normalizedRuleLevel : "" );
 
-      return value.equals( normalizedRuleLevel );
+        return value.equals( normalizedRuleLevel );
+      }
+
+      @Override
+      public String toString() {
+        return "Rules[level=" + normalizedRuleLevel + " default=" + isDefaultRuleLevel + "]";
+      }
     };
   }
 
@@ -194,4 +204,13 @@ private static String getDefaultValue( @Nullable Object value, @NonNull String d
   private static Supplier<List<IPentahoObjectReference<IAuthorizationRule>>> getPentahoSystemAuthorizationRuleReferencesSupplier() {
     return () -> PentahoSystem.getObjectReferences( IAuthorizationRule.class, null );
   }
+
+  @Override
+  public String toString() {
+    return String.format(
+      "PentahoAuthorizationRuleLevel[%s, %s, count=%s]",
+      ruleLevelType,
+      levelRulePredicate,
+      getDelegateRule().getRules().size() );
+  }
 }

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/AbstractAuthorizationAction.java

@@ -30,13 +30,9 @@ public boolean equals( Object obj ) {
       return true;
     }
 
-    if ( !( obj instanceof IAuthorizationAction ) ) {
-      return false;
-    }
-
-    IAuthorizationAction other = (IAuthorizationAction) obj;
+    return obj instanceof IAuthorizationAction other
+      && Objects.equals( getName(), other.getName() );
 
-    return Objects.equals( getName(), other.getName() );
   }
 
   @Override

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/AbstractAuthorizationUser.java

@@ -21,12 +21,9 @@ public abstract class AbstractAuthorizationUser extends AbstractAuthorizationPri
 
   @Override
   public boolean equals( Object o ) {
-    if ( !( o instanceof IAuthorizationUser ) ) {
-      return false;
-    }
+    return o instanceof IAuthorizationUser that
+      && Objects.equals( getName(), that.getName() );
 
-    IAuthorizationUser that = (IAuthorizationUser) o;
-    return Objects.equals( getName(), that.getName() );
   }
 
   // have hash code be sensitive to the interface type, so that it is

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/AuthorizationOptions.java

@@ -58,12 +58,9 @@ public AuthorizationDecisionReportingMode getDecisionReportingMode() {
 
   @Override
   public boolean equals( Object o ) {
-    if ( !( o instanceof IAuthorizationOptions ) ) {
-      return false;
-    }
+    return o instanceof IAuthorizationOptions that
+      && getDecisionReportingMode() == that.getDecisionReportingMode();
 
-    IAuthorizationOptions that = (IAuthorizationOptions) o;
-    return getDecisionReportingMode() == that.getDecisionReportingMode();
   }
 
   @Override

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/AuthorizationRequest.java

@@ -85,9 +85,9 @@ public int hashCode() {
   @Override
   public String toString() {
     return String.format(
-      "%s [principal=`%s`, action='%s']",
+      "%s [principal=%s, action=%s]",
       getClass().getSimpleName(),
-      principal.getName(),
+      principal,
       action );
   }
 }

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/AuthorizationRole.java

@@ -37,12 +37,9 @@ public String getName() {
 
   @Override
   public boolean equals( Object o ) {
-    if ( !( o instanceof IAuthorizationRole ) ) {
-      return false;
-    }
+    return o instanceof IAuthorizationRole that
+      && Objects.equals( getName(), that.getName() );
 
-    IAuthorizationRole that = (IAuthorizationRole) o;
-    return Objects.equals( getName(), that.getName() );
   }
 
   // have hash code be sensitive to the interface type, so that it is

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/AuthorizationService.java

@@ -162,6 +162,13 @@ public Optional<IAuthorizationDecision> authorizeRule(
 
       try {
         if ( !rule.getRequestType().isAssignableFrom( request.getClass() ) ) {
+          if ( logger.isDebugEnabled() ) {
+            logger.debug( String.format(
+              "AuthorizeRule END - SUCCESS - request: %s rule: %s result: Abstained for request type",
+              request,
+              rule ) );
+          }
+
           return Optional.empty();
         }
 

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/caching/MemoryAuthorizationDecisionCache.java

@@ -74,6 +74,9 @@ private class SessionCacheData {
 
     private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
 
+    @NonNull
+    private final String sessionKey;
+
     /**
      * Stores the set of sessions associated with this session cache data.
      * <p>
@@ -91,8 +94,10 @@ private class SessionCacheData {
     @NonNull
     private final Cache<IAuthorizationDecisionCacheKey, IAuthorizationDecision> cache;
 
-    public SessionCacheData( @NonNull Cache<IAuthorizationDecisionCacheKey, IAuthorizationDecision> cache,
+    public SessionCacheData( @NonNull String sessionKey,
+                             @NonNull Cache<IAuthorizationDecisionCacheKey, IAuthorizationDecision> cache,
                              @NonNull IPentahoSession session ) {
+      this.sessionKey = sessionKey;
       this.cache = cache;
 
       addSessionCore( session );
@@ -174,6 +179,13 @@ public boolean isStale() {
     }
 
     public void invalidate( @NonNull IAuthorizationDecisionCacheKey key ) {
+      if ( logger.isTraceEnabled() ) {
+        logger.trace(
+          String.format(
+            "Invalidating cache entry for key '%s' in session cache for '%s'",
+            key, sessionKey ) );
+      }
+
       cache.invalidate( key );
     }
 
@@ -195,6 +207,15 @@ public void invalidateAll( @NonNull Predicate<IAuthorizationDecisionCacheKey> pr
         .filter( predicate )
         .toList();
 
+      if ( logger.isTraceEnabled() ) {
+        for ( var key : invalidateRequests ) {
+          logger.trace(
+            String.format(
+              "Invalidating cache entry for key '%s' in session cache for '%s'",
+              key, sessionKey ) );
+        }
+      }
+
       cache.invalidateAll( invalidateRequests );
     }
 
@@ -210,6 +231,10 @@ public void dispose() {
       } finally {
         lock.writeLock().unlock();
       }
+
+      if ( logger.isTraceEnabled() ) {
+        logger.trace( String.format( "Session cache disposed for '%s'", sessionKey ) );
+      }
     }
   }
 
@@ -513,7 +538,7 @@ protected Cache<IAuthorizationDecisionCacheKey, IAuthorizationDecision> getSessi
       }
 
       var cache = createSessionCache();
-      cacheData = new SessionCacheData( cache, session );
+      cacheData = new SessionCacheData( sessionKey, cache, session );
       cacheBySessionKey.put( sessionKey, cacheData );
       return cache;
     } finally {

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/resources/ResourceAuthorizationRequest.java

@@ -100,9 +100,9 @@ public int hashCode() {
   @Override
   public String toString() {
     return String.format(
-      "%s [principal: `%s`, action: '%s', resource: %s]",
+      "%s [principal=%s, action=%s, resource=%s]",
       getClass().getSimpleName(),
-      getPrincipal().getName(),
+      getPrincipal(),
       getAction(),
       getResource() );
   }

core/src/main/java/org/pentaho/platform/engine/security/authorization/core/rules/AbstractAuthorizationRule.java

@@ -13,7 +13,6 @@
 package org.pentaho.platform.engine.security.authorization.core.rules;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
-import org.pentaho.platform.api.engine.security.authorization.IAuthorizationContext;
 import org.pentaho.platform.api.engine.security.authorization.IAuthorizationRequest;
 import org.pentaho.platform.api.engine.security.authorization.IAuthorizationRule;
 import org.pentaho.platform.api.engine.security.authorization.decisions.IAuthorizationDecision;
@@ -29,22 +28,14 @@
  * <p>
  * It provides a default implementation of the {@link #toString()} method, which returns the class's simple name.
  *
- * @param <T> The specific type of authorization request this rule can handle, must extend {@link IAuthorizationRequest}.
+ * @param <T> The specific type of authorization request this rule can handle, must extend
+ * {@link IAuthorizationRequest}.
  */
 public abstract class AbstractAuthorizationRule<T extends IAuthorizationRequest> implements IAuthorizationRule<T> {
 
   protected static final String LIST_SEPARATOR =
     Messages.getInstance().getString( "AbstractAuthorizationDecision.LIST_SEPARATOR" );
 
-  @NonNull
-  @Override
-  public abstract Class<T> getRequestType();
-
-  @NonNull
-  @Override
-  public abstract Optional<IAuthorizationDecision> authorize( @NonNull T request,
-                                                              @NonNull IAuthorizationContext context );
-
   @NonNull
   protected final Optional<IAuthorizationDecision> abstain() {
     return Optional.empty();