jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r656178 - in /jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security: ./ jsr283/security/
Date Wed, 14 May 2008 09:28:44 GMT
Author: angela
Date: Wed May 14 02:28:44 2008
New Revision: 656178

URL: http://svn.apache.org/viewvc?rev=656178&view=rev
Log:
JCR-1588: JSR 283 Access Control (work in progress)
JCR-1589: JSR 283: Retention & Hold Management (work in progress)

- sync ac/r&h interfaces

Added:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Hold.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/RetentionPolicy.java   (with props)
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntry.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlException.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicy.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIterator.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Privilege.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java?rev=656178&r1=656177&r2=656178&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java Wed May 14 02:28:44 2008
@@ -24,6 +24,8 @@
 import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
 import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
 import org.apache.jackrabbit.core.security.jsr283.security.AccessControlEntry;
+import org.apache.jackrabbit.core.security.jsr283.security.Hold;
+import org.apache.jackrabbit.core.security.jsr283.security.RetentionPolicy;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
 
@@ -31,6 +33,8 @@
 import javax.jcr.RepositoryException;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.version.VersionException;
+import javax.jcr.lock.LockException;
 import java.security.Principal;
 
 /**
@@ -146,6 +150,49 @@
         throw new AccessControlException("Invalid access control entry, that has not been applied through this API.");
     }
 
+    public Hold[] getHolds(String absPath) throws PathNotFoundException, AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
+        checkInitialized();
+        checkPrivileges(absPath, PrivilegeRegistry.READ_AC);
+
+        throw new UnsupportedRepositoryOperationException("Retention & Hold are not supported by this AccessControlManager (" + getClass().getName()+ ").");
+    }
+
+    public Hold addHold(String absPath, String name, boolean isDeep) throws PathNotFoundException, AccessControlException, AccessDeniedException, UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException {
+        checkInitialized();
+        checkPrivileges(absPath, PrivilegeRegistry.MODIFY_AC);
+
+        throw new UnsupportedRepositoryOperationException("Retention & Hold are not supported by this AccessControlManager (" + getClass().getName()+ ").");
+    }
+
+    public void removeHold(String absPath, Hold hold) throws PathNotFoundException, AccessControlException, AccessDeniedException, UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException {
+        checkInitialized();
+        checkPrivileges(absPath, PrivilegeRegistry.MODIFY_AC);
+
+        throw new UnsupportedRepositoryOperationException("Retention & Hold are not supported by this AccessControlManager (" + getClass().getName()+ ").");
+    }
+
+    public RetentionPolicy getRetentionPolicy(String absPath) throws PathNotFoundException, AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
+        checkInitialized();
+        checkPrivileges(absPath, PrivilegeRegistry.READ_AC);
+
+        throw new UnsupportedRepositoryOperationException("Retention & Hold are not supported by this AccessControlManager (" + getClass().getName()+ ").");
+
+    }
+
+    public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy) throws PathNotFoundException, AccessControlException, AccessDeniedException, UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException {
+        checkInitialized();
+        checkPrivileges(absPath, PrivilegeRegistry.MODIFY_AC);
+
+        throw new UnsupportedRepositoryOperationException("Retention & Hold are not supported by this AccessControlManager (" + getClass().getName()+ ").");
+    }
+
+    public void removeRetentionPolicy(String absPath) throws PathNotFoundException, AccessControlException, AccessDeniedException, UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException {
+        checkInitialized();
+        checkPrivileges(absPath, PrivilegeRegistry.MODIFY_AC);
+
+        throw new UnsupportedRepositoryOperationException("Retention & Hold are not supported by this AccessControlManager (" + getClass().getName()+ ").");
+    }
+
     //--------------------------------------------------------------------------
     /**
      * Check if this manager has been properly initialized.

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java?rev=656178&r1=656177&r2=656178&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java Wed May 14 02:28:44 2008
@@ -32,6 +32,8 @@
 import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
 import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicyIterator;
 import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
+import org.apache.jackrabbit.core.security.jsr283.security.Hold;
+import org.apache.jackrabbit.core.security.jsr283.security.RetentionPolicy;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.Name;
@@ -45,6 +47,8 @@
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.version.VersionException;
+import javax.jcr.lock.LockException;
 import javax.security.auth.Subject;
 import java.security.Principal;
 import java.util.Collections;
@@ -400,6 +404,53 @@
         }
     }
 
+    /**
+     * @see AccessControlManager#getHolds(String)
+     */
+    public Hold[] getHolds(String absPath) throws PathNotFoundException, AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
+        // TODO: add implementation
+        return super.getHolds(absPath);
+    }
+
+    /**
+     * @see AccessControlManager#addHold(String, String, boolean)
+     */
+    public Hold addHold(String absPath, String name, boolean isDeep) throws PathNotFoundException, AccessControlException, AccessDeniedException, UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException {
+        // TODO: add implementation
+        return super.addHold(absPath, name, isDeep);
+    }
+
+    /**
+     * @see AccessControlManager#removeHold(String, Hold)
+     */
+    public void removeHold(String absPath, Hold hold) throws PathNotFoundException, AccessControlException, AccessDeniedException, UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException {
+        // TODO: add implementation
+        super.removeHold(absPath, hold);
+    }
+
+    /**
+     * @see AccessControlManager#getRetentionPolicy(String)
+     */
+    public RetentionPolicy getRetentionPolicy(String absPath) throws PathNotFoundException, AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
+        // TODO: add implementation
+        return super.getRetentionPolicy(absPath);
+    }
+
+    /**
+     * @see AccessControlManager#setRetentionPolicy(String, RetentionPolicy)
+     */
+    public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy) throws PathNotFoundException, AccessControlException, AccessDeniedException, UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException {
+        // TODO: add implementation
+        super.setRetentionPolicy(absPath, retentionPolicy);
+    }
+
+    /**
+     * @see AccessControlManager#removeRetentionPolicy(String)
+     */
+    public void removeRetentionPolicy(String absPath) throws PathNotFoundException, AccessControlException, AccessDeniedException, UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException {
+        // TODO: add implementation
+        super.removeRetentionPolicy(absPath);
+    }
     //-------------------------------------< JackrabbitAccessControlManager >---
     /**
      * @see JackrabbitAccessControlManager#editPolicy(String)

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntry.java?rev=656178&r1=656177&r2=656178&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntry.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntry.java Wed May 14 02:28:44 2008
@@ -1,3 +1,19 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.apache.jackrabbit.core.security.jsr283.security;
 
 import java.security.Principal;

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlException.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlException.java?rev=656178&r1=656177&r2=656178&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlException.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlException.java Wed May 14 02:28:44 2008
@@ -1,3 +1,19 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.apache.jackrabbit.core.security.jsr283.security;
 
 import javax.jcr.RepositoryException;

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlManager.java?rev=656178&r1=656177&r2=656178&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlManager.java Wed May 14 02:28:44 2008
@@ -1,9 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.apache.jackrabbit.core.security.jsr283.security;
 
+import javax.jcr.AccessDeniedException;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
-import javax.jcr.AccessDeniedException;
 import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.lock.LockException;
+import javax.jcr.version.VersionException;
 import java.security.Principal;
 
 /**
@@ -13,6 +31,9 @@
  * <li>Access control discovery</li>
  * <li>Assigning access control policies</li>
  * <li>Assigning access control entries</li>
+ * <li>Retention and hold discovery</li>
+ * <li>Adding hold(s) to existing nodes and removing them</li>
+ * <li>Adding retention policies to existing nodes and removing them.</li>
  * </ul>
  *
  * @since JCR 2.0
@@ -25,11 +46,17 @@
      * <p/>
      * This method does not return the privileges held by the session. Instead,
      * it returns the privileges that the repository supports.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
      * @return an array of <code>Privilege</code>s.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to 
+     *                               or the session does not have privilege to
      *                               retrieve the node.
      * @throws RepositoryException   if another error occurs.
      */
@@ -40,16 +67,29 @@
      * Returns whether the session has the specified privileges for absolute
      * path <code>absPath</code>, which must be an existing node.
      * <p/>
-     * Testing an aggregate privilege is equivalent to testing each nonaggregate
+     * Testing an aggregate privilege is equivalent to testing each non aggregate
      * privilege among the set returned by calling
      * <code>Privilege.getAggregatePrivileges()</code> for that privilege.
+     * <p/>
+     * The results reported by the this method reflect the net
+     * <i>effect</i> of the currently applied control mechanisms. It does not reflect
+     * unsaved access control policies or unsaved access control entries.
+     * Changes to access control status caused by these mechanisms only take effect
+     * on <code>Session.save()</code> and are only then reflected in the results of
+     * the privilege test methods.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath    an absolute path.
      * @param privileges an array of <code>Privilege</code>s.
      * @return <code>true</code> if the session has the specified privileges;
      *         <code>false</code> otherwise.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to 
+     *                               or the session does not have privilege to
      *                               retrieve the node.
      * @throws RepositoryException   if another error occurs.
      */
@@ -62,11 +102,24 @@
      * <p/>
      * The returned privileges are those for which {@link #hasPrivileges} would
      * return <code>true</code>.
-     * 
+     * <p/>
+     * The results reported by the this method reflect the net
+     * <i>effect</i> of the currently applied control mechanisms. It does not reflect
+     * unsaved access control policies or unsaved access control entries.
+     * Changes to access control status caused by these mechanisms only take effect
+     * on <code>Session.save()</code> and are only then reflected in the results of
+     * the privilege test methods.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
      * @param absPath an absolute path.
      * @return an array of <code>Privilege</code>s.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to 
+     *                               or the session does not have privilege to
      *                               retrieve the node.
      * @throws RepositoryException   if another error occurs.
      */
@@ -76,19 +129,28 @@
     /**
      * Returns the <code>AccessControlPolicy</code> that has been set to
      * the node at <code>absPath</code> or <code>null</code> if no
-     * policy has been set. This method reflects the binding state including
+     * policy has been set. This method reflects the binding state, including
      * transient policy modifications.
      * <p/>
      * Use {@link #getEffectivePolicy(String)} in order to determine the
      * policy that effectively applies at <code>absPath</code>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
      * @return an <code>AccessControlPolicy</code> object or <code>null</code>.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to 
+     *                               or the session does not have privilege to
      *                               retrieve the node.
      * @throws AccessDeniedException if the session lacks
-     *                               <code>READ_ACCESS_CONTROL</code> privilege 
+     *                               <code>READ_ACCESS_CONTROL</code> privilege
      *                               for the <code>absPath</code> node.
      * @throws RepositoryException   if another error occurs.
      */
@@ -96,19 +158,27 @@
             throws PathNotFoundException, AccessDeniedException, RepositoryException;
 
     /**
-     * Returns the <code>AccessControlPolicy</code> that currently is in effect 
-     * at the node at <code>absPath</code>. This may be an 
-     * <code>AccessControlPolicy</code> set through this API or some 
+     * Returns the <code>AccessControlPolicy</code> that currently is in effect
+     * at the node at <code>absPath</code>. This may be an
+     * <code>AccessControlPolicy</code> set through this API or some
      * implementation specific (default) policy.
-     * </p>
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
      * @return an <code>AccessControlPolicy</code> object.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to 
+     *                               or the session does not have privilege to
      *                               retrieve the node.
      * @throws AccessDeniedException if the session lacks
-     *                               <code>READ_ACCESS_CONTROL</code> privilege 
+     *                               <code>READ_ACCESS_CONTROL</code> privilege
      *                               for the <code>absPath</code> node.
      * @throws RepositoryException   if another error occurs.
      */
@@ -118,16 +188,25 @@
     /**
      * Returns the access control policies that are capable of being applied to
      * the node at <code>absPath</code>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
      * @return an <code>AccessControlPolicyIterator</code> over the applicable
      *         access control policies or an empty iterator if no policies are
      *         applicable.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to 
+     *                               or the session does not have privilege to
      *                               retrieve the node.
      * @throws AccessDeniedException if the session lacks
-     *                               <code>READ_ACCESS_CONTROL</code> privilege 
+     *                               <code>READ_ACCESS_CONTROL</code> privilege
      *                               for the <code>absPath</code> node.
      * @throws RepositoryException   if another error occurs.
      */
@@ -137,60 +216,121 @@
     /**
      * Binds the <code>policy</code> to the node at <code>absPath</code>.
      * <p/>
-     * Only one policy may be bound at a time. If more than one policy per node 
-     * is required, the implementation should provide an appropriate aggregate 
+     * Only one policy may be bound at a time. If more than one policy per node
+     * is required, the implementation should provide an appropriate aggregate
      * policy among those returned by <code>getApplicablePolicies(absPath)</code>.
-     * The access control policy does not take effect until a <code>save</code> 
+     * The access control policy does not take effect until a <code>save</code>
      * is performed.
      * <p/>
-     * If the node has access control entries that were bound to it through the 
-     * JCR API prior to the <code>setPolicy</code> call, then these entries may 
-     * be deleted. Any implementation-specific (non-JCR) access control 
-     * settings may be changed in response to a successful call to 
+     * If the node has access control entries that were bound to it through the
+     * JCR API prior to the <code>setPolicy</code> call, then these entries may
+     * be deleted. Any implementation-specific (non-JCR) access control
+     * settings may be changed in response to a successful call to
      * <code>setPolicy</code>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the policy is not applicable.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
+     * node.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
      * @param policy  the <code>AccessControlPolicy</code> to be applied.
-     * @throws PathNotFoundException   if no node at <code>absPath</code> exists
-     *                                 or the session does not have privilege to 
-     *                                 retrieve the node.
-     * @throws AccessControlException  if the policy is not applicable.
-     * @throws AccessDeniedException   if the session lacks
-     *                                 <code>MODIFY_ACCESS_CONTROL</code> 
-     *                                 privilege for the <code>absPath</code> node.
-     * @throws RepositoryException     if another error occurs.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the policy is not applicable.
+     * @throws AccessDeniedException  if the session lacks
+     *                                <code>MODIFY_ACCESS_CONTROL</code>
+     *                                privilege for the <code>absPath</code> node.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
      */
     public void setPolicy(String absPath, AccessControlPolicy policy)
             throws PathNotFoundException, AccessControlException,
-            AccessDeniedException, RepositoryException;
+            AccessDeniedException, LockException, VersionException, RepositoryException;
 
     /**
      * Removes the <code>AccessControlPolicy</code> from the node at absPath and
      * returns it.
      * <p/>
-     * 
      * An <code>AccessControlPolicy</code> can only be removed if it was
-     * bound to the specified node through this API before. The effect of the 
-     * removal only takes place upon <code>Session.save()</code>. Whichever 
+     * bound to the specified node through this API before. The effect of the
+     * removal only takes place upon <code>Session.save()</code>. Whichever
      * defaults the implementation applies now take effect.
-     * Note, that an implementation default or any other effective 
+     * Note, that an implementation default or any other effective
      * <code>AccessControlPolicy</code> that has not been applied to the node
      * before may never be removed using this method.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if no policy exists.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
+     * node.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
      * @return the removed <code>AccessControlPolicy</code>.
-     * @throws PathNotFoundException   if no node at <code>absPath</code> exists
-     *                                 or the session does not have privilege to 
-     *                                 retrieve the node.
-     * @throws AccessControlException  if no policy exists.
-     * @throws AccessDeniedException   if the session lacks
-     *                                 <code>MODIFY_ACCESS_CONTROL</code> 
-     *                                 privilege for the <code>absPath</code> node.
-     * @throws RepositoryException     if another error occurs.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if no policy exists.
+     * @throws AccessDeniedException  if the session lacks
+     *                                <code>MODIFY_ACCESS_CONTROL</code>
+     *                                privilege for the <code>absPath</code> node.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
      */
     public AccessControlPolicy removePolicy(String absPath)
             throws PathNotFoundException, AccessControlException,
-            AccessDeniedException, RepositoryException;
+            AccessDeniedException, LockException, VersionException, RepositoryException;
 
     /**
      * Returns all access control entries assigned to the node at <code>absPath</code>
@@ -198,17 +338,30 @@
      * <p/>
      * This method is only guaranteed to return an <code>AccessControlEntry</code>
      * if that <code>AccessControlEntry</code> has been assigned <i>through this API</i>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * access control entries are not supported.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path
      * @return all access control entries assigned at to specified node.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to 
+     *                               or the session does not have privilege to
      *                               retrieve the node.
      * @throws AccessDeniedException if the session lacks
-     *                               <code>READ_ACCESS_CONTROL</code> privilege 
+     *                               <code>READ_ACCESS_CONTROL</code> privilege
      *                               for the <code>absPath</code> node.
-     * @throws UnsupportedRepositoryOperationException if access control
-     *         is not supported.
+     * @throws UnsupportedRepositoryOperationException
+     *                               if access control entries
+     *                               are not supported.
      * @throws RepositoryException   if another error occurs.
      */
     public AccessControlEntry[] getAccessControlEntries(String absPath)
@@ -218,30 +371,43 @@
      * Returns the access control entries that are effective at the node at
      * <code>absPath</code>.
      * <p/>
-     * This method is intended for information purpose only and should allow
-     * the user to determine which entries are currently used for access control
-     * evaluation.
+     * This method performs a best-effort search for all access control entries in
+     * effect on the node at <code>absPath</code>.
      * </p>
      * If an implementation is not able to determine the effective entries
-     * present at the given node it returns <code>null</code> in order to indicate
-     * that entries exists but the implementation cannot find them. If there
-     * are no entries present at the given node an empty array will be returned.
+     * present at the given node it returns <code>null</code>. If the implementation
+     * positively determines that no entries present at the given node then an empty
+     * array is returned.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * access control entries are not supported.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path
      * @return the access control entries that are currently effective at the
      *         node at <code>absPath</code> or <code>null</code> if the
      *         implementation is not able to determine the effective entries.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *         or the session does not have privilege to retrieve the node.
+     *                               or the session does not have privilege to retrieve the node.
      * @throws AccessDeniedException if the session lacks
-     *         <code>READ_ACCESS_CONTROL</code> privilege for the
-     *         <code>absPath</code> node.
-     * @throws UnsupportedRepositoryOperationException if access control
-     *         is not supported.
-     * @throws RepositoryException if another error occurs.
+     *                               <code>READ_ACCESS_CONTROL</code> privilege for the
+     *                               <code>absPath</code> node.
+     * @throws UnsupportedRepositoryOperationException
+     *                               if access control entries
+     *                               are not supported.
+     * @throws RepositoryException   if another error occurs.
      */
     public AccessControlEntry[] getEffectiveAccessControlEntries(String absPath)
-            throws PathNotFoundException, AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
+            throws PathNotFoundException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, RepositoryException;
 
 
     /**
@@ -267,31 +433,69 @@
      * respect to nodes other than that specified. However, if it does, it is
      * guaranteed to only affect the privileges of those other nodes in the
      * same way as it affects the privileges of the specified node.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the specified principal
+     * does not exist, if any of the specified privileges is not supported at
+     * <code>absPath</code> or if some other access control related exception occurs.
+     * <p/>
+     * An <code>AccessDeniedException</code>  is thrown if the session lacks
+     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
+     * node.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * access control entries are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath    an absolute path.
      * @param principal  a <code>Principal</code>.
      * @param privileges an array of <code>Privilege</code>s.
      * @return the <code>AccessControlEntry</code> object constructed from the
      *         specified <code>principal</code> and <code>privileges</code>.
-     * @throws PathNotFoundException      if no node at <code>absPath</code> exists
-     *                                    or the session does not have privilege to retrieve the node.
-     * @throws AccessControlException     if the specified principal does not exist,
-     *                                    if any of the specified privileges is not supported at
-     *                                    <code>absPath</code> or if some other access control related
-     *                                    exception occurs.
-     * @throws AccessDeniedException      if the session lacks
-     *                                    <code>MODIFY_ACCESS_CONTROL</code> privilege for the
-     *                                    <code>absPath</code> node.
-     * @throws UnsupportedRepositoryOperationException if access control
-     *         is not supported.
-     * @throws RepositoryException        if another error occurs.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the specified principal does not exist,
+     *                                if any of the specified privileges is not supported at
+     *                                <code>absPath</code> or if some other access control related
+     *                                exception occurs.
+     * @throws AccessDeniedException  if the session lacks
+     *                                <code>MODIFY_ACCESS_CONTROL</code> privilege for the
+     *                                <code>absPath</code> node.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if access control entries
+     *                                are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
      */
     public AccessControlEntry addAccessControlEntry(String absPath,
                                                     Principal principal,
                                                     Privilege[] privileges)
             throws PathNotFoundException, AccessControlException,
             AccessDeniedException, UnsupportedRepositoryOperationException,
-            RepositoryException;
+            LockException, VersionException, RepositoryException;
 
     /**
      * Removes the specified <code>AccessControlEntry</code> from the node at
@@ -305,26 +509,359 @@
      * it is guaranteed to only affect the privileges of those other nodes in
      * the same way as it affects the privileges of the specified node.
      * <p/>
-     * Only exactly those entries obtained through 
-     * <code>getAccessControlEntries<code> can be removed. The effect of the 
+     * Only exactly those entries obtained through
+     * <code>getAccessControlEntries<code> can be removed. The effect of the
      * removal only takes effect upon <code>Session.save()</code>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the specified entry
+     * is not present on the specified node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
+     * node.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * access control entries are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
      * @param ace     the access control entry to be removed.
-     * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to retrieve the node.
-     * @throws AccessControlException
-     *                               if the specified entry is not
-     *                               present on the specified node.
-     * @throws AccessDeniedException if the session lacks
-     *                               <code>MODIFY_ACCESS_CONTROL</code> privilege for the
-     *                               <code>absPath</code> node.
-     * @throws UnsupportedRepositoryOperationException if access control
-     *         is not supported.
-     * @throws RepositoryException   if another error occurs.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the specified entry is not
+     *                                present on the specified node.
+     * @throws AccessDeniedException  if the session lacks
+     *                                <code>MODIFY_ACCESS_CONTROL</code> privilege
+     *                                for the <code>absPath</code> node.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if access control entries
+     *                                are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
      */
     public void removeAccessControlEntry(String absPath, AccessControlEntry ace)
             throws PathNotFoundException, AccessControlException,
             AccessDeniedException, UnsupportedRepositoryOperationException,
+            LockException, VersionException, RepositoryException;
+
+    /**
+     * Returns all hold objects that have been added through this API to the
+     * existing node at <code>absPath</code>. If no hold has been set before,
+     * this method returns an empty array.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to retrieve the holds.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @return All hold objects that have been added to the existing node at
+     *         <code>absPath</code> through this API or an empty array if no
+     *         hold has been set.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessDeniedException if the current session does not have
+     *                               sufficient rights to retrieve the holds.
+     * @throws UnsupportedRepositoryOperationException
+     *                               if retention and hold are not supported.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public Hold[] getHolds(String absPath) throws PathNotFoundException,
+            AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
+
+    /**
+     * Places a hold on the existing node at <code>absPath</code>. If
+     * <code>isDeep</code> is <code>true</code>) the hold applies to this node
+     * and its subtree. The hold does not take effect until a <code>save</code>
+     * is performed. A node may have more than one hold.
+     * <p/>
+     * The format and interpretation of the <code>name</code> are not specified.
+     * They are application-dependent.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the
+     * node at <code>absPath</code> cannot have a hold set.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to perform the operation.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @param name  an application-dependent string.
+     * @param isDeep  a boolean indicating if the hold applies to the subtree.
+     * @return The <code>Hold</code> applied.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the node at
+     *                                <code>absPath</code> cannot have a hold set.
+     * @throws AccessDeniedException  if the current session does not have
+     *                                sufficient rights to perform the operation.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if retention and hold are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public Hold addHold(String absPath, String name, boolean isDeep)
+            throws PathNotFoundException, AccessControlException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException;
+
+    /**
+     * Removes the specified <code>hold</code> from the node at
+     * <code>absPath</code>. The removal does not take effect until a
+     * <code>save</code> is performed.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the specified
+     * <code>hold</code> does not apply to the node at <code>absPath</code>.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to perform the operation.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @param hold    the hold to be removed.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the specified <code>hold</code> is not
+     *                                present at the node at <code>absPath</code>.
+     * @throws AccessDeniedException  if the current session does not have
+     *                                sufficient rights to perform the operation.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if retention and hold are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public void removeHold(String absPath, Hold hold)
+            throws PathNotFoundException, AccessControlException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, LockException, VersionException,
             RepositoryException;
+
+    /**
+     * Returns the retention policy that has been set using {@link #setRetentionPolicy}
+     * on the node at <code>absPath</code> or <code>null</code> if no policy has been set.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to retrieve the retention policy.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path to an existing node.
+     * @return The retention policy that applies to the existing node at
+     *         <code>absPath</code> or <code>null</code> if no policy applies.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws AccessDeniedException if the current session does not have
+     *                               sufficient rights to retrieve the policy.
+     * @throws UnsupportedRepositoryOperationException
+     *                               if retention and hold are not supported.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public RetentionPolicy getRetentionPolicy(String absPath)
+            throws PathNotFoundException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, RepositoryException;
+
+    /**
+     * Sets the retention policy of the node at <code>absPath</code> to
+     * that defined in the specified policy node. Interpretation and enforcement
+     * of this policy is an implementation issue. In any case the policy does
+     * does not take effect until a <code>save</code> is performed.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the specified
+     * node is not a valid retention policy node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to perform the operation.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath         an absolute path to an existing node.
+     * @param retentionPolicy a retention policy.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the specified retention policy is not
+     *                                valid on the specified node.
+     * @throws AccessDeniedException  if the current session does not have
+     *                                sufficient rights to perform the operation.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if retention and hold are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy)
+            throws PathNotFoundException, AccessControlException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, LockException, VersionException,
+            RepositoryException;
+
+    /**
+     * Causes the current retention policy on the node at
+     * <code>absPath</code> to no longer apply. The removal does not take effect
+     * until a <code>save</code> is performed.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if this node does
+     * not have a retention policy currently assigned.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to perform the operation.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path to an existing node.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if this node does not have a
+     *                                retention policy currently assigned.
+     * @throws AccessDeniedException  if the current session does not have
+     *                                sufficient rights to perform the operation.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if retention and hold are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public void removeRetentionPolicy(String absPath)
+            throws PathNotFoundException, AccessControlException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException;
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicy.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicy.java?rev=656178&r1=656177&r2=656178&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicy.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicy.java Wed May 14 02:28:44 2008
@@ -1,3 +1,19 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.apache.jackrabbit.core.security.jsr283.security;
 
 import javax.jcr.RepositoryException;
@@ -14,8 +30,6 @@
     /**
      * Returns the name of the access control policy, which should be unique
      * among the choices applicable to any particular node.
-     * It is presented to provide an easily identifiable choice for
-     * users choosing a policy to assign to a node.
      *
      * @return the name of the access control policy.
      * @throws RepositoryException if an error occurs.
@@ -23,9 +37,7 @@
     public String getName() throws RepositoryException;
 
     /**
-     * Returns a human readable description of the access control policy which
-     * should be sufficient for allowing end users to chose between different
-     * policies to apply to a node.
+     * Returns a human readable description of the access control policy.
      *
      * @return a human readable description of the access control policy.
      * @throws RepositoryException if an error occurs.

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIterator.java?rev=656178&r1=656177&r2=656178&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIterator.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIterator.java Wed May 14 02:28:44 2008
@@ -1,3 +1,19 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.apache.jackrabbit.core.security.jsr283.security;
 
 import javax.jcr.RangeIterator;

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Hold.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Hold.java?rev=656178&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Hold.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Hold.java Wed May 14 02:28:44 2008
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * <code>Hold</code> represents a hold that can be applied to an existing node in order to
+ * prevent the node from being modified or removed. The format and interpretation of the name
+ * are not specified. They are application-dependent.
+ * <p/>
+ * If {@link #isDeep()} is <code>true</code>, the hold applies to the
+ * node and its entire subtree. Otherwise the hold applies to the node and its
+ * properties only.
+ *
+ * @see AccessControlManager#getHolds(String)
+ * @see AccessControlManager#addHold(String, String, boolean)
+ * @see AccessControlManager#removeHold(String, Hold)
+ * @since JCR 2.0
+ */
+public interface Hold {
+
+    /**
+     * Returns <code>true</code> if this <code>Hold</code> is deep.
+     *
+     * @return <code>true</code> if this <code>Hold</code> is deep.
+     * @throws RepositoryException if an error occurs.
+     */
+    public boolean isDeep() throws RepositoryException;
+
+    /**
+     * Returns the name of this <code>Hold</code>.
+     *
+     * @return the name of this <code>Hold</code>.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getName() throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Hold.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Hold.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Privilege.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Privilege.java?rev=656178&r1=656177&r2=656178&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Privilege.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Privilege.java Wed May 14 02:28:44 2008
@@ -1,3 +1,19 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.apache.jackrabbit.core.security.jsr283.security;
 
 /**

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/RetentionPolicy.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/RetentionPolicy.java?rev=656178&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/RetentionPolicy.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/RetentionPolicy.java Wed May 14 02:28:44 2008
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * An <code>RetentionPolicy</code> is an object with a name and an optional
+ * description.
+ *
+ * @since JCR 2.0
+ */
+public interface RetentionPolicy {
+    /**
+     * Returns the name of the retention policy.
+     *
+     * @return the name of the access control policy.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getName() throws RepositoryException;
+
+    /**
+     * Returns a human readable description of the retention policy.
+     *
+     * @return a human readable description of the retention policy.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getDescription() throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/RetentionPolicy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/RetentionPolicy.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url



Mime
View raw message