From 34bb420f834b2f6c23492eb54b04d21a9bca5f28 Mon Sep 17 00:00:00 2001 From: Jacek Niezgoda Date: Mon, 21 Oct 2024 10:54:20 +0200 Subject: [PATCH 1/3] PROC-21713 - Slow getUserAuthorities execution when many delegations defined - move getUserAuthorities to SecurityHelper --- .../GrailsFlowSecureController.groovy | 5 +---- .../grailsflow/ProcessManagerService.groovy | 11 ++--------- .../security/GrailsflowSecurityHelper.groovy | 19 ++++++++++++++++--- .../grailsflow/security/SecurityHelper.groovy | 9 +++++++++ 4 files changed, 28 insertions(+), 16 deletions(-) diff --git a/grails-app/controllers/GrailsFlowSecureController.groovy b/grails-app/controllers/GrailsFlowSecureController.groovy index 409e383e..8cb4fe49 100644 --- a/grails-app/controllers/GrailsFlowSecureController.groovy +++ b/grails-app/controllers/GrailsFlowSecureController.groovy @@ -44,10 +44,7 @@ abstract class GrailsFlowSecureController { * @return */ protected def getUserAuthorities(def session) { - def users = securityHelper.getUsers(session) - def userRoles = securityHelper.getUserRoles(session) - def userGroups = securityHelper.getUserGroups(session) - return AuthoritiesUtils.getAuthorities(users, userRoles, userGroups) + return securityHelper.getUserAuthorities(session) } } \ No newline at end of file diff --git a/grails-app/services/com/jcatalog/grailsflow/ProcessManagerService.groovy b/grails-app/services/com/jcatalog/grailsflow/ProcessManagerService.groovy index aaab061e..7cfaea6a 100644 --- a/grails-app/services/com/jcatalog/grailsflow/ProcessManagerService.groovy +++ b/grails-app/services/com/jcatalog/grailsflow/ProcessManagerService.groovy @@ -62,7 +62,6 @@ import org.quartz.SimpleTrigger import java.util.concurrent.Future -import static org.quartz.TriggerKey.*; import java.util.concurrent.ThreadFactory import com.jcatalog.grailsflow.status.ProcessStatusEnum import com.jcatalog.grailsflow.status.NodeStatusEnum @@ -70,10 +69,8 @@ import com.jcatalog.grailsflow.engine.execution.ExecutionResultEnum import com.jcatalog.grailsflow.model.definition.ProcessNodeDef import com.jcatalog.grailsflow.engine.concurrent.ProcessNotifier import com.jcatalog.grailsflow.model.definition.ProcessDef -import org.quartz.Trigger import org.quartz.TriggerBuilder import org.quartz.JobDataMap -import com.jcatalog.grailsflow.cluster.GrailsflowLock /** * Process Manager service is an engine that deals with processes: @@ -801,7 +798,7 @@ class ProcessManagerService implements InitializingBean { log.debug("Node execution was interrupted!") return ExecutionResultEnum.INTERRUPTED_BY_KILLING.value() } else { - log.error("Node execution throwed exception", e) + log.error("Node execution thrown exception", e) } ProcessNodeException exception = new ProcessNodeException(e) @@ -1701,11 +1698,7 @@ class ProcessManagerService implements InitializingBean { } Collection getUserAuthorities() { - Collection users = securityHelper.getUsers() - Collection userRoles = securityHelper.getUserRoles() - Collection userGroups = securityHelper.getUserGroups() - - return AuthoritiesUtils.getAuthorities(users, userRoles, userGroups) + return securityHelper.getUserAuthorities() } boolean hasUserAccessToProcessNode(ProcessNode processNode) { diff --git a/src/groovy/com/jcatalog/grailsflow/security/GrailsflowSecurityHelper.groovy b/src/groovy/com/jcatalog/grailsflow/security/GrailsflowSecurityHelper.groovy index 1288676c..e6d8ae9c 100644 --- a/src/groovy/com/jcatalog/grailsflow/security/GrailsflowSecurityHelper.groovy +++ b/src/groovy/com/jcatalog/grailsflow/security/GrailsflowSecurityHelper.groovy @@ -40,7 +40,7 @@ class GrailsflowSecurityHelper implements SecurityHelper { * @return "grailsflow" */ String getUser(def session) { - return "grailsflow"; + return "grailsflow" } /** @@ -60,7 +60,7 @@ class GrailsflowSecurityHelper implements SecurityHelper { */ List getUserRoles(def session) { def roles = ["GRAILSFLOW"] - return (List)roles; + return (List)roles } /** @@ -70,7 +70,20 @@ class GrailsflowSecurityHelper implements SecurityHelper { */ List getUserGroups(def session) { def groups = ["Grailsflow"] - return (List)groups; + return (List)groups + } + + /** + * Always return authorities of "GRAILSFLOW" user, "GRAILSFLOW" role and "Grailsflow" group. + * @param session + * @return authorities + */ + List getUserAuthorities(def session) { + return AuthoritiesUtils.getAuthorities( + getUsers(session), + getUserRoles(session), + getUserGroups(session) + ) } @Override diff --git a/src/groovy/com/jcatalog/grailsflow/security/SecurityHelper.groovy b/src/groovy/com/jcatalog/grailsflow/security/SecurityHelper.groovy index 367c1721..861e61aa 100644 --- a/src/groovy/com/jcatalog/grailsflow/security/SecurityHelper.groovy +++ b/src/groovy/com/jcatalog/grailsflow/security/SecurityHelper.groovy @@ -71,6 +71,15 @@ interface SecurityHelper { */ List getUserGroups(def session) + /** + * Returns the authorities list for logged user. + * + * @param session + * + * @return list of authorities + */ + List getUserAuthorities(def session) + /** * Checks if a user has access to process node if it doesn't belong to the assignee list of this process node * @param ProcessNode From ef7481aad6511a63ebd9a1242bb9b33723f39530 Mon Sep 17 00:00:00 2001 From: Jacek Niezgoda Date: Thu, 24 Oct 2024 09:40:35 +0200 Subject: [PATCH 2/3] PROC-21713 - unify GrailsflowSecurityHelper method parameters type --- .../grailsflow/security/GrailsflowSecurityHelper.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/groovy/com/jcatalog/grailsflow/security/GrailsflowSecurityHelper.groovy b/src/groovy/com/jcatalog/grailsflow/security/GrailsflowSecurityHelper.groovy index e6d8ae9c..1a05fdea 100644 --- a/src/groovy/com/jcatalog/grailsflow/security/GrailsflowSecurityHelper.groovy +++ b/src/groovy/com/jcatalog/grailsflow/security/GrailsflowSecurityHelper.groovy @@ -49,7 +49,7 @@ class GrailsflowSecurityHelper implements SecurityHelper { * @param session * @return */ - List getUsers(Object session) { + List getUsers(def session) { return [getUser(session)] } From 02b673e68d80ae588ed82bf31ebe99f81fd985b4 Mon Sep 17 00:00:00 2001 From: Jacek Niezgoda Date: Thu, 24 Oct 2024 10:34:12 +0200 Subject: [PATCH 3/3] PROC-21713 - Add null parameter as session is never used --- .../com/jcatalog/grailsflow/ProcessManagerService.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grails-app/services/com/jcatalog/grailsflow/ProcessManagerService.groovy b/grails-app/services/com/jcatalog/grailsflow/ProcessManagerService.groovy index 7cfaea6a..c772a035 100644 --- a/grails-app/services/com/jcatalog/grailsflow/ProcessManagerService.groovy +++ b/grails-app/services/com/jcatalog/grailsflow/ProcessManagerService.groovy @@ -1698,7 +1698,7 @@ class ProcessManagerService implements InitializingBean { } Collection getUserAuthorities() { - return securityHelper.getUserAuthorities() + return securityHelper.getUserAuthorities(null) } boolean hasUserAccessToProcessNode(ProcessNode processNode) {