jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r658134 [1/4] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/ jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ ja...
Date Tue, 20 May 2008 07:37:17 GMT
Author: angela
Date: Tue May 20 00:37:15 2008
New Revision: 658134

URL: http://svn.apache.org/viewvc?rev=658134&view=rev
Log:
JCR-1588: JSR 283 Access Control (work in progress)

- move 283 interfaces to jackrabbit-api project

Added:
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlEntry.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlException.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyIterator.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Hold.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java   (with props)
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/RetentionPolicy.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AbstractAccessControlTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlDiscoveryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlEntryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyIteratorTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/RSessionAccessControlDiscoveryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/RSessionAccessControlEntryTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/RSessionAccessControlPolicyTest.java   (with props)
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/TestAll.java   (with props)
Removed:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AMContext.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitAccessControlManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/Authentication.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyEntry.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlConstants.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactory.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PolicyEntry.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplate.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/DefaultACL.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyTemplateImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/AbstractPrincipalIterator.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalIteratorAdapter.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleLoginModule.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/GroupTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/AccessManagerTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyEntryTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractPolicyTemplateTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyEntryImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/IndexNodeResolverTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlEntry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlEntry.java?rev=658134&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlEntry.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlEntry.java Tue May 20 00:37:15 2008
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import java.security.Principal;
+
+/**
+ * An <code>AccessControlEntry</code> represents the association of one or more
+ * <code>Privilege</code> objects with a specific <code>Principal</code>.
+ *
+ * @since JCR 2.0
+ */
+public interface AccessControlEntry {
+    /**
+     * Returns the principal associated with this access control entry.
+     * @return a <code>Principal</code>.
+     */
+    public Principal getPrincipal();
+
+    /**
+     * Returns the privileges associated with this access control entry.
+     * @return an array of <code>Privilege</code>s.
+     */
+    public Privilege[] getPrivileges();
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlEntry.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlEntry.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlException.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlException.java?rev=658134&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlException.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlException.java Tue May 20 00:37:15 2008
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * Exception thrown by access control related methods of
+ * <code>AccessControlManager</code>.
+ *
+ * @since JCR 2.0
+ */
+public class AccessControlException extends RepositoryException {
+    
+    /**
+     * Constructs a new instance of this class with <code>null</code> as its
+     * detail message.
+     */
+    public AccessControlException() {
+        super();
+    }
+
+    /**
+     * Constructs a new instance of this class with the specified detail
+     * message.
+     *
+     * @param message the detail message. The detail message is saved for
+     *                later retrieval by the {@link #getMessage()} method.
+     */
+    public AccessControlException(String message) {
+        super(message);
+    }
+
+    /**
+     * Constructs a new instance of this class with the specified detail
+     * message and root cause.
+     *
+     * @param message   the detail message. The detail message is saved for
+     *                  later retrieval by the {@link #getMessage()} method.
+     * @param rootCause root failure cause
+     */
+    public AccessControlException(String message, Throwable rootCause) {
+        super(message, rootCause);
+    }
+
+    /**
+     * Constructs a new instance of this class with the specified root cause.
+     *
+     * @param rootCause root failure cause
+     */
+    public AccessControlException(Throwable rootCause) {
+        super(rootCause);
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlException.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java?rev=658134&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java Tue May 20 00:37:15 2008
@@ -0,0 +1,867 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.lock.LockException;
+import javax.jcr.version.VersionException;
+import java.security.Principal;
+
+/**
+ * The <code>AccessControlManager</code> object is accessed via
+ * {@link javax.jcr.Session#getAccessControlManager()}. It provides methods for:
+ * <ul>
+ * <li>Access control discovery</li>
+ * <li>Assigning access control policies</li>
+ * <li>Assigning access control entries</li>
+ * <li>Retention and hold discovery</li>
+ * <li>Adding hold(s) to existing nodes and removing them</li>
+ * <li>Adding retention policies to existing nodes and removing them.</li>
+ * </ul>
+ *
+ * @since JCR 2.0
+ */
+public interface AccessControlManager {
+
+    /**
+     * Returns the privileges supported for absolute path <code>absPath</code>,
+     * which must be an existing node.
+     * <p/>
+     * This method does not return the privileges held by the session. Instead,
+     * it returns the privileges that the repository supports.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @return an array of <code>Privilege</code>s.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public Privilege[] getSupportedPrivileges(String absPath)
+            throws PathNotFoundException, RepositoryException;
+
+    /**
+     * Returns whether the session has the specified privileges for absolute
+     * path <code>absPath</code>, which must be an existing node.
+     * <p/>
+     * Testing an aggregate privilege is equivalent to testing each non aggregate
+     * privilege among the set returned by calling
+     * <code>Privilege.getAggregatePrivileges()</code> for that privilege.
+     * <p/>
+     * The results reported by the this method reflect the net
+     * <i>effect</i> of the currently applied control mechanisms. It does not reflect
+     * unsaved access control policies or unsaved access control entries.
+     * Changes to access control status caused by these mechanisms only take effect
+     * on <code>Session.save()</code> and are only then reflected in the results of
+     * the privilege test methods.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath    an absolute path.
+     * @param privileges an array of <code>Privilege</code>s.
+     * @return <code>true</code> if the session has the specified privileges;
+     *         <code>false</code> otherwise.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public boolean hasPrivileges(String absPath, Privilege[] privileges)
+            throws PathNotFoundException, RepositoryException;
+
+    /**
+     * Returns the privileges the session has for absolute path absPath, which
+     * must be an existing node.
+     * <p/>
+     * The returned privileges are those for which {@link #hasPrivileges} would
+     * return <code>true</code>.
+     * <p/>
+     * The results reported by the this method reflect the net
+     * <i>effect</i> of the currently applied control mechanisms. It does not reflect
+     * unsaved access control policies or unsaved access control entries.
+     * Changes to access control status caused by these mechanisms only take effect
+     * on <code>Session.save()</code> and are only then reflected in the results of
+     * the privilege test methods.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @return an array of <code>Privilege</code>s.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public Privilege[] getPrivileges(String absPath)
+            throws PathNotFoundException, RepositoryException;
+
+    /**
+     * Returns the <code>AccessControlPolicy</code> that has been set to
+     * the node at <code>absPath</code> or <code>null</code> if no
+     * policy has been set. This method reflects the binding state, including
+     * transient policy modifications.
+     * <p/>
+     * Use {@link #getEffectivePolicy(String)} in order to determine the
+     * policy that effectively applies at <code>absPath</code>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @return an <code>AccessControlPolicy</code> object or <code>null</code>.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws AccessDeniedException if the session lacks
+     *                               <code>READ_ACCESS_CONTROL</code> privilege
+     *                               for the <code>absPath</code> node.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public AccessControlPolicy getPolicy(String absPath)
+            throws PathNotFoundException, AccessDeniedException, RepositoryException;
+
+    /**
+     * Returns the <code>AccessControlPolicy</code> that currently is in effect
+     * at the node at <code>absPath</code>. This may be an
+     * <code>AccessControlPolicy</code> set through this API or some
+     * implementation specific (default) policy.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @return an <code>AccessControlPolicy</code> object.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws AccessDeniedException if the session lacks
+     *                               <code>READ_ACCESS_CONTROL</code> privilege
+     *                               for the <code>absPath</code> node.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public AccessControlPolicy getEffectivePolicy(String absPath)
+            throws PathNotFoundException, AccessDeniedException, RepositoryException;
+
+    /**
+     * Returns the access control policies that are capable of being applied to
+     * the node at <code>absPath</code>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @return an <code>AccessControlPolicyIterator</code> over the applicable
+     *         access control policies or an empty iterator if no policies are
+     *         applicable.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws AccessDeniedException if the session lacks
+     *                               <code>READ_ACCESS_CONTROL</code> privilege
+     *                               for the <code>absPath</code> node.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public AccessControlPolicyIterator getApplicablePolicies(String absPath)
+            throws PathNotFoundException, AccessDeniedException, RepositoryException;
+
+    /**
+     * Binds the <code>policy</code> to the node at <code>absPath</code>.
+     * <p/>
+     * Only one policy may be bound at a time. If more than one policy per node
+     * is required, the implementation should provide an appropriate aggregate
+     * policy among those returned by <code>getApplicablePolicies(absPath)</code>.
+     * The access control policy does not take effect until a <code>save</code>
+     * is performed.
+     * <p/>
+     * If the node has access control entries that were bound to it through the
+     * JCR API prior to the <code>setPolicy</code> call, then these entries may
+     * be deleted. Any implementation-specific (non-JCR) access control
+     * settings may be changed in response to a successful call to
+     * <code>setPolicy</code>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the policy is not applicable.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
+     * node.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @param policy  the <code>AccessControlPolicy</code> to be applied.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the policy is not applicable.
+     * @throws AccessDeniedException  if the session lacks
+     *                                <code>MODIFY_ACCESS_CONTROL</code>
+     *                                privilege for the <code>absPath</code> node.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public void setPolicy(String absPath, AccessControlPolicy policy)
+            throws PathNotFoundException, AccessControlException,
+            AccessDeniedException, LockException, VersionException, RepositoryException;
+
+    /**
+     * Removes the <code>AccessControlPolicy</code> from the node at absPath and
+     * returns it.
+     * <p/>
+     * An <code>AccessControlPolicy</code> can only be removed if it was
+     * bound to the specified node through this API before. The effect of the
+     * removal only takes place upon <code>Session.save()</code>. Whichever
+     * defaults the implementation applies now take effect.
+     * Note, that an implementation default or any other effective
+     * <code>AccessControlPolicy</code> that has not been applied to the node
+     * before may never be removed using this method.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if no policy exists.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
+     * node.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @return the removed <code>AccessControlPolicy</code>.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if no policy exists.
+     * @throws AccessDeniedException  if the session lacks
+     *                                <code>MODIFY_ACCESS_CONTROL</code>
+     *                                privilege for the <code>absPath</code> node.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public AccessControlPolicy removePolicy(String absPath)
+            throws PathNotFoundException, AccessControlException,
+            AccessDeniedException, LockException, VersionException, RepositoryException;
+
+    /**
+     * Returns all access control entries assigned to the node at <code>absPath</code>
+     * including transient modifications made to the entries at <code>absPath</code>.
+     * <p/>
+     * This method is only guaranteed to return an <code>AccessControlEntry</code>
+     * if that <code>AccessControlEntry</code> has been assigned <i>through this API</i>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * access control entries are not supported.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path
+     * @return all access control entries assigned at to specified node.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws AccessDeniedException if the session lacks
+     *                               <code>READ_ACCESS_CONTROL</code> privilege
+     *                               for the <code>absPath</code> node.
+     * @throws UnsupportedRepositoryOperationException
+     *                               if access control entries
+     *                               are not supported.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public AccessControlEntry[] getAccessControlEntries(String absPath)
+            throws PathNotFoundException, AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
+
+    /**
+     * Returns the access control entries that are effective at the node at
+     * <code>absPath</code>.
+     * <p/>
+     * This method performs a best-effort search for all access control entries in
+     * effect on the node at <code>absPath</code>.
+     * </p>
+     * If an implementation is not able to determine the effective entries
+     * present at the given node it returns <code>null</code>. If the implementation
+     * positively determines that no entries present at the given node then an empty
+     * array is returned.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * access control entries are not supported.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path
+     * @return the access control entries that are currently effective at the
+     *         node at <code>absPath</code> or <code>null</code> if the
+     *         implementation is not able to determine the effective entries.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to retrieve the node.
+     * @throws AccessDeniedException if the session lacks
+     *                               <code>READ_ACCESS_CONTROL</code> privilege for the
+     *                               <code>absPath</code> node.
+     * @throws UnsupportedRepositoryOperationException
+     *                               if access control entries
+     *                               are not supported.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public AccessControlEntry[] getEffectiveAccessControlEntries(String absPath)
+            throws PathNotFoundException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, RepositoryException;
+
+
+    /**
+     * Adds the access control entry consisting of the specified
+     * <code>principal</code> and the specified <code>privileges</code> to the
+     * node at <code>absPath</code>.
+     * <p/>
+     * This method returns the <code>AccessControlEntry</code> object constructed from the
+     * specified <code>principal</code> and contains at least the given <code>privileges</code>.
+     * An implementation may return a resulting ACE that combines the given <code>privileges</code>
+     * with those added by a previous call to <code>addAccessControlEntry</code> for the same
+     * <code>Principal</code>. However, a call to <code>addAccessControlEntry</code> for a given
+     * <code>Principal</code> can never remove a <code>Privilege</code> added by a previous call
+     * to <code>addAccessControlEntry</code>.
+     * <p/>
+     * The access control entry does not take effect until a <code>save</code>
+     * is performed.
+     * <p/>
+     * This method is guaranteed to affect only the privileges of the specified
+     * <code>principal</code>.
+     * <p/>
+     * This method <i>may</i> affect the privileges granted to that principal with
+     * respect to nodes other than that specified. However, if it does, it is
+     * guaranteed to only affect the privileges of those other nodes in the
+     * same way as it affects the privileges of the specified node.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the specified principal
+     * does not exist, if any of the specified privileges is not supported at
+     * <code>absPath</code> or if some other access control related exception occurs.
+     * <p/>
+     * An <code>AccessDeniedException</code>  is thrown if the session lacks
+     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
+     * node.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * access control entries are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath    an absolute path.
+     * @param principal  a <code>Principal</code>.
+     * @param privileges an array of <code>Privilege</code>s.
+     * @return the <code>AccessControlEntry</code> object constructed from the
+     *         specified <code>principal</code> and <code>privileges</code>.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the specified principal does not exist,
+     *                                if any of the specified privileges is not supported at
+     *                                <code>absPath</code> or if some other access control related
+     *                                exception occurs.
+     * @throws AccessDeniedException  if the session lacks
+     *                                <code>MODIFY_ACCESS_CONTROL</code> privilege for the
+     *                                <code>absPath</code> node.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if access control entries
+     *                                are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public AccessControlEntry addAccessControlEntry(String absPath,
+                                                    Principal principal,
+                                                    Privilege[] privileges)
+            throws PathNotFoundException, AccessControlException,
+            AccessDeniedException, UnsupportedRepositoryOperationException,
+            LockException, VersionException, RepositoryException;
+
+    /**
+     * Removes the specified <code>AccessControlEntry</code> from the node at
+     * <code>absPath</code>.
+     * <p/>
+     * This method is guaranteed to affect only the privileges of the principal
+     * defined within the passed <code>AccessControlEntry</code>.
+     * <p/>
+     * This method <i>may</i> affect the privileges granted to that principal
+     * with respect to nodes other than that specified. However, if it does,
+     * it is guaranteed to only affect the privileges of those other nodes in
+     * the same way as it affects the privileges of the specified node.
+     * <p/>
+     * Only exactly those entries obtained through
+     * <code>getAccessControlEntries<code> can be removed. The effect of the
+     * removal only takes effect upon <code>Session.save()</code>.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the specified entry
+     * is not present on the specified node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the session lacks
+     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
+     * node.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * access control entries are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @param ace     the access control entry to be removed.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the specified entry is not
+     *                                present on the specified node.
+     * @throws AccessDeniedException  if the session lacks
+     *                                <code>MODIFY_ACCESS_CONTROL</code> privilege
+     *                                for the <code>absPath</code> node.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if access control entries
+     *                                are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public void removeAccessControlEntry(String absPath, AccessControlEntry ace)
+            throws PathNotFoundException, AccessControlException,
+            AccessDeniedException, UnsupportedRepositoryOperationException,
+            LockException, VersionException, RepositoryException;
+
+    /**
+     * Returns all hold objects that have been added through this API to the
+     * existing node at <code>absPath</code>. If no hold has been set before,
+     * this method returns an empty array.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to retrieve the holds.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @return All hold objects that have been added to the existing node at
+     *         <code>absPath</code> through this API or an empty array if no
+     *         hold has been set.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessDeniedException if the current session does not have
+     *                               sufficient rights to retrieve the holds.
+     * @throws UnsupportedRepositoryOperationException
+     *                               if retention and hold are not supported.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public Hold[] getHolds(String absPath) throws PathNotFoundException,
+            AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
+
+    /**
+     * Places a hold on the existing node at <code>absPath</code>. If
+     * <code>isDeep</code> is <code>true</code>) the hold applies to this node
+     * and its subtree. The hold does not take effect until a <code>save</code>
+     * is performed. A node may have more than one hold.
+     * <p/>
+     * The format and interpretation of the <code>name</code> are not specified.
+     * They are application-dependent.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the
+     * node at <code>absPath</code> cannot have a hold set.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to perform the operation.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @param name  an application-dependent string.
+     * @param isDeep  a boolean indicating if the hold applies to the subtree.
+     * @return The <code>Hold</code> applied.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the node at
+     *                                <code>absPath</code> cannot have a hold set.
+     * @throws AccessDeniedException  if the current session does not have
+     *                                sufficient rights to perform the operation.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if retention and hold are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public Hold addHold(String absPath, String name, boolean isDeep)
+            throws PathNotFoundException, AccessControlException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException;
+
+    /**
+     * Removes the specified <code>hold</code> from the node at
+     * <code>absPath</code>. The removal does not take effect until a
+     * <code>save</code> is performed.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the specified
+     * <code>hold</code> does not apply to the node at <code>absPath</code>.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to perform the operation.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path.
+     * @param hold    the hold to be removed.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the specified <code>hold</code> is not
+     *                                present at the node at <code>absPath</code>.
+     * @throws AccessDeniedException  if the current session does not have
+     *                                sufficient rights to perform the operation.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if retention and hold are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public void removeHold(String absPath, Hold hold)
+            throws PathNotFoundException, AccessControlException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, LockException, VersionException,
+            RepositoryException;
+
+    /**
+     * Returns the retention policy that has been set using {@link #setRetentionPolicy}
+     * on the node at <code>absPath</code> or <code>null</code> if no policy has been set.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to retrieve the retention policy.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path to an existing node.
+     * @return The retention policy that applies to the existing node at
+     *         <code>absPath</code> or <code>null</code> if no policy applies.
+     * @throws PathNotFoundException if no node at <code>absPath</code> exists
+     *                               or the session does not have privilege to
+     *                               retrieve the node.
+     * @throws AccessDeniedException if the current session does not have
+     *                               sufficient rights to retrieve the policy.
+     * @throws UnsupportedRepositoryOperationException
+     *                               if retention and hold are not supported.
+     * @throws RepositoryException   if another error occurs.
+     */
+    public RetentionPolicy getRetentionPolicy(String absPath)
+            throws PathNotFoundException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, RepositoryException;
+
+    /**
+     * Sets the retention policy of the node at <code>absPath</code> to
+     * that defined in the specified policy node. Interpretation and enforcement
+     * of this policy is an implementation issue. In any case the policy does
+     * does not take effect until a <code>save</code> is performed.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if the specified
+     * node is not a valid retention policy node.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to perform the operation.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath         an absolute path to an existing node.
+     * @param retentionPolicy a retention policy.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if the specified retention policy is not
+     *                                valid on the specified node.
+     * @throws AccessDeniedException  if the current session does not have
+     *                                sufficient rights to perform the operation.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if retention and hold are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy)
+            throws PathNotFoundException, AccessControlException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, LockException, VersionException,
+            RepositoryException;
+
+    /**
+     * Causes the current retention policy on the node at
+     * <code>absPath</code> to no longer apply. The removal does not take effect
+     * until a <code>save</code> is performed.
+     * <p/>
+     * A <code>PathNotFoundException</code> is thrown if no node at
+     * <code>absPath</code> exists or the session does not have privilege to
+     * retrieve the node.
+     * <p/>
+     * An <code>AccessControlException</code> is thrown if this node does
+     * not have a retention policy currently assigned.
+     * <p/>
+     * An <code>AccessDeniedException</code> is thrown if the current session
+     * does not have sufficient rights to perform the operation.
+     * <p/>
+     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
+     * retention and hold are not supported.
+     * <p/>
+     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
+     * is locked and this implementation performs this validation immediately
+     * instead of waiting until <code>save</code>.
+     * <p/>
+     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
+     * is versionable and checked-in or is non-versionable but its nearest
+     * versionable ancestor is checked-in and this implementation performs this
+     * validation immediately instead of waiting until <code>save</code>.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param absPath an absolute path to an existing node.
+     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
+     *                                or the session does not have privilege to
+     *                                retrieve the node.
+     * @throws AccessControlException if this node does not have a
+     *                                retention policy currently assigned.
+     * @throws AccessDeniedException  if the current session does not have
+     *                                sufficient rights to perform the operation.
+     * @throws UnsupportedRepositoryOperationException
+     *                                if retention and hold are not supported.
+     * @throws LockException          if a lock applies at the node at
+     *                                <code>absPath</code> and this implementation
+     *                                performs this validation immediately instead
+     *                                of waiting until <code>save</code>.
+     * @throws VersionException       if the node at <code>absPath</code> is
+     *                                versionable and checked-in or is non-versionable
+     *                                but its nearest versionable ancestor is
+     *                                checked-in and this implementation performs
+     *                                this validation immediately instead of
+     *                                waiting until <code>save</code>.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public void removeRetentionPolicy(String absPath)
+            throws PathNotFoundException, AccessControlException, AccessDeniedException,
+            UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java?rev=658134&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java Tue May 20 00:37:15 2008
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * An <code>AccessControlPolicy</code> is an object with a name and an optional
+ * description. Examples of possible <code>AccessControlPolicy</code> 
+ * implementations include access control lists or role-responsibility 
+ * assignments.
+ *
+ * @since JCR 2.0
+ */
+public interface AccessControlPolicy {
+    /**
+     * Returns the name of the access control policy, which should be unique
+     * among the choices applicable to any particular node.
+     *
+     * @return the name of the access control policy.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getName() throws RepositoryException;
+
+    /**
+     * Returns a human readable description of the access control policy.
+     *
+     * @return a human readable description of the access control policy.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getDescription() throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyIterator.java?rev=658134&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyIterator.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyIterator.java Tue May 20 00:37:15 2008
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import javax.jcr.RangeIterator;
+
+/**
+ * Allows easy iteration through a list of <code>AccessControlPolicy</code>s
+ * with <code>nextAccessControlPolicy</code> as well as a <code>skip</code>
+ * method inherited from <code>RangeIterator</code>.
+ *
+ * @since JCR 2.0
+ */
+public interface AccessControlPolicyIterator extends RangeIterator {
+    
+    /**
+     * Returns the next <code>AccessControlPolicy</code> in the iteration.
+     *
+     * @return the next <code>AccessControlPolicy</code> in the iteration.
+     * @throws java.util.NoSuchElementException if iteration has no more
+     *         <code>AccessControlPolicy</code>s.
+    */
+   public AccessControlPolicy nextAccessControlPolicy();
+
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyIterator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyIterator.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Hold.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Hold.java?rev=658134&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Hold.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Hold.java Tue May 20 00:37:15 2008
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * <code>Hold</code> represents a hold that can be applied to an existing node in order to
+ * prevent the node from being modified or removed. The format and interpretation of the name
+ * are not specified. They are application-dependent.
+ * <p/>
+ * If {@link #isDeep()} is <code>true</code>, the hold applies to the
+ * node and its entire subtree. Otherwise the hold applies to the node and its
+ * properties only.
+ *
+ * @see AccessControlManager#getHolds(String)
+ * @see AccessControlManager#addHold(String, String, boolean)
+ * @see AccessControlManager#removeHold(String, Hold)
+ * @since JCR 2.0
+ */
+public interface Hold {
+
+    /**
+     * Returns <code>true</code> if this <code>Hold</code> is deep.
+     *
+     * @return <code>true</code> if this <code>Hold</code> is deep.
+     * @throws RepositoryException if an error occurs.
+     */
+    public boolean isDeep() throws RepositoryException;
+
+    /**
+     * Returns the name of this <code>Hold</code>.
+     *
+     * @return the name of this <code>Hold</code>.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getName() throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Hold.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Hold.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java?rev=658134&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java Tue May 20 00:37:15 2008
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+/**
+ * A privilege represents the capability of performing a particular set
+ * of operations on items in the JCR repository. Each privilege is identified
+ * by a NAME that is unique across the set of privileges supported by a
+ * repository. JCR defines a set of standard privileges in the <code>jcr</code>
+ * namespace. Implementations may add additional privileges in namespaces other
+ * than <code>jcr</code>.
+ * <p/>
+ * A privilege may be an aggregate privilege. Aggregate privileges are sets of
+ * other privileges. Granting, denying, or testing an aggregate privilege is
+ * equivalent to individually granting, denying, or testing each privilege it
+ * contains. The privileges contained by an aggregate privilege may themselves
+ * be aggregate privileges if the resulting privilege graph is acyclic.
+ * <p/>
+ * A privilege may be an abstract privilege. Abstract privileges cannot
+ * themselves be granted or denied, but can be composed into aggregate privileges
+ * which are granted or denied.
+ * <p/>
+ * A privilege can be both aggregate and abstract.
+ *
+ * @since JCR 2.0
+ */
+public interface Privilege {
+
+    /**
+     * A constant representing <code>READ</code>, the privilege to retrieve
+     * a node and get its properties and their values.
+     */
+    public static final String READ = "javax.jcr.security.Privilege.READ";
+
+    /**
+     * A constant representing <code>MODIFY_PROPERTIES</code>, the privilege
+     * to create, modify and remove the properties of a node.
+     */
+    public static final String MODIFY_PROPERTIES = "javax.jcr.security.Privilege.MODIFY_PROPERTIES";
+
+    /**
+     * A constant representing <code>ADD_CHILD_NODES</code>, the privilege
+     * to create child nodes of a node.
+     */
+    public static final String ADD_CHILD_NODES = "javax.jcr.security.Privilege.ADD_CHILD_NODES";
+
+    /**
+     * A constant representing <code>REMOVE_CHILD_NODES</code>, the privilege
+     * to remove child nodes of a node.
+     */
+    public static final String REMOVE_CHILD_NODES = "javax.jcr.security.Privilege.REMOVE_CHILD_NODES";
+
+    /**
+     * A constant representing <code>WRITE</code>, an aggregate privilege that contains:
+     *<ul>
+     *  <li>MODIFY_PROPERTIES</li>
+     *  <li>ADD_CHILD_NODES</li>
+     *  <li>REMOVE_CHILD_NODES</li>
+     * </ul>
+     */
+    public static final String WRITE = "javax.jcr.security.Privilege.WRITE";
+
+    /**
+     * A constant representing <code>READ_ACCESS_CONTROL</code>, the privilege
+     * to get the access control policy of a node.
+     */
+    public static final String READ_ACCESS_CONTROL = "javax.jcr.security.Privilege.READ_ACCESS_CONTROL";
+
+    /**
+     * A constant representing <code>MODIFY_ACCESS_CONTROL</code>, the privilege
+     * to modify the access control policies of a node.
+     */
+    public static final String MODIFY_ACCESS_CONTROL = "javax.jcr.security.Privilege.MODIFY_ACCESS_CONTROL";
+
+    /**
+     * A constant representing <code>ALL</code>, an aggregate privilege that contains
+     * all predefined privileges:
+     * <ul>
+     *   <li>READ</li>
+     *   <li>WRITE</li>
+     *   <li>READ_ACCESS_CONTROL</li>
+     *   <li>MODIFY_ACCESS_CONTROL</li>
+     * </ul>
+     * It should in addition include all implementation-defined privileges.
+     */
+    public static final String ALL = "javax.jcr.security.Privilege.ALL";
+
+    /**
+     * Returns the name of this privilege.
+     *
+     * @return the name of this privilege.
+     */
+    public String getName();
+
+    /**
+     * Returns a description of this privilege.
+     *
+     * @return a description of this privilege.
+     */
+    public String getDescription();
+
+    /**
+     * Returns whether this privilege is an abstract privilege.
+     * @return <code>true</code> if this privilege is an abstract privilege;
+     *         <code>false</code> otherwise.
+     */
+    public boolean isAbstract();
+
+    /**
+     * Returns whether this privilege is an aggregate privilege.
+     * @return <code>true</code> if this privilege is an aggregate privilege;
+     *         <code>false</code> otherwise.
+     */
+    public boolean isAggregate();
+
+    /**
+     * If this privilege is an aggregate privilege, returns the privileges directly
+     * contained by the aggregate privilege. Otherwise returns an empty array.
+     *
+     * @return an array of <code>Privilege</code>s
+     */
+    public Privilege[] getDeclaredAggregatePrivileges();
+
+    /**
+     * If this privilege is an aggregate privilege, returns the privileges it
+     * contains, the privileges contained by any aggregate privileges among
+     * those, and so on (the transitive closure of privileges contained by this
+     * privilege). Otherwise returns an empty array.
+     *
+     * @return an array of <code>Privilege</code>s
+     */
+    public Privilege[] getAggregatePrivileges();
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/RetentionPolicy.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/RetentionPolicy.java?rev=658134&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/RetentionPolicy.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/RetentionPolicy.java Tue May 20 00:37:15 2008
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * An <code>RetentionPolicy</code> is an object with a name and an optional
+ * description.
+ *
+ * @since JCR 2.0
+ */
+public interface RetentionPolicy {
+    /**
+     * Returns the name of the retention policy.
+     *
+     * @return the name of the access control policy.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getName() throws RepositoryException;
+
+    /**
+     * Returns a human readable description of the retention policy.
+     *
+     * @return a human readable description of the retention policy.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getDescription() throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/RetentionPolicy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/RetentionPolicy.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java?rev=658134&r1=658133&r2=658134&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java Tue May 20 00:37:15 2008
@@ -16,8 +16,8 @@
  */
 package org.apache.jackrabbit.commons.iterator;
 
-import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
-import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicyIterator;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
 import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator;
 import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=658134&r1=658133&r2=658134&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java Tue May 20 00:37:15 2008
@@ -16,6 +16,7 @@
  */
 package org.apache.jackrabbit.core;
 
+import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
@@ -36,7 +37,6 @@
 import org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactory;
 import org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl;
 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
-import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
 import org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.core.security.principal.PrincipalManagerImpl;

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java?rev=658134&r1=658133&r2=658134&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java Tue May 20 00:37:15 2008
@@ -35,8 +35,8 @@
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
 import org.apache.jackrabbit.core.security.authentication.AuthContext;
-import org.apache.jackrabbit.core.security.jsr283.security.AccessControlManager;
 import org.apache.jackrabbit.core.state.ItemStateException;
 import org.apache.jackrabbit.core.state.LocalItemStateManager;
 import org.apache.jackrabbit.core.state.NodeState;



Mime
View raw message