jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r644215 [2/3] - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/ main/java/org/apache/jackrabbit/core/security/authorization/ main/java/org/apache/jackrabbit/core/security/authorization/acl/ main/java...
Date Thu, 03 Apr 2008 08:15:04 GMT
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java Thu Apr  3 01:15:01 2008
@@ -16,19 +16,19 @@
  */
 package org.apache.jackrabbit.core.security.authorization.combined;
 
-import org.apache.jackrabbit.core.NodeId;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
 import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
-import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
 import org.apache.jackrabbit.core.security.authorization.acl.ACLEditor;
 import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
 import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
-import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
@@ -36,11 +36,12 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.ItemNotFoundException;
 import javax.jcr.NodeIterator;
+import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
+import javax.jcr.PathNotFoundException;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.List;
@@ -50,108 +51,97 @@
  */
 class CombinedEditor extends ACLEditor {
 
-    // TODO: must make sure, that store paths/globs do not contain remapped prefixes from the session
-
     private static Logger log = LoggerFactory.getLogger(CombinedEditor.class);
 
-    private final SessionImpl session;
     private final NamePathResolver systemResolver;
-    private final Path acRootPath;
+    private final String acRootPath;
 
     CombinedEditor(SessionImpl session, NamePathResolver systemResolver,
                    Path acRootPath) throws RepositoryException {
         super(session);
-        this.session = session;
         this.systemResolver = systemResolver;
-        this.acRootPath = acRootPath;
+        this.acRootPath = session.getJCRPath(acRootPath);
     }
 
-    PolicyTemplateImpl editPolicyTemplate(Principal principal) throws RepositoryException {
+    PolicyTemplate getPolicyTemplate(Principal principal) throws RepositoryException {
         if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
             throw new AccessControlException("Unknown principal.");
         }
-        NodeId nid = getAcId(principal);
-        if (nid == null) {
-            nid = createAcNode(principal).getNodeId();
-        }
 
-        PolicyTemplate pt = getPolicyTemplate(nid);
-        if (pt instanceof PolicyTemplateImpl) {
-            return (PolicyTemplateImpl) pt;
+        String nPath = getPathToAcNode(principal);
+        if (session.nodeExists(nPath)) {
+            return getPolicyTemplate(nPath);
         } else {
-            // should never get here.
-            throw new AccessControlException();
-        }
-    }
-
-    PolicyTemplateImpl getPolicyTemplate(Principal principal) throws RepositoryException {
-        if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
-            throw new AccessControlException("Unknown principal.");
-        }
-
-        NodeId nid = getAcId(principal);
-        if (nid != null) {
-            PolicyTemplate pt = getPolicyTemplate(nid);
-            if (pt instanceof PolicyTemplateImpl) {
-                return (PolicyTemplateImpl) pt;
-            }
+            // no policy for the given principal
+            log.debug("No combined policy template for Principal " + principal.getName());
+            return null;
         }
-
-        // no policy for the given principal
-        log.debug("No combined policy template for Principal " + principal.getName());
-        return null;
     }
 
     //------------------------------------------------< AccessControlEditor >---
     /**
-     * @see AccessControlEditor#getPolicyTemplate(NodeId)
+     * @see AccessControlEditor#getPolicyTemplate(String)
      */
-    public PolicyTemplate getPolicyTemplate(NodeId id) throws AccessControlException, ItemNotFoundException, RepositoryException {
-        checkProtectsNode(id);
+    public PolicyTemplate getPolicyTemplate(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
+        checkProtectsNode(nodePath);
 
-        NodeImpl acNode = getAcNode(id);
+        NodeImpl acNode = getAcNode(nodePath);
         if (acNode != null) {
-            if (isAccessControlled(acNode)) {
-                return buildTemplate(acNode);
-            } else {
-                log.debug("No local policy defined for Node " + id);
-                return null;
-            }
+            return createTemplate(acNode);
         } else {
             // nodeID not below rep:accesscontrol -> delegate to ACLEditor
-            return super.getPolicyTemplate(id);
+            return super.getPolicyTemplate(nodePath);
         }
     }
 
     /**
-     * @see AccessControlEditor#editPolicyTemplate(NodeId)
+     * @see AccessControlEditor#editPolicyTemplate(String)
      */
-    public PolicyTemplate editPolicyTemplate(NodeId id) throws AccessControlException, ItemNotFoundException, RepositoryException {
-        checkProtectsNode(id);
+    public PolicyTemplate editPolicyTemplate(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
+        checkProtectsNode(nodePath);
 
-        NodeImpl acNode = getAcNode(id);
-        if (acNode != null) {
-            return buildTemplate(acNode);
+        if (Text.isDescendant(acRootPath, nodePath)) {
+            NodeImpl acNode = getAcNode(nodePath);
+            if (acNode == null) {
+                // check validity and create the ac node
+                getPrincipal(nodePath);
+                acNode = createAcNode(nodePath);
+            }
+            return createTemplate(acNode);
         } else {
             // nodeID not below rep:accesscontrol -> delegate to ACLEditor
-            return super.editPolicyTemplate(id);
+            return super.editPolicyTemplate(nodePath);
+        }
+    }
+
+    /**
+     * @see AccessControlEditor#editPolicyTemplate(Principal)
+     */
+    public PolicyTemplate editPolicyTemplate(Principal principal) throws RepositoryException {
+        if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
+            throw new AccessControlException("Unknown principal.");
         }
+        String nPath = getPathToAcNode(principal);
+        if (!session.nodeExists(nPath)) {
+            createAcNode(nPath);
+        }
+        return getPolicyTemplate(nPath);
     }
 
     /**
-     * @see AccessControlEditor#setPolicyTemplate(NodeId, PolicyTemplate)
+     * @see AccessControlEditor#setPolicyTemplate(String,PolicyTemplate)
      */
-    public void setPolicyTemplate(NodeId id, PolicyTemplate template) throws AccessControlException, ItemNotFoundException, RepositoryException {
-        checkProtectsNode(id);
+    public void setPolicyTemplate(String nodePath, PolicyTemplate template) throws AccessControlException, PathNotFoundException, RepositoryException {
+        checkProtectsNode(nodePath);
 
         if (template instanceof PolicyTemplateImpl) {
             PolicyTemplateImpl at = (PolicyTemplateImpl) template;
-            if (!id.equals(at.getNodeId())) {
+            if (!nodePath.equals(at.getPath())) {
                 throw new AccessControlException("Attempt to store PolicyTemplate to a wrong node.");
             }
-            NodeImpl acNode = getAcNode(id);
+            NodeImpl acNode = getAcNode(nodePath);
             if (acNode == null) {
-                throw new ItemNotFoundException("No such node " + id);
+                throw new PathNotFoundException("No such node " + nodePath);
             }
 
             /*
@@ -169,9 +159,9 @@
             aclNode = addSecurityNode(acNode, N_POLICY, NT_REP_ACL);
 
             /* add all entries defined on the template */
-            PolicyEntryImpl[] aces = (PolicyEntryImpl[]) template.getEntries();
+            PolicyEntry[] aces = (PolicyEntry[]) template.getEntries();
             for (int i = 0; i < aces.length; i++) {
-                PolicyEntryImpl ace = aces[i];
+                PolicyEntryImpl ace = (PolicyEntryImpl) aces[i];
 
                 // create the ACE node
                 Name nodeName = getUniqueNodeName(aclNode, "entry");
@@ -185,69 +175,66 @@
                 Privilege[] privs = ace.getPrivileges();
                 Value[] vs = new Value[privs.length];
                 for (int j = 0; j < privs.length; j++) {
-                    vs[i] = vf.createValue(privs[j].getName());
+                    vs[j] = vf.createValue(privs[j].getName());
                 }
                 setSecurityProperty(aceNode, P_PRIVILEGES, vs);
-                setSecurityProperty(aceNode, P_NODE_PATH, vf.createValue(ace.getNodePath()));                
+
+                // remove local namespace remapping from the node path before
+                // storing the path value.
+                String pathValue = systemResolver.getJCRPath(session.getQPath(ace.getNodePath()));
+                setSecurityProperty(aceNode, P_NODE_PATH, vf.createValue(pathValue, PropertyType.PATH));
+
+                // TODO: TOBEFIXED respect namespace sensitive parts of the glob
                 setSecurityProperty(aceNode, P_GLOB, vf.createValue(ace.getGlob()));
             }
         } else {
             // try super class
-            super.setPolicyTemplate(id, template);
+            super.setPolicyTemplate(nodePath, template);
         }
     }
 
     /**
-     * @see AccessControlEditor#removePolicyTemplate(NodeId)
+     * @see AccessControlEditor#removePolicyTemplate(String)
+     * @param nodePath
      */
-    public PolicyTemplate removePolicyTemplate(NodeId id) throws AccessControlException, ItemNotFoundException, RepositoryException {
-        checkProtectsNode(id);
+    public PolicyTemplate removePolicyTemplate(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
+        checkProtectsNode(nodePath);
 
-        NodeImpl acNode = getAcNode(id);
+        NodeImpl acNode = getAcNode(nodePath);
         if (acNode != null) {
             if (isAccessControlled(acNode)) {
                 // build the template in order to have a return value
-                PolicyTemplate tmpl = buildTemplate(acNode);
+                PolicyTemplate tmpl = createTemplate(acNode);
                 removeSecurityItem(acNode.getNode(N_POLICY));
                 return tmpl;
             } else {
-                log.debug("No policy present to remove at " + id);
+                log.debug("No policy present to remove at " + nodePath);
                 return null;
             }
         } else {
             // nodeID not below rep:accesscontrol -> delegate to ACLEditor
-            return super.removePolicyTemplate(id);
+            return super.removePolicyTemplate(nodePath);
         }
     }
 
-    // TODO: check if get/add/remove entries are properly handled by super-class
-
     //------------------------------------------------------------< private >---
     /**
      *
-     * @param nodeId
+     * @param nodePath
      * @return
-     * @throws AccessControlException
+     * @throws PathNotFoundException
      * @throws RepositoryException
      */
-    private NodeImpl getAcNode(NodeId nodeId) throws AccessControlException, RepositoryException {
-        NodeImpl n = session.getNodeById(nodeId);
-        Path p = session.getHierarchyManager().getPath(n.getNodeId());
-        if (p.isDescendantOf(acRootPath)) {
-            return n;
+    private NodeImpl getAcNode(String nodePath) throws PathNotFoundException, RepositoryException {
+        if (Text.isDescendant(acRootPath, nodePath)) {
+            return (NodeImpl) session.getNode(nodePath);
         } else {
             // node outside of rep:accesscontrol tree -> not handled by this editor.
             return null;
         }
     }
 
-    private NodeId getAcId(Principal principal) throws RepositoryException {
-        Path acPath = session.getQPath(getPathToAcNode(principal));
-        return session.getHierarchyManager().resolveNodePath(acPath);
-    }
-
-    private NodeImpl createAcNode(Principal principal) throws RepositoryException {
-        String acPath = getPathToAcNode(principal);
+    private NodeImpl createAcNode(String acPath) throws RepositoryException {
         String[] segms = Text.explode(acPath, '/', false);
         NodeImpl node = (NodeImpl) session.getRootNode();
         for (int i = 0; i < segms.length; i++) {
@@ -270,20 +257,28 @@
      * defining content. It this case setting or modifying an AC-policy is
      * obviously not possible.
      *
-     * @param id
+     * @param nodePath
      * @throws AccessControlException If the given id identifies a Node that
      * represents a ACL or ACE item.
      * @throws RepositoryException
      */
-    private void checkProtectsNode(NodeId id) throws RepositoryException {
-        NodeImpl node = session.getNodeById(id);
-        if (node.isNodeType(NT_REP_ACL) || node.isNodeType(NT_REP_ACE)) {
-            throw new AccessControlException("Node " + id + " defines ACL or ACE.");
+    private void checkProtectsNode(String nodePath) throws RepositoryException {
+        if (session.nodeExists(nodePath)) {
+            NodeImpl n = (NodeImpl) session.getNode(nodePath);
+            if (n.isNodeType(NT_REP_ACL) || n.isNodeType(NT_REP_ACE)) {
+                throw new AccessControlException("Node " + nodePath + " defines ACL or ACE.");
+            }
         }
     }
 
+    /**
+     *
+     * @param principal
+     * @return
+     * @throws RepositoryException
+     */
     private String getPathToAcNode(Principal principal) throws RepositoryException {
-        StringBuffer princPath = new StringBuffer(session.getJCRPath(acRootPath));
+        StringBuffer princPath = new StringBuffer(acRootPath);
         if (principal instanceof ItemBasedPrincipal) {
             princPath.append(((ItemBasedPrincipal) principal).getPath());
         } else {
@@ -293,6 +288,15 @@
         return princPath.toString();
     }
 
+    private Principal getPrincipal(String pathToACNode) throws RepositoryException {
+        String name = Text.unescapeIllegalJcrChars(Text.getName(pathToACNode));
+        PrincipalManager pMgr = session.getPrincipalManager();
+        if (!pMgr.hasPrincipal(name)) {
+            throw new AccessControlException("Unknown principal.");
+        }
+        return pMgr.getPrincipal(name);
+    }
+
     /**
      *
      * @param node
@@ -303,7 +307,17 @@
         return node.isNodeType(NT_REP_ACCESS_CONTROL) && node.hasNode(N_POLICY);
     }
 
-    private PolicyTemplate buildTemplate(NodeImpl acNode) throws RepositoryException {
+    /**
+     *
+     * @param acNode
+     * @return
+     * @throws RepositoryException
+     */
+    private PolicyTemplate createTemplate(NodeImpl acNode) throws RepositoryException {
+        if (!acNode.isNodeType(NT_REP_ACCESS_CONTROL)) {
+            throw new RepositoryException("Expected node of type rep:AccessControl.");
+        }
+
         Principal principal;
         String principalName = Text.unescapeIllegalJcrChars(acNode.getName());
         PrincipalManager pMgr = ((SessionImpl) acNode.getSession()).getPrincipalManager();
@@ -314,27 +328,32 @@
             // TODO: rather throw?
             principal = new PrincipalImpl(principalName);
         }
-        return new PolicyTemplateImpl(getEntries(acNode, principal), principal, acNode.getNodeId());
-    }
 
-    private List getEntries(NodeImpl acNode, Principal principal) throws RepositoryException {
+        // build the list of policy entries;
         List entries = new ArrayList();
-        if (acNode.isNodeType(NT_REP_ACCESS_CONTROL) && acNode.hasNode(N_POLICY)) {
+        if (acNode.hasNode(N_POLICY)) {
             NodeImpl aclNode = acNode.getNode(N_POLICY);
             // loop over all entries in the aclNode for the princ-Principal
             // and compare if they apply to the Node with 'nodeId'
             for (NodeIterator aceNodes = aclNode.getNodes(); aceNodes.hasNext();) {
                 NodeImpl aceNode = (NodeImpl) aceNodes.nextNode();
-                PolicyEntryImpl ace = createFromNode(aceNode, principal);
+                PolicyEntryImpl ace = createEntry(aceNode, principal);
                 if (ace != null) {
                     entries.add(ace);
                 }
             }
         }
-        return entries;
+        return new PolicyTemplateImpl(entries, principal, acNode.getPath());
     }
 
-    private PolicyEntryImpl createFromNode(NodeImpl node, Principal principal) throws RepositoryException {
+    /**
+     *
+     * @param node
+     * @param principal
+     * @return
+     * @throws RepositoryException
+     */
+    private PolicyEntryImpl createEntry(NodeImpl node, Principal principal) throws RepositoryException {
         if (!node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
             log.warn("Unexpected nodetype. Was not rep:ACE.");
             return null;
@@ -349,10 +368,11 @@
         }
         int privileges = PrivilegeRegistry.getBits(pNames);
 
-        String nodePath = node.getProperty(P_NODE_PATH).getString();
-        String glob = node.getProperty(P_GLOB).getString();
+        String pV = node.getProperty(P_NODE_PATH).getString();
+        String nodePath = session.getJCRPath(systemResolver.getQPath(pV));
 
-        // TODO: mk sure principal and principal-name in node match
+        // TODO: make sure local namespace remappings are respected.
+        String glob = node.getProperty(P_GLOB).getString();
 
         return new PolicyEntryImpl(principal, privileges, allow, nodePath, glob);
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java Thu Apr  3 01:15:01 2008
@@ -28,13 +28,13 @@
 import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
-import org.apache.jackrabbit.core.security.authorization.GlobPattern;
-import org.apache.jackrabbit.core.security.authorization.acl.ACLEditor;
+import org.apache.jackrabbit.core.security.authorization.Permission;
+import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
+import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
 import org.apache.jackrabbit.core.security.jsr283.security.AccessControlEntry;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.util.Text;
-import org.apache.commons.collections.map.ListOrderedMap;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,8 +42,8 @@
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.Node;
+import javax.jcr.Item;
 import javax.jcr.observation.Event;
-import javax.jcr.observation.ObservationManager;
 import javax.jcr.observation.EventListener;
 import javax.jcr.observation.EventIterator;
 import java.security.Principal;
@@ -51,6 +51,9 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.HashSet;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
 
 /**
  * <code>CombinedProvider</code>...
@@ -64,13 +67,12 @@
     // TODO: TOBEFIXED proper evaluation of permissions respecting resource-based ACLs.
     // TODO: TOBEFIXED assert proper evaluation order of group/non-group principal-ACLs
 
-    private SessionImpl session;
-    private ObservationManager obsMgr;
-
     private CombinedEditor editor;
     private NodeImpl acRoot;
 
-    protected CombinedProvider() {
+    private String policyName;
+
+    public CombinedProvider() {
         super("Combined AC policy", "Policy evaluating user-based and resource-based ACLs.");
     }
     //----------------------------------------------< AccessControlProvider >---
@@ -78,18 +80,21 @@
      * @see AccessControlProvider#init(javax.jcr.Session, java.util.Map)
      */
     public void init(Session systemSession, Map options) throws RepositoryException {
-        if (initialized) {
-            throw new IllegalStateException("already initialized");
-        }
-        if (!(systemSession instanceof SessionImpl)) {
-            throw new RepositoryException("SessionImpl (system session) expected.");
+        super.init(systemSession, options);
+
+        NodeImpl root = (NodeImpl) session.getRootNode();
+        if (root.hasNode(N_ACCESSCONTROL)) {
+            acRoot = root.getNode(N_ACCESSCONTROL);
+            if (!acRoot.isNodeType(NT_REP_ACCESS_CONTROL)) {
+                throw new RepositoryException("Error while initializing Access Control Provider: Found ac-root to be wrong node type " + acRoot.getPrimaryNodeType().getName());
+            }
+        } else {
+            acRoot = root.addNode(N_ACCESSCONTROL, NT_REP_ACCESS_CONTROL, null);
         }
-        session = (SessionImpl) systemSession;
-        obsMgr = session.getWorkspace().getObservationManager();
 
-        String rootPath = acRoot.getPath();
-        editor = new CombinedEditor(session, session.getNamePathResolver(),
-                session.getQPath(rootPath));
+        policyName = session.getJCRName(AccessControlConstants.N_POLICY);
+
+        editor = new CombinedEditor(session, resolver, resolver.getQPath(acRoot.getPath()));
         try {
             log.info("Install initial ACL:...");
 
@@ -105,16 +110,15 @@
             }
 
             String glob = GlobPattern.WILDCARD_ALL;
-            PolicyTemplateImpl pt = editor.editPolicyTemplate(administrators);
-            pt.setEntry(new PolicyEntryImpl(administrators, PrivilegeRegistry.ALL, true, rootPath, glob));
-            editor.setPolicyTemplate(pt.getNodeId(), pt);
+            PolicyTemplate pt = editor.editPolicyTemplate(administrators);
+            pt.setEntry(new PolicyEntryImpl(administrators, PrivilegeRegistry.ALL, true, root.getPath(), glob));
+            editor.setPolicyTemplate(pt.getPath(), pt);
 
             Principal everyone = pMgr.getEveryone();
-            // TODO: to be improved. how to define where everyone has read-access
             log.info("... Privilege.READ for everyone.");
             pt = editor.editPolicyTemplate(everyone);
-            pt.setEntry(new PolicyEntryImpl(everyone, PrivilegeRegistry.READ, true, rootPath, glob));
-            editor.setPolicyTemplate(pt.getNodeId(), pt);
+            pt.setEntry(new PolicyEntryImpl(everyone, PrivilegeRegistry.READ, true, root.getPath(), glob));
+            editor.setPolicyTemplate(pt.getPath(), pt);
 
             session.save();
             log.info("... done.");
@@ -124,19 +128,6 @@
             session.getRootNode().refresh(false);
             throw e;
         }
-
-
-        NodeImpl root = (NodeImpl) session.getRootNode();
-        if (root.hasNode(N_ACCESSCONTROL)) {
-            // TODO: make sure its a node with the correct nodetype
-            acRoot = root.getNode(N_ACCESSCONTROL);
-            if (!acRoot.isNodeType(NT_REP_ACCESS_CONTROL)) {
-                throw new RepositoryException("Error while initializing Access Control Provider: Found ac-root to be wrong node type " + acRoot.getPrimaryNodeType().getName());
-            }
-        } else {
-            acRoot = root.addNode(N_ACCESSCONTROL, NT_REP_ACCESS_CONTROL, null);
-        }
-        initialized = true;
     }
 
     /**
@@ -164,7 +155,7 @@
             }
         }
 
-        log.debug("Unable to createFromNode " + CombinedEditor.class.getName() + ".");
+        log.debug("Unable to build access control editor " + CombinedEditor.class.getName() + ".");
         return null;
     }
 
@@ -176,68 +167,11 @@
         if (isAdminOrSystem(principals)) {
             return getAdminPermissions();
         } else {
-            // TODO: include the resource-based ACLs!
+            // TODO: TOBEFIXED include the resource-based ACLs!
             return new CompiledPermissionImpl(principals);
         }
     }
 
-    //----------------------------------------< private | package protected >---
-    /**
-     * Test if the given path points to a Node (or an existing or non existing
-     * direct decendant of an existing Node) that stores AC-information
-     *
-     * @param path
-     * @return
-     * @throws RepositoryException
-     */
-    private boolean isAccessControlItem(Path path) throws ItemNotFoundException, RepositoryException {
-        NodeImpl node;
-        String absPath = session.getJCRPath(path);
-        if (session.nodeExists(absPath)) {
-            node = (NodeImpl) session.getNode(absPath);
-        } else {
-            // path points to existing prop or non-existing item (node or prop).
-            String parentPath = Text.getRelativeParent(absPath, 1);
-            if (session.nodeExists(parentPath)) {
-                node = (NodeImpl) session.getNode(parentPath);
-            } else {
-                throw new ItemNotFoundException("No item exists at " + absPath + " nor at its direct ancestor.");
-            }
-        }
-        return node.isNodeType(ACLEditor.NT_REP_ACL) || node.isNodeType(ACLEditor.NT_REP_ACE);
-    }
-
-    /**
-     *
-     * @param principals
-     * @return
-     * @throws RepositoryException
-     */
-    private ACLImpl getACL(Set principals) throws RepositoryException {
-        // acNodes must be ordered in the same order as the principals
-        // in order to obtain proper acl-evalution in case the given
-        // principal-set is ordered.
-        Map princToACEs = new ListOrderedMap();
-        Set acPaths = new HashSet();
-        // build acl-hierarchy assuming that principal-order determines the
-        // acl-inheritance.
-        for (Iterator it = principals.iterator(); it.hasNext();) {
-            Principal princ = (Principal) it.next();
-            PolicyTemplateImpl at = editor.getPolicyTemplate(princ);
-            if (at == null) {
-                log.debug("No matching ACL node found for principal " + princ.getName() + " -> principal ignored.");
-            } else {
-                // retrieve the ACEs from the node
-                PolicyEntryImpl[] aces = (PolicyEntryImpl[]) at.getEntries();
-                princToACEs.put(princ, aces);
-
-                Path p = session.getHierarchyManager().getPath(at.getNodeId());
-                acPaths.add(session.getJCRPath(p));
-            }
-        }
-        return new ACLImpl(princToACEs, acPaths);
-    }
-
     //-----------------------------------------------------< CompiledPolicy >---
     /**
      *
@@ -246,7 +180,8 @@
             implements EventListener {
 
         private final Set principals;
-        private ACLImpl acl;
+        private final Set acPaths;
+        private Entries entries;
 
         /**
          * @param principals
@@ -255,41 +190,60 @@
         private CompiledPermissionImpl(Set principals) throws RepositoryException {
 
             this.principals = principals;
-            acl = getACL(principals);
+            acPaths = new HashSet(principals.size());
+            entries = reload();
 
             // TODO: describe
-            // TODO: rather on CombinedProvider? -> but must keep references to the CompiledPermission then....?
             int events = Event.PROPERTY_CHANGED | Event.PROPERTY_ADDED |
                     Event.PROPERTY_REMOVED | Event.NODE_ADDED | Event.NODE_REMOVED;
             String[] ntNames = new String[] {
                     session.getJCRName(NT_REP_ACE)
             };
-            obsMgr.addEventListener(this, events, acRoot.getPath(), true, null, ntNames, true);
+            observationMgr.addEventListener(this, events, acRoot.getPath(), true, null, ntNames, false);
         }
 
         //------------------------------------< AbstractCompiledPermissions >---
         /**
          * @see AbstractCompiledPermissions#buildResult(Path)
          */
-        protected Result buildResult(Path absPath) throws RepositoryException {
+        protected synchronized Result buildResult(Path absPath) throws RepositoryException {
             if (!absPath.isAbsolute()) {
                 throw new RepositoryException("Absolute path expected.");
             }
 
             String jcrPath = session.getJCRPath(absPath);
-            boolean isAclItem = isAccessControlItem(absPath);
-            
+            boolean isAclItem = false;
+            /* Test if the given path points to a Node (or an existing or non
+             * existing direct decendant of an existing Node) that stores
+             * AC-information
+             */
+            String[] segments = Text.explode(jcrPath, '/', false);
+            if (segments.length > 0) {
+                for (int i = segments.length - 1; i >= 0 && !isAclItem; i--) {
+                    isAclItem = policyName.equals(segments[i]);
+                }
+            }
+
             int permissions;
             if (session.itemExists(jcrPath)) {
-                permissions = acl.getPermissions(session.getItem(jcrPath), isAclItem);
+                permissions = entries.getPermissions(session.getItem(jcrPath), isAclItem);
             } else {
-                Node parent = session.getNode(Text.getRelativeParent(jcrPath, 1));
-                String name = session.getJCRName(absPath.getNameElement().getName());
-                permissions = acl.getPermissions(parent, name, isAclItem);
-            }
-            /* privileges can only be determined for existing nodes.
-               not for properties and neither for non-existing nodes. */
-            int privileges = (session.nodeExists(jcrPath)) ? acl.getPrivileges(jcrPath) : PrivilegeRegistry.NO_PRIVILEGE;
+                Node parent = null;
+                String parentPath = jcrPath;
+                while (parent == null) {
+                    parentPath = Text.getRelativeParent(parentPath, 1);
+                    if (parentPath.length() == 0) {
+                        // root node reached
+                        parent = session.getRootNode();
+                    } else if (session.nodeExists(parentPath)) {
+                        parent = session.getNode(parentPath);
+                    }
+                }
+                String relPath = jcrPath.substring(parent.getPath().length() + 1);
+                permissions = entries.getPermissions(parent, relPath, isAclItem);
+            }
+            /* TODO: privileges can only be determined for nodes. */
+            int privileges = entries.getPrivileges(jcrPath);
             return new Result(permissions, privileges);
         }
 
@@ -299,7 +253,7 @@
          */
         public void close() {
             try {
-                obsMgr.removeEventListener(this);
+                observationMgr.removeEventListener(this);
             } catch (RepositoryException e) {
                 log.error("Internal error: ", e.getMessage());
             }
@@ -310,8 +264,7 @@
         /**
          * @see EventListener#onEvent(EventIterator)
          */
-        public void onEvent(EventIterator events) {
-            Set acPaths = acl.getAcPaths();
+        public synchronized void onEvent(EventIterator events) {
             try {
                 boolean reload = false;
                 while (events.hasNext() && !reload) {
@@ -334,19 +287,140 @@
                             reload = false;
                             break;
                     }
-
                 }
-
                 // eventually reload the ACL and clear the cache
                 if (reload) {
-                    // reload the acl
-                    acl = getACL(principals);
                     clearCache();
+                    // reload the acl
+                    entries = reload();
                 }
             } catch (RepositoryException e) {
                 // should never get here
                 log.warn("Internal error: ", e.getMessage());
             }
+        }
+
+        /**
+         *
+         * @return
+         * @throws RepositoryException
+         */
+        private Entries reload() throws RepositoryException {
+            // reload the paths
+            acPaths.clear();
+
+            // acNodes must be ordered in the same order as the principals
+            // in order to obtain proper acl-evalution in case the given
+            // principal-set is ordered.
+            List allACEs = new ArrayList();
+            // build acl-hierarchy assuming that principal-order determines the
+            // acl-inheritance.
+            for (Iterator it = principals.iterator(); it.hasNext();) {
+                Principal princ = (Principal) it.next();
+                PolicyTemplate at = editor.getPolicyTemplate(princ);
+                if (at == null || at.isEmpty()) {
+                    log.debug("No matching ACL node found for principal " + princ.getName() + " -> principal ignored.");
+                } else {
+                    // retrieve the ACEs from the node
+                    PolicyEntry[] aces = (PolicyEntry[]) at.getEntries();
+                    allACEs.addAll(Arrays.asList(aces));
+                    acPaths.add(at.getPath());
+                }
+            }
+            return new Entries(allACEs);
+        }
+    }
+
+    //--------------------------------------------------------------------------
+
+    private static class Entries {
+
+        private final List entries;
+
+        private Entries(List entries) {
+            this.entries = entries;
+        }
+
+        /**
+         * Loop over all entries and evaluate allows/denies for those matching
+         * the given jcrPath.
+         *
+         * @param target Existing target item for which the permissions will be
+         * evaluated.
+         * @param protectsACL
+         * @return
+         * @throws RepositoryException
+         */
+        private int getPermissions(Item target, boolean protectsACL) throws RepositoryException {
+            int allows = 0;
+            int denies = 0;
+            for (Iterator it = entries.iterator(); it.hasNext() && allows != Permission.ALL;) {
+                PolicyEntryImpl entr = (PolicyEntryImpl) it.next();
+                if (entr.matches(target)) {
+                    int privs = entr.getPrivilegeBits();
+                    int permissions = Permission.calculatePermissions(privs, privs, protectsACL);
+                    if (entr.isAllow()) {
+                        allows |= Permission.diff(permissions, denies);
+                    } else {
+                        denies |= Permission.diff(permissions, allows);
+                    }
+                }
+            }
+            return allows;
+        }
+
+        /**
+         * loop over all entries and evaluate allows/denies for those matching
+         * the given jcrPath.
+         *
+         * @param parent Existing parent of the target to be evaluated.
+         * @param relPath relative path to a non-existing child item to calculate the
+         * permissions for.
+         * @param protectsACL
+         * @return
+         * @throws RepositoryException
+         */
+        private int getPermissions(Node parent, String relPath, boolean protectsACL) throws RepositoryException {
+            int allows = 0;
+            int denies = 0;
+            String jcrPath = parent.getPath() + "/" + relPath;
+
+            for (Iterator it = entries.iterator(); it.hasNext() && allows != Permission.ALL;) {
+                PolicyEntryImpl entr = (PolicyEntryImpl) it.next();
+                if (entr.matches(jcrPath)) {
+                    int privs = entr.getPrivilegeBits();
+                    int permissions = Permission.calculatePermissions(privs, privs, protectsACL);
+                    if (entr.isAllow()) {
+                        allows |= Permission.diff(permissions, denies);
+                    } else {
+                        denies |= Permission.diff(permissions, allows);
+                    }
+                }
+            }
+            return allows;
+        }
+
+        private int getPrivileges(String nodePath) throws RepositoryException {
+            // TODO: improve. avoid duplicate evaluation...            
+            int allows = 0;
+            int denies = 0;
+            for (Iterator it = entries.iterator(); it.hasNext() && allows != Permission.ALL;) {
+                PolicyEntryImpl entr = (PolicyEntryImpl) it.next();
+                // loop over all entries and evaluate allows/denies for those
+                // matching the given jcrPath
+                // TODO: check again which ACEs must be respected.
+                // TODO: maybe ancestor-defs only if glob = *?
+                String np = entr.getNodePath();
+                // TODO: TOBEFIXED Text.isDescendant that returns false if np==root-path
+                if (np.equals(nodePath) || "/".equals(np) || Text.isDescendant(np, nodePath)) {
+                    if (entr.isAllow()) {
+                        allows |= PrivilegeRegistry.diff(entr.getPrivilegeBits(), denies);
+                    } else {
+                        denies |= PrivilegeRegistry.diff(entr.getPrivilegeBits(), allows);
+                    }
+                }
+            }
+            return allows;
         }
     }
 }

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/GlobPattern.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/GlobPattern.java?rev=644215&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/GlobPattern.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/GlobPattern.java Thu Apr  3 01:15:01 2008
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.combined;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.Item;
+import javax.jcr.RepositoryException;
+
+/**
+ * <code>GlobPattern</code>...
+ */
+class GlobPattern {
+
+    private static Logger log = LoggerFactory.getLogger(GlobPattern.class);
+
+    private static final char ALL = '*';
+    public static final String WILDCARD_ALL = "*";
+
+    private final String pattern;
+
+    private GlobPattern(String pattern)  {
+        this.pattern = pattern;
+    }
+
+    static GlobPattern create(String pattern) {
+        if (pattern == null) {
+            throw new IllegalArgumentException();
+        }
+        return new GlobPattern(pattern);
+    }
+
+    boolean matches(String toMatch) {
+        // shortcut
+        if (WILDCARD_ALL.equals(pattern)) {
+            return true;
+        }
+        if (toMatch == null) {
+            return false;
+        }
+
+        if (containsWildCard()) {
+            return matches(pattern, toMatch);
+        } else {
+            return pattern.equals(toMatch);
+        }
+    }
+
+    boolean matches(Item itemToMatch) {
+        try {
+            // TODO: missing proper impl
+            return matches(itemToMatch.getPath());
+        } catch (RepositoryException e) {
+            log.error("Unable to determine match.", e.getMessage());
+            return false;
+        }
+    }
+
+    private boolean containsWildCard() {
+        // TODO: add proper impl
+        return pattern.indexOf(ALL) > -1;
+    }
+
+    private static boolean matches(String pattern, String toMatch) {
+        // TODO: add proper impl
+        char[] c1 = pattern.toCharArray();
+        char[] c2 = toMatch.toCharArray();
+
+        for (int i = 0; i < c1.length; i++) {
+            if (c1[i] == ALL) {
+                return true;
+            }
+            if (i >= c2.length || c1[i] != c2[i]) {
+                return false;
+            }
+        }
+
+        return false;
+    }
+
+    //-------------------------------------------------------------< Object >---
+
+    /**
+     * @see Object#hashCode()
+     */
+    public int hashCode() {
+        return pattern.hashCode();
+    }
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString() {
+        return pattern;
+    }
+
+    /**
+     * @see Object#equals(Object)
+     */
+    public boolean equals(Object obj) {
+        if (obj == this) {
+            return true;
+        }
+        if (obj instanceof GlobPattern) {
+            return pattern.equals(((GlobPattern)obj).pattern);
+        }
+        return false;
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/GlobPattern.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/GlobPattern.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyEntryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyEntryImpl.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyEntryImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyEntryImpl.java Thu Apr  3 01:15:01 2008
@@ -16,40 +16,21 @@
  */
 package org.apache.jackrabbit.core.security.authorization.combined;
 
-import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
-import org.apache.jackrabbit.core.security.authorization.GlobPattern;
-import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
-import org.apache.jackrabbit.core.security.jsr283.security.AccessControlEntry;
+import org.apache.jackrabbit.core.security.authorization.AbstractPolicyEntry;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.RepositoryException;
 import javax.jcr.Item;
+import javax.jcr.RepositoryException;
 import java.security.Principal;
 
 /**
  * <code>PolicyEntryImpl</code>...
  */
-class PolicyEntryImpl implements PolicyEntry {
+class PolicyEntryImpl extends AbstractPolicyEntry {
 
     private static Logger log = LoggerFactory.getLogger(PolicyEntryImpl.class);
 
-    /**
-     * Privileges defined for this entry.
-     */
-    private final int privileges;
-
-    /**
-     * If the actions contained are allowed or denied
-     */
-    private final boolean allow;
-
-    /**
-     * The Principal of this entry
-     */
-    private final Principal principal;
-
     private final String nodePath;
     private final String glob;
 
@@ -59,11 +40,6 @@
     private final GlobPattern pattern;
 
     /**
-     * Hash code being calculated on demand.
-     */
-    private int hashCode = -1;
-
-    /**
      * Constructs an new entry.
      *
      * @param principal
@@ -72,20 +48,22 @@
      */
     PolicyEntryImpl(Principal principal, int privileges, boolean allow,
                     String nodePath, String glob) {
+        super(principal, privileges, allow);
+
         if (principal == null || nodePath == null) {
             throw new IllegalArgumentException("Neither principal nor nodePath must be null.");
         }
-        this.principal = principal;
-        this.privileges = privileges;
-        this.allow = allow;
         this.nodePath = nodePath;
-        this.glob = (glob == null) ? GlobPattern.WILDCARD_ALL : glob;
-
-        pattern = GlobPattern.create(nodePath + "/" +glob);
-    }
+        this.glob = glob;
 
-    int getPrivilegeBits() {
-        return privileges;
+        // TODO: review again
+        if (glob != null && glob.length() > 0) {
+            StringBuffer b = new StringBuffer(nodePath);
+            b.append(glob);
+            pattern = GlobPattern.create(b.toString());
+        } else {
+            pattern = GlobPattern.create(nodePath);
+        }
     }
 
     String getNodePath() {
@@ -104,48 +82,15 @@
         return pattern.matches(item);
     }
 
-    //-------------------------------------------------< AccessControlEntry >---
-    /**
-     * @see AccessControlEntry#getPrincipal()
-     */
-    public Principal getPrincipal() {
-        return principal;
-    }
-
-    /**
-     * @see AccessControlEntry#getPrivileges()
-     */
-    public Privilege[] getPrivileges() {
-        return PrivilegeRegistry.getPrivileges(privileges);
-    }
-
-    //--------------------------------------------------------< PolicyEntry >---
-    /**
-     * @return true if all actions contained in this Entry are allowed
-     * @see PolicyEntry#isAllow()
-     */
-    public boolean isAllow() {
-        return allow;
+    protected int buildHashCode() {
+        int h = super.buildHashCode();
+        h = 37 * h + nodePath.hashCode();
+        h = 37 * h + glob.hashCode();
+        return h;
     }
 
     //-------------------------------------------------------------< Object >---
     /**
-     * @see Object#hashCode()
-     */
-    public int hashCode() {
-        if (hashCode == -1) {
-            int h = 17;
-            h = 37 * h + principal.getName().hashCode();
-            h = 37 * h + privileges;
-            h = 37 * h + Boolean.valueOf(allow).hashCode();
-            h = 37 * h + nodePath.hashCode();
-            h = 37 * h + glob.hashCode();
-            hashCode = h;
-        }
-        return hashCode;
-    }
-
-    /**
      * Returns true if the principal, the allow-flag, all privileges and
      * the nodepath and the glob string are equal or the same, respectively.
      *
@@ -160,13 +105,10 @@
 
         if (obj instanceof PolicyEntryImpl) {
             PolicyEntryImpl tmpl = (PolicyEntryImpl) obj;
-            // TODO: check again if comparing principal-name is sufficient
-            return principal.getName().equals(tmpl.principal.getName()) &&
-                   allow == tmpl.allow &&
-                   privileges == tmpl.privileges &&
+            return super.equals(obj) &&
+                   nodePath.equals(tmpl.nodePath) &&
                    glob.equals(tmpl.glob);
         }
         return false;
     }
-
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyTemplateImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyTemplateImpl.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyTemplateImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyTemplateImpl.java Thu Apr  3 01:15:01 2008
@@ -16,7 +16,6 @@
  */
 package org.apache.jackrabbit.core.security.authorization.combined;
 
-import org.apache.jackrabbit.core.NodeId;
 import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
 import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
 import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
@@ -37,18 +36,13 @@
     private static Logger log = LoggerFactory.getLogger(PolicyTemplateImpl.class);
 
     private final Principal principal;
-    private final NodeId acNodeId;
+    private final String acAbsPath;
     private final List entries = new ArrayList();
 
-
-    PolicyTemplateImpl(List aceTemplates, Principal principal, NodeId acNodeId) {
+    PolicyTemplateImpl(List policyEntries, Principal principal, String acAbsPath) {
         this.principal = principal;
-        this.entries.addAll(aceTemplates);
-        this.acNodeId = acNodeId;
-    }
-
-    NodeId getNodeId() {
-        return acNodeId;
+        this.entries.addAll(policyEntries);
+        this.acAbsPath = acAbsPath;
     }
 
     Principal getPrincipal() {
@@ -56,6 +50,9 @@
     }
 
     //-----------------------------------------------------< PolicyTemplate >---
+    public String getPath() {
+        return acAbsPath;
+    }
 
     public boolean isEmpty() {
         return entries.isEmpty();

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleAccessManager.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleAccessManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleAccessManager.java Thu Apr  3 01:15:01 2008
@@ -16,30 +16,34 @@
  */
 package org.apache.jackrabbit.core.security.simple;
 
+import org.apache.jackrabbit.core.HierarchyManager;
+import org.apache.jackrabbit.core.ItemId;
+import org.apache.jackrabbit.core.security.AMContext;
 import org.apache.jackrabbit.core.security.AbstractAccessControlManager;
 import org.apache.jackrabbit.core.security.AccessManager;
-import org.apache.jackrabbit.core.security.AMContext;
 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
 import org.apache.jackrabbit.core.security.SystemPrincipal;
-import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
-import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
-import org.apache.jackrabbit.core.security.jsr283.security.AccessControlEntry;
-import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
 import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.authorization.Permission;
-import org.apache.jackrabbit.core.HierarchyManager;
-import org.apache.jackrabbit.core.ItemId;
-import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import org.apache.jackrabbit.spi.Path;
+import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlEntry;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
 import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.Path;
+import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
 
-import javax.security.auth.Subject;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.ItemNotFoundException;
-import javax.jcr.RepositoryException;
 import javax.jcr.NoSuchWorkspaceException;
 import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.security.auth.Subject;
+import java.security.Principal;
 
 /**
  * <code>SimpleAccessManager</code> ...
@@ -187,7 +191,7 @@
     public boolean hasPrivileges(String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
         checkInitialized();
         // make sure absPath points to an existing node
-        getValidNodePath(absPath);
+        checkValidNodePath(absPath);
 
         if (privileges == null || privileges.length == 0) {
             // null or empty privilege array -> return true
@@ -214,7 +218,7 @@
      */
     public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
         checkInitialized();
-        getValidNodePath(absPath);
+        checkValidNodePath(absPath);
 
         if (anonymous) {
             return new Privilege[] {PrivilegeRegistry.READ_PRIVILEGE};
@@ -231,8 +235,7 @@
      */
     public AccessControlPolicy getEffectivePolicy(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
         checkInitialized();
-        Path p = getValidNodePath(absPath);
-        checkPrivileges(p, PrivilegeRegistry.READ_AC);
+        checkPrivileges(absPath, PrivilegeRegistry.READ_AC);
 
         return new AccessControlPolicy() {
             public String getName() throws RepositoryException {
@@ -249,12 +252,29 @@
      */
     public AccessControlEntry[] getEffectiveAccessControlEntries(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
         checkInitialized();
-        Path p = getValidNodePath(absPath);
-        checkPrivileges(p, PrivilegeRegistry.READ_AC);
+        checkPrivileges(absPath, PrivilegeRegistry.READ_AC);
 
         return new AccessControlEntry[0];
     }
-    
+
+    //-------------------------------------< JackrabbitAccessControlManager >---
+    /**
+     * {@inheritDoc}
+     */
+    public PolicyTemplate editPolicy(String absPath) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
+        checkInitialized();
+        checkPrivileges(absPath, PrivilegeRegistry.MODIFY_AC);
+
+        throw new UnsupportedRepositoryOperationException("Editing is not supported");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PolicyTemplate editPolicy(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
+        throw new UnsupportedRepositoryOperationException("Editing is not supported");
+    }
+
     //---------------------------------------< AbstractAccessControlManager >---
     /**
      * {@inheritDoc}
@@ -265,13 +285,14 @@
         }
     }
 
-    protected void checkPrivileges(Path absPath, int privileges) throws AccessDeniedException, PathNotFoundException, RepositoryException {
+    protected void checkPrivileges(String absPath, int privileges) throws AccessDeniedException, PathNotFoundException, RepositoryException {
+        checkValidNodePath(absPath);
         if (anonymous && privileges != PrivilegeRegistry.READ) {
             throw new AccessDeniedException("Anonymous may only READ.");
         }
     }
 
-    protected Path getValidNodePath(String absPath) throws PathNotFoundException, RepositoryException {
+    protected void checkValidNodePath(String absPath) throws PathNotFoundException, RepositoryException {
         Path path = resolver.getQPath(absPath);
         if (!path.isAbsolute()) {
             throw new RepositoryException("Absolute path expected. Found: " + absPath);
@@ -279,8 +300,6 @@
 
         if (hierMgr.resolveNodePath(path) == null) {
             throw new PathNotFoundException(absPath);
-        } else {
-            return path;
         }
     }
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java Thu Apr  3 01:15:01 2008
@@ -40,7 +40,6 @@
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.observation.Event;
-import javax.jcr.observation.ObservationManager;
 import javax.jcr.observation.EventListener;
 import javax.jcr.observation.EventIterator;
 import java.security.Principal;
@@ -68,9 +67,6 @@
     private Path groupsPath;
     private Path usersPath;
 
-    private SessionImpl systemSession;
-    private ObservationManager obsMgr;
-
     private String userAdminGroup;
     private String groupAdminGroup;
 
@@ -83,40 +79,36 @@
     }
 
     //----------------------------------------------< AccessControlProvider >---
-     /**
+    /**
      * @see AccessControlProvider#init(Session, Map)
      */
     public void init(Session systemSession, Map options) throws RepositoryException {
-        if (initialized) {
-            throw new IllegalStateException("already initialized");
-        }
-        if (systemSession instanceof SessionImpl) {
-            this.systemSession = (SessionImpl) systemSession;
-            obsMgr = systemSession.getWorkspace().getObservationManager();
-
-            userAdminGroup = (options.containsKey(USER_ADMIN_GROUP_NAME)) ? options.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
-            groupAdminGroup = (options.containsKey(GROUP_ADMIN_GROUP_NAME)) ? options.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
-
-            // make sure the groups exist (and ev. create them).
-            // TODO: review again.
-            UserManager uMgr = this.systemSession.getUserManager();
-            if (!initGroup(uMgr, userAdminGroup)) {
-                log.warn("Unable to initialize User admininistrator group -> no user admins.");
-                userAdminGroup = null;
-            }
-            if (!initGroup(uMgr, groupAdminGroup)) {
-                log.warn("Unable to initialize Group admininistrator group -> no group admins.");
-                groupAdminGroup = null;
-            }
+        super.init(systemSession, options);
 
-            usersPath = this.systemSession.getQPath(USERS_PATH);
-            groupsPath = this.systemSession.getQPath(GROUPS_PATH);
-
-        } else {
-            throw new RepositoryException("SessionImpl (system session) expected.");
-        }
-        initialized = true;
-    }
+         if (systemSession instanceof SessionImpl) {
+             SessionImpl sImpl = (SessionImpl) systemSession;
+             userAdminGroup = (options.containsKey(USER_ADMIN_GROUP_NAME)) ? options.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
+             groupAdminGroup = (options.containsKey(GROUP_ADMIN_GROUP_NAME)) ? options.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
+
+             // make sure the groups exist (and ev. create them).
+             // TODO: review again.
+             UserManager uMgr = sImpl.getUserManager();
+             if (!initGroup(uMgr, userAdminGroup)) {
+                 log.warn("Unable to initialize User admininistrator group -> no user admins.");
+                 userAdminGroup = null;
+             }
+             if (!initGroup(uMgr, groupAdminGroup)) {
+                 log.warn("Unable to initialize Group admininistrator group -> no group admins.");
+                 groupAdminGroup = null;
+             }
+
+             usersPath = sImpl.getQPath(USERS_PATH);
+             groupsPath = sImpl.getQPath(GROUPS_PATH);
+
+         } else {
+             throw new RepositoryException("SessionImpl (system session) expected.");
+         }
+     }
 
     public CompiledPermissions compilePermissions(Set principals) throws ItemNotFoundException, RepositoryException {
         checkInitialized();
@@ -139,7 +131,7 @@
 
     private ItemBasedPrincipal getUserPrincipal(Set principals) {
         try {
-            UserManager uMgr = systemSession.getUserManager();
+            UserManager uMgr = session.getUserManager();
             for (Iterator it = principals.iterator(); it.hasNext();) {
                 Principal p = (Principal) it.next();
                 if (!(p instanceof Group) && p instanceof ItemBasedPrincipal
@@ -160,7 +152,7 @@
         if (principal != null) {
             try {
                 String path = principal.getPath();
-                userNode = (NodeImpl) systemSession.getNode(path);
+                userNode = (NodeImpl) session.getNode(path);
             } catch (RepositoryException e) {
                 log.warn("Error while retrieving user node.", e.getMessage());
             }
@@ -170,28 +162,28 @@
 
     private boolean isMember(Node userNode, Path memberPath) throws RepositoryException, PathNotFoundException {
         // precondition: memberPath points to a rep:members property
-        String propPath = systemSession.getJCRPath(memberPath);
-        if (systemSession.propertyExists(propPath)) {
+        String propPath = session.getJCRPath(memberPath);
+        if (session.propertyExists(propPath)) {
             // check if any of the ref-values equals to the value created from
             // the user-Node (which must be present if the user is member of the group)
-            Property membersProp = systemSession.getProperty(propPath);
+            Property membersProp = session.getProperty(propPath);
             List values = Arrays.asList(membersProp.getValues());
-            return values.contains(systemSession.getValueFactory().createValue(userNode));
+            return values.contains(session.getValueFactory().createValue(userNode));
         } else {
             return false;
         }
     }
 
     private Node getExistingNode(Path path) throws RepositoryException {
-        String absPath = systemSession.getJCRPath(path.getNormalizedPath());
-        if (systemSession.nodeExists(absPath)) {
-            return systemSession.getNode(absPath);
-        } else if (systemSession.propertyExists(absPath)) {
-            return systemSession.getProperty(absPath).getParent();
+        String absPath = resolver.getJCRPath(path.getNormalizedPath());
+        if (session.nodeExists(absPath)) {
+            return session.getNode(absPath);
+        } else if (session.propertyExists(absPath)) {
+            return session.getProperty(absPath).getParent();
         } else {
             String pPath = Text.getRelativeParent(absPath, 1);
-            if (systemSession.nodeExists(pPath)) {
-                return systemSession.getNode(pPath);
+            if (session.nodeExists(pPath)) {
+                return session.getNode(pPath);
             } else {
                 throw new ItemNotFoundException("Unable to determine permissions: No item and no existing parent for target path " + absPath);
             }
@@ -208,10 +200,10 @@
      * @throws RepositoryException
      */
     private boolean doCalculatePrivileges(Path path) throws RepositoryException {
-        String absPath = systemSession.getJCRPath(path.getNormalizedPath());
+        String absPath = resolver.getJCRPath(path.getNormalizedPath());
         // privileges can only be determined for existing nodes.
         // not for properties and neither for non-existing nodes.
-        return systemSession.nodeExists(absPath);
+        return session.nodeExists(absPath);
     }
 
     private static boolean containsGroup(Set principals, String groupName) {
@@ -263,7 +255,7 @@
             isGroupAdmin = containsGroup(principals, groupAdminGroup);
 
             int events = Event.PROPERTY_CHANGED | Event.PROPERTY_ADDED | Event.PROPERTY_REMOVED;
-            obsMgr.addEventListener(this, events, GROUPS_PATH, true, null, null, false);
+            observationMgr.addEventListener(this, events, GROUPS_PATH, true, null, null, false);
         }
 
         //------------------------------------< AbstractCompiledPermissions >---
@@ -302,7 +294,7 @@
                 } // else: outside of user tree -> authN = null
 
                 if (authN != null && authN.isNodeType(NT_REP_USER)) {
-                    int relDepth = systemSession.getHierarchyManager().getRelativeDepth(userNode.getNodeId(), authN.getNodeId());
+                    int relDepth = session.getHierarchyManager().getRelativeDepth(userNode.getNodeId(), authN.getNodeId());
                     switch (relDepth) {
                         case -1:
                             // authN is not below the userNode -> can't write anyway.
@@ -380,7 +372,7 @@
          */
         public void close() {
             try {
-                obsMgr.removeEventListener(this);
+                observationMgr.removeEventListener(this);
             } catch (RepositoryException e) {
                 log.error("Internal error: ", e.getMessage());
             }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/AccessManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/AccessManagerTest.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/AccessManagerTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/AccessManagerTest.java Thu Apr  3 01:15:01 2008
@@ -62,7 +62,7 @@
         }
     }
 
-    // TODO: add tests for new methods!!!!
+    // TODO: add tests for new methods
     // TODO: add specific tests for 'AC-read/modify' privileges
 
     public void testCheckPermissionReadOnlySession() throws RepositoryException, NotExecutableException {

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyEntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyEntryTest.java?rev=644215&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyEntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyEntryTest.java Thu Apr  3 01:15:01 2008
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
+import org.apache.jackrabbit.test.JUnitTest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * <code>AbstractPolicyEntryTest</code>...
+ */
+public abstract class AbstractPolicyEntryTest extends JUnitTest {
+
+    private static Logger log = LoggerFactory.getLogger(AbstractPolicyEntryTest.class);
+    protected Principal testPrincipal;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+        testPrincipal = new Principal() {
+            public String getName() {
+                return "TestPrincipal";
+            }
+        };
+    }
+
+    protected PolicyEntry createPolicyEntry(int privileges, boolean isAllow) {
+        return createPolicyEntry(testPrincipal, privileges, isAllow);
+    }
+
+    protected abstract PolicyEntry createPolicyEntry(Principal principal, int privileges, boolean isAllow);
+
+    public void testIsAllow() {
+        PolicyEntry tmpl = createPolicyEntry(PrivilegeRegistry.READ, true);
+        assertTrue(tmpl.isAllow());
+
+        tmpl = createPolicyEntry(PrivilegeRegistry.READ, false);
+        assertFalse(tmpl.isAllow());
+    }
+
+    public void testGetPrincipal() {
+        PolicyEntry tmpl = createPolicyEntry(PrivilegeRegistry.READ, true);
+        assertNotNull(tmpl.getPrincipal());
+        assertEquals(testPrincipal.getName(), tmpl.getPrincipal().getName());
+        assertSame(testPrincipal, tmpl.getPrincipal());
+    }
+
+    public void testGetPrivilegeBits() {
+        PolicyEntry tmpl = createPolicyEntry(PrivilegeRegistry.READ, true);
+
+        int privs = tmpl.getPrivilegeBits();
+        assertTrue(privs == PrivilegeRegistry.READ);
+
+        tmpl = createPolicyEntry(PrivilegeRegistry.WRITE, true);
+        privs = tmpl.getPrivilegeBits();
+        assertTrue(privs == PrivilegeRegistry.WRITE);
+    }
+
+    public void testGetPrivileges() throws AccessControlException {
+        PolicyEntry tmpl = createPolicyEntry(PrivilegeRegistry.READ, true);
+
+        Privilege[] privs = tmpl.getPrivileges();
+        assertNotNull(privs);
+        assertEquals(1, privs.length);
+        assertEquals(privs[0].getName(), Privilege.READ);
+        assertTrue(PrivilegeRegistry.getBits(privs) == tmpl.getPrivilegeBits());
+
+        tmpl = createPolicyEntry(PrivilegeRegistry.WRITE, true);
+        privs = tmpl.getPrivileges();
+        assertNotNull(privs);
+        assertEquals(1, privs.length);
+        assertEquals(privs[0].getName(), Privilege.WRITE);
+        assertTrue(PrivilegeRegistry.getBits(privs) == tmpl.getPrivilegeBits());
+
+        tmpl = createPolicyEntry(PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES, true);
+        privs = tmpl.getPrivileges();
+        assertNotNull(privs);
+        assertEquals(2, privs.length);
+
+        Privilege[] param = PrivilegeRegistry.getPrivileges(new String[] {Privilege.ADD_CHILD_NODES, Privilege.REMOVE_CHILD_NODES});
+        assertEquals(Arrays.asList(param), Arrays.asList(privs));
+        assertTrue(PrivilegeRegistry.getBits(privs) == tmpl.getPrivilegeBits());
+    }
+
+    public void testEquals() {
+
+        PolicyEntry ace = createPolicyEntry(PrivilegeRegistry.ALL, true);
+        PolicyEntry ace2 = createPolicyEntry(PrivilegeRegistry.ALL, true);
+        assertEquals(ace, ace2);
+
+        ace2 = createPolicyEntry(PrivilegeRegistry.READ |
+                PrivilegeRegistry.WRITE |
+                PrivilegeRegistry.MODIFY_AC |
+                PrivilegeRegistry.READ_AC, true);
+        assertEquals(ace, ace2);
+    }
+
+    public void testNotEquals() {
+        PolicyEntry ace = createPolicyEntry(PrivilegeRegistry.ALL, true);
+        List otherAces = new ArrayList();
+        // ACE template with different principal
+        otherAces.add(createPolicyEntry(new Principal() {
+            public String getName() {
+                return "a name";
+            } }, PrivilegeRegistry.ALL, true)
+        );
+
+        // ACE template with different privileges
+        otherAces.add(createPolicyEntry(PrivilegeRegistry.READ, true));
+        // ACE template with different 'allow' flag
+        otherAces.add(createPolicyEntry(PrivilegeRegistry.ALL, false));
+        // ACE template with different privileges and 'allows
+        otherAces.add(createPolicyEntry(PrivilegeRegistry.WRITE, false));
+        // other ace impl
+        PolicyEntry pe = new PolicyEntry() {
+            public boolean isAllow() {
+                return true;
+            }
+
+            public int getPrivilegeBits() {
+                return PrivilegeRegistry.ALL;
+            }
+
+            public Principal getPrincipal() {
+                return testPrincipal;
+            }
+            public Privilege[] getPrivileges() {
+                return PrivilegeRegistry.getPrivileges(PrivilegeRegistry.ALL);
+            }
+        };
+        otherAces.add(pe);
+
+        for (Iterator it = otherAces.iterator(); it.hasNext();) {
+            assertFalse(ace.equals(it.next()));
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyEntryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyEntryTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyTemplateTest.java?rev=644215&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyTemplateTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyTemplateTest.java Thu Apr  3 01:15:01 2008
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.test.JUnitTest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+
+/**
+ * <code>AbstractPolicyTemplateTest</code>...
+ */
+public abstract class AbstractPolicyTemplateTest extends JUnitTest {
+
+    private static Logger log = LoggerFactory.getLogger(AbstractPolicyTemplateTest.class);
+
+    protected Principal testPrincipal;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+        testPrincipal = new Principal() {
+            public String getName() {
+                return "TestPrincipal";
+            }
+        };
+    }
+
+    protected abstract String getTestPath();
+    
+    protected abstract PolicyTemplate createEmptyTemplate(String path);
+
+    public void testEmptyTemplate() throws RepositoryException {
+        PolicyTemplate pt = createEmptyTemplate(getTestPath());
+
+        assertNotNull(pt.getEntries());
+        assertTrue(pt.getEntries().length == 0);
+        assertTrue(pt.isEmpty());
+        assertNotNull(pt.getName());
+    }
+
+
+    public void testGetPath() {
+        PolicyTemplate pt = (PolicyTemplate) createEmptyTemplate(getTestPath());
+        assertEquals(getTestPath(), pt.getPath());
+    }
+
+    // TODO: add more tests
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyTemplateTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyTemplateTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java Thu Apr  3 01:15:01 2008
@@ -19,6 +19,7 @@
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
+import org.apache.jackrabbit.core.security.authorization.combined.GlobPatternTest;
 
 /**
  * Test suite
@@ -38,7 +39,7 @@
         suite.addTestSuite(PrivilegeRegistryTest.class);
 
         suite.addTestSuite(PolicyTemplateTest.class);
-        //TODO suite.addTestSuite(EntryTemplateTest.class);
+        suite.addTestSuite(GlobPatternTest.class);
 
         return suite;
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java Thu Apr  3 01:15:01 2008
@@ -16,121 +16,21 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.authorization.AbstractPolicyEntryTest;
 import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
-import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
-import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
-import org.apache.jackrabbit.test.JUnitTest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.security.Principal;
-import java.util.Arrays;
-import java.util.List;
-import java.util.ArrayList;
-import java.util.Iterator;
 
 /**
  * <code>ACEImplTest</code>...
  */
-public class ACEImplTest extends JUnitTest {
+public class ACEImplTest extends AbstractPolicyEntryTest {
 
     private static Logger log = LoggerFactory.getLogger(ACEImplTest.class);
 
-    private Principal testPrincipal;
-
-    protected void setUp() throws Exception {
-        super.setUp();
-        testPrincipal = new Principal() {
-            public String getName() {
-                return "TestPrincipal";
-            }
-        };
-    }
-
-    public void testIsAllow() {
-        ACEImpl tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-        assertTrue(tmpl.isAllow());
-
-        tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, false);
-        assertFalse(tmpl.isAllow());
-    }
-
-    public void testGetPrincipal() {
-        ACEImpl tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-        assertNotNull(tmpl.getPrincipal());
-        assertEquals(testPrincipal.getName(), tmpl.getPrincipal().getName());
-        assertSame(testPrincipal, tmpl.getPrincipal());
-    }
-
-    public void testGetPrivileges() throws AccessControlException {
-        ACEImpl tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-
-        Privilege[] privs = tmpl.getPrivileges();
-        assertNotNull(privs);
-        assertEquals(1, privs.length);
-        assertEquals(privs[0].getName(), Privilege.READ);
-
-        tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.WRITE, true);
-        privs = tmpl.getPrivileges();
-        assertNotNull(privs);
-        assertEquals(1, privs.length);
-        assertEquals(privs[0].getName(), Privilege.WRITE);
-
-        tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES, true);
-        privs = tmpl.getPrivileges();
-        assertNotNull(privs);
-        assertEquals(2, privs.length);
-
-        Privilege[] param = PrivilegeRegistry.getPrivileges(new String[] {Privilege.ADD_CHILD_NODES, Privilege.REMOVE_CHILD_NODES});
-        assertEquals(Arrays.asList(param), Arrays.asList(privs));
-    }
-
-    public void testEqual() {
-        ACEImpl ace = new ACEImpl(testPrincipal, PrivilegeRegistry.ALL, true);
-
-        ACEImpl ace2 = new ACEImpl(testPrincipal, PrivilegeRegistry.ALL, true);
-        assertEquals(ace, ace2);
-
-        ace2 = new ACEImpl(testPrincipal, PrivilegeRegistry.READ |
-                PrivilegeRegistry.WRITE |
-                PrivilegeRegistry.MODIFY_AC |
-                PrivilegeRegistry.READ_AC, true);
-        assertEquals(ace, ace2);
-    }
-
-    public void testNotEqual() {
-        ACEImpl ace = new ACEImpl(testPrincipal, PrivilegeRegistry.ALL, true);
-        List otherAces = new ArrayList();
-        // ACE template with different principal
-        otherAces.add(new ACEImpl(new Principal() {
-            public String getName() {
-                return "a name";
-            } }, PrivilegeRegistry.ALL, true)
-        );
-
-        // ACE template with different privileges
-        otherAces.add(new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true));
-        // ACE template with different 'allow' flag
-        otherAces.add(new ACEImpl(testPrincipal, PrivilegeRegistry.ALL, false));
-        // ACE template with different privileges and 'allows
-        otherAces.add(new ACEImpl(testPrincipal, PrivilegeRegistry.WRITE, false));
-        // other ace impl
-        PolicyEntry pe = new PolicyEntry() {
-            public boolean isAllow() {
-                return true;
-            }
-            public Principal getPrincipal() {
-                return testPrincipal;
-            }
-            public Privilege[] getPrivileges() {
-                return PrivilegeRegistry.getPrivileges(PrivilegeRegistry.ALL);
-            }
-        };
-        otherAces.add(pe);
-
-        for (Iterator it = otherAces.iterator(); it.hasNext();) {
-            assertFalse(ace.equals(it.next()));
-        }
+    protected PolicyEntry createPolicyEntry(Principal principal, int privileges, boolean isAllow) {
+        return new ACEImpl(principal, privileges, isAllow);
     }
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java?rev=644215&r1=644214&r2=644215&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java Thu Apr  3 01:15:01 2008
@@ -16,27 +16,23 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import org.apache.jackrabbit.test.JUnitTest;
+import org.apache.jackrabbit.core.security.authorization.AbstractPolicyTemplateTest;
+import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.RepositoryException;
-
 /**
  * <code>ACLTemplateTest</code>...
  */
-public class ACLTemplateTest extends JUnitTest {
+public class ACLTemplateTest extends AbstractPolicyTemplateTest {
 
     private static Logger log = LoggerFactory.getLogger(ACLTemplateTest.class);
 
-    public void testEmptyTemplate() throws RepositoryException {
-        ACLTemplate at = new ACLTemplate();
-
-        assertNotNull(at.getEntries());
-        assertTrue(at.getEntries().length == 0);
-        assertTrue(at.isEmpty());
-        assertNotNull(at.getName());
+    protected String getTestPath() {
+        return "/ab/c/d";
     }
 
-    // TODO: add tests
+    protected PolicyTemplate createEmptyTemplate(String path) {
+        return new ACLTemplate(path);
+    }
 }



Mime
View raw message