Mailing-List: contact commits-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@jackrabbit.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r704896 - in /jackrabbit/branches/1.5: ./
 jackrabbit-core/src/main/java/org/apache/jackrabbit/core/
 jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/
 jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/
 jackrabb...
Date: Wed, 15 Oct 2008 12:46:57 -0000
To: commits@jackrabbit.apache.org
From: jukka@apache.org
Message-Id: <20081015124658.595B4238897B@eris.apache.org>

Author: jukka
Date: Wed Oct 15 05:46:56 2008
New Revision: 704896

URL: http://svn.apache.org/viewvc?rev=704896&view=rev
Log:
1.5: Merged revisions 704165, 704157, and 704324 (JCR-1765 and JCR-1805)

Modified:
    jackrabbit/branches/1.5/   (props changed)
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/ConfigurationParser.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfigurationParser.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactory.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
    jackrabbit/branches/1.5/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/config/repository-1.5.dtd

Propchange: jackrabbit/branches/1.5/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 15 05:46:56 2008
@@ -1,2 +1,2 @@
 /jackrabbit/branches/1.3:631261
-/jackrabbit/trunk:703899-704158
+/jackrabbit/trunk:703899-704158,704165,704167,704324

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java Wed Oct 15 05:46:56 2008
@@ -23,15 +23,16 @@
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.core.config.AccessManagerConfig;
-import org.apache.jackrabbit.core.config.BeanConfig;
 import org.apache.jackrabbit.core.config.LoginModuleConfig;
 import org.apache.jackrabbit.core.config.SecurityConfig;
 import org.apache.jackrabbit.core.config.WorkspaceConfig;
 import org.apache.jackrabbit.core.config.WorkspaceSecurityConfig;
+import org.apache.jackrabbit.core.config.SecurityManagerConfig;
 import org.apache.jackrabbit.core.security.AMContext;
 import org.apache.jackrabbit.core.security.AccessManager;
 import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 import org.apache.jackrabbit.core.security.SecurityConstants;
+import org.apache.jackrabbit.core.security.DefaultAccessManager;
 import org.apache.jackrabbit.core.security.authentication.AuthContext;
 import org.apache.jackrabbit.core.security.authentication.AuthContextProvider;
 import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
@@ -204,14 +205,22 @@
 
         // create the system userManager and make sure the system-users exist.
         systemUserManager = new UserManagerImpl(securitySession, adminId);
-        createSystemUsers(adminId, anonymousId);
+        createSystemUsers(systemUserManager, adminId, anonymousId);
 
         // init default ac-provider-factory
         acProviderFactory = new AccessControlProviderFactoryImpl();
-        acProviderFactory.init(this);
+        acProviderFactory.init(securitySession);
 
         // create the evalutor for workspace access
-        workspaceAccessManager = createWorkspaceAccessManager();
+        SecurityManagerConfig smc = config.getSecurityManagerConfig();
+        if (smc != null && smc.getWorkspaceAccessConfig() != null) {
+            workspaceAccessManager = (WorkspaceAccessManager) smc.getWorkspaceAccessConfig().newInstance();
+        } else {
+            // fallback -> the default implementation
+            log.debug("No WorkspaceAccessManager configured; using default.");
+            workspaceAccessManager = new WorkspaceAccessManagerImpl();
+        }
+        workspaceAccessManager.init(securitySession);
 
         // initialize principa-provider registry
         // 1) create default
@@ -258,32 +267,30 @@
     }
 
     /**
-     * @see JackrabbitSecurityManager#getSecurityConfig()
-     */
-    public SecurityConfig getSecurityConfig() throws RepositoryException {
-        return repository.getConfig().getSecurityConfig();
-    }
-
-    /**
      * @see JackrabbitSecurityManager#getAccessManager(Session,AMContext)
      */
     public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException {
         checkInitialized();
-        AccessManagerConfig amConfig = getSecurityConfig().getAccessManagerConfig();
+        AccessManagerConfig amConfig = repository.getConfig().getSecurityConfig().getAccessManagerConfig();
         try {
             String wspName = session.getWorkspace().getName();
             AccessControlProvider pp = getAccessControlProvider(wspName);
+            AccessManager accessMgr;
+            if (amConfig == null) {
+                log.debug("No configuration entry for AccessManager. Using org.apache.jackrabbit.core.security.DefaultAccessManager");
+                accessMgr = new DefaultAccessManager();
+            } else {
+                accessMgr = (AccessManager) amConfig.newInstance();
+            }
 
-            AccessManager accessMgr = (AccessManager) amConfig.newInstance();
             accessMgr.init(amContext, pp, workspaceAccessManager);
             return accessMgr;
-        } catch (AccessDeniedException ade) {
+        } catch (AccessDeniedException e) {
             // re-throw
-            throw ade;
+            throw e;
         } catch (Exception e) {
             // wrap in RepositoryException
             String msg = "Failed to instantiate AccessManager (" + amConfig.getClassName() + ")";
-            e.printStackTrace();
             log.error(msg, e);
             throw new RepositoryException(msg, e);
         }
@@ -330,6 +337,7 @@
      * @see JackrabbitSecurityManager#getUserID(Subject)
      */
     public String getUserID(Subject subject) throws RepositoryException {
+        checkInitialized();
         /* shortcut if the subject contains the AdminPrincipal in which case
            the userID is already known. */
         if (!subject.getPrincipals(AdminPrincipal.class).isEmpty()) {
@@ -385,20 +393,6 @@
 
     //--------------------------------------------------------------------------
     /**
-     * @param wspName
-     * @return The <code>WorkspaceSecurityConfig</code> for the given workspace
-     * name or <code>null</code>.
-     */
-    private WorkspaceSecurityConfig getWorkspaceSecurityConfig(String wspName) {
-        WorkspaceConfig conf = repository.getConfig().getWorkspaceConfig(wspName);
-        if (conf == null) {
-            return null;
-        } else {
-            return conf.getSecurityConfig();
-        }
-    }
-
-    /**
      * Returns the access control provider for the specified
      * <code>workspaceName</code>.
      *
@@ -409,12 +403,14 @@
      */
     private AccessControlProvider getAccessControlProvider(String workspaceName)
             throws NoSuchWorkspaceException, RepositoryException {
-
+        checkInitialized();
         synchronized (acProviders) {
             AccessControlProvider provider = (AccessControlProvider) acProviders.get(workspaceName);
             if (provider == null) {
                 SystemSession systemSession = repository.getSystemSession(workspaceName);
-                provider = acProviderFactory.createProvider(systemSession, getWorkspaceSecurityConfig(workspaceName));
+                WorkspaceConfig conf = repository.getConfig().getWorkspaceConfig(workspaceName);
+                WorkspaceSecurityConfig secConf = (conf == null) ?  null : conf.getSecurityConfig();
+                provider = acProviderFactory.createProvider(systemSession, secConf);
                 acProviders.put(workspaceName, provider);
             }
             return provider;
@@ -422,43 +418,28 @@
     }
 
     /**
-     * @return the WorkspaceAccessManager responsible for the repository.
-     */
-    private WorkspaceAccessManager createWorkspaceAccessManager() throws RepositoryException {
-        WorkspaceAccessManager wspAccess;
-        BeanConfig config = repository.getConfig().getSecurityConfig().getSecurityManagerConfig().getWorkspaceAccessConfig();
-        if (config != null) {
-            wspAccess = (WorkspaceAccessManager) config.newInstance();
-        } else {
-            // fallback -> the default implementation
-            log.debug("No WorkspaceAccessManager configured; using default.");
-            wspAccess = new WorkspaceAccessManagerImpl();
-        }
-        wspAccess.init(this);
-        return wspAccess;
-    }
-
-    /**
      * Make sure the 'administrators' group exists and the user with the
      * configured (or default) adminID is member of this user-group.
      *
+     * @param userManager
      * @param adminId
      * @param anonymousId
      * @throws RepositoryException
      */
-    private void createSystemUsers(String adminId,
-                                   String anonymousId) throws RepositoryException {
+    private static void createSystemUsers(UserManager userManager,
+                                          String adminId,
+                                          String anonymousId) throws RepositoryException {
         Principal pr = new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME);
-        Group admins = (Group) systemUserManager.getAuthorizable(pr);
+        Group admins = (Group) userManager.getAuthorizable(pr);
         if (admins == null) {
-            admins = systemUserManager.createGroup(new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME));
+            admins = userManager.createGroup(new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME));
             log.debug("...created administrators group with name '"+SecurityConstants.ADMINISTRATORS_NAME+"'");
         }
 
         if (adminId != null) {
-            Authorizable admin = systemUserManager.getAuthorizable(adminId);
+            Authorizable admin = userManager.getAuthorizable(adminId);
             if (admin == null) {
-                admin = systemUserManager.createUser(adminId, adminId);
+                admin = userManager.createUser(adminId, adminId);
                 log.info("...created admin-user with id \'" + adminId + "\' ...");
                 admins.addMember(admin);
                 log.info("...added admin \'" + adminId + "\' as member of the administrators group.");
@@ -466,9 +447,9 @@
         }
 
         if (anonymousId != null) {
-            Authorizable anonymous = systemUserManager.getAuthorizable(anonymousId);
+            Authorizable anonymous = userManager.getAuthorizable(anonymousId);
             if (anonymous == null) {
-                systemUserManager.createUser(anonymousId, "");
+                userManager.createUser(anonymousId, "");
                 log.info("...created anonymous-user with id \'" + anonymousId + "\' ...");
             }
         }
@@ -491,8 +472,9 @@
         //-----------------------------------------< WorkspaceAccessManager >---
         /**
          * {@inheritDoc}
+         * @param securitySession
          */
-        public void init(JackrabbitSecurityManager securityManager) throws RepositoryException {
+        public void init(Session securitySession) throws RepositoryException {
             // nothing to do here.
         }
 

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java Wed Oct 15 05:46:56 2008
@@ -52,6 +52,7 @@
 import org.apache.jackrabbit.core.persistence.PersistenceManager;
 import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 import org.apache.jackrabbit.core.security.authentication.AuthContext;
+import org.apache.jackrabbit.core.security.simple.SimpleSecurityManager;
 import org.apache.jackrabbit.core.state.CacheManager;
 import org.apache.jackrabbit.core.state.ChangeLog;
 import org.apache.jackrabbit.core.state.ISMLocking;
@@ -399,19 +400,23 @@
 
         if (securityMgr == null) {
             SecurityManagerConfig smc = getConfig().getSecurityConfig().getSecurityManagerConfig();
-
-            String workspaceName = smc.getWorkspaceName();
-            if (workspaceName == null) {
-                workspaceName = getConfig().getDefaultWorkspaceName();
+            String workspaceName = getConfig().getDefaultWorkspaceName();
+            if (smc != null && smc.getWorkspaceName() != null) {
+                workspaceName = smc.getWorkspaceName();
             }
             SystemSession securitySession = getSystemSession(workspaceName);
             // mark system session as 'active' for that the system workspace does
             // not get disposed by workspace-janitor
             onSessionCreated(securitySession);
 
-            securityMgr = (JackrabbitSecurityManager) smc.newInstance();
-            securityMgr.init(this, securitySession);
+            if (smc == null) {
+                log.debug("No configuration entry for SecurityManager. Using org.apache.jackrabbit.core.security.simple.SimpleSecurityManager");
+                securityMgr = new SimpleSecurityManager();
+            } else {
+                securityMgr = (JackrabbitSecurityManager) smc.newInstance();
+            }
 
+            securityMgr.init(this, securitySession);
             log.info("SecurityManager = " + securityMgr.getClass());
         }
         return securityMgr;
@@ -454,10 +459,14 @@
      */
     protected void initStartupWorkspaces() throws RepositoryException {
         String wspName = repConfig.getDefaultWorkspaceName();
-        String secWspName = repConfig.getSecurityConfig().getSecurityManagerConfig().getWorkspaceName();
+        String secWspName = null;
+        SecurityManagerConfig smc = repConfig.getSecurityConfig().getSecurityManagerConfig();
+        if (smc != null) {
+           secWspName = smc.getWorkspaceName();
+        }
         try {
             initWorkspace((WorkspaceInfo) wspInfos.get(wspName));
-            if(secWspName != null && !wspInfos.containsKey(secWspName)) {
+            if (secWspName != null && !wspInfos.containsKey(secWspName)) {
                 createWorkspace(secWspName);
                 log.info("created system workspace: {}", secWspName);
             }

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/ConfigurationParser.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/ConfigurationParser.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/ConfigurationParser.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/ConfigurationParser.java Wed Oct 15 05:46:56 2008
@@ -115,6 +115,36 @@
     }
 
     /**
+     * Parses a named bean configuration from the given element.
+     * Bean configuration uses the following format:
+     * <pre>
+     *   &lt;BeanName class="..."&gt;
+     *     &lt;param name="..." value="..."/&gt;
+     *     ...
+     *   &lt;/BeanName&gt;
+     * </pre>
+     * <p>
+     * The returned bean configuration object contains the configured
+     * class name and configuration parameters. Variable replacement
+     * is performed on the parameter values.
+     *
+     * @param element
+     * @return bean configuration,
+     * @throws ConfigurationException if the configuration element does not
+     *                                exist or is broken
+     */
+    protected BeanConfig parseBeanConfig(Element element)
+            throws ConfigurationException {
+        // Bean implementation class
+        String className = getAttribute(element, CLASS_ATTRIBUTE);
+
+        // Bean properties
+        Properties properties = parseParameters(element);
+
+        return new BeanConfig(className, properties);
+    }
+
+    /**
      * Parses the configuration parameters of the given element.
      * Parameters are stored as
      * <code>&lt;param name="..." value="..."/&gt;</code>
@@ -147,7 +177,8 @@
                     throw new ConfigurationException("Parameter value not set");
                 }
                 parameters.put(
-                        name.getValue(), replaceVariables(value.getValue()));
+                        name.getValue().trim(),
+                        replaceVariables(value.getValue()));
             }
         }
 

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfigurationParser.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfigurationParser.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfigurationParser.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfigurationParser.java Wed Oct 15 05:46:56 2008
@@ -296,43 +296,51 @@
      * Parses the security manager configuration.
      *
      * @param security the &lt;security> element.
-     * @return the security manager configuration.
+     * @return the security manager configuration or <code>null</code>.
      * @throws ConfigurationException if the configuration is broken
      */
     public SecurityManagerConfig parseSecurityManagerConfig(Element security)
             throws ConfigurationException {
-
-        BeanConfig bc = parseBeanConfig(security, SECURITY_MANAGER_ELEMENT);
-
-        Element smElement = getElement(security, SECURITY_MANAGER_ELEMENT);
-        String wspAttr = getAttribute(smElement, WSP_NAME_ATTRIBUTE, null);
-
-        BeanConfig wac = null;
-        Element element = getElement(smElement, WORKSPACE_ACCESS_ELEMENT, false);
-        if (element != null) {
-            wac = parseBeanConfig(smElement, WORKSPACE_ACCESS_ELEMENT);
+        // Optional security manager config entry
+        Element smElement = getElement(security, SECURITY_MANAGER_ELEMENT, false);
+        if (smElement != null) {
+            BeanConfig bc = parseBeanConfig(smElement);
+            String wspAttr = getAttribute(smElement, WSP_NAME_ATTRIBUTE, null);
+
+            BeanConfig wac = null;
+            Element element = getElement(smElement, WORKSPACE_ACCESS_ELEMENT, false);
+            if (element != null) {
+                wac = parseBeanConfig(smElement, WORKSPACE_ACCESS_ELEMENT);
+            }
+            return new SecurityManagerConfig(bc, wspAttr, wac);
+        } else {
+            return null;
         }
-        return new SecurityManagerConfig(bc, wspAttr, wac);
     }
 
     /**
      * Parses the access manager configuration.
      *
      * @param security the &lt;security> element.
-     * @return the access manager configuration.
+     * @return the access manager configuration or <code>null</code>.
      * @throws ConfigurationException if the configuration is broken
      */
     public AccessManagerConfig parseAccessManagerConfig(Element security)
             throws ConfigurationException {
-        return new AccessManagerConfig(
-                parseBeanConfig(security, ACCESS_MANAGER_ELEMENT));
+        // Optional access manager config entry
+        Element accessMgr = getElement(security, ACCESS_MANAGER_ELEMENT, false);
+        if (accessMgr != null) {
+            return new AccessManagerConfig(parseBeanConfig(accessMgr));
+        } else {
+            return null;
+        }
     }
 
     /**
      * Parses the login module configuration.
      *
      * @param security the &lt;security> element.
-     * @return the login module configuration.
+     * @return the login module configuration or <code>null</code>.
      * @throws ConfigurationException if the configuration is broken
      */
     public LoginModuleConfig parseLoginModuleConfig(Element security)

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java Wed Oct 15 05:46:56 2008
@@ -18,7 +18,6 @@
 
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.core.config.SecurityConfig;
 import org.apache.jackrabbit.core.security.authentication.AuthContext;
 
 import javax.jcr.Credentials;
@@ -49,14 +48,6 @@
     public void close();
 
     /**
-     * Returns the configuration that applies to this manager.
-     *
-     * @return security config
-     * @throws RepositoryException
-     */
-    public SecurityConfig getSecurityConfig() throws RepositoryException;
-
-    /**
      * Returns a new <code>AuthContext</code> for the specified credentials and
      * subject.
      *

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactory.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactory.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactory.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactory.java Wed Oct 15 05:46:56 2008
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.core.security.authorization;
 
 import org.apache.jackrabbit.core.config.WorkspaceSecurityConfig;
-import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
@@ -41,12 +40,11 @@
 public interface AccessControlProviderFactory {
 
     /**
-     * Initalize the Factory with JackrabbitSecurityManager.
-     * This allows to access Repsoitory's Security objects
+     * Initalize this factory.
      *
-     * @param securityManager
+     * @param securitySession
      */
-    void init(JackrabbitSecurityManager securityManager) throws RepositoryException;
+    void init(Session securitySession) throws RepositoryException;
 
     /**
      * Dispose this <code>AccessControlProviderFactory</code> and its resources.
@@ -65,7 +63,7 @@
      * @param systemSession the system session for the workspace the
      * <code>AccessControlProvider</code> should be created for.
      * @param config The security configuration for that workspace or
-     * <code>null</code> if the config entry is present. In this case the
+     * <code>null</code> if no config entry is present. In this case the
      * factory must use its default. The configuration is used to determine
      * the implementation of <code>AccessControlProvider</code> to be used
      * and to retrieve eventual configuration parameters.

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java Wed Oct 15 05:46:56 2008
@@ -18,9 +18,10 @@
 
 import org.apache.jackrabbit.core.config.BeanConfig;
 import org.apache.jackrabbit.core.config.WorkspaceSecurityConfig;
-import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 import org.apache.jackrabbit.core.security.authorization.acl.ACLProvider;
 import org.apache.jackrabbit.core.security.user.UserAccessControlProvider;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.RepositoryImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -43,13 +44,17 @@
      * The name of the security workspace (containing users...)
      */
     private String secWorkspaceName = null;
+    private String defaultWorkspaceName = null;
 
     //---------------------------------------< AccessControlProviderFactory >---
     /**
-     * @see AccessControlProviderFactory#init(JackrabbitSecurityManager)
+     * @see AccessControlProviderFactory#init(Session)
      */
-    public void init(JackrabbitSecurityManager securityMgr) throws RepositoryException {
-        secWorkspaceName = securityMgr.getSecurityConfig().getSecurityManagerConfig().getWorkspaceName();
+    public void init(Session securitySession) throws RepositoryException {
+        secWorkspaceName = securitySession.getWorkspace().getName();
+        if (securitySession instanceof SessionImpl) {
+            defaultWorkspaceName = ((RepositoryImpl) securitySession.getRepository()).getConfig().getDefaultWorkspaceName();
+        } // else: unable to determine default workspace name
     }
 
     /**
@@ -73,7 +78,10 @@
             props = bc.getParameters();
         } else {
             log.debug("No ac-provider configuration for workspace " + workspaceName + " -> using defaults.");
-            if (workspaceName.equals(secWorkspaceName)) {
+            if (workspaceName.equals(secWorkspaceName) && !workspaceName.equals(defaultWorkspaceName)) {
+                // UserAccessControlProvider is designed to work with an extra
+                // workspace storing user and groups. therefore avoid returning
+                // this ac provider for the default workspace.
                 prov = new UserAccessControlProvider();
             } else {
                 prov = new ACLProvider();

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java Wed Oct 15 05:46:56 2008
@@ -16,9 +16,8 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
-
 import javax.jcr.RepositoryException;
+import javax.jcr.Session;
 import java.util.Set;
 
 /**
@@ -31,10 +30,10 @@
     /**
      * Initialize this <code>WorkspaceAccessManager</code>.
      *
-     * @param securityManager
+     * @param securitySession
      * @throws RepositoryException if an error occurs.
      */
-    void init(JackrabbitSecurityManager securityManager) throws RepositoryException;
+    void init(Session securitySession) throws RepositoryException;
 
     /**
      * Dispose this <code>WorkspaceAccessManager</code> and its resources.

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java Wed Oct 15 05:46:56 2008
@@ -170,13 +170,6 @@
     }
 
     /**
-     * @see JackrabbitSecurityManager#getSecurityConfig()
-     */
-    public SecurityConfig getSecurityConfig() throws RepositoryException {
-        return config;
-    }
-
-    /**
      * @see JackrabbitSecurityManager#getAccessManager(Session,AMContext)
      */
     public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException {

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java Wed Oct 15 05:46:56 2008
@@ -131,29 +131,28 @@
      */
     public void init(Session systemSession, Map configuration) throws RepositoryException {
         super.init(systemSession, configuration);
+        if (systemSession instanceof SessionImpl) {
+            SessionImpl sImpl = (SessionImpl) systemSession;
+            userAdminGroup = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
+            groupAdminGroup = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
+
+            // make sure the groups exist (and ev. create them).
+            UserManager uMgr = sImpl.getUserManager();
+            if (!initGroup(uMgr, userAdminGroup)) {
+                log.warn("Unable to initialize User admininistrator group -> no user admins.");
+                userAdminGroup = null;
+            }
+            if (!initGroup(uMgr, groupAdminGroup)) {
+                log.warn("Unable to initialize Group admininistrator group -> no group admins.");
+                groupAdminGroup = null;
+            }
 
-         if (systemSession instanceof SessionImpl) {
-             SessionImpl sImpl = (SessionImpl) systemSession;
-             userAdminGroup = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
-             groupAdminGroup = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
-
-             // make sure the groups exist (and ev. create them).
-             UserManager uMgr = sImpl.getUserManager();
-             if (!initGroup(uMgr, userAdminGroup)) {
-                 log.warn("Unable to initialize User admininistrator group -> no user admins.");
-                 userAdminGroup = null;
-             }
-             if (!initGroup(uMgr, groupAdminGroup)) {
-                 log.warn("Unable to initialize Group admininistrator group -> no group admins.");
-                 groupAdminGroup = null;
-             }
-
-             usersPath = sImpl.getQPath(USERS_PATH);
-             groupsPath = sImpl.getQPath(GROUPS_PATH);
-         } else {
-             throw new RepositoryException("SessionImpl (system session) expected.");
-         }
-     }
+            usersPath = sImpl.getQPath(USERS_PATH);
+            groupsPath = sImpl.getQPath(GROUPS_PATH);
+        } else {
+            throw new RepositoryException("SessionImpl (system session) expected.");
+        }
+    }
 
     /**
      * @see AccessControlProvider#getEffectivePolicies(Path)
@@ -323,7 +322,7 @@
                 privs = PrivilegeRegistry.NO_PRIVILEGE;
             }
 
-            Path abs2Path = path.subPath(0, 4);
+            Path abs2Path = (4 > path.getLength()) ? null : path.subPath(0, 4);
             if (usersPath.equals(abs2Path)) {
                 /*
                  below the user-tree
@@ -495,7 +494,7 @@
                                     }
                                 }
                                 break;
-                            // default: other events are not relevant.
+                                // default: other events are not relevant.
                         }
                         // invalidate the cached results
                         clearCache();

Modified: jackrabbit/branches/1.5/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/config/repository-1.5.dtd
URL: http://svn.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/config/repository-1.5.dtd?rev=704896&r1=704895&r2=704896&view=diff
==============================================================================
--- jackrabbit/branches/1.5/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/config/repository-1.5.dtd (original)
+++ jackrabbit/branches/1.5/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/config/repository-1.5.dtd Wed Oct 15 05:46:56 2008
@@ -67,7 +67,7 @@
 
     it also specifies various security related managers to be used.
 -->
-<!ELEMENT Security (SecurityManager, AccessManager, LoginModule?)>
+<!ELEMENT Security (SecurityManager?, AccessManager?, LoginModule?)>
 <!ATTLIST Security appName CDATA #REQUIRED>
 
 <!--