jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r689499 [2/11] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/retention/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/sec...
Date Wed, 27 Aug 2008 15:12:07 GMT
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java Wed Aug 27 08:12:04 2008
@@ -19,10 +19,8 @@
 import javax.jcr.AccessDeniedException;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
-import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.jcr.lock.LockException;
 import javax.jcr.version.VersionException;
-import java.security.Principal;
 
 /**
  * The <code>AccessControlManager</code> object is accessed via
@@ -30,10 +28,6 @@
  * <ul>
  * <li>Access control discovery</li>
  * <li>Assigning access control policies</li>
- * <li>Assigning access control entries</li>
- * <li>Retention and hold discovery</li>
- * <li>Adding hold(s) to existing nodes and removing them</li>
- * <li>Adding retention policies to existing nodes and removing them.</li>
  * </ul>
  *
  * @since JCR 2.0
@@ -64,6 +58,22 @@
             throws PathNotFoundException, RepositoryException;
 
     /**
+     * Returns the privilege with the specified <code>privilegeName</code>.
+     * <p/>
+     * A <code>AccessControlException</code> is thrown if no privilege with
+     * the specified name exists.
+     * <p/>
+     * A <code>RepositoryException</code> is thrown if another error occurs.
+     *
+     * @param privilegeName the name of an existing privilege.
+     * @return the <code>Privilege</code> with the specified <code>privilegeName</code>.
+     * @throws AccessControlException if no privilege with the specified name exists.
+     * @throws RepositoryException    if another error occurs.
+     */
+    public Privilege privilegeFromName(String privilegeName)
+            throws AccessControlException, RepositoryException;
+
+    /**
      * Returns whether the session has the specified privileges for absolute
      * path <code>absPath</code>, which must be an existing node.
      * <p/>
@@ -127,12 +137,12 @@
             throws PathNotFoundException, RepositoryException;
 
     /**
-     * Returns the <code>AccessControlPolicy</code> that has been set to
-     * the node at <code>absPath</code> or <code>null</code> if no
-     * policy has been set. This method reflects the binding state, including
-     * transient policy modifications.
+     * Returns the <code>AccessControlPolicy</code> objects that have been set to
+     * the node at <code>absPath</code> or an empty array if no policy has been
+     * set. This method reflects the binding state, including transient policy
+     * modifications.
      * <p/>
-     * Use {@link #getEffectivePolicy(String)} in order to determine the
+     * Use {@link #getEffectivePolicies(String)} in order to determine the
      * policy that effectively applies at <code>absPath</code>.
      * <p/>
      * A <code>PathNotFoundException</code> is thrown if no node at
@@ -145,7 +155,8 @@
      * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
-     * @return an <code>AccessControlPolicy</code> object or <code>null</code>.
+     * @return an array of <code>AccessControlPolicy</code> objects or an empty
+     * array if no policy has been set.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
      *                               or the session does not have privilege to
      *                               retrieve the node.
@@ -154,14 +165,13 @@
      *                               for the <code>absPath</code> node.
      * @throws RepositoryException   if another error occurs.
      */
-    public AccessControlPolicy getPolicy(String absPath)
+    public AccessControlPolicy[] getPolicies(String absPath)
             throws PathNotFoundException, AccessDeniedException, RepositoryException;
 
     /**
-     * Returns the <code>AccessControlPolicy</code> that currently is in effect
-     * at the node at <code>absPath</code>. This may be an
-     * <code>AccessControlPolicy</code> set through this API or some
-     * implementation specific (default) policy.
+     * Returns the <code>AccessControlPolicy</code> objects that currently are
+     * in effect at the node at <code>absPath</code>. This may be policies
+     * set through this API or some implementation specific (default) policies.
      * <p/>
      * A <code>PathNotFoundException</code> is thrown if no node at
      * <code>absPath</code> exists or the session does not have privilege to
@@ -173,7 +183,7 @@
      * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
-     * @return an <code>AccessControlPolicy</code> object.
+     * @return an array of <code>AccessControlPolicy</code> objects.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists
      *                               or the session does not have privilege to
      *                               retrieve the node.
@@ -182,7 +192,7 @@
      *                               for the <code>absPath</code> node.
      * @throws RepositoryException   if another error occurs.
      */
-    public AccessControlPolicy getEffectivePolicy(String absPath)
+    public AccessControlPolicy[] getEffectivePolicies(String absPath)
             throws PathNotFoundException, AccessDeniedException, RepositoryException;
 
     /**
@@ -216,17 +226,12 @@
     /**
      * Binds the <code>policy</code> to the node at <code>absPath</code>.
      * <p/>
-     * Only one policy may be bound at a time. If more than one policy per node
-     * is required, the implementation should provide an appropriate aggregate
-     * policy among those returned by <code>getApplicablePolicies(absPath)</code>.
-     * The access control policy does not take effect until a <code>save</code>
-     * is performed.
-     * <p/>
-     * If the node has access control entries that were bound to it through the
-     * JCR API prior to the <code>setPolicy</code> call, then these entries may
-     * be deleted. Any implementation-specific (non-JCR) access control
-     * settings may be changed in response to a successful call to
-     * <code>setPolicy</code>.
+     * Only policies obtained through <code>getApplicablePolicies(absPath)</code>
+     * can be set. The access control policy does not take effect until a
+     * <code>save</code> is performed.
+     * <p/>
+     * Any implementation-specific (non-JCR) access control settings may be
+     * changed in response to a successful call to <code>setPolicy</code>.
      * <p/>
      * A <code>PathNotFoundException</code> is thrown if no node at
      * <code>absPath</code> exists or the session does not have privilege to
@@ -275,13 +280,12 @@
             AccessDeniedException, LockException, VersionException, RepositoryException;
 
     /**
-     * Removes the <code>AccessControlPolicy</code> from the node at absPath and
-     * returns it.
+     * Removes the specified <code>AccessControlPolicy</code> from the node at
+     * <code>absPath</code>.
      * <p/>
      * An <code>AccessControlPolicy</code> can only be removed if it was
      * bound to the specified node through this API before. The effect of the
-     * removal only takes place upon <code>Session.save()</code>. Whichever
-     * defaults the implementation applies now take effect.
+     * removal only takes place upon <code>Session.save()</code>.
      * Note, that an implementation default or any other effective
      * <code>AccessControlPolicy</code> that has not been applied to the node
      * before may never be removed using this method.
@@ -290,7 +294,8 @@
      * <code>absPath</code> exists or the session does not have privilege to
      * retrieve the node.
      * <p/>
-     * An <code>AccessControlException</code> is thrown if no policy exists.
+     * An <code>AccessControlException</code> is thrown if the policy to remove
+     * does not exist at the node at <code>absPath</code>.
      * <p/>
      * An <code>AccessDeniedException</code> is thrown if the session lacks
      * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
@@ -308,7 +313,7 @@
      * A <code>RepositoryException</code> is thrown if another error occurs.
      *
      * @param absPath an absolute path.
-     * @return the removed <code>AccessControlPolicy</code>.
+     * @param policy  the policy to be removed.
      * @throws PathNotFoundException  if no node at <code>absPath</code> exists
      *                                or the session does not have privilege to
      *                                retrieve the node.
@@ -328,540 +333,7 @@
      *                                waiting until <code>save</code>.
      * @throws RepositoryException    if another error occurs.
      */
-    public AccessControlPolicy removePolicy(String absPath)
+    public void removePolicy(String absPath, AccessControlPolicy policy)
             throws PathNotFoundException, AccessControlException,
             AccessDeniedException, LockException, VersionException, RepositoryException;
-
-    /**
-     * Returns all access control entries assigned to the node at <code>absPath</code>
-     * including transient modifications made to the entries at <code>absPath</code>.
-     * <p/>
-     * This method is only guaranteed to return an <code>AccessControlEntry</code>
-     * if that <code>AccessControlEntry</code> has been assigned <i>through this API</i>.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the session lacks
-     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * access control entries are not supported.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath an absolute path
-     * @return all access control entries assigned at to specified node.
-     * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to
-     *                               retrieve the node.
-     * @throws AccessDeniedException if the session lacks
-     *                               <code>READ_ACCESS_CONTROL</code> privilege
-     *                               for the <code>absPath</code> node.
-     * @throws UnsupportedRepositoryOperationException
-     *                               if access control entries
-     *                               are not supported.
-     * @throws RepositoryException   if another error occurs.
-     */
-    public AccessControlEntry[] getAccessControlEntries(String absPath)
-            throws PathNotFoundException, AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
-
-    /**
-     * Returns the access control entries that are effective at the node at
-     * <code>absPath</code>.
-     * <p/>
-     * This method performs a best-effort search for all access control entries in
-     * effect on the node at <code>absPath</code>.
-     * </p>
-     * If an implementation is not able to determine the effective entries
-     * present at the given node it returns <code>null</code>. If the implementation
-     * positively determines that no entries present at the given node then an empty
-     * array is returned.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the session lacks
-     * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * access control entries are not supported.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath an absolute path
-     * @return the access control entries that are currently effective at the
-     *         node at <code>absPath</code> or <code>null</code> if the
-     *         implementation is not able to determine the effective entries.
-     * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to retrieve the node.
-     * @throws AccessDeniedException if the session lacks
-     *                               <code>READ_ACCESS_CONTROL</code> privilege for the
-     *                               <code>absPath</code> node.
-     * @throws UnsupportedRepositoryOperationException
-     *                               if access control entries
-     *                               are not supported.
-     * @throws RepositoryException   if another error occurs.
-     */
-    public AccessControlEntry[] getEffectiveAccessControlEntries(String absPath)
-            throws PathNotFoundException, AccessDeniedException,
-            UnsupportedRepositoryOperationException, RepositoryException;
-
-
-    /**
-     * Adds the access control entry consisting of the specified
-     * <code>principal</code> and the specified <code>privileges</code> to the
-     * node at <code>absPath</code>.
-     * <p/>
-     * This method returns the <code>AccessControlEntry</code> object constructed from the
-     * specified <code>principal</code> and contains at least the given <code>privileges</code>.
-     * An implementation may return a resulting ACE that combines the given <code>privileges</code>
-     * with those added by a previous call to <code>addAccessControlEntry</code> for the same
-     * <code>Principal</code>. However, a call to <code>addAccessControlEntry</code> for a given
-     * <code>Principal</code> can never remove a <code>Privilege</code> added by a previous call
-     * to <code>addAccessControlEntry</code>.
-     * <p/>
-     * The access control entry does not take effect until a <code>save</code>
-     * is performed.
-     * <p/>
-     * This method is guaranteed to affect only the privileges of the specified
-     * <code>principal</code>.
-     * <p/>
-     * This method <i>may</i> affect the privileges granted to that principal with
-     * respect to nodes other than that specified. However, if it does, it is
-     * guaranteed to only affect the privileges of those other nodes in the
-     * same way as it affects the privileges of the specified node.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessControlException</code> is thrown if the specified principal
-     * does not exist, if any of the specified privileges is not supported at
-     * <code>absPath</code> or if some other access control related exception occurs.
-     * <p/>
-     * An <code>AccessDeniedException</code>  is thrown if the session lacks
-     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
-     * node.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * access control entries are not supported.
-     * <p/>
-     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
-     * is locked and this implementation performs this validation immediately
-     * instead of waiting until <code>save</code>.
-     * <p/>
-     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
-     * is versionable and checked-in or is non-versionable but its nearest
-     * versionable ancestor is checked-in and this implementation performs this
-     * validation immediately instead of waiting until <code>save</code>.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath    an absolute path.
-     * @param principal  a <code>Principal</code>.
-     * @param privileges an array of <code>Privilege</code>s.
-     * @return the <code>AccessControlEntry</code> object constructed from the
-     *         specified <code>principal</code> and <code>privileges</code>.
-     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
-     *                                or the session does not have privilege to
-     *                                retrieve the node.
-     * @throws AccessControlException if the specified principal does not exist,
-     *                                if any of the specified privileges is not supported at
-     *                                <code>absPath</code> or if some other access control related
-     *                                exception occurs.
-     * @throws AccessDeniedException  if the session lacks
-     *                                <code>MODIFY_ACCESS_CONTROL</code> privilege for the
-     *                                <code>absPath</code> node.
-     * @throws UnsupportedRepositoryOperationException
-     *                                if access control entries
-     *                                are not supported.
-     * @throws LockException          if a lock applies at the node at
-     *                                <code>absPath</code> and this implementation
-     *                                performs this validation immediately instead
-     *                                of waiting until <code>save</code>.
-     * @throws VersionException       if the node at <code>absPath</code> is
-     *                                versionable and checked-in or is non-versionable
-     *                                but its nearest versionable ancestor is
-     *                                checked-in and this implementation performs
-     *                                this validation immediately instead of
-     *                                waiting until <code>save</code>.
-     * @throws RepositoryException    if another error occurs.
-     */
-    public AccessControlEntry addAccessControlEntry(String absPath,
-                                                    Principal principal,
-                                                    Privilege[] privileges)
-            throws PathNotFoundException, AccessControlException,
-            AccessDeniedException, UnsupportedRepositoryOperationException,
-            LockException, VersionException, RepositoryException;
-
-    /**
-     * Removes the specified <code>AccessControlEntry</code> from the node at
-     * <code>absPath</code>.
-     * <p/>
-     * This method is guaranteed to affect only the privileges of the principal
-     * defined within the passed <code>AccessControlEntry</code>.
-     * <p/>
-     * This method <i>may</i> affect the privileges granted to that principal
-     * with respect to nodes other than that specified. However, if it does,
-     * it is guaranteed to only affect the privileges of those other nodes in
-     * the same way as it affects the privileges of the specified node.
-     * <p/>
-     * Only exactly those entries obtained through
-     * <code>getAccessControlEntries<code> can be removed. The effect of the
-     * removal only takes effect upon <code>Session.save()</code>.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessControlException</code> is thrown if the specified entry
-     * is not present on the specified node.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the session lacks
-     * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
-     * node.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * access control entries are not supported.
-     * <p/>
-     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
-     * is locked and this implementation performs this validation immediately
-     * instead of waiting until <code>save</code>.
-     * <p/>
-     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
-     * is versionable and checked-in or is non-versionable but its nearest
-     * versionable ancestor is checked-in and this implementation performs this
-     * validation immediately instead of waiting until <code>save</code>.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath an absolute path.
-     * @param ace     the access control entry to be removed.
-     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
-     *                                or the session does not have privilege to
-     *                                retrieve the node.
-     * @throws AccessControlException if the specified entry is not
-     *                                present on the specified node.
-     * @throws AccessDeniedException  if the session lacks
-     *                                <code>MODIFY_ACCESS_CONTROL</code> privilege
-     *                                for the <code>absPath</code> node.
-     * @throws UnsupportedRepositoryOperationException
-     *                                if access control entries
-     *                                are not supported.
-     * @throws LockException          if a lock applies at the node at
-     *                                <code>absPath</code> and this implementation
-     *                                performs this validation immediately instead
-     *                                of waiting until <code>save</code>.
-     * @throws VersionException       if the node at <code>absPath</code> is
-     *                                versionable and checked-in or is non-versionable
-     *                                but its nearest versionable ancestor is
-     *                                checked-in and this implementation performs
-     *                                this validation immediately instead of
-     *                                waiting until <code>save</code>.
-     * @throws RepositoryException    if another error occurs.
-     */
-    public void removeAccessControlEntry(String absPath, AccessControlEntry ace)
-            throws PathNotFoundException, AccessControlException,
-            AccessDeniedException, UnsupportedRepositoryOperationException,
-            LockException, VersionException, RepositoryException;
-
-    /**
-     * Returns all hold objects that have been added through this API to the
-     * existing node at <code>absPath</code>. If no hold has been set before,
-     * this method returns an empty array.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the current session
-     * does not have sufficient rights to retrieve the holds.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * retention and hold are not supported.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath an absolute path.
-     * @return All hold objects that have been added to the existing node at
-     *         <code>absPath</code> through this API or an empty array if no
-     *         hold has been set.
-     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
-     *                                or the session does not have privilege to
-     *                                retrieve the node.
-     * @throws AccessDeniedException if the current session does not have
-     *                               sufficient rights to retrieve the holds.
-     * @throws UnsupportedRepositoryOperationException
-     *                               if retention and hold are not supported.
-     * @throws RepositoryException   if another error occurs.
-     */
-    public Hold[] getHolds(String absPath) throws PathNotFoundException,
-            AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
-
-    /**
-     * Places a hold on the existing node at <code>absPath</code>. If
-     * <code>isDeep</code> is <code>true</code>) the hold applies to this node
-     * and its subtree. The hold does not take effect until a <code>save</code>
-     * is performed. A node may have more than one hold.
-     * <p/>
-     * The format and interpretation of the <code>name</code> are not specified.
-     * They are application-dependent.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessControlException</code> is thrown if the
-     * node at <code>absPath</code> cannot have a hold set.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the current session
-     * does not have sufficient rights to perform the operation.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * retention and hold are not supported.
-     * <p/>
-     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
-     * is locked and this implementation performs this validation immediately
-     * instead of waiting until <code>save</code>.
-     * <p/>
-     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
-     * is versionable and checked-in or is non-versionable but its nearest
-     * versionable ancestor is checked-in and this implementation performs this
-     * validation immediately instead of waiting until <code>save</code>.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath an absolute path.
-     * @param name  an application-dependent string.
-     * @param isDeep  a boolean indicating if the hold applies to the subtree.
-     * @return The <code>Hold</code> applied.
-     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
-     *                                or the session does not have privilege to
-     *                                retrieve the node.
-     * @throws AccessControlException if the node at
-     *                                <code>absPath</code> cannot have a hold set.
-     * @throws AccessDeniedException  if the current session does not have
-     *                                sufficient rights to perform the operation.
-     * @throws UnsupportedRepositoryOperationException
-     *                                if retention and hold are not supported.
-     * @throws LockException          if a lock applies at the node at
-     *                                <code>absPath</code> and this implementation
-     *                                performs this validation immediately instead
-     *                                of waiting until <code>save</code>.
-     * @throws VersionException       if the node at <code>absPath</code> is
-     *                                versionable and checked-in or is non-versionable
-     *                                but its nearest versionable ancestor is
-     *                                checked-in and this implementation performs
-     *                                this validation immediately instead of
-     *                                waiting until <code>save</code>.
-     * @throws RepositoryException    if another error occurs.
-     */
-    public Hold addHold(String absPath, String name, boolean isDeep)
-            throws PathNotFoundException, AccessControlException, AccessDeniedException,
-            UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException;
-
-    /**
-     * Removes the specified <code>hold</code> from the node at
-     * <code>absPath</code>. The removal does not take effect until a
-     * <code>save</code> is performed.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessControlException</code> is thrown if the specified
-     * <code>hold</code> does not apply to the node at <code>absPath</code>.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the current session
-     * does not have sufficient rights to perform the operation.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * retention and hold are not supported.
-     * <p/>
-     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
-     * is locked and this implementation performs this validation immediately
-     * instead of waiting until <code>save</code>.
-     * <p/>
-     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
-     * is versionable and checked-in or is non-versionable but its nearest
-     * versionable ancestor is checked-in and this implementation performs this
-     * validation immediately instead of waiting until <code>save</code>.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath an absolute path.
-     * @param hold    the hold to be removed.
-     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
-     *                                or the session does not have privilege to
-     *                                retrieve the node.
-     * @throws AccessControlException if the specified <code>hold</code> is not
-     *                                present at the node at <code>absPath</code>.
-     * @throws AccessDeniedException  if the current session does not have
-     *                                sufficient rights to perform the operation.
-     * @throws UnsupportedRepositoryOperationException
-     *                                if retention and hold are not supported.
-     * @throws LockException          if a lock applies at the node at
-     *                                <code>absPath</code> and this implementation
-     *                                performs this validation immediately instead
-     *                                of waiting until <code>save</code>.
-     * @throws VersionException       if the node at <code>absPath</code> is
-     *                                versionable and checked-in or is non-versionable
-     *                                but its nearest versionable ancestor is
-     *                                checked-in and this implementation performs
-     *                                this validation immediately instead of
-     *                                waiting until <code>save</code>.
-     * @throws RepositoryException    if another error occurs.
-     */
-    public void removeHold(String absPath, Hold hold)
-            throws PathNotFoundException, AccessControlException, AccessDeniedException,
-            UnsupportedRepositoryOperationException, LockException, VersionException,
-            RepositoryException;
-
-    /**
-     * Returns the retention policy that has been set using {@link #setRetentionPolicy}
-     * on the node at <code>absPath</code> or <code>null</code> if no policy has been set.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the current session
-     * does not have sufficient rights to retrieve the retention policy.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * retention and hold are not supported.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath an absolute path to an existing node.
-     * @return The retention policy that applies to the existing node at
-     *         <code>absPath</code> or <code>null</code> if no policy applies.
-     * @throws PathNotFoundException if no node at <code>absPath</code> exists
-     *                               or the session does not have privilege to
-     *                               retrieve the node.
-     * @throws AccessDeniedException if the current session does not have
-     *                               sufficient rights to retrieve the policy.
-     * @throws UnsupportedRepositoryOperationException
-     *                               if retention and hold are not supported.
-     * @throws RepositoryException   if another error occurs.
-     */
-    public RetentionPolicy getRetentionPolicy(String absPath)
-            throws PathNotFoundException, AccessDeniedException,
-            UnsupportedRepositoryOperationException, RepositoryException;
-
-    /**
-     * Sets the retention policy of the node at <code>absPath</code> to
-     * that defined in the specified policy node. Interpretation and enforcement
-     * of this policy is an implementation issue. In any case the policy does
-     * does not take effect until a <code>save</code> is performed.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessControlException</code> is thrown if the specified
-     * node is not a valid retention policy node.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the current session
-     * does not have sufficient rights to perform the operation.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * retention and hold are not supported.
-     * <p/>
-     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
-     * is locked and this implementation performs this validation immediately
-     * instead of waiting until <code>save</code>.
-     * <p/>
-     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
-     * is versionable and checked-in or is non-versionable but its nearest
-     * versionable ancestor is checked-in and this implementation performs this
-     * validation immediately instead of waiting until <code>save</code>.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath         an absolute path to an existing node.
-     * @param retentionPolicy a retention policy.
-     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
-     *                                or the session does not have privilege to
-     *                                retrieve the node.
-     * @throws AccessControlException if the specified retention policy is not
-     *                                valid on the specified node.
-     * @throws AccessDeniedException  if the current session does not have
-     *                                sufficient rights to perform the operation.
-     * @throws UnsupportedRepositoryOperationException
-     *                                if retention and hold are not supported.
-     * @throws LockException          if a lock applies at the node at
-     *                                <code>absPath</code> and this implementation
-     *                                performs this validation immediately instead
-     *                                of waiting until <code>save</code>.
-     * @throws VersionException       if the node at <code>absPath</code> is
-     *                                versionable and checked-in or is non-versionable
-     *                                but its nearest versionable ancestor is
-     *                                checked-in and this implementation performs
-     *                                this validation immediately instead of
-     *                                waiting until <code>save</code>.
-     * @throws RepositoryException    if another error occurs.
-     */
-    public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy)
-            throws PathNotFoundException, AccessControlException, AccessDeniedException,
-            UnsupportedRepositoryOperationException, LockException, VersionException,
-            RepositoryException;
-
-    /**
-     * Causes the current retention policy on the node at
-     * <code>absPath</code> to no longer apply. The removal does not take effect
-     * until a <code>save</code> is performed.
-     * <p/>
-     * A <code>PathNotFoundException</code> is thrown if no node at
-     * <code>absPath</code> exists or the session does not have privilege to
-     * retrieve the node.
-     * <p/>
-     * An <code>AccessControlException</code> is thrown if this node does
-     * not have a retention policy currently assigned.
-     * <p/>
-     * An <code>AccessDeniedException</code> is thrown if the current session
-     * does not have sufficient rights to perform the operation.
-     * <p/>
-     * An <code>UnsupportedRepositoryOperationException</code> is thrown if
-     * retention and hold are not supported.
-     * <p/>
-     * An <code>LockException</code> is thrown if the node at <code>absPath</code>
-     * is locked and this implementation performs this validation immediately
-     * instead of waiting until <code>save</code>.
-     * <p/>
-     * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
-     * is versionable and checked-in or is non-versionable but its nearest
-     * versionable ancestor is checked-in and this implementation performs this
-     * validation immediately instead of waiting until <code>save</code>.
-     * <p/>
-     * A <code>RepositoryException</code> is thrown if another error occurs.
-     *
-     * @param absPath an absolute path to an existing node.
-     * @throws PathNotFoundException  if no node at <code>absPath</code> exists
-     *                                or the session does not have privilege to
-     *                                retrieve the node.
-     * @throws AccessControlException if this node does not have a
-     *                                retention policy currently assigned.
-     * @throws AccessDeniedException  if the current session does not have
-     *                                sufficient rights to perform the operation.
-     * @throws UnsupportedRepositoryOperationException
-     *                                if retention and hold are not supported.
-     * @throws LockException          if a lock applies at the node at
-     *                                <code>absPath</code> and this implementation
-     *                                performs this validation immediately instead
-     *                                of waiting until <code>save</code>.
-     * @throws VersionException       if the node at <code>absPath</code> is
-     *                                versionable and checked-in or is non-versionable
-     *                                but its nearest versionable ancestor is
-     *                                checked-in and this implementation performs
-     *                                this validation immediately instead of
-     *                                waiting until <code>save</code>.
-     * @throws RepositoryException    if another error occurs.
-     */
-    public void removeRetentionPolicy(String absPath)
-            throws PathNotFoundException, AccessControlException, AccessDeniedException,
-            UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException;
 }

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java Wed Aug 27 08:12:04 2008
@@ -16,31 +16,15 @@
  */
 package org.apache.jackrabbit.api.jsr283.security;
 
-import javax.jcr.RepositoryException;
-
 /**
- * An <code>AccessControlPolicy</code> is an object with a name and an optional
- * description. Examples of possible <code>AccessControlPolicy</code> 
- * implementations include access control lists or role-responsibility 
- * assignments.
+ * The <code>AccessControlPolicy</code> is a marker interface for all kind
+ * of access control policies. This API defines two subinterfaces:
+ * <ul>
+ * <li>{@link NamedAccessControlPolicy},</li>
+ * <li>{@link AccessControlList}.</li>
+ * </ul>
  *
  * @since JCR 2.0
  */
 public interface AccessControlPolicy {
-    /**
-     * Returns the name of the access control policy, which should be unique
-     * among the choices applicable to any particular node.
-     *
-     * @return the name of the access control policy.
-     * @throws RepositoryException if an error occurs.
-     */
-    public String getName() throws RepositoryException;
-
-    /**
-     * Returns a human readable description of the access control policy.
-     *
-     * @return a human readable description of the access control policy.
-     * @throws RepositoryException if an error occurs.
-     */
-    public String getDescription() throws RepositoryException;
 }

Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * An <code>NamedAccessControlPolicy</code> is an opaque access control policy
+ * that is described by a JCR name and optionally a description.
+ * <code>NamedAccessControlPolicy</code> are immutable and can therefore be
+ * directly applied to a node without additional configuration step.
+ *
+ * @since JCR 2.0
+ */
+public interface NamedAccessControlPolicy extends AccessControlPolicy {
+
+    /**
+     * Returns the name of the access control policy, which is JCR name and
+     * should be unique among the choices applicable to any particular node.
+     *
+     * @return the name of the access control policy. A JCR name.
+     * @throws RepositoryException if an error occurs.
+     */
+    public String getName() throws RepositoryException;
+}

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java Wed Aug 27 08:12:04 2008
@@ -19,8 +19,7 @@
 /**
  * A privilege represents the capability of performing a particular set
  * of operations on items in the JCR repository. Each privilege is identified
- * by a NAME that is unique across the set of privileges supported by a
- * repository. JCR defines a set of standard privileges in the <code>jcr</code>
+ * by a JCR name. JCR defines a set of standard privileges in the <code>jcr</code>
  * namespace. Implementations may add additional privileges in namespaces other
  * than <code>jcr</code>.
  * <p/>
@@ -41,63 +40,84 @@
 public interface Privilege {
 
     /**
-     * A constant representing <code>READ</code>, the privilege to retrieve
+     * A constant representing <code>jcr:read</code> (in extended form), the privilege to retrieve
      * a node and get its properties and their values.
      */
-    public static final String READ = "javax.jcr.security.Privilege.READ";
+    public static final String JCR_READ = "{http://www.jcp.org/jcr/1.0}read";
 
     /**
-     * A constant representing <code>MODIFY_PROPERTIES</code>, the privilege
+     * A constant representing <code>jcr:modifyProperties</code> (in extended form), the privilege
      * to create, modify and remove the properties of a node.
      */
-    public static final String MODIFY_PROPERTIES = "javax.jcr.security.Privilege.MODIFY_PROPERTIES";
+    public static final String JCR_MODIFY_PROPERTIES = "{http://www.jcp.org/jcr/1.0}modifyProperties";
 
     /**
-     * A constant representing <code>ADD_CHILD_NODES</code>, the privilege
+     * A constant representing <code>jcr:addChildNodes</code> (in extended form), the privilege
      * to create child nodes of a node.
      */
-    public static final String ADD_CHILD_NODES = "javax.jcr.security.Privilege.ADD_CHILD_NODES";
+    public static final String JCR_ADD_CHILD_NODES = "{http://www.jcp.org/jcr/1.0}addChildNodes";
 
     /**
-     * A constant representing <code>REMOVE_CHILD_NODES</code>, the privilege
-     * to remove child nodes of a node.
+     * A constant representing <code>jcr:removeNode</code> (in extended form), the privilege
+     * to remove a node.
+     * <p>
+     * In order to actually remove a node requires <code>jcr:removeNode</code> on that node
+     * and <code>jcr:removeChildNodes</code> on the parent node.
+     * <p>
+     * The distinction is provided in order to reflect implementations that internally model "remove"
+     * as a "delete" instead of a "unlink". A repository that uses the "delete" model
+     * can have <code>jcr:removeChildNodes</code> in every access control policy, so that removal
+     * is effectively controlled by <code>jcr:removeNode</code>.
      */
-    public static final String REMOVE_CHILD_NODES = "javax.jcr.security.Privilege.REMOVE_CHILD_NODES";
+    public static final String JCR_REMOVE_NODE = "{http://www.jcp.org/jcr/1.0}removeNode";
 
     /**
-     * A constant representing <code>WRITE</code>, an aggregate privilege that contains:
-     *<ul>
-     *  <li>MODIFY_PROPERTIES</li>
-     *  <li>ADD_CHILD_NODES</li>
-     *  <li>REMOVE_CHILD_NODES</li>
+     * A constant representing <code>jcr:removeChildNodes</code> (in extended form), the privilege
+     * to remove child nodes of a node. In order to actually remove a node requires <code>jcr:removeNode</code> on that node
+     * and <code>jcr:removeChildNodes</code> on the parent node.
+     * <p>
+     * The distinction is provided in order to reflect implementations that internally model "remove"
+     * as a "unlink" instead of a "delete". A repository that uses the "unlink" model
+     * can have <code>jcr:removeNode</code> in every access control policy, so that removal
+     * is effectively controlled by <code>jcr:removeChildNodes</code>.
+     */
+    public static final String JCR_REMOVE_CHILD_NODES = "{http://www.jcp.org/jcr/1.0}removeChildNodes";
+
+    /**
+     * A constant representing <code>jcr:write</code> (in extended form), an aggregate privilege that contains:
+     * <ul>
+     *  <li><code>jcr:modifyProperties</code></li>
+     *  <li><code>jcr:addChildNodes</code></li>
+     *  <li><code>jcr:removeNode</code></li>
+     *  <li><code>jcr:removeChildNodes</code></li>
      * </ul>
      */
-    public static final String WRITE = "javax.jcr.security.Privilege.WRITE";
+    public static final String JCR_WRITE = "{http://www.jcp.org/jcr/1.0}write";
 
     /**
-     * A constant representing <code>READ_ACCESS_CONTROL</code>, the privilege
+     * A constant representing <code>jcr:readAccessControl</code> (in extended form), the privilege
      * to get the access control policy of a node.
      */
-    public static final String READ_ACCESS_CONTROL = "javax.jcr.security.Privilege.READ_ACCESS_CONTROL";
+    public static final String JCR_READ_ACCESS_CONTROL = "{http://www.jcp.org/jcr/1.0}readAccessControl";
 
     /**
-     * A constant representing <code>MODIFY_ACCESS_CONTROL</code>, the privilege
+     * A constant representing <code>jcr:modifyAccessControl</code> (in extended form), the privilege
      * to modify the access control policies of a node.
      */
-    public static final String MODIFY_ACCESS_CONTROL = "javax.jcr.security.Privilege.MODIFY_ACCESS_CONTROL";
+    public static final String JCR_MODIFY_ACCESS_CONTROL = "{http://www.jcp.org/jcr/1.0}modifyAccessControl";
 
     /**
-     * A constant representing <code>ALL</code>, an aggregate privilege that contains
+     * A constant representing <code>jcr:all</code> (in extended form), an aggregate privilege that contains
      * all predefined privileges:
      * <ul>
-     *   <li>READ</li>
-     *   <li>WRITE</li>
-     *   <li>READ_ACCESS_CONTROL</li>
-     *   <li>MODIFY_ACCESS_CONTROL</li>
+     *   <li><code>jcr:read</code></li>
+     *   <li><code>jcr:write</code></li>
+     *   <li><code>jcr:readAccessControl</code></li>
+     *   <li><code>jcr:modifyAccessControl</code></li>
      * </ul>
-     * It should in addition include all implementation-defined privileges.
+     * It should, in addition, include all implementation-defined privileges.
      */
-    public static final String ALL = "javax.jcr.security.Privilege.ALL";
+    public static final String JCR_ALL = "{http://www.jcp.org/jcr/1.0}all";
 
     /**
      * Returns the name of this privilege.
@@ -107,13 +127,6 @@
     public String getName();
 
     /**
-     * Returns a description of this privilege.
-     *
-     * @return a description of this privilege.
-     */
-    public String getDescription();
-
-    /**
      * Returns whether this privilege is an abstract privilege.
      * @return <code>true</code> if this privilege is an abstract privilege;
      *         <code>false</code> otherwise.

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java Wed Aug 27 08:12:04 2008
@@ -16,9 +16,6 @@
  */
 package org.apache.jackrabbit.api.security.principal;
 
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
-import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
-
 import java.security.Principal;
 import java.security.acl.Group;
 

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java Wed Aug 27 08:12:04 2008
@@ -31,10 +31,7 @@
  * @see User#getImpersonation()
  */
 public interface Impersonation {
-
-    // TODO: ev. add method that allows to display principals/users that are allowed to impersonate.
-    // TODO: ev. grantImpersonation/revokeImpersonation should take User
-
+    
     /**
      * @return An iterator over the <code>Principal</code>s that are allowed
      * to impersonate the <code>User</code> this <code>Impersonation</code>

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java Wed Aug 27 08:12:04 2008
@@ -28,7 +28,7 @@
 public interface User extends Authorizable {
 
     /**
-     * @return true if the current Authorizable is has all Privileges
+     * @return true if the current user represents the administrator.
      */
     boolean isAdmin();
 

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java Wed Aug 27 08:12:04 2008
@@ -29,6 +29,24 @@
 public interface UserManager {
 
     /**
+     * Filter flag indicating that only <code>User</code>s should be searched
+     * and returned.
+     */
+    int SEARCH_TYPE_USER = 1;
+
+    /**
+     * Filter flag indicating that only <code>Group</code>s should be searched
+     * and returned.
+     */
+    int SEARCH_TYPE_GROUP = 2;
+
+    /**
+     * Filter flag indicating that all <code>Authorizable</code>s should be
+     * searched.
+     */
+    int SEARCH_TYPE_AUTHORIZABLE = 3;
+
+    /**
      * Get the Authorizable by its id.
      *
      * @param id
@@ -59,7 +77,27 @@
      * @throws RepositoryException
      * @see Authorizable#getProperty(String)
      */
-    Iterator findAuthorizable(String propertyName, String value) throws RepositoryException;
+    Iterator findAuthorizables(String propertyName, String value) throws RepositoryException;
+
+    /**
+     * Returns all <code>Authorizable</code>s that have
+     * {@link Authorizable#getProperty(String) property} with the given name and
+     * that Property equals the given value. In contrast to
+     * {@link #findAuthorizables(String, String)} the type of authorizable is
+     * respected while executing the search.
+     *
+     * @param propertyName
+     * @param value
+     * @param searchType Any of the following constants:
+     * <ul>
+     * <li>{@link #SEARCH_TYPE_AUTHORIZABLE}</li>
+     * <li>{@link #SEARCH_TYPE_GROUP}</li>
+     * <li>{@link #SEARCH_TYPE_USER}</li>
+     * </ul>
+     * @return
+     * @throws RepositoryException
+     */
+    Iterator findAuthorizables(String propertyName, String value, int searchType) throws RepositoryException;
 
     /**
      * Creates an User for the given userID / password pair; neither of the

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java Wed Aug 27 08:12:04 2008
@@ -18,8 +18,6 @@
 
 import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
-import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator;
-import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
 
 import javax.jcr.RangeIterator;
 import java.util.Collection;

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java Wed Aug 27 08:12:04 2008
@@ -111,11 +111,17 @@
      * The user id of the administrator. The value is retrieved from
      * configuration. If the config entry is missing a default id is used (see
      * {@link SecurityConstants#ADMIN_ID}).
-     *
      */
     private String adminId;
 
     /**
+     * The user id of the anonymous user. The value is retrieved from
+     * configuration. If the config entry is missing a default id is used (see
+     * {@link SecurityConstants#ANONYMOUS_ID}).
+     */
+    private String anonymousId;
+
+    /**
      * Contains the access control providers per workspace.
      * key = name of the workspace,
      * value = {@link AccessControlProvider}
@@ -178,13 +184,12 @@
         Properties[] moduleConfig = authContextProvider.getModuleConfig();
 
         // retrieve default-ids (admin and anomymous) from login-module-configuration.
-        String anonymousId = null;
         for (int i = 0; i < moduleConfig.length; i++) {
             if (moduleConfig[i].containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
                 adminId = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
             }
             if (moduleConfig[i].containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
-                anonymousId = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID, null);
+                anonymousId = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
             }
         }
         // fallback:
@@ -193,7 +198,8 @@
             adminId = SecurityConstants.ADMIN_ID;
         }
         if (anonymousId == null) {
-            log.debug("No anonymousID defined in LoginModule/JAAS config -> anonymous not defined..");
+            log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
+            anonymousId = SecurityConstants.ANONYMOUS_ID;
         }
 
         // create the system userManager and make sure the system-users exist.
@@ -373,7 +379,8 @@
     public AuthContext getAuthContext(Credentials creds, Subject subject)
             throws RepositoryException {
         checkInitialized();
-        return authContextProvider.getAuthContext(creds, subject, securitySession, principalProviderRegistry);
+        return authContextProvider.getAuthContext(creds, subject, securitySession,
+                principalProviderRegistry, adminId, anonymousId);
     }
 
     //--------------------------------------------------------------------------

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java Wed Aug 27 08:12:04 2008
@@ -795,8 +795,6 @@
      * shareable, there might be more than one cache entry for this item.
      *
      * @param id id of the items to remove from the cache
-     * @return <code>true</code> if the item was contained in this cache,
-     *         <code>false</code> otherwise.
      */
     private void evictItems(ItemId id) {
         if (log.isDebugEnabled()) {
@@ -1105,7 +1103,7 @@
         /**
          * Cache some node.
          *
-         * @param node node to cache
+         * @param data data to cache
          */
         public void cache(AbstractNodeData data) {
             NodeId id = data.getNodeState().getNodeId();
@@ -1123,7 +1121,7 @@
         /**
          * Evict some node from the cache.
          *
-         * @param node node to evict
+         * @param data data to evict
          */
         public void evict(AbstractNodeData data) {
             ReferenceMap map = (ReferenceMap) cache.get(data.getId());

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/PropertyImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/PropertyImpl.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/PropertyImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/PropertyImpl.java Wed Aug 27 08:12:04 2008
@@ -19,7 +19,6 @@
 import org.apache.jackrabbit.core.state.ItemState;
 import org.apache.jackrabbit.core.state.ItemStateException;
 import org.apache.jackrabbit.core.state.PropertyState;
-import org.apache.jackrabbit.core.state.NodeState;
 import org.apache.jackrabbit.core.value.BLOBFileValue;
 import org.apache.jackrabbit.core.value.InternalValue;
 import org.apache.jackrabbit.core.nodetype.PropDefId;

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java Wed Aug 27 08:12:04 2008
@@ -16,27 +16,25 @@
  */
 package org.apache.jackrabbit.core;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
 import org.apache.jackrabbit.core.nodetype.NodeDefinitionImpl;
-import org.apache.jackrabbit.core.value.InternalValue;
-import org.apache.jackrabbit.core.state.NodeState;
-import org.apache.jackrabbit.core.state.ChildNodeEntry;
-import org.apache.jackrabbit.core.security.user.UserManagerImpl;
+import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
 import org.apache.jackrabbit.core.security.authorization.acl.ACLEditor;
+import org.apache.jackrabbit.core.security.user.UserManagerImpl;
+import org.apache.jackrabbit.core.state.ChildNodeEntry;
+import org.apache.jackrabbit.core.state.NodeState;
+import org.apache.jackrabbit.core.value.InternalValue;
+import org.apache.jackrabbit.spi.Name;
 
-import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.PathNotFoundException;
+import javax.jcr.AccessDeniedException;
 import javax.jcr.ItemExistsException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Property;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
-import javax.jcr.Property;
-import javax.jcr.AccessDeniedException;
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.version.VersionException;
 import javax.jcr.lock.LockException;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.version.VersionException;
 
 /**
  * <code>SecurityItemModifier</code>: An abstract helper class to allow classes
@@ -48,13 +46,11 @@
  */
 public abstract class SecurityItemModifier {
 
-    private static Logger log = LoggerFactory.getLogger(SecurityItemModifier.class);
-
     protected SecurityItemModifier() {
         Class cl = getClass();
         if (!(cl.equals(UserManagerImpl.class) ||
               cl.equals(ACLEditor.class) ||
-              cl.getSuperclass().equals(ACLEditor.class))) {
+              cl.equals(org.apache.jackrabbit.core.security.authorization.principalbased.ACLEditor.class))) {
             throw new IllegalArgumentException("Only UserManagerImpl and ACLEditor may extend from the SecurityItemModifier");
         }
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java Wed Aug 27 08:12:04 2008
@@ -36,6 +36,7 @@
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.retention.RetentionManager;
 import org.apache.jackrabbit.core.security.authentication.AuthContext;
 import org.apache.jackrabbit.core.state.ItemStateException;
 import org.apache.jackrabbit.core.state.LocalItemStateManager;
@@ -47,6 +48,7 @@
 import org.apache.jackrabbit.core.version.VersionManagerImpl;
 import org.apache.jackrabbit.core.xml.ImportHandler;
 import org.apache.jackrabbit.core.xml.SessionImporter;
+import org.apache.jackrabbit.core.retention.RetentionManagerImpl;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.commons.conversion.DefaultNamePathResolver;
@@ -226,6 +228,11 @@
     private UserManager userManager;
 
     /**
+     * Retention and Hold Manager
+     */
+    private RetentionManager retentionManager;
+
+    /**
      * Protected constructor.
      *
      * @param rep
@@ -1343,7 +1350,7 @@
 
     /**
      * @see Session#getAccessControlManager()
-     * @since 2.0
+     * @since JCR 2.0
      */
     public AccessControlManager getAccessControlManager()
             throws UnsupportedRepositoryOperationException, RepositoryException {
@@ -1354,6 +1361,18 @@
         }
     }
 
+    /**
+     * @see Session#getRetentionManager()
+     * @since JCR 2.0
+     */
+    public synchronized RetentionManager getRetentionManager()
+            throws UnsupportedRepositoryOperationException, RepositoryException {
+        if (retentionManager == null) {
+            retentionManager = new RetentionManagerImpl(this);
+        }
+        return retentionManager;
+    }
+
     //-----------------------------------< Session methods changed in JSR 283 >
     /**
      * Moves the node at <code>srcAbsPath</code> (and its entire subtree) to the

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java Wed Aug 27 08:12:04 2008
@@ -20,15 +20,21 @@
 import org.apache.jackrabbit.core.security.AMContext;
 import org.apache.jackrabbit.core.security.AccessManager;
 import org.apache.jackrabbit.core.security.SystemPrincipal;
+import org.apache.jackrabbit.core.security.AbstractAccessControlManager;
 import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.ItemNotFoundException;
 import javax.jcr.NoSuchWorkspaceException;
 import javax.jcr.RepositoryException;
+import javax.jcr.PathNotFoundException;
 import javax.security.auth.Subject;
 import java.util.Collections;
 import java.util.HashSet;
@@ -100,9 +106,12 @@
     }
 
     //--------------------------------------------------------< inner classes >
-    private class SystemAccessManager implements AccessManager {
+    private class SystemAccessManager extends AbstractAccessControlManager implements AccessManager {
+
+        private final PrivilegeRegistry privilegeRegistry;
 
         SystemAccessManager() {
+            privilegeRegistry = new PrivilegeRegistry(SystemSession.this);
         }
 
         //----------------------------------------------------< AccessManager >
@@ -192,5 +201,72 @@
         public boolean canAccess(String workspaceName) throws RepositoryException {
             return true;
         }
+
+        //-----------------------------------< AbstractAccessControlManager >---
+        /**
+         * @see AbstractAccessControlManager#checkInitialized()
+         */
+        protected void checkInitialized() throws IllegalStateException {
+            // nop
+        }
+
+        /**
+         * @see AbstractAccessControlManager#checkPrivileges(String, int)
+         */
+        protected void checkPrivileges(String absPath, int privileges) throws
+                AccessDeniedException, PathNotFoundException, RepositoryException {
+            // allow everything
+        }
+
+        /**
+         * @see AbstractAccessControlManager#getPrivilegeRegistry()
+         */
+        protected PrivilegeRegistry getPrivilegeRegistry()
+                throws RepositoryException {
+            return privilegeRegistry;
+        }
+
+        /**
+         * @see AbstractAccessControlManager#checkValidNodePath(String)
+         */
+        protected void checkValidNodePath(String absPath)
+                throws PathNotFoundException, RepositoryException {
+            Path p = getQPath(absPath);
+            if (!p.isAbsolute()) {
+                throw new RepositoryException("Absolute path expected.");
+            }
+            if (hierMgr.resolveNodePath(p) == null) {
+                throw new PathNotFoundException("No such node " + absPath);
+            }
+        }
+
+        //-------------------------------------------< AccessControlManager >---
+        /**
+         * @see AccessControlManager#hasPrivileges(String, Privilege[])
+         */
+        public boolean hasPrivileges(String absPath, Privilege[] privileges)
+                throws PathNotFoundException, RepositoryException {
+            checkValidNodePath(absPath);
+            // allow everything
+            return true;
+        }
+
+        /**
+         * @see AccessControlManager#getPrivileges(String)
+         */
+        public Privilege[] getPrivileges(String absPath)
+                throws PathNotFoundException, RepositoryException {
+            checkValidNodePath(absPath);
+            return getPrivilegeRegistry().getPrivileges(PrivilegeRegistry.ALL);
+        }
+
+        /**
+         * @see AccessControlManager#getEffectivePolicies(String)
+         */
+        public AccessControlPolicy[] getEffectivePolicies(String absPath) throws
+                PathNotFoundException, AccessDeniedException, RepositoryException {
+            // TODO
+            throw new UnsupportedOperationException();
+        }
     }
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java Wed Aug 27 08:12:04 2008
@@ -29,22 +29,24 @@
  */
 public class LoginModuleConfig extends BeanConfig {
 
+    /**
+     * UserId of the anonymous user. Optional parameter in the LoginModule
+     * configuration.
+     */
     public static final String PARAM_ANONYMOUS_ID = "anonymousId";
-    public static final String PARAM_ADMIN_ID = "adminId";
-
+    
     /**
-     * Name of the default user id to be used upon Repository.login with
-     * <code>null</code> credentials. Optional parameter in the LoginModule
+     * UserId of the administrator. Optional parameter in the LoginModule
      * configuration.
      */
-    public static final String PARAM_DEFAULT_USERID = "defaultUserId";
+    public static final String PARAM_ADMIN_ID = "adminId";
 
     /**
      * Property-Key for the fully qualified class name of the implementation of
      * {@link org.apache.jackrabbit.core.security.principal.PrincipalProvider}
      * to be used with the LoginModule.
      */
-    public static final String PARAM_PRINCIPAL_PROVIDER_CLASS = "principalprovider";
+    public static final String PARAM_PRINCIPAL_PROVIDER_CLASS = "principalProvider";
 
     /**
      * Creates an access manager configuration object from the

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.retention;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.api.jsr283.retention.RetentionManager;
+import org.apache.jackrabbit.api.jsr283.retention.Hold;
+import org.apache.jackrabbit.api.jsr283.retention.RetentionPolicy;
+
+import javax.jcr.PathNotFoundException;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.version.VersionException;
+import javax.jcr.lock.LockException;
+
+/**
+ * <code>RetentionManagerImpl</code>...
+ */
+public class RetentionManagerImpl implements RetentionManager {
+
+    private static Logger log = LoggerFactory.getLogger(RetentionManagerImpl.class);
+
+    private final Session session;
+    
+    public RetentionManagerImpl(Session session) {
+        this.session = session;
+    }
+
+    public Hold[] getHolds(String absPath) throws PathNotFoundException,
+            AccessDeniedException, RepositoryException {
+        //TODO
+        return new Hold[0];
+    }
+
+    public Hold addHold(String absPath, String name, boolean isDeep) throws
+            PathNotFoundException, AccessDeniedException, LockException,
+            VersionException, RepositoryException {
+        //TODO
+        throw new UnsupportedOperationException("Not yet implemented");
+    }
+
+    public void removeHold(String absPath, Hold hold) throws
+            PathNotFoundException, AccessDeniedException, LockException,
+            VersionException, RepositoryException {
+        //TODO
+        throw new UnsupportedOperationException("Not yet implemented");
+    }
+
+    public RetentionPolicy getRetentionPolicy(String absPath) throws
+            PathNotFoundException, AccessDeniedException, RepositoryException {
+        // TODO
+        return null;
+    }
+
+    public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy)
+            throws PathNotFoundException, AccessDeniedException, LockException,
+            VersionException, RepositoryException {
+        //TODO
+        throw new UnsupportedOperationException("Not yet implemented");
+    }
+
+    public void removeRetentionPolicy(String absPath) throws
+            PathNotFoundException, AccessDeniedException, LockException,
+            VersionException, RepositoryException {
+        //TODO
+        throw new UnsupportedOperationException("Not yet implemented");
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url



Mime
View raw message