jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r638834 [1/14] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/ jackr...
Date Wed, 19 Mar 2008 13:57:11 GMT
Author: angela
Date: Wed Mar 19 06:56:13 2008
New Revision: 638834

URL: http://svn.apache.org/viewvc?rev=638834&view=rev
Log:
JCR-1104 : JSR 283 support
JCR-1171 : Contribute Pluggable Permission and User Management to Jackrabbit

Added:
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/SecurityManagerConfig.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/WorkspaceSecurityConfig.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/Authentication.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CredentialsCallback.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/ImpersonationCallback.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/LocalAuthContext.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/RepositoryCallback.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/SimpleCredentialsAuthentication.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlConstants.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactory.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/GlobPattern.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/Permission.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PolicyEntry.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplate.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLCache.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/DefaultACL.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/ACLImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyEntryImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyTemplateImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntry.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlException.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicy.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIterator.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Privilege.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/AbstractPrincipalIterator.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/AbstractPrincipalProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/AdminPrincipal.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/EveryonePrincipal.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ItemBasedPrincipal.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/JackrabbitPrincipal.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalIteratorAdapter.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalProviderRegistry.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleAccessManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleLoginModule.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserConstants.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AuthorizableTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/GroupTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/NestedGroupTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateGroupTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/AccessManagerTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/TestPrincipal.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/EntryTemplateTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AbstractAccessControlTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlDiscoveryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIteratorTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlDiscoveryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlEntryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlPolicyTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/repository/workspaces/security/
    jackrabbit/trunk/jackrabbit-core/src/test/repository/workspaces/security/workspace.xml   (with props)
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/XASessionImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/AccessManagerConfig.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfig.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfigurationParser.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/SecurityConfig.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/WorkspaceConfig.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AMContext.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AnonymousPrincipal.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AuthContext.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/CredentialsCallback.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/CredentialsCallbackHandler.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SecurityConstants.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SystemPrincipal.java
    jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
    jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml
    jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/repository.xml
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/RepositoryConfigTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/WorkspaceConfigTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/repository/jaas.config
    jackrabbit/trunk/jackrabbit-core/src/test/repository/repository.xml
    jackrabbit/trunk/jackrabbit-core/src/test/resources/repositoryStubImpl.properties
    jackrabbit/trunk/jackrabbit-jcr2spi/src/test/resources/jaas.config
    jackrabbit/trunk/jackrabbit-jcr2spi/src/test/resources/repository.xml

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api;
+
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+
+import javax.jcr.Session;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+
+/**
+ * <code>JackrabbitSession</code>...
+ */
+public interface JackrabbitSession extends Session {
+
+    /**
+     * Returns the <code>PrincipalManager</code> for the current <code>Session</code>.
+     *
+     * @return this sessions principal manager.
+     *
+     * @throws AccessDeniedException
+     * @throws UnsupportedRepositoryOperationException If principal management
+     * is not supported.
+     * @throws RepositoryException
+     * @see PrincipalManager
+     */
+    PrincipalManager getPrincipalManager() throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
+
+    /**
+     * Returns the <code>UserManager</code> for the current <code>Session</code>.
+     *
+     * @throws javax.jcr.AccessDeniedException If this session is not allowed to
+     * to access user data.
+     * @throws UnsupportedRepositoryOperationException If user management is
+     * not supported.
+     * @throws javax.jcr.RepositoryException If another error occurs.
+     * @see UserManager
+     */
+    UserManager getUserManager() throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.principal;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * Exception used to indicate that a <code>Principal</code> is not known to
+ * the system.
+ */
+public class NoSuchPrincipalException extends RepositoryException {
+
+    public NoSuchPrincipalException(String message) {
+        super(message);
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.principal;
+
+import javax.jcr.RangeIterator;
+import java.security.Principal;
+
+/**
+ * A {@link RangeIterator} iterating over <code>Principal</code>s.<br>
+ */
+public interface PrincipalIterator extends RangeIterator {
+
+    /**
+     * Returns the next principal.
+     * 
+     * @return the next principal
+     */
+    Principal nextPrincipal();
+
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.principal;
+
+import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
+import java.security.Principal;
+import java.security.acl.Group;
+
+/**
+ * This interface defines the principal manager which is the clients view on
+ * all principals known to the repository. Each principal manager is bound to
+ * a session and is restricted by the respective access control. The principal
+ * manager in addition provides basic search facilities.
+ * <p/>
+ * A <strong>{@link Principal}</strong> is an object used to connect
+ * to any kind of security mechanism. Example for this are the
+ * {@link javax.security.auth.spi.LoginModule login modules} that use principals
+ * to process the login procedure. <br/>
+ * A principal can be a member of a <strong>{@link Group}</strong>. A
+ * group is a principal itself and can therefore be a member of a group again.
+ * <p/>
+ * Please note the following security considerations that need to be respected
+ * when implementing the PrincipalManager: All principals returned by this
+ * manager as well as {@link Group#members()} must respect access restrictions
+ * that may be present for the <code>Session</code> this manager has been built
+ * for. The same applies for {@link #getGroupMembership(Principal)}.
+ */
+public interface PrincipalManager {
+
+    /**
+     * Filter flag indicating that only <code>Principal</code>s that do NOT
+     * represent a {@link java.security.acl.Group group} should be searched
+     * and returned.
+     */
+    int SEARCH_TYPE_NOT_GROUP = 1;
+
+    /**
+     * Filter flag indicating that only <code>Principal</code>s that represent
+     * a {@link java.security.acl.Group group} of Principals should be searched
+     * and returned.
+     */
+    int SEARCH_TYPE_GROUP = 2;
+
+    /**
+     * Filter flag indicating that all <code>Principal</code>s should be search
+     * irrespective whether they represent a group of Principals or not.
+     */
+    int SEARCH_TYPE_ALL = 3;
+
+    /**
+     * Checks if the principal with the given name is known to this manager
+     * (in respect to the sessions access rights). If this method returns
+     * <code>true</code> then the following expression evaluates to <code>true</code>
+     * as well: <code>PrincipalManager.getPrincipal(name).getName().equals(name)</code>
+     *
+     * @param principalName the name of the principal to check
+     * @return return <code>true</code> if the principal with this name is known
+     *         to this manager; <code>false</code> otherwise.
+     */
+    boolean hasPrincipal(String principalName);
+
+    /**
+     * Returns the principal with the given name if is known to this manager
+     * (with respect to the sessions access rights).
+     * Please note that due to security reasons Group principals will only
+     * reveal those members that are visible to the Session this
+     * <code>PrincipalManager</code> has been built for.
+     *
+     * @param principalName the name of the principal to retrieve
+     * @return return the requested principal.
+     * @throws NoSuchPrincipalException If no principal with the given name exists.
+     */
+    Principal getPrincipal(String principalName) throws NoSuchPrincipalException;
+
+    /**
+     * Gets the principals matching a simple filter expression applied against
+     * the {@link Principal#getName() principal name}.
+     * TODO: define the filter expression.<br>
+     * An implementation may limit the number of principals returned.
+     * If there are no matching principals, an empty iterator is returned.
+     *
+     * @param simpleFilter
+     * @return a <code>PrincipalIterator</code> over the <code>Principal</code>s
+     * matching the given filter.
+     */
+    PrincipalIterator findPrincipals(String simpleFilter);
+
+    /**
+     * Gets the principals matching a simple filter expression applied against
+     * the {@link Principal#getName() principal name} AND the specified search
+     * type.
+     * TODO: define the filter expression.<br>
+     * An implementation may limit the number of principals returned.
+     * If there are no matching principals, an empty iterator is returned.
+     *
+     * @param simpleFilter
+     * @param searchType Any of the following constants:
+     * <ul>
+     * <li>{@link PrincipalManager#SEARCH_TYPE_ALL}</li>
+     * <li>{@link PrincipalManager#SEARCH_TYPE_GROUP}</li>
+     * <li>{@link PrincipalManager#SEARCH_TYPE_NOT_GROUP}</li>
+     * </ul>
+     * @return a <code>PrincipalIterator</code> over the <code>Principal</code>s
+     * matching the given filter and search type.
+     */
+    PrincipalIterator findPrincipals(String simpleFilter, int searchType);
+
+    /**
+     * Returns all <code>Principal</code>s matching the specified search type.
+     *
+     * @param searchType Any of the following constants:
+     * <ul>
+     * <li>{@link PrincipalManager#SEARCH_TYPE_ALL}</li>
+     * <li>{@link PrincipalManager#SEARCH_TYPE_GROUP}</li>
+     * <li>{@link PrincipalManager#SEARCH_TYPE_NOT_GROUP}</li>
+     * </ul>
+     * @return a <code>PrincipalIterator</code> over all the <code>Principal</code>s
+     * matching the given search type.
+     */
+    PrincipalIterator getPrincipals(int searchType);
+
+    /**
+     * Returns an iterator over all group principals for which the given
+     * principal is either direct or indirect member of.
+     * <p/>
+     * Example:<br>
+     * If Principal P is member of Group A, and Group A is member of
+     * Group B, this method will return Principal A and Principal B.
+     *
+     * @param principal the principal to return it's membership from.
+     * @return an iterator returning all groups the given principal is member of.
+     */
+    PrincipalIterator getGroupMembership(Principal principal);
+
+    /**
+     * Returns the <code>Principal</code> which is implicitely is applied to
+     * every subject.
+     *
+     * @return the 'everyone' principal
+     */
+    Principal getEveryone();
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * The Authorizable is the common base interface for {@link User} and
+ * {@link Group}. It provides access to the <code>Principal</code>s associated
+ * with an <code>Authorizable</code> (see below) and allow to access and
+ * modify additional properties such as e.g. full name, e-mail or address.
+ * <p/>
+ *
+ * Please note the difference between <code>Authorizable</code> and
+ * {@link java.security.Principal Principal}:<br>
+ * An <code>Authorizable</code> is repository object that is neither associated
+ * with nor depending from a particular <code>Session</code> and thus independant
+ * of the login mechanisms creating <code>Session</code>s.<br>
+ *
+ * On the other hand <code>Principal</code>s are representations of user
+ * identities. In other words: each <code>Principal</code> within the set
+ * associated with the Session's Subject upon login represents an identity for
+ * that user. An the set of <code>Principal</code>s may differ between different
+ * login mechanisms.<br>
+ *
+ * Consequently an one-to-many relationship exists between Authorizable
+ * and Principal (see also {@link #getPrincipal()} and {@link #getPrincipals()}).
+ * <p />
+ *
+ * The interfaces derived from Authorizable are defined as follows:
+ * <ul>
+ * <li>{@link User}: defined to be an authorizable that can be authenticated
+ * (by using Credentials) and impersonated.</li>
+ * <li>{@link Group}: defined to be a collection of other
+ * <code>Authorizable</code>s.</li>
+ * </ul>
+ *
+ * @see User
+ * @see Group
+ */
+public interface Authorizable  {
+
+    /**
+     * Return the implementation specific identifer for this
+     * <code>Authorizable</code>. It could e.g. be a UserID or simply the
+     * principal name.
+     *
+     * @return Name of this <code>Authorizable</code>.
+     */
+    String getID() throws RepositoryException;
+
+    /**
+	 * @return if the current Authorizable is a {@link Group}
+	 */
+	boolean isGroup();
+
+    /**
+     * @return a representation as Principal.
+     * @throws RepositoryException If an error occurs.
+     */
+    Principal getPrincipal() throws RepositoryException;
+
+    /**
+     * Add the given Principal to this Authorizable.
+     * Note, that a Principal can only be refered by a single Authorizable in
+     * the Repository. If another User or Group already refers to the given
+     * Principal a <code>AuthorizableExistsException</code> is thrown.
+     *
+     * @param principal
+     * @return true if added, false if this Authorizable already represents
+     * the given Principal.
+     * @return AuthorizableExistsException If the given principal is already refered
+     * to by another Authorizable.
+     * @throws RepositoryException
+     */
+    boolean addReferee(Principal principal) throws AuthorizableExistsException, RepositoryException;
+
+    /**
+     * Remove the specified Principal for the referees of this Authorizable.
+     *
+     * @param principal
+     * @return true if principal has been referee before. False otherwise.
+     * @throws RepositoryException
+     */
+    boolean removeReferee(Principal principal) throws RepositoryException;
+
+    /**
+     * @return Iterator of all Principal related to this authentication Object
+     * including the main principal, (see {@link #getPrincipal()}).
+     * @throws RepositoryException
+     */
+    PrincipalIterator getPrincipals() throws RepositoryException;
+
+    /**
+     * @return all {@link Group}s, this Authorizable is member of
+     * @throws RepositoryException
+     */
+    Iterator memberOf() throws RepositoryException;
+
+    /**
+     * Removes this <code>Authorizable</code>, if the session has sufficient
+     * permissions. Note, that removing an <code>Authorizable</code> even
+     * if it listed as member of a Group or if still has members (this is
+     * a Group itself).
+     *
+     * @throws RepositoryException If an error occured and the
+     * <code>Authorizable</code> could not be removed.
+     */
+    void remove() throws RepositoryException;
+
+    /**
+	 * Tests if a the property with specified name exists.
+     *
+	 * @param name
+	 * @return
+	 * @throws RepositoryException
+	 * @see #getProperty(String)
+	 */
+	boolean hasProperty(String name) throws RepositoryException;
+
+    /**
+     * Set an arbitrary property to this <code>Authorizable</code>.
+     *
+     * @param name
+     * @param value
+     * @throws RepositoryException If the specified property could not be set.
+     */
+    void setProperty(String name, Value value) throws RepositoryException;
+
+    /**
+     * Set an arbitrary property to this <code>Authorizable</code>.
+     *
+     * @param name
+     * @param value multiple values
+     * @throws RepositoryException  If the specified property could not be set.
+     */
+    void setProperty(String name, Value[] value) throws RepositoryException;
+
+	/**
+     * Returns the values for the properties with the specified name or
+     * <code>null</code>.
+     *
+     * @param name
+     * @return value of the property with the given name or <code>null</code>
+     * if no such property exists.
+     * @throws RepositoryException If an error occurs.
+     */
+    Value[] getProperty(String name) throws RepositoryException;
+
+    /**
+     * Removes the property with the given name.
+     *
+     * @param name
+     * @return true If the property with the specified name was successfully
+     * removed; false if no such property was present.
+     * @throws RepositoryException If an error occurs.
+     */
+    boolean removeProperty(String name) throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * AuthorizableExistsException
+ */
+public class AuthorizableExistsException extends RepositoryException {
+
+	public AuthorizableExistsException(String msg) {
+		super(msg);
+	}
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+
+import javax.jcr.RepositoryException;
+import java.util.Iterator;
+
+/**
+ * A Group is a collection of {@link #getMembers() Authorizable}s.
+ */
+public interface Group extends Authorizable {
+
+    /**
+     * @return Iterator of <code>Authorizable</code>s which are getMembers of
+     * this Group.
+     * @throws RepositoryException
+     */
+    Iterator getMembers() throws RepositoryException;
+
+    /**
+     * @return true if the Authorizable to test is a member of this Group.
+     * @throws RepositoryException
+     */
+    boolean isMember(Authorizable authorizable) throws RepositoryException;
+
+    /**
+     * Add a member to this Group.<br>
+     * Changes will be persisted immediately.
+     *
+     * @return true if the <code>Authorizable</code> has successfully been added
+     * to this Group, false otherwise (e.g. unknown implemention
+     * or if it already is a member or if the passed authorizable is the
+     * group itself or for some implementation specific constraint).
+     * @throws RepositoryException If an error occurs.
+     */
+    boolean addMember(Authorizable authorizable) throws RepositoryException;
+
+    /**
+     * Remove a member to this Group.<br>
+     * Changes will be persisted immediately.
+     *
+     * @return true if the Authorizable was successfully removed. False otherwise.
+     * @throws RepositoryException
+     */
+    boolean removeMember(Authorizable authorizable) throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
+import javax.jcr.RepositoryException;
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+/**
+ * The <code>Impersonation</code> maintains Principals that are allowed to
+ * impersonate. Principals can be added or removed using
+ * {@link #grantImpersonation(Principal)} and
+ * {@link #revokeImpersonation(Principal)}, respectively.
+ *
+ * @see User#getImpersonation()
+ */
+public interface Impersonation {
+
+    // TODO: ev. add method that allows to display principals/users that are allowed to impersonate.
+    // TODO: ev. grantImpersonation/revokeImpersonation should take User
+
+    /**
+     * @return An iterator over the <code>Principal</code>s that are allowed
+     * to impersonate the <code>User</code> this <code>Impersonation</code>
+     * object has been created for.
+     * @throws RepositoryException
+     */
+    PrincipalIterator getImpersonators() throws RepositoryException;
+
+    /**
+     * @param principal The principal that should be allowed to impersonate
+     * the <code>User</code> this <code>Impersonation</code> has been built for.
+     * @return true if the specified <code>Principal</code> has not been allowed
+     * to impersonate before and if impersonation has been successfully
+     * granted to it, false otherwise.
+     * @throws RepositoryException
+     */
+    boolean grantImpersonation(Principal principal) throws RepositoryException;
+
+    /**
+     * @param principal
+     * @return If the granted impersonation has been successfully revoked for
+     * the given principal; false otherwise.
+     * @throws RepositoryException
+     */
+    boolean revokeImpersonation(Principal principal) throws RepositoryException;
+
+    /**
+     * Test if the given subject (i.e. any of the principals it contains) is
+     * allowed to impersonate.
+     *
+     * @param subject to impersonate.
+     * @return true if this <code>Impersonation</code> allows the specified
+     * Subject to impersonate.
+     * @throws RepositoryException
+     */
+    boolean allows(Subject subject) throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Impersonation;
+
+import javax.jcr.RepositoryException;
+import java.util.Iterator;
+
+/**
+ * User is a special {@link Authorizable} that can be authenticated and
+ * impersonated.
+ *
+ * @see #getCredentials()
+ * @see #getImpersonation()
+ */
+public interface User extends Authorizable {
+
+    /**
+     * @return true if the current Authorizable is has all Privileges
+     */
+    boolean isAdmin();
+
+    /**
+     * Returns an iterator of <code>Credentials</code> object that belong
+     * to this user. The iterator's size must be greater than zero.
+     *
+     * @return an iterator over <code>Credentials</code> that contains
+     * at least a single <code>Credentials</code> object.
+     */
+    Iterator getCredentials() throws RepositoryException;
+
+    /**
+     * @return <code>Impersonation</code> for this <code>User</code>.
+     */
+    Impersonation getImpersonation() throws RepositoryException;
+
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Credentials;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * The <code>UserManager</code> provides access to and means to maintain
+ * {@link Authorizable authoriable objects} i.e. {@link User users} and
+ * {@link Group groups}. The <code>UserManager</code> is bound to a particular
+ * <code>Session</code>.
+ */
+public interface UserManager {
+
+    /**
+     * Get the Authorizable by its id.
+     *
+     * @param id
+     * @return Authorizable or <code>null</code>, if not present.
+     * @throws RepositoryException
+     * @see Authorizable#getID()
+     */
+    Authorizable getAuthorizable(String id) throws RepositoryException;
+
+    /**
+     * Get the Authorizable by its main Principal.
+     *
+     * @param principal
+     * @return Authorizable or <code>null</code>, if not present.
+     * @throws RepositoryException
+     */
+    Authorizable getAuthorizable(Principal principal) throws RepositoryException;
+
+    /**
+     * Returns all <code>Authorizable</code>s that have
+     * {@link Authorizable#getProperty(String) property} with the given name and
+     * that Property equals the given value.
+     *
+     * @param propertyName
+     * @param value
+     * @return All <code>Authorizable</code>s that have a property with the given
+     * name exactly matching the given value.
+     * @throws RepositoryException
+     * @see Authorizable#getProperty(String)
+     */
+    Iterator findAuthorizable(String propertyName, String value) throws RepositoryException;
+
+    /**
+     * Creates an User for the given userID that authenitcates with the given
+     * {@link javax.jcr.Credentials Credentials}.<br>
+     * Neither of the specified parameters can be <code>null</code>.
+     *
+     * @param userID
+     * @param credentials
+     * @param principal
+     * @return The new <code>User</code>.
+     * @throws AuthorizableExistsException in case the given userID is already
+     * in use or another Authorizable with the same principal name exists.
+     * @throws RepositoryException If another error occurs.
+     */
+    User createUser(String userID, Credentials credentials, Principal principal) throws AuthorizableExistsException, RepositoryException;
+
+    /**
+     * Creates an User for the given userID that authenitcates with the given
+     * {@link javax.jcr.Credentials Credentials} and returns the specified
+     * Principal upon {@link User#getPrincipal()}. If the implementation is not
+     * able to deal with the <code>itermediatePath</code> that parameter should
+     * be ignored.
+     * Except for the <code>itermediatePath</code>, neither of the specified
+     * parameters can be <code>null</code>.
+     *
+     * @param userID
+     * @param credentials
+     * @param principal
+     * @param intermediatePath
+     * @return The new <code>User</code>.
+     * @throws AuthorizableExistsException in case the given userID is already
+     * in use or another Authorizable with the same principal name exists.
+     * @throws RepositoryException If the current Session is
+     * not allowed to create users or some another error occurs.
+     */
+    User createUser(String userID, Credentials credentials, Principal principal,
+                    String intermediatePath) throws AuthorizableExistsException, RepositoryException;
+
+    /**
+     * Creates a new <code>Group</code> that is based on the given principal.
+     *
+     * @param principal A non-null <code>Principal</code>
+     * @return The new <code>Group</code>.
+     * @throws AuthorizableExistsException in case the given groupID is already
+     * in use or another Authorizable with the same principal name exists.
+     * @throws RepositoryException If another error occurs.
+     */
+    Group createGroup(Principal principal) throws AuthorizableExistsException, RepositoryException;
+
+    /**
+     * Creates a new <code>Group</code> that is based on the given principal
+     * and the specified <code>itermediatePath</code> hint. If the implementation is not
+     * able to deal with the <code>itermediatePath</code> that parameter should
+     * be ignored.
+     *
+     * @param principal
+     * @param intermediatePath
+     * @return The new <code>Group</code>.
+     * @throws AuthorizableExistsException in case the given groupID is already
+     * in use or another Authorizable with the same principal name exists.
+     * @throws RepositoryException If another error occurs.
+     */
+    Group createGroup(Principal principal, String intermediatePath) throws AuthorizableExistsException, RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.commons.iterator;
+
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicyIterator;
+import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator;
+import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
+
+import javax.jcr.RangeIterator;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+/**
+ * Adapter class for turning {@link RangeIterator}s or {@link Iterator}s
+ * into {@link AccessControlPolicyIteratorAdapter}s.
+ *
+ * TODO: move to jackrabbit-jcr-commons project as soon as jsr 283 is released.
+ */
+public class AccessControlPolicyIteratorAdapter extends RangeIteratorDecorator
+        implements AccessControlPolicyIterator {
+
+    /**
+     * Static instance of an empty {@link AccessControlPolicyIteratorAdapter}.
+     */
+    public static final AccessControlPolicyIterator EMPTY =
+        new AccessControlPolicyIteratorAdapter(RangeIteratorAdapter.EMPTY);
+
+    /**
+     * Creates an adapter for the given {@link RangeIterator}.
+     *
+     * @param iterator iterator of {@link AccessControlPolicy access control policies}.
+     */
+    public AccessControlPolicyIteratorAdapter(RangeIterator iterator) {
+        super(iterator);
+    }
+
+    /**
+     * Creates an adapter for the given {@link Iterator}.
+     *
+     * @param iterator iterator of {@link AccessControlPolicy access control policies}.
+     */
+    public AccessControlPolicyIteratorAdapter(Iterator iterator) {
+        super(new RangeIteratorAdapter(iterator));
+    }
+
+    /**
+     * Creates an iterator for the given collection.
+     *
+     * @param collection collection of {@link AccessControlPolicy} objects.
+     */
+    public AccessControlPolicyIteratorAdapter(Collection collection) {
+        super(new RangeIteratorAdapter(collection));
+    }
+
+    //----------------------------------------< AccessControlPolicyIterator >---
+    /**
+     * Returns the next policy.
+     *
+     * @return next policy.
+     * @throws NoSuchElementException if there is no next policy.
+     */
+    public AccessControlPolicy nextAccessControlPolicy() throws NoSuchElementException {
+        return (AccessControlPolicy) next();
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java?rev=638834&r1=638833&r2=638834&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java Wed Mar 19 06:56:13 2008
@@ -24,6 +24,7 @@
 import org.apache.jackrabbit.core.nodetype.PropDef;
 import org.apache.jackrabbit.core.nodetype.PropDefId;
 import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.state.ItemState;
 import org.apache.jackrabbit.core.state.ItemStateException;
 import org.apache.jackrabbit.core.state.ItemStateManager;
@@ -40,6 +41,7 @@
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.commons.conversion.MalformedPathException;
 import org.apache.jackrabbit.spi.commons.name.NameConstants;
+import org.apache.jackrabbit.spi.commons.name.PathFactoryImpl;
 import org.apache.jackrabbit.uuid.UUID;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -386,7 +388,7 @@
                 | CHECK_VERSIONING | CHECK_CONSTRAINTS);
         // check read access right on source node using source access manager
         try {
-            if (!srcAccessMgr.isGranted(srcState.getNodeId(), AccessManager.READ)) {
+            if (!srcAccessMgr.isGranted(srcPath, Permission.READ)) {
                 throw new PathNotFoundException(safeGetJCRPath(srcPath));
             }
         } catch (ItemNotFoundException infe) {
@@ -401,7 +403,7 @@
         ReferenceChangeTracker refTracker = new ReferenceChangeTracker();
 
         // create deep copy of source node state
-        NodeState newState = copyNodeState(srcState, srcStateMgr, srcAccessMgr,
+        NodeState newState = copyNodeState(srcState, srcPath, srcStateMgr, srcAccessMgr,
                 destParentState.getNodeId(), flag, refTracker);
 
         // add to new parent
@@ -664,11 +666,11 @@
         if ((options & CHECK_ACCESS) == CHECK_ACCESS) {
             AccessManager accessMgr = session.getAccessManager();
             // make sure current session is granted read access on parent node
-            if (!accessMgr.isGranted(parentState.getNodeId(), AccessManager.READ)) {
+            if (!accessMgr.isGranted(parentPath, Permission.READ)) {
                 throw new ItemNotFoundException(safeGetJCRPath(parentState.getNodeId()));
             }
             // make sure current session is granted write access on parent node
-            if (!accessMgr.isGranted(parentState.getNodeId(), AccessManager.WRITE)) {
+            if (!accessMgr.isGranted(parentPath, nodeName, Permission.ADD_NODE)) {
                 throw new AccessDeniedException(safeGetJCRPath(parentState.getNodeId())
                         + ": not allowed to add child node");
             }
@@ -793,7 +795,7 @@
             // root or orphaned node
             throw new ConstraintViolationException("cannot remove root node");
         }
-        NodeId targetId = targetState.getNodeId();
+        Path targetPath = hierMgr.getPath(targetState.getNodeId());
         NodeState parentState = getNodeState(parentId);
         Path parentPath = hierMgr.getPath(parentId);
 
@@ -817,17 +819,17 @@
             AccessManager accessMgr = session.getAccessManager();
             try {
                 // make sure current session is granted read access on parent node
-                if (!accessMgr.isGranted(targetId, AccessManager.READ)) {
-                    throw new PathNotFoundException(safeGetJCRPath(targetId));
+                if (!accessMgr.isGranted(targetPath, Permission.READ)) {
+                    throw new PathNotFoundException(safeGetJCRPath(targetPath));
                 }
                 // make sure current session is allowed to remove target node
-                if (!accessMgr.isGranted(targetId, AccessManager.REMOVE)) {
-                    throw new AccessDeniedException(safeGetJCRPath(targetId)
+                if (!accessMgr.isGranted(targetPath, Permission.REMOVE_NODE)) {
+                    throw new AccessDeniedException(safeGetJCRPath(targetPath)
                             + ": not allowed to remove node");
                 }
             } catch (ItemNotFoundException infe) {
                 String msg = "internal error: failed to check access rights for "
-                        + safeGetJCRPath(targetId);
+                        + safeGetJCRPath(targetPath);
                 log.debug(msg);
                 throw new RepositoryException(msg, infe);
             }
@@ -843,11 +845,11 @@
             }
             NodeDef targetDef = ntReg.getNodeDef(targetState.getDefinitionId());
             if (targetDef.isMandatory()) {
-                throw new ConstraintViolationException(safeGetJCRPath(targetId)
+                throw new ConstraintViolationException(safeGetJCRPath(targetPath)
                         + ": cannot remove mandatory node");
             }
             if (targetDef.isProtected()) {
-                throw new ConstraintViolationException(safeGetJCRPath(targetId)
+                throw new ConstraintViolationException(safeGetJCRPath(targetPath)
                         + ": cannot remove protected node");
             }
         }
@@ -862,12 +864,12 @@
                     try {
                         NodeReferences refs = stateMgr.getNodeReferences(refsId);
                         if (refs.hasReferences()) {
-                            throw new ReferentialIntegrityException(safeGetJCRPath(targetId)
+                            throw new ReferentialIntegrityException(safeGetJCRPath(targetPath)
                                     + ": cannot remove node with references");
                         }
                     } catch (ItemStateException ise) {
                         String msg = "internal error: failed to check references on "
-                                + safeGetJCRPath(targetId);
+                                + safeGetJCRPath(targetPath);
                         log.error(msg, ise);
                         throw new RepositoryException(msg, ise);
                     }
@@ -912,14 +914,14 @@
         // access rights
         AccessManager accessMgr = session.getAccessManager();
         // make sure current session is granted read access on node
-        if (!accessMgr.isGranted(node.getNodeId(), AccessManager.READ)) {
+        if (!accessMgr.isGranted(nodePath, Permission.READ)) {
             throw new PathNotFoundException(safeGetJCRPath(node.getNodeId()));
         }
-        // make sure current session is granted write access on node
-        if (!accessMgr.isGranted(node.getNodeId(), AccessManager.WRITE)) {
-            throw new AccessDeniedException(safeGetJCRPath(node.getNodeId())
-                    + ": not allowed to modify node");
-        }
+        // TODO: removed check for 'WRITE' permission on node due to the fact,
+        // TODO: that add_node and set_property permission are granted on the
+        // TODO: items to be create/modified and not on their parent.
+        // in any case, the ability to add child-nodes and properties is checked
+        // while executing the corresponding operation.
 
         // locking status
         verifyUnlocked(nodePath);
@@ -948,13 +950,11 @@
      */
     public void verifyCanRead(Path nodePath)
             throws PathNotFoundException, RepositoryException {
-        NodeState node = getNodeState(nodePath);
-
         // access rights
         AccessManager accessMgr = session.getAccessManager();
         // make sure current session is granted read access on node
-        if (!accessMgr.isGranted(node.getNodeId(), AccessManager.READ)) {
-            throw new PathNotFoundException(safeGetJCRPath(node.getNodeId()));
+        if (!accessMgr.isGranted(nodePath, Permission.READ)) {
+            throw new PathNotFoundException(safeGetJCRPath(nodePath));
         }
     }
 
@@ -1647,6 +1647,7 @@
      * child nodes.
      *
      * @param srcState
+     * @param srcPath
      * @param srcStateMgr
      * @param srcAccessMgr
      * @param destParentId
@@ -1661,6 +1662,7 @@
      * @throws RepositoryException if an error occurs
      */
     private NodeState copyNodeState(NodeState srcState,
+                                    Path srcPath,
                                     ItemStateManager srcStateMgr,
                                     AccessManager srcAccessMgr,
                                     NodeId destParentId,
@@ -1738,10 +1740,11 @@
             Iterator iter = srcState.getChildNodeEntries().iterator();
             while (iter.hasNext()) {
                 NodeState.ChildNodeEntry entry = (NodeState.ChildNodeEntry) iter.next();
-                NodeId nodeId = entry.getId();
-                if (!srcAccessMgr.isGranted(nodeId, AccessManager.READ)) {
+                Path srcChildPath = PathFactoryImpl.getInstance().create(srcPath, entry.getName(), true);
+                if (!srcAccessMgr.isGranted(srcChildPath, Permission.READ)) {
                     continue;
                 }
+                NodeId nodeId = entry.getId();
                 NodeState srcChildState = (NodeState) srcStateMgr.getItemState(nodeId);
 
                 /**
@@ -1752,7 +1755,7 @@
                  */
 
                 // recursive copying of child node
-                NodeState newChildState = copyNodeState(srcChildState,
+                NodeState newChildState = copyNodeState(srcChildState, srcChildPath,
                         srcStateMgr, srcAccessMgr, id, flag, refTracker);
                 // store new child node
                 stateMgr.store(newChildState);
@@ -1763,10 +1766,10 @@
             iter = srcState.getPropertyNames().iterator();
             while (iter.hasNext()) {
                 Name propName = (Name) iter.next();
-                PropertyId propId = new PropertyId(srcState.getNodeId(), propName);
-                if (!srcAccessMgr.isGranted(propId, AccessManager.READ)) {
+                if (!srcAccessMgr.isGranted(srcPath, propName, Permission.READ)) {
                     continue;
                 }
+                PropertyId propId = new PropertyId(srcState.getNodeId(), propName);
                 PropertyState srcChildState =
                         (PropertyState) srcStateMgr.getItemState(propId);
 



Mime
View raw message