jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r689499 [10/11] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/retention/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/se...
Date Wed, 27 Aug 2008 15:12:07 GMT
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java Wed Aug 27 08:12:04 2008
@@ -16,169 +16,162 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
-import org.apache.jackrabbit.core.security.authorization.AbstractPolicyTemplateTest;
-import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
-import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.test.NotExecutableException;
 
 import javax.jcr.RepositoryException;
 import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
 
 /**
  * <code>ACLTemplateTest</code>...
  */
-public class ACLTemplateTest extends AbstractPolicyTemplateTest {
-
-    private static Logger log = LoggerFactory.getLogger(ACLTemplateTest.class);
+public class ACLTemplateTest extends AbstractACLTemplateTest {
 
     protected String getTestPath() {
         return "/ab/c/d";
     }
 
-    protected PolicyTemplate createEmptyTemplate(String path) {
-        return new ACLTemplate(path);
-    }
-
-    public void testAddEntry() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        assertTrue(pt.setEntry(new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true)));
-    }
-
-    public void testAddEntryTwice() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-
-        pt.setEntry(pe);
-        assertFalse(pt.setEntry(pe));
+    protected JackrabbitAccessControlList createEmptyTemplate(String path) throws RepositoryException {
+        SessionImpl sImpl = (SessionImpl) superuser;
+        PrincipalManager princicipalMgr = sImpl.getPrincipalManager();
+        PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry(sImpl);
+        return new ACLTemplate(path, princicipalMgr, privilegeRegistry);
     }
 
-    public void testRevokeEffect() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-
-        pt.setEntry(pe);
-
-        // same entry but with revers 'isAllow' flag
-        pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, false);
-        assertTrue(pt.setEntry(pe));
-
-        // net-effect: only a single deny-read entry
-        assertTrue(pt.size() == 1);
-        assertEquals(pt.getEntries()[0], pe);
-    }
-
-    public void testEffect() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-
-        pt.setEntry(pe);
+    public void testMultipleEntryEffect() throws RepositoryException, NotExecutableException {
+        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+        Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
+        pt.addEntry(testPrincipal, privileges, true, Collections.EMPTY_MAP);
 
         // new entry extends privs.
-        pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ | PrivilegeRegistry.ADD_CHILD_NODES, true);
-        assertTrue(pt.setEntry(pe));
+        privileges = privilegesFromNames(new String[] {
+                Privilege.JCR_READ,
+                Privilege.JCR_ADD_CHILD_NODES});
+        assertTrue(pt.addEntry(testPrincipal,
+                privileges,
+                true, Collections.EMPTY_MAP));
 
         // net-effect: only a single allow-entry with both privileges
         assertTrue(pt.size() == 1);
-        assertEquals(pt.getEntries()[0], pe);
+        assertSamePrivileges(privileges, pt.getAccessControlEntries()[0].getPrivileges());
 
-        // new entry revokes READ priv
-        pe = new ACEImpl(testPrincipal, PrivilegeRegistry.ADD_CHILD_NODES, true);
-        assertTrue(pt.setEntry(pe));
-        // net-effect: only a single allow-entry with add_child_nodes priv
+        // adding just ADD_CHILD_NODES -> must not remove READ priv
+        Privilege[] achPrivs = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
+        assertFalse(pt.addEntry(testPrincipal, achPrivs, true, Collections.EMPTY_MAP));
+        // net-effect: only a single allow-entry with add_child_nodes + read priv
         assertTrue(pt.size() == 1);
-        assertEquals(pt.getEntries()[0], pe);
-    }
+        assertSamePrivileges(privileges, pt.getAccessControlEntries()[0].getPrivileges());
 
-    public void testEffect2() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-        pt.setEntry(pe);
+        // revoke the 'READ' privilege
+        privileges = privilegesFromName(Privilege.JCR_READ);
+        assertTrue(pt.addEntry(testPrincipal, privileges, false, Collections.EMPTY_MAP));
+        // net-effect: 2 entries one allowing ADD_CHILD_NODES, the other denying READ
+        assertTrue(pt.size() == 2);
+        assertSamePrivileges(privilegesFromName(Privilege.JCR_ADD_CHILD_NODES),
+                pt.getAccessControlEntries()[0].getPrivileges());
+        assertSamePrivileges(privilegesFromName(Privilege.JCR_READ),
+                pt.getAccessControlEntries()[1].getPrivileges());
 
-        // add deny entry for mod_props
-        PolicyEntry pe2 = new ACEImpl(testPrincipal, PrivilegeRegistry.MODIFY_PROPERTIES, false);
-        assertTrue(pt.setEntry(pe2));
+        // remove the deny-READ entry
+        pt.removeAccessControlEntry(pt.getAccessControlEntries()[1]);
+        assertTrue(pt.size() == 1);
+        assertSamePrivileges(privilegesFromName(Privilege.JCR_ADD_CHILD_NODES),
+                pt.getAccessControlEntries()[0].getPrivileges());
 
-        // net-effect: 2 entries
-        assertTrue(pt.size() == 2);
-        assertEquals(pt.getEntries()[0], pe);
-        assertEquals(pt.getEntries()[1], pe2);
+        // remove the allow-ADD_CHILD_NODES entry
+        pt.removeAccessControlEntry(pt.getAccessControlEntries()[0]);
+        assertTrue(pt.isEmpty());
     }
 
-    public void testEffect3() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.WRITE, true);
-
-        pt.setEntry(pe);
+    public void testMultipleEntryEffect2() throws RepositoryException, NotExecutableException {
+        Privilege[] privileges = privilegesFromName(Privilege.JCR_WRITE);
+        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+        pt.addAccessControlEntry(testPrincipal, privileges);
 
         // add deny entry for mod_props
-        PolicyEntry pe2 = new ACEImpl(testPrincipal, PrivilegeRegistry.MODIFY_PROPERTIES, false);
-        assertTrue(pt.setEntry(pe2));
+        privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+        assertTrue(pt.addEntry(testPrincipal, privileges, false, null));
 
         // net-effect: 2 entries with the allow entry being adjusted
         assertTrue(pt.size() == 2);
-        PolicyEntry[] entries = pt.getEntries();
+        AccessControlEntry[] entries = pt.getAccessControlEntries();
         for (int i = 0; i < entries.length; i++) {
-            int privs = entries[i].getPrivilegeBits();
-            if (entries[i].isAllow()) {
-                assertTrue(privs == (PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES));
+            JackrabbitAccessControlEntry entry = (JackrabbitAccessControlEntry) entries[i];
+            int privs = entry.getPrivilegeBits();
+            if (entry.isAllow()) {
+                assertEquals(privs, (PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES));
             } else {
-                assertTrue(privs == PrivilegeRegistry.MODIFY_PROPERTIES);
+                assertEquals(privs, PrivilegeRegistry.MODIFY_PROPERTIES);
             }
         }
     }
 
-    public void testMultiplePrincipals() throws RepositoryException {
-        Principal princ2 = new Principal() {
-            public String getName() {
-                return "AnotherPrincipal";
+    public void testMultiplePrincipals() throws RepositoryException, NotExecutableException {
+        PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
+        Principal everyone = pMgr.getEveryone();
+        Principal grPrincipal = null;
+        PrincipalIterator it = pMgr.findPrincipals("", PrincipalManager.SEARCH_TYPE_GROUP);
+        while (it.hasNext()) {
+            Group gr = (Group) it.nextPrincipal();
+            if (!everyone.equals(gr)) {
+                grPrincipal = gr;
             }
-        };
-
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-        pt.setEntry(pe);
-
-        // add deny entry for mod_props
-        pe = new ACEImpl(princ2, PrivilegeRegistry.READ, true);
-        assertTrue(pt.setEntry(pe));
-        assertTrue(pt.getEntries().length == 2);
-    }
-
-    public void testRemoveEntry() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-        pt.setEntry(pe);
-
-        assertTrue(pt.removeEntry(pe));
-    }
-
-    public void testRemoveNonExisting() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
-        PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-        pt.setEntry(pe);
-        PolicyEntry pe2 = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, false);
-        pt.setEntry(pe2);
-
-        assertFalse(pt.removeEntry(pe));
-    }
+        }
+        if (grPrincipal == null || grPrincipal.equals(everyone)) {
+            throw new NotExecutableException();
+        }
+        Privilege[] privs = privilegesFromName(Privilege.JCR_READ);
 
-    public void testSetEntryForGroupPrincipal() throws RepositoryException {
-        PolicyTemplate pt = createEmptyTemplate(getTestPath());
+        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+        pt.addAccessControlEntry(testPrincipal, privs);
+        assertFalse(pt.addAccessControlEntry(testPrincipal, privs));
+
+        // add same privs for another principal -> must modify as well.
+        assertTrue(pt.addAccessControlEntry(everyone, privs));
+        // .. 2 entries must be present.
+        assertTrue(pt.getAccessControlEntries().length == 2);
+    }
+
+    public void testSetEntryForGroupPrincipal() throws RepositoryException, NotExecutableException {
+        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+        Privilege[] privs = privilegesFromName(Privilege.JCR_READ);
+        Group grPrincipal = (Group) pMgr.getEveryone();
 
         // adding allow-entry must succeed
-        PolicyEntry pe = new ACEImpl(testGroup, PrivilegeRegistry.READ, true);
-        assertTrue(pt.setEntry(pe));
+        assertTrue(pt.addAccessControlEntry(grPrincipal, privs));
 
         // adding deny-entry must succeed
-        pe = new ACEImpl(testGroup, PrivilegeRegistry.READ, false);
         try {
-            pt.setEntry(pe);
+            pt.addEntry(grPrincipal, privs, false, null);
             fail("Adding DENY-ace for a group principal should fail.");
         } catch (AccessControlException e) {
             // success
         }
     }
+
+    public void testRevokeEffect() throws RepositoryException, NotExecutableException {
+        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+        Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
+
+        pt.addEntry(testPrincipal, privileges, true, Collections.EMPTY_MAP);
+
+        // same entry but with revers 'isAllow' flag
+        assertTrue(pt.addEntry(testPrincipal, privileges, false, Collections.EMPTY_MAP));
+
+        // net-effect: only a single deny-read entry
+        assertTrue(pt.size() == 1);
+        assertSamePrivileges(privileges, pt.getAccessControlEntries()[0].getPrivileges());
+    }
 }
\ No newline at end of file

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
+
+import java.security.Principal;
+
+/**
+ * <code>EntryTest</code>...
+ */
+public class EntryTest extends AbstractEntryTest {
+
+    protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
+            throws AccessControlException {
+        return new ACLTemplate.Entry(principal, privileges, isAllow);
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java Wed Aug 27 08:12:04 2008
@@ -16,19 +16,19 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
 import org.apache.jackrabbit.api.jsr283.security.Privilege;
 import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
-import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
-import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.test.NotExecutableException;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.RepositoryException;
+import java.util.Collections;
+import java.util.Map;
 import java.security.Principal;
 
 /**
@@ -36,14 +36,11 @@
  */
 public class EvaluationTest extends AbstractEvaluationTest {
 
-    private String[] restrictions = new String[0];
-
     protected void setUp() throws Exception {
         super.setUp();
-
         try {
-            AccessControlPolicy rootPolicy = acMgr.getPolicy("/");
-            if (!(rootPolicy instanceof ACLTemplate)) {
+            AccessControlPolicy[] rootPolicies = acMgr.getPolicies("/");
+            if (rootPolicies.length == 0 || !(rootPolicies[0] instanceof ACLTemplate)) {
                 throw new NotExecutableException();
             }
         } catch (RepositoryException e) {
@@ -52,10 +49,11 @@
     }
 
     protected void clearACInfo() {
-        // nop
+        // nop since ac information is stored with nodes that get removed
+        // during the general tear-down.
     }
 
-    protected PolicyTemplate getPolicyTemplate(AccessControlManager acM, String path) throws RepositoryException, AccessDeniedException, NotExecutableException {
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
         AccessControlPolicyIterator it = acM.getApplicablePolicies(path);
         while (it.hasNext()) {
             AccessControlPolicy acp = it.nextAccessControlPolicy();
@@ -66,12 +64,8 @@
         throw new NotExecutableException("ACLTemplate expected.");
     }
 
-    protected PolicyEntry createEntry(Principal principal, int privileges, boolean isAllow, String[] restrictions) {
-        return new ACEImpl(principal, privileges, isAllow);
-    }
-
-    protected String[] getRestrictions(String path) {
-        return restrictions;
+    protected Map getRestrictions(String path) {
+        return Collections.EMPTY_MAP;
     }
 
     public void testAccessControlModification2() throws RepositoryException, NotExecutableException {
@@ -82,8 +76,11 @@
         checkReadOnly(path);
 
         // give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
-        PolicyTemplate tmpl = givePrivileges(path, PrivilegeRegistry.READ_AC |
-                PrivilegeRegistry.MODIFY_AC, getRestrictions(path));
+        Privilege[] privileges = privilegesFromNames(new String[] {
+                Privilege.JCR_READ_ACCESS_CONTROL,
+                Privilege.JCR_MODIFY_ACCESS_CONTROL
+        });
+        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(path));
         /*
          testuser must
          - still have the inherited READ permission.
@@ -97,13 +94,19 @@
         // make sure the 'rep:policy' node has been created.
         assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
 
+        AccessControlManager testAcMgr = getTestACManager();
         // test: MODIFY_AC granted at 'path'
-        assertTrue(testAcMgr.hasPrivileges(path, new Privilege[] {
-                PrivilegeRegistry.MODIFY_AC_PRIVILEGE}));
+        assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
+
+        // test if testuser can READ access control on the path and on the
+        // entire subtree that gets the policy inherited.
+        AccessControlPolicy[] policies = testAcMgr.getPolicies(path);
+        testAcMgr.getEffectivePolicies(path);
+        testAcMgr.getEffectivePolicies(childNPath);
 
         // test: READ_AC privilege does not apply outside of the tree.
         try {
-            testAcMgr.getPolicy(siblingPath);
+            testAcMgr.getPolicies(siblingPath);
             fail("READ_AC privilege must not apply outside of the tree it has applied to.");
         } catch (AccessDeniedException e) {
             // success
@@ -111,39 +114,31 @@
 
         // test: MODIFY_AC privilege does not apply outside of the tree.
         try {
-            testAcMgr.addAccessControlEntry(siblingPath,
-                    testUser.getPrincipal(),
-                    new Privilege[] {PrivilegeRegistry.WRITE_PRIVILEGE});
+            testAcMgr.setPolicy(siblingPath, policies[0]);
             fail("MODIFY_AC privilege must not apply outside of the tree it has applied to.");
         } catch (AccessDeniedException e) {
             // success
         }
 
-        // test if testuser can READ access control on the path and on the
-        // entire subtree that gets the policy inherited.
-        AccessControlPolicy policy = testAcMgr.getPolicy(path);
-        AccessControlPolicy effPolicy = testAcMgr.getEffectivePolicy(path);
-        AccessControlPolicy effPOnChild = testAcMgr.getEffectivePolicy(childNPath);
-
         // test if testuser can modify AC-items
         // 1) add an ac-entry
-        AccessControlEntry entry = testAcMgr.addAccessControlEntry(path,
-                testUser.getPrincipal(),
-                new Privilege[] {PrivilegeRegistry.WRITE_PRIVILEGE});
-        testSession.save();
+        ACLTemplate acl = (ACLTemplate) policies[0];
+        acl.addAccessControlEntry(getTestUser().getPrincipal(), privilegesFromName(Privilege.JCR_WRITE));
+        testAcMgr.setPolicy(path, acl);
+        getTestSession().save();
 
         assertTrue(testAcMgr.hasPrivileges(path,
-                new Privilege[] {PrivilegeRegistry.REMOVE_CHILD_NODES_PRIVILEGE}));
+                privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES)));
 
         // 2) remove the policy
-        testAcMgr.removePolicy(path);
-        testSession.save();
+        testAcMgr.removePolicy(path, policies[0]);
+        getTestSession().save();
 
         // Finally: testuser removed the policy that granted him permission
         // to modify the AC content. Since testuser removed the policy, it's
         // privileges must be gone again...
         try {
-            testAcMgr.getEffectivePolicy(childNPath);
+            testAcMgr.getEffectivePolicies(childNPath);
             fail("READ_AC privilege has been revoked -> must throw again.");
         } catch (AccessDeniedException e) {
             // success
@@ -152,4 +147,30 @@
         // READ must be gone.
         checkReadOnly(path);
     }
+
+    public void testRemovePermission9() throws NotExecutableException, RepositoryException {
+        SessionImpl testSession = getTestSession();
+        AccessControlManager testAcMgr = getTestACManager();
+        /*
+          precondition:
+          testuser must have READ-only permission on test-node and below
+        */
+        checkReadOnly(path);
+        checkReadOnly(childNPath);
+
+        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
+        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);
+
+        // add 'remove_child_nodes' at 'path and allow 'remove_node' at childNPath
+        givePrivileges(path, rmChildNodes, getRestrictions(path));
+        givePrivileges(childNPath, rmNode, getRestrictions(childNPath));
+        /*
+         expected result:
+         - rep:policy node can still not be remove for it is access-control
+           content that requires jcr:modifyAccessControl privilege instead.
+         */
+        String policyPath = childNPath + "/rep:policy";
+        assertFalse(testSession.hasPermission(policyPath, SessionImpl.REMOVE_ACTION));
+        assertTrue(testAcMgr.hasPrivileges(policyPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
+    }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java Wed Aug 27 08:12:04 2008
@@ -36,8 +36,7 @@
         TestSuite suite = new TestSuite("security.authorization.acl tests");
 
         suite.addTestSuite(ACLTemplateTest.class);
-        suite.addTestSuite(ACLImplTest.class);
-        suite.addTestSuite(ACEImplTest.class);
+        suite.addTestSuite(EntryTest.class);
 
         suite.addTestSuite(EvaluationTest.class);
 

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java Wed Aug 27 08:12:04 2008
@@ -18,10 +18,11 @@
 
 import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
-import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
-import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
-import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
 import org.apache.jackrabbit.test.NotExecutableException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -29,67 +30,166 @@
 import javax.jcr.AccessDeniedException;
 import javax.jcr.RepositoryException;
 import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
 
 /**
  * <code>EvaluationTest</code>...
  */
-public class EvaluationTest extends AbstractEvaluationTest {
+public class EvaluationTest extends org.apache.jackrabbit.core.security.authorization.acl.EvaluationTest {
 
     private static Logger log = LoggerFactory.getLogger(EvaluationTest.class);
 
-    private String testPolicyPath;
+    private List toClear = new ArrayList();
 
     protected void setUp() throws Exception {
         super.setUp();
 
-        JackrabbitAccessControlManager jam;
-        if (acMgr instanceof JackrabbitAccessControlManager) {
-            jam = (JackrabbitAccessControlManager) acMgr;
-        } else {
-            throw new NotExecutableException();
-        }
-        try {
-            AccessControlPolicy rootPolicy = acMgr.getPolicy("/");
-            if (!(rootPolicy instanceof PolicyTemplateImpl)) {
-                throw new NotExecutableException();
-            }
-        } catch (RepositoryException e) {
-            throw new NotExecutableException();
-        }
-
-
-        StringBuffer b = new StringBuffer("/rep:accesscontrol");
-        Principal principal = testUser.getPrincipal();
-        testPolicyPath = jam.editPolicy(principal).getPath();
+        // simple test to check if proper provider is present:
+        getPrincipalBasedPolicy(acMgr, path, getTestUser().getPrincipal());
     }
 
     protected void clearACInfo() {
-        try {
-            acMgr.removePolicy(testPolicyPath);
-            superuser.save();
-        } catch (RepositoryException e) {
-            // log error and ignore
-            log.error(e.getMessage());
+        for (Iterator it = toClear.iterator(); it.hasNext();) {
+            String path = it.next().toString();
+            try {
+                AccessControlPolicy[] policies = acMgr.getPolicies(path);
+                for (int i = 0; i < policies.length; i++) {
+                    acMgr.removePolicy(path, policies[i]);
+                    superuser.save();
+                }
+            } catch (RepositoryException e) {
+                // log error and ignore
+                log.error(e.getMessage());
+            }
         }
     }
 
-    protected PolicyTemplate getPolicyTemplate(AccessControlManager acM, String path) throws RepositoryException, AccessDeniedException, NotExecutableException {
+    private JackrabbitAccessControlList getPrincipalBasedPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
         if (acM instanceof JackrabbitAccessControlManager) {
-            PolicyTemplate pt = ((JackrabbitAccessControlManager) acM).editPolicy(testPolicyPath);
-            if (pt instanceof PolicyTemplateImpl) {
-                return (PolicyTemplateImpl) pt;
+            AccessControlPolicy[] tmpls = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+            for (int i = 0; i < tmpls.length; i++) {
+                if (tmpls[i] instanceof JackrabbitAccessControlList) {
+                    JackrabbitAccessControlList acl = (JackrabbitAccessControlList) tmpls[i];
+                    toClear.add(acl.getPath());
+                    return acl;
+                }
             }
         }
         throw new NotExecutableException();
     }
 
-    protected PolicyEntry createEntry(Principal principal, int privileges, boolean isAllow, String[] restrictions) {
-        String nodePath = restrictions[0];
-        String glob = restrictions[1];
-        return new PolicyEntryImpl(principal, privileges, isAllow, nodePath, glob);
+    private JackrabbitAccessControlList givePrivileges(String nPath,
+                                                       Principal principal,
+                                                       Privilege[] privileges,
+                                                       Map restrictions,
+                                                       boolean nodeBased) throws NotExecutableException, RepositoryException {
+        if (nodeBased) {
+            return givePrivileges(nPath, principal, privileges, getRestrictions(nPath));
+        } else {
+            JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
+            tmpl.addEntry(principal, privileges, true, restrictions);
+            acMgr.setPolicy(tmpl.getPath(), tmpl);
+            superuser.save();
+            // remember for teardown
+            toClear.add(tmpl.getPath());
+            return tmpl;
+        }
+    }
+
+    private JackrabbitAccessControlList withdrawPrivileges(String nPath,
+                                                       Principal principal,
+                                                       Privilege[] privileges,
+                                                       Map restrictions,
+                                                       boolean nodeBased) throws NotExecutableException, RepositoryException {
+        if (nodeBased) {
+            return withdrawPrivileges(nPath, principal, privileges, getRestrictions(nPath));
+        } else {
+            JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
+            tmpl.addEntry(principal, privileges, false, restrictions);
+            acMgr.setPolicy(tmpl.getPath(), tmpl);
+            superuser.save();
+            // remember for teardown
+            toClear.add(tmpl.getPath());
+            return tmpl;
+        }
+    }
+
+    private Map getPrincipalBasedRestrictions(String path) throws RepositoryException, NotExecutableException {
+        if (superuser instanceof SessionImpl) {
+            Map restr = new HashMap();
+            restr.put("rep:nodePath", path);
+            return restr;
+        } else {
+            throw new NotExecutableException();
+        }
     }
 
-    protected String[] getRestrictions(String path) {
-        return new String[] {path, "*"};
+    public void testCombinedPolicies() throws RepositoryException, NotExecutableException {
+        Group testGroup = getTestGroup();
+        SessionImpl testSession = getTestSession();
+        AccessControlManager testAcMgr = getTestACManager();
+
+        /*
+          precondition:
+          testuser must have READ-only permission on test-node and below
+        */
+        checkReadOnly(path);
+
+        Privilege[] readPrivs = privilegesFromName(Privilege.JCR_READ);
+        // nodebased: remove READ privilege for 'testUser' at 'path'
+        withdrawPrivileges(path, readPrivs, getRestrictions(path));
+        // principalbased: add READ privilege for 'testGroup'
+        givePrivileges(path, testGroup.getPrincipal(), readPrivs, getPrincipalBasedRestrictions(path), false);
+        /*
+         expected result:
+         - nodebased wins over principalbased -> READ is denied
+         */
+        assertFalse(testSession.itemExists(path));
+        assertFalse(testSession.hasPermission(path, SessionImpl.READ_ACTION));
+        assertFalse(testAcMgr.hasPrivileges(path, readPrivs));
+
+        // remove the nodebased policy
+        JackrabbitAccessControlList policy = getPolicy(acMgr, path, getTestUser().getPrincipal());
+        acMgr.removePolicy(policy.getPath(), policy);
+        superuser.save();
+
+        /*
+         expected result:
+         - READ privilege is present again.
+         */
+        assertTrue(testSession.itemExists(path));
+        assertTrue(testSession.hasPermission(path, SessionImpl.READ_ACTION));
+        assertTrue(testAcMgr.hasPrivileges(path, readPrivs));
+
+        // nodebased: add WRITE privilege for 'testUser' at 'path'
+        Privilege[] wrtPrivileges = privilegesFromName(Privilege.JCR_WRITE);
+        givePrivileges(path, wrtPrivileges, getRestrictions(path));
+        // userbased: deny MODIFY_PROPERTIES privileges for 'testUser'
+        Privilege[] modPropPrivs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+        withdrawPrivileges(path, getTestUser().getPrincipal(), modPropPrivs, getPrincipalBasedRestrictions(path), false);
+        /*
+         expected result:
+         - MODIFY_PROPERTIES privilege still present
+         */
+        assertTrue(testSession.hasPermission(path+"/anyproperty", SessionImpl.SET_PROPERTY_ACTION));
+        assertTrue(testAcMgr.hasPrivileges(path, wrtPrivileges));
+
+        // nodebased: deny MODIFY_PROPERTIES privileges for 'testUser'
+        //            on a child node.
+        withdrawPrivileges(childNPath, getTestUser().getPrincipal(), modPropPrivs, getRestrictions(childNPath));
+        /*
+         expected result:
+         - MODIFY_PROPERTIES privilege still present at 'path'
+         - no-MODIFY_PROPERTIES privilege at 'childNPath'
+         */
+        assertTrue(testSession.hasPermission(path+"/anyproperty", SessionImpl.SET_PROPERTY_ACTION));
+        assertTrue(testAcMgr.hasPrivileges(path, modPropPrivs));
+
+        assertFalse(testSession.hasPermission(childNPath+"/anyproperty", SessionImpl.SET_PROPERTY_ACTION));
+        assertFalse(testAcMgr.hasPrivileges(childNPath, modPropPrivs));
     }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java Wed Aug 27 08:12:04 2008
@@ -3,7 +3,6 @@
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
-
 /**
  * Test suite
  */
@@ -19,10 +18,6 @@
     public static Test suite() {
         TestSuite suite = new TestSuite("security.authorization.combined tests");
 
-        suite.addTestSuite(PolicyTemplateImplTest.class);
-        suite.addTestSuite(PolicyEntryImplTest.class);
-        suite.addTestSuite(GlobPatternTest.class);
-
         suite.addTestSuite(EvaluationTest.class);
 
         return suite;

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * <code>ACLTemplateTest</code>...
+ */
+public class ACLTemplateTest extends AbstractACLTemplateTest {
+
+    private String testPath = "/rep:accessControl/users/test";
+
+    protected String getTestPath() {
+        return testPath;
+    }
+
+    protected JackrabbitAccessControlList createEmptyTemplate(String testPath)
+            throws RepositoryException {
+        return new ACLTemplate(testPrincipal, testPath, (SessionImpl) superuser);
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.value.StringValue;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * <code>EntryTest</code>...
+ */
+public class EntryTest extends AbstractEntryTest {
+
+    private Map restrictions;
+    private ACLTemplate acl;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        restrictions = new HashMap(2);
+        restrictions.put("rep:nodePath", superuser.getValueFactory().createValue("/a/b/c/d", PropertyType.PATH));
+        restrictions.put("rep:glob",  superuser.getValueFactory().createValue("*"));
+        acl = new ACLTemplate(testPrincipal, testPath, (SessionImpl) superuser);
+    }
+
+    protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
+            throws RepositoryException {
+        return acl.new Entry(principal, privileges, isAllow, restrictions);
+    }
+
+    private JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map restrictions)
+            throws RepositoryException {
+        return acl.new Entry(principal, privileges, isAllow, restrictions);
+    }
+
+    public void testNodePathMustNotBeNull() throws RepositoryException, NotExecutableException {
+        try {
+            Privilege[] privs = privilegesFromName(Privilege.JCR_ALL);
+            createEntry(testPrincipal, privs, true, Collections.EMPTY_MAP);
+            fail("NodePath cannot not be null");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    public void testGetNodePath() throws RepositoryException, NotExecutableException {
+        Privilege[] privs = privilegesFromName(Privilege.JCR_ALL);
+        JackrabbitAccessControlEntry pe = createEntry(testPrincipal, privs, true);
+        assertEquals(restrictions.get("rep:nodePath"), pe.getRestriction("rep:nodePath"));
+    }
+
+    public void testGetGlob() throws RepositoryException, NotExecutableException {
+        Privilege[] privs = privilegesFromName(Privilege.JCR_ALL);
+
+        JackrabbitAccessControlEntry pe = createEntry(testPrincipal, privs, true);
+        assertEquals(restrictions.get("rep:glob"), pe.getRestriction("rep:glob"));
+
+        Map restr = new HashMap();
+        restr.put("rep:nodePath",  restrictions.get("rep:nodePath"));
+        pe = createEntry(testPrincipal, privs, true, restr);
+        assertNull(pe.getRestriction("rep:glob"));
+
+        restr = new HashMap();
+        restr.put("rep:nodePath",  restrictions.get("rep:nodePath"));
+        restr.put("rep:glob",  new StringValue(""));
+
+        pe = createEntry(testPrincipal, privs, true, restr);
+        assertEquals("", pe.getRestriction("rep:glob").getString());
+    }
+
+    public void testMatches() throws RepositoryException {
+        Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
+        ACLTemplate.Entry ace = (ACLTemplate.Entry) createEntry(testPrincipal, privs, true);
+
+        // TODO: review again
+        String nodePath = ((Value) restrictions.get("rep:nodePath")).getString();
+        List toMatch = new ArrayList();
+        toMatch.add(nodePath + "/any");
+        toMatch.add(nodePath + "/anyother");
+        toMatch.add(nodePath + "/f/g/h");
+        toMatch.add(nodePath);
+        for (Iterator it = toMatch.iterator(); it.hasNext();) {
+            String str = it.next().toString();
+            assertTrue("Restrictions should match " + str, ace.matches(str));
+        }
+
+        List notToMatch = new ArrayList();
+        notToMatch.add(null);
+        notToMatch.add("");
+        notToMatch.add("/");
+        notToMatch.add("/a/b/c/");
+        for (Iterator it = notToMatch.iterator(); it.hasNext();) {
+            Object obj = it.next();
+            String str = (obj == null) ? null : obj.toString();
+            assertFalse("Restrictions shouldn't match " + str, ace.matches(str));
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,92 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.AccessDeniedException;
+import java.security.Principal;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+public class EvaluationTest extends AbstractEvaluationTest {
+
+    private static Logger log = LoggerFactory.getLogger(org.apache.jackrabbit.core.security.authorization.principalbased.EvaluationTest.class);
+
+    private List toClear = new ArrayList();
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        // simple test to check if proper provider is present:
+        getPolicy(acMgr, path, getTestUser().getPrincipal());
+    }
+
+    protected void clearACInfo() {
+        for (Iterator it = toClear.iterator(); it.hasNext();) {
+            String path = it.next().toString();
+            try {
+                AccessControlPolicy[] policies = acMgr.getPolicies(path);
+                for (int i = 0; i < policies.length; i++) {
+                    acMgr.removePolicy(path, policies[i]);
+                    superuser.save();
+                }
+            } catch (RepositoryException e) {
+                // log error and ignore
+                log.error(e.getMessage());
+            }
+        }
+    }
+
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
+        if (acM instanceof JackrabbitAccessControlManager) {
+            AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+            for (int i = 0; i < policies.length; i++) {
+                if (policies[i] instanceof ACLTemplate) {
+                    ACLTemplate acl = (ACLTemplate) policies[i];
+                    toClear.add(acl.getPath());
+                    return acl;
+                }
+            }
+        }
+        throw new NotExecutableException();
+    }
+
+    protected Map getRestrictions(String path) throws RepositoryException, NotExecutableException {
+        if (superuser instanceof SessionImpl) {
+            Map restr = new HashMap();
+            restr.put(((SessionImpl) superuser).getJCRName(ACLTemplate.P_NODE_PATH), path);
+            return restr;
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    // TODO: add specific tests with other restrictions
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.test.JUnitTest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * <code>GlobPatternTest</code>...
+ */
+public class GlobPatternTest extends JUnitTest {
+
+    private static Logger log = LoggerFactory.getLogger(GlobPatternTest.class);
+
+    public void testMatches() {
+        // TODO
+    }
+
+    public void testMatchesItem() {
+       // TODO
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,43 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import junit.framework.TestCase;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * Test suite
+ */
+public class TestAll extends TestCase {
+
+    /**
+     * Returns a <code>Test</code> suite that executes all tests inside this
+     * package.
+     *
+     * @return a <code>Test</code> suite that executes all tests inside this
+     *         package.
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite("security.authorization.combined tests");
+
+        suite.addTestSuite(ACLTemplateTest.class);
+        suite.addTestSuite(EntryTest.class);
+        suite.addTestSuite(GlobPatternTest.class);
+
+        suite.addTestSuite(EvaluationTest.class);
+
+        return suite;
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java Wed Aug 27 08:12:04 2008
@@ -22,8 +22,6 @@
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.core.security.user.UserManagerImpl;
 import org.apache.jackrabbit.test.NotExecutableException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.jcr.RepositoryException;
 import java.security.Principal;
@@ -34,8 +32,6 @@
  */
 public class DefaultPrincipalProviderTest extends AbstractUserTest {
 
-    private static Logger log = LoggerFactory.getLogger(DefaultPrincipalProviderTest.class);
-
     private PrincipalProvider principalProvider;
 
     protected void setUp() throws Exception {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java Wed Aug 27 08:12:04 2008
@@ -17,7 +17,7 @@
      *         package.
      */
     public static Test suite() {
-        TestSuite suite = new TestSuite("security.principal tests");
+        TestSuite suite = new TestSuite("core.security.principal tests");
 
         suite.addTestSuite(DefaultPrincipalProviderTest.class);
 

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,57 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.user;
+
+import org.apache.jackrabbit.api.security.user.AbstractUserTest;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.user.Impersonation;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
+import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
+
+import javax.jcr.Session;
+import javax.jcr.Credentials;
+import javax.jcr.RepositoryException;
+import javax.jcr.AccessDeniedException;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * <code>AdministratorTest</code>...
+ */
+public class AdministratorTest extends AbstractUserTest {
+
+    public void testGetPrincipal() throws RepositoryException {
+        Authorizable authr = userMgr.getAuthorizable(superuser.getUserID());
+        assertNotNull(authr);
+        assertFalse(authr.isGroup());
+        assertTrue(authr.getPrincipal() instanceof AdminPrincipal);
+    }
+
+    public void testRemoveSelf() throws RepositoryException, NotExecutableException {
+        Authorizable authr = userMgr.getAuthorizable(superuser.getUserID());
+        if (authr == null) {
+            throw new NotExecutableException();
+        }
+        try {
+            authr.remove();
+            fail("The Administrator should not be allowed to remove the own authorizable.");
+        } catch (RepositoryException e) {
+            // success
+        }
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java Wed Aug 27 08:12:04 2008
@@ -24,8 +24,6 @@
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.test.NotExecutableException;
 import org.apache.jackrabbit.util.Text;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.Credentials;
@@ -39,8 +37,6 @@
  */
 public class GroupAdministratorTest extends AbstractUserTest {
 
-    private static Logger log = LoggerFactory.getLogger(GroupAdministratorTest.class);
-
     // group-admin
     private String uID;
     private String uPath;
@@ -48,8 +44,10 @@
 
     private String parentUID;
     private String childUID;
+    private String grID;
+
 
-    private String groupID;
+    private Group groupAdmin;
 
     protected void setUp() throws Exception {
         super.setUp();
@@ -63,22 +61,18 @@
         p = getTestPrincipal();
         String pw = buildPassword(p);
         Credentials creds = buildCredentials(p.getName(), pw);
-        User u = userMgr.createUser(p.getName(), pw, p, pUser.getNode().getPath());
-        uID = u.getID();
-        uPath = ((UserImpl) u).getNode().getPath();
-
-        // create a third child user below
-        p = getTestPrincipal();
-        childUID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
+        User user = userMgr.createUser(p.getName(), pw, p, pUser.getNode().getPath());
+        uID = user.getID();
+        uPath = ((UserImpl) user).getNode().getPath();
 
         // make other user a group-administrator:
-        Authorizable groupAdmin = userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
-        if (groupAdmin == null || !groupAdmin.isGroup()) {
+        Authorizable grAdmin = userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
+        if (grAdmin == null || !grAdmin.isGroup()) {
             throw new NotExecutableException("Cannot execute test. Group-Admin name has been changed by config.");
         }
-        Group grAdministrators = (Group) groupAdmin;
-        grAdministrators.addMember(u);
-        groupID = grAdministrators.getID();
+        groupAdmin = (Group) grAdmin;
+        groupAdmin.addMember(user);
+        grID = groupAdmin.getID();
 
         // create a session for the grou-admin user.
         uSession = helper.getRepository().login(creds);
@@ -91,8 +85,7 @@
             }
         } finally {
             // remove group member ship
-            Group grAdministrators = (Group) userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
-            grAdministrators.removeMember(userMgr.getAuthorizable(uID));
+            groupAdmin.removeMember(userMgr.getAuthorizable(uID));
 
             // remove all users that have been created
             Authorizable a = userMgr.getAuthorizable(parentUID);
@@ -104,9 +97,18 @@
         super.tearDown();
     }
 
+    private String getChildID() throws RepositoryException {
+        if (childUID == null) {
+            // create a third child user below
+            Principal p = getTestPrincipal();
+            childUID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
+        }
+        return childUID;
+    }
+
     public void testIsGroupAdmin() throws RepositoryException, NotExecutableException {
         UserManager umgr = getUserManager(uSession);
-        Group gr = (Group) umgr.getAuthorizable(groupID);
+        Group gr = (Group) umgr.getAuthorizable(grID);
 
         assertTrue(gr.isMember(umgr.getAuthorizable(uID)));
     }
@@ -165,8 +167,8 @@
 
     public void testAddChildToGroup() throws RepositoryException, NotExecutableException {
         UserManager umgr = getUserManager(uSession);
-        Authorizable cU = umgr.getAuthorizable(childUID);
-        Group gr = (Group) umgr.getAuthorizable(groupID);
+        Authorizable cU = umgr.getAuthorizable(getChildID());
+        Group gr = (Group) umgr.getAuthorizable(grID);
 
         // adding and removing the child-user as member of a group not
         // succeed as long editing session is not user-admin.
@@ -181,7 +183,7 @@
 
     public void testAddChildToGroup2() throws RepositoryException, NotExecutableException {
         UserManager umgr = getUserManager(uSession);
-        Authorizable cU = umgr.getAuthorizable(childUID);
+        Authorizable cU = umgr.getAuthorizable(getChildID());
 
         Authorizable auth = umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
         if (auth == null || !auth.isGroup()) {
@@ -192,7 +194,7 @@
         try {
             assertTrue(userAdmin.addMember(self));
 
-            Group gr = (Group) umgr.getAuthorizable(groupID);
+            Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
             assertTrue(gr.addMember(cU));
             assertTrue(gr.removeMember(cU));
         } finally {
@@ -221,7 +223,7 @@
             assertTrue(userAdmin.isMember(self));
 
             // add child-user to test group
-            Authorizable testUser = umgr.getAuthorizable(childUID);
+            Authorizable testUser = umgr.getAuthorizable(getChildID());
             assertFalse(testGroup.isMember(testUser));
             assertTrue(testGroup.addMember(testUser));
         } finally {
@@ -239,7 +241,7 @@
         try {
             // let superuser create child user below the user with uID.
             UserManager umgr = getUserManager(uSession);
-            Authorizable cU = umgr.getAuthorizable(childUID);
+            Authorizable cU = umgr.getAuthorizable(getChildID());
             Group uadminGr = (Group) umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
             if (uadminGr.isMember(cU)) {
                 throw new RepositoryException("Test user is already member -> cannot execute.");
@@ -259,7 +261,7 @@
         UserManager umgr = getUserManager(uSession);
 
         Authorizable pU = umgr.getAuthorizable(parentUID);
-        Group gr = (Group) umgr.getAuthorizable(groupID);
+        Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
 
         // adding and removing the parent-user as member of a group must
         // never succeed.
@@ -300,7 +302,7 @@
         UserManager umgr = getUserManager(uSession);
 
         Authorizable user = umgr.getAuthorizable(uID);
-        Group gr = (Group) umgr.getAuthorizable(groupID);
+        Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
 
         // user is already group-admin -> adding must return false.
         // but should not throw exception.
@@ -311,7 +313,7 @@
         UserManager umgr = getUserManager(uSession);
 
         Authorizable user = umgr.getAuthorizable(uID);
-        Group gr = (Group) umgr.getAuthorizable(groupID);
+        Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
 
         // removing himself from group. should succeed.
         assertTrue(gr.removeMember(user));
@@ -392,7 +394,7 @@
                 Authorizable auth = (Authorizable) it.next();
 
                 String msg = "GroupAdmin cannot remove members of groups unless he/she is UserAdmin.";
-                assertFalse(gr.removeMember(auth));
+                assertFalse(msg, gr.removeMember(auth));
             }
         } catch (AccessDeniedException e) {
             // fine as well.
@@ -408,7 +410,7 @@
         UserManager umgr = getUserManager(uSession);
         Principal selfPrinc = umgr.getAuthorizable(uID).getPrincipal();
 
-        User child = (User) umgr.getAuthorizable(childUID);
+        User child = (User) umgr.getAuthorizable(getChildID());
         Impersonation impers = child.getImpersonation();
         assertFalse(impers.allows(buildSubject(selfPrinc)));
         try {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java Wed Aug 27 08:12:04 2008
@@ -17,6 +17,8 @@
 package org.apache.jackrabbit.core.security.user;
 
 import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.spi.commons.name.NameConstants;
@@ -30,7 +32,6 @@
 import javax.jcr.NodeIterator;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.jcr.Value;
 import java.util.Iterator;
 
@@ -52,13 +53,19 @@
             throw new NotExecutableException();
         }
         try {
-            UserManagerImpl uMgr = (UserManagerImpl) ((JackrabbitSession) session).getUserManager();
-            return uMgr.getCurrentUser();
-        } catch (UnsupportedRepositoryOperationException e) {
-            throw new NotExecutableException(e.getMessage());
-        } catch (UnsupportedOperationException e) {
-            throw new NotExecutableException(e.getMessage());
+            UserManager uMgr = ((JackrabbitSession) session).getUserManager();
+            String uid = session.getUserID();
+            if (uid != null) {
+                Authorizable auth = uMgr.getAuthorizable(session.getUserID());
+                if (auth != null && auth instanceof UserImpl) {
+                    return (UserImpl) auth;
+                }
+            }
+        } catch (RepositoryException e) {
+            // ignore
         }
+        // unable to retrieve current user
+        throw new NotExecutableException();
     }
 
     protected abstract NodeResolver createNodeResolver(Session session) throws RepositoryException, NotExecutableException;

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java Wed Aug 27 08:12:04 2008
@@ -24,23 +24,19 @@
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.test.NotExecutableException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.core.security.SecurityConstants;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
 import java.security.Principal;
-import java.util.Iterator;
 
 /**
  * <code>NotUserAdministratorTest</code>...
  */
 public class NotUserAdministratorTest extends AbstractUserTest {
 
-    private static Logger log = LoggerFactory.getLogger(NotUserAdministratorTest.class);
-
     // test user that is NOT user admin
     private String uID;
     private String uPath;
@@ -203,14 +199,14 @@
     }
 
     public void testAddToGroup() throws NotExecutableException, RepositoryException {
-        Iterator it = ((UserManagerImpl) uMgr).findGroups("");
-        if (!it.hasNext()) {
-            throw new NotExecutableException("Couldn't find any group");
+        Authorizable auth = userMgr.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME);
+        if (auth == null || !auth.isGroup()) {
+            throw new NotExecutableException("Couldn't find 'administrators' group");
         }
 
-        Group gr = (Group) it.next();
+        Group gr = (Group) auth;
         try {
-            Authorizable auth = uMgr.getAuthorizable(uID);
+            auth = uMgr.getAuthorizable(uID);
             gr.addMember(auth);
             fail("a common user should not be allowed to modify any groups.");
             gr.removeMember(auth);

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java Wed Aug 27 08:12:04 2008
@@ -28,7 +28,7 @@
      * @return a <code>Test</code> suite that executes all test in this package.
      */
     public static Test suite() {
-        TestSuite suite = new TestSuite("o.a.j.security.user tests");
+        TestSuite suite = new TestSuite("core.security.user tests");
 
         suite.addTestSuite(UserManagerImplTest.class);
         suite.addTestSuite(AuthorizableImplTest.class);
@@ -38,6 +38,7 @@
         suite.addTestSuite(UserAdministratorTest.class);
         suite.addTestSuite(NotUserAdministratorTest.class);
         suite.addTestSuite(GroupAdministratorTest.class);
+        suite.addTestSuite(AdministratorTest.class);
 
         suite.addTestSuite(IndexNodeResolverTest.class);
         suite.addTestSuite(TraversingNodeResolverTest.class);

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java Wed Aug 27 08:12:04 2008
@@ -103,6 +103,14 @@
         super.tearDown();
     }
 
+    private Group getGroupAdminGroup(UserManager uMgr) throws RepositoryException, NotExecutableException {
+        Authorizable auth = uMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
+        if (auth == null || !auth.isGroup()) {
+            throw new NotExecutableException();
+        }
+        return (Group) auth;
+    }
+
     public void testUserIsUserAdmin() throws RepositoryException, NotExecutableException {
         Set principals = getPrincipalSetFromSession(otherSession);
         boolean isAdmin = false;
@@ -216,13 +224,11 @@
         UserManager umgr = getUserManager(otherSession);
 
         User userHimSelf = (User) umgr.getAuthorizable(otherUID);
-        for (Iterator it = ((UserManagerImpl) umgr).findGroups(""); it.hasNext();) {
-            Group gr = (Group) it.next();
-            try {
-                assertFalse(gr.addMember(userHimSelf));
-            } catch (RepositoryException e) {
-                // success
-            }
+        Group gr = getGroupAdminGroup(umgr);
+        try {
+            assertFalse(gr.addMember(userHimSelf));
+        } catch (RepositoryException e) {
+            // success as well.
         }
     }
 
@@ -233,13 +239,11 @@
         if (parentUser == null) {
             throw new NotExecutableException();
         } else {
-            for (Iterator it = ((UserManagerImpl) umgr).findGroups(""); it.hasNext();) {
-                Group gr = (Group) it.next();
-                try {
-                    assertFalse(gr.addMember(parentUser));
-                } catch (RepositoryException e) {
-                    // success
-                }
+            Group gr = getGroupAdminGroup(umgr);
+            try {
+                assertFalse(gr.addMember(parentUser));
+            } catch (RepositoryException e) {
+                // success
             }
         }
     }
@@ -250,13 +254,11 @@
         User childU = null;
         try {
             childU = umgr.createUser(cp.getName(), buildPassword(cp));
-            for (Iterator it = ((UserManagerImpl) umgr).findGroups(""); it.hasNext();) {
-                Group gr = (Group) it.next();
-                try {
-                    assertFalse(gr.addMember(childU));
-                } catch (RepositoryException e) {
-                    // success
-                }
+            Group gr = getGroupAdminGroup(umgr);
+            try {
+                assertFalse(gr.addMember(childU));
+            } catch (RepositoryException e) {
+                // success
             }
         } finally {
             if (childU != null) {
@@ -289,12 +291,8 @@
 
     public void testAddToGroup() throws NotExecutableException, RepositoryException {
         UserManager umgr = getUserManager(otherSession);
-        Iterator it = ((UserManagerImpl) umgr).findGroups("");
-        if (!it.hasNext()) {
-            throw new NotExecutableException("Couldn't find any group");
-        }
+        Group gr = getGroupAdminGroup(umgr);
 
-        Group gr = (Group) it.next();
         Authorizable auth = umgr.getAuthorizable(uID);
         try {
             assertFalse(gr.addMember(auth));



Mime
View raw message