Do not resolve external groups for system accounts (#1541)

This change modifies the behaviour of the DefaultGroupCollector. The collector does not longer resolve external groups for the anonymous user and it does not resolve internal nor external groups for the account which is used by the AdministrationContext. This should reduce the requests which are send to external systems like ldap servers.
2025-11-04 20:45:52 +01:00 · 2021-02-15 08:45:47 +01:00
parent 996a3b6f16
commit 1a2dabeb66
9 changed files with 83 additions and 76 deletions
--- a/scm-core/src/main/java/sonia/scm/SCMContext.java
+++ b/scm-core/src/main/java/sonia/scm/SCMContext.java
@@ -21,7 +21,7 @@
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
-    
+
 package sonia.scm;

 //~--- non-JDK imports --------------------------------------------------------
@@ -48,9 +48,11 @@ public final class SCMContext
   * the anonymous user
   * @since 1.21
   */
-  public static final User ANONYMOUS = new User(USER_ANONYMOUS,
-                                         "SCM Anonymous",
-                                         "scm-anonymous@scm-manager.org");
+  public static final User ANONYMOUS = new User(
+    USER_ANONYMOUS,
+    "SCM Anonymous",
+    "scm-anonymous@scm-manager.org"
+  );

  /** Singleton instance of {@link SCMContextProvider} */
  private static volatile SCMContextProvider provider;
--- a/scm-core/src/main/java/sonia/scm/security/Authentications.java
+++ b/scm-core/src/main/java/sonia/scm/security/Authentications.java
@@ -21,7 +21,7 @@
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
-    
+
 package sonia.scm.security;

 import org.apache.shiro.SecurityUtils;
@@ -29,6 +29,18 @@ import sonia.scm.SCMContext;

 public class Authentications {

+  /**
+   * Username of the system account.
+   * @since 2.14.0
+   */
+  public static final String PRINCIPAL_SYSTEM = "_scmsystem";
+
+  /**
+   * Username of the anonymous account.
+   * @since 2.14.0
+   */
+  public static final String PRINCIPAL_ANONYMOUS = SCMContext.USER_ANONYMOUS;
+
  private Authentications() {}

  public static boolean isAuthenticatedSubjectAnonymous() {
@@ -36,6 +48,17 @@ public class Authentications {
  }

  public static boolean isSubjectAnonymous(String principal) {
-    return SCMContext.USER_ANONYMOUS.equals(principal);
+    return PRINCIPAL_ANONYMOUS.equals(principal);
+  }
+
+  /**
+   * Returns true if the given principal is equal to the one from the system account.
+   *
+   * @param principal principal
+   * @return {@code true}
+   * @since 2.14.0
+   */
+  public static boolean isSubjectSystemAccount(String principal) {
+    return PRINCIPAL_SYSTEM.equals(principal);
  }
 }