jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ju...@apache.org
Subject svn commit: r792142 [11/35] - in /jackrabbit/sandbox/JCR-1456: ./ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabbit-core/ jackrabbit-core/src/main/java/org/apache/jackrab...
Date Wed, 08 Jul 2009 13:57:46 GMT
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/Join.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/Join.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/Join.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/Join.java Wed Jul  8 13:57:13 2009
@@ -26,6 +26,7 @@
 import org.apache.jackrabbit.core.query.lucene.MultiColumnQueryHits;
 import org.apache.jackrabbit.core.query.lucene.ScoreNode;
 import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.commons.query.qom.ChildNodeJoinConditionImpl;
 import org.apache.jackrabbit.spi.commons.query.qom.DefaultQOMTreeVisitor;
 import org.apache.jackrabbit.spi.commons.query.qom.DescendantNodeJoinConditionImpl;
@@ -74,7 +75,7 @@
     /**
      * A buffer for joined score node rows.
      */
-    protected final List buffer = new LinkedList();
+    protected final List<ScoreNode[]> buffer = new LinkedList<ScoreNode[]>();
 
     /**
      * Creates a new join.
@@ -218,20 +219,22 @@
                             || src1 == right && JoinType.RIGHT == joinType) {
                         outer = src1;
                         outerIdx = getIndex(outer, node.getSelector1QName());
-                        if (node.getSelector2QPath() != null) {
+                        Path selector2Path = node.getSelector2QPath();
+                        if (selector2Path == null || (selector2Path.getLength() == 1 && selector2Path.getNameElement().denotesCurrent())) {
+                            c = new SameNodeJoin(src2, node.getSelector2QName(), reader);
+                        } else {
                             c = new DescendantPathNodeJoin(src2, node.getSelector2QName(),
                                     node.getSelector2QPath(), hmgr);
-                        } else {
-                            c = new SameNodeJoin(src2, node.getSelector2QName(), reader);
                         }
                     } else {
                         outer = src2;
                         outerIdx = getIndex(outer, node.getSelector2QName());
-                        if (node.getSelector2QPath() != null) {
+                        Path selector2Path = node.getSelector2QPath();
+                        if (selector2Path == null || (selector2Path.getLength() == 1 && selector2Path.getNameElement().denotesCurrent())) {
+                            c = new SameNodeJoin(src1, node.getSelector1QName(), reader);
+                        } else {
                             c = new AncestorPathNodeJoin(src1, node.getSelector1QName(),
                                     node.getSelector2QPath(), hmgr);
-                        } else {
-                            c = new SameNodeJoin(src1, node.getSelector1QName(), reader);
                         }
                     }
                     return new Join(outer, outerIdx, isInner, c);
@@ -251,7 +254,7 @@
      */
     public ScoreNode[] nextScoreNodes() throws IOException {
         if (!buffer.isEmpty()) {
-            return (ScoreNode[]) buffer.remove(0);
+            return buffer.remove(0);
         }
         do {
             // refill buffer
@@ -261,8 +264,7 @@
             }
             ScoreNode[][] nodes = condition.getMatchingScoreNodes(sn[outerScoreNodeIndex]);
             if (nodes != null) {
-                for (int i = 0; i < nodes.length; i++) {
-                    ScoreNode[] node = nodes[i];
+                for (ScoreNode[] node : nodes) {
                     // create array with both outer and inner
                     ScoreNode[] tmp = new ScoreNode[sn.length + node.length];
                     System.arraycopy(sn, 0, tmp, 0, sn.length);
@@ -278,7 +280,7 @@
             }
         } while (buffer.isEmpty());
 
-        return (ScoreNode[]) buffer.remove(0);
+        return buffer.remove(0);
     }
 
     /**

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/SameNodeJoin.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/SameNodeJoin.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/SameNodeJoin.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/SameNodeJoin.java Wed Jul  8 13:57:13 2009
@@ -55,8 +55,7 @@
         int idx = getIndex(inner, innerSelectorName);
         ScoreNode[] nodes;
         while ((nodes = inner.nextScoreNodes()) != null) {
-            Integer docNum = new Integer(nodes[idx].getDoc(reader));
-            innerIndex.addScoreNodes(docNum, nodes);
+            innerIndex.addScoreNodes(nodes[idx].getDoc(reader), nodes);
         }
     }
 
@@ -65,6 +64,6 @@
      */
     public ScoreNode[][] getMatchingScoreNodes(ScoreNode outer)
             throws IOException {
-        return innerIndex.getScoreNodes(new Integer(outer.getDoc(reader)));
+        return innerIndex.getScoreNodes(outer.getDoc(reader));
     }
 }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java Wed Jul  8 13:57:13 2009
@@ -69,10 +69,10 @@
     private final SessionImpl session;
     private final FileSystemResource retentionFile;
 
-    private long holdCnt = 0;
-    private long retentionCnt = 0;
-    
-    private boolean initialized = false;
+    private long holdCnt;
+    private long retentionCnt;
+
+    private boolean initialized;
 
     public RetentionRegistryImpl(SessionImpl session, FileSystem fs) throws RepositoryException {
         this.session = session;
@@ -107,7 +107,7 @@
      * node, that entry will be ignored. Upon {@link #close()} of this
      * manager, the file will be updated to reflect the actual set of holds/
      * retentions present and effective in the content.
-     * 
+     *
      * @throws IOException
      * @throws FileSystemException
      */
@@ -194,12 +194,12 @@
         writeRetentionFile();
         initialized = false;
     }
-    
+
     private void addHolds(Path nodePath, PropertyImpl p) throws RepositoryException {
         synchronized (holdMap) {
             Hold[] holds = HoldImpl.createFromProperty(p, ((PropertyId) p.getId()).getParentId());
             holdMap.put(nodePath, Arrays.asList(holds));
-            holdCnt++;            
+            holdCnt++;
         }
     }
 
@@ -284,7 +284,7 @@
         if (element != null) {
             rp = (RetentionPolicy) element.get();
         }
-        if (rp == null && checkParent ) {
+        if (rp == null && checkParent) {
             element = retentionMap.map(nodePath.getAncestor(1), true);
             if (element != null) {
                 rp = (RetentionPolicy) element.get();
@@ -341,7 +341,7 @@
                 // else: not interested in any other property -> ignore.
 
             } catch (RepositoryException e) {
-                log.warn("Internal error while processing event.",e.getMessage());
+                log.warn("Internal error while processing event.", e.getMessage());
                 // ignore.
             }
         }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AMContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AMContext.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AMContext.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AMContext.java Wed Jul  8 13:57:13 2009
@@ -18,8 +18,6 @@
 
 import org.apache.jackrabbit.core.HierarchyManager;
 import org.apache.jackrabbit.core.fs.FileSystem;
-import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
-import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
 import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
 
 import javax.jcr.Session;
@@ -31,7 +29,7 @@
  * context information for an <code>AccessManager</code>.
  *
  * @see AccessManager#init(AMContext)
- * @see AccessManager#init(AMContext, AccessControlProvider, WorkspaceAccessManager)
+ * @see AccessManager#init(AMContext, org.apache.jackrabbit.core.security.authorization.AccessControlProvider, org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager)
  */
 public class AMContext {
 
@@ -58,7 +56,8 @@
     private final HierarchyManager hierMgr;
 
     /**
-     * name and path resolver for resolving namespaces in qualified paths
+     * name and path resolver for resolving JCR name/path strings to internal
+     * Name/Path objects (and vice versa).
      */
     private final NamePathResolver resolver;
 

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java Wed Jul  8 13:57:13 2009
@@ -16,14 +16,11 @@
  */
 package org.apache.jackrabbit.core.security;
 
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlPolicyIterator;
-import javax.jcr.security.Privilege;
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
+import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
 import org.apache.jackrabbit.core.security.authorization.Permission;
-import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlPolicy;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -31,6 +28,10 @@
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.security.Privilege;
 import java.security.Principal;
 
 /**
@@ -45,7 +46,7 @@
      *
      * @param absPath Path to an existing node.
      * @return Always returns all registered <code>Privilege</code>s.
-     * @see AccessControlManager#getSupportedPrivileges(String)
+     * @see javax.jcr.security.AccessControlManager#getSupportedPrivileges(String)
      */
     public Privilege[] getSupportedPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
         checkInitialized();
@@ -56,7 +57,7 @@
     }
 
     /**
-     * @see AccessControlManager#privilegeFromName(String)
+     * @see javax.jcr.security.AccessControlManager#privilegeFromName(String)
      */
     public Privilege privilegeFromName(String privilegeName)
             throws AccessControlException, RepositoryException {
@@ -70,7 +71,7 @@
      *
      * @param absPath Path to an existing node.
      * @return always returns <code>null</code>.
-     * @see AccessControlManager#getApplicablePolicies(String)
+     * @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String)
      */
     public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -85,7 +86,7 @@
      *
      * @param absPath Path to an existing node.
      * @return always returns an empty iterator.
-     * @see AccessControlManager#getApplicablePolicies(String)
+     * @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String)
      */
     public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -98,7 +99,7 @@
     /**
      * Always throws <code>AccessControlException</code>
      *
-     * @see AccessControlManager#setPolicy(String, AccessControlPolicy)
+     * @see javax.jcr.security.AccessControlManager#setPolicy(String, AccessControlPolicy)
      */
     public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -110,7 +111,7 @@
     /**
      * Always throws <code>AccessControlException</code>
      *
-     * @see AccessControlManager#removePolicy(String, AccessControlPolicy)
+     * @see javax.jcr.security.AccessControlManager#removePolicy(String, AccessControlPolicy)
      */
     public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -122,15 +123,25 @@
 
     //-------------------------------------< JackrabbitAccessControlManager >---
     /**
-     * @see JackrabbitAccessControlManager#getApplicablePolicies(java.security.Principal) 
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getApplicablePolicies(java.security.Principal)
      */
     public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
         checkInitialized();
-        
+
         log.debug("Implementation does not provide applicable policies -> returning empty array.");
         return new JackrabbitAccessControlPolicy[0];
     }
 
+    /**
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getApplicablePolicies(java.security.Principal)
+     */
+    public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
+        checkInitialized();
+
+        log.debug("Implementation does not provide applicable policies -> returning empty array.");
+        return new JackrabbitAccessControlPolicy[0];
+    }
+    
     //--------------------------------------------------------------------------
     /**
      * Check if this manager has been properly initialized.
@@ -159,8 +170,7 @@
     protected abstract PrivilegeRegistry getPrivilegeRegistry() throws RepositoryException;
 
     /**
-     * Build a qualified path from the specified <code>absPath</code> and test
-     * if it is really absolute and points to an existing node.
+     * Tests if the given <code>absPath</code> is absolute and points to an existing node.
      *
      * @param absPath Path to an existing node.
      * @throws PathNotFoundException if no node at <code>absPath</code> exists

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java Wed Jul  8 13:57:13 2009
@@ -16,11 +16,8 @@
  */
 package org.apache.jackrabbit.core.security;
 
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlPolicyIterator;
-import javax.jcr.security.Privilege;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
+import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
 import org.apache.jackrabbit.core.HierarchyManager;
 import org.apache.jackrabbit.core.ItemId;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
@@ -29,7 +26,6 @@
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
-import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlPolicy;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.spi.Path;
@@ -43,13 +39,17 @@
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.security.Privilege;
 import javax.security.auth.Subject;
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
-import java.util.Arrays;
 
 /**
  * The <code>DefaultAccessManager</code> controls access by evaluating access
@@ -71,7 +71,7 @@
  * the <code>AccessControlProvider</code> set to this AccessManager.
  *
  * @see AccessManager
- * @see AccessControlManager
+ * @see javax.jcr.security.AccessControlManager
  */
 public class DefaultAccessManager extends AbstractAccessControlManager implements AccessManager {
 
@@ -96,7 +96,7 @@
 
     private NamePathResolver resolver;
 
-    private Set principals;
+    private Set<Principal> principals;
 
     private AccessControlProvider acProvider;
 
@@ -146,7 +146,11 @@
         hierMgr = amContext.getHierarchyManager();
 
         Subject subject = amContext.getSubject();
-        principals = (subject == null) ? Collections.EMPTY_SET : subject.getPrincipals();
+        if (subject == null) {
+            principals = Collections.emptySet();
+        } else {
+            principals = subject.getPrincipals();
+        }
 
         wspAccess = new WorkspaceAccess(wspAccessManager, isSystemOrAdmin(subject));
         privilegeRegistry = new PrivilegeRegistry(resolver);
@@ -271,7 +275,7 @@
 
     //-----------------------------------------------< AccessControlManager >---
     /**
-     * @see AccessControlManager#hasPrivileges(String, Privilege[])
+     * @see javax.jcr.security.AccessControlManager#hasPrivileges(String, Privilege[])
      */
     public boolean hasPrivileges(String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
         checkInitialized();
@@ -288,7 +292,7 @@
     }
 
     /**
-     * @see AccessControlManager#getPrivileges(String)
+     * @see javax.jcr.security.AccessControlManager#getPrivileges(String)
      */
     public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
         checkInitialized();
@@ -300,7 +304,7 @@
     }
 
     /**
-     * @see AccessControlManager#getPolicies(String)
+     * @see javax.jcr.security.AccessControlManager#getPolicies(String)
      */
     public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -316,7 +320,7 @@
     }
 
     /**
-     * @see AccessControlManager#getEffectivePolicies(String)
+     * @see javax.jcr.security.AccessControlManager#getEffectivePolicies(String)
      */
     public AccessControlPolicy[] getEffectivePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -327,7 +331,7 @@
     }
 
     /**
-     * @see AccessControlManager#getApplicablePolicies(String)
+     * @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String)
      */
     public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -346,7 +350,7 @@
     }
 
     /**
-     * @see AccessControlManager#setPolicy(String, AccessControlPolicy)
+     * @see javax.jcr.security.AccessControlManager#setPolicy(String, AccessControlPolicy)
      */
     public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -358,7 +362,7 @@
     }
 
     /**
-     * @see AccessControlManager#removePolicy(String, AccessControlPolicy)
+     * @see javax.jcr.security.AccessControlManager#removePolicy(String, AccessControlPolicy)
      */
     public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException {
         checkInitialized();
@@ -371,7 +375,7 @@
 
     //-------------------------------------< JackrabbitAccessControlManager >---
     /**
-     * @see JackrabbitAccessControlManager#getApplicablePolicies(Principal)
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getApplicablePolicies(Principal)
      */
     public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
         checkInitialized();
@@ -381,6 +385,16 @@
         return editor.editAccessControlPolicies(principal);
     }
 
+    /**
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getApplicablePolicies(Principal)
+     */
+    public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
+        checkInitialized();
+        if (editor == null) {
+            throw new UnsupportedRepositoryOperationException("Editing of access control policies is not supported.");
+        }
+        return editor.getPolicies(principal);
+    }
     //---------------------------------------< AbstractAccessControlManager >---
     /**
      * @see AbstractAccessControlManager#checkInitialized()
@@ -453,16 +467,16 @@
 
         private final boolean isAdmin;
         // TODO: entries must be cleared if access permission to wsp changes.
-        private final List allowed;
-        private final List denied;
+        private final List <String>allowed;
+        private final List<String> denied;
 
         private WorkspaceAccess(WorkspaceAccessManager wspAccessManager,
                                 boolean isAdmin) {
             this.wspAccessManager = wspAccessManager;
             this.isAdmin = isAdmin;
             if (!isAdmin) {
-                allowed = new ArrayList(5);
-                denied = new ArrayList(5);
+                allowed = new ArrayList<String>(5);
+                denied = new ArrayList<String>(5);
             } else {
                 allowed = denied = null;
             }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java Wed Jul  8 13:57:13 2009
@@ -24,7 +24,6 @@
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.security.auth.Subject;
 
 /**
@@ -32,7 +31,7 @@
  */
 public interface JackrabbitSecurityManager {
 
-    public void init(Repository repository, Session systemSession) throws RepositoryException;
+    void init(Repository repository, Session systemSession) throws RepositoryException;
 
     /**
      * Disposes those parts of this security manager that are related to the
@@ -40,12 +39,12 @@
      *
      * @param workspaceName Name of the workspace that is being disposed.
      */
-    public void dispose(String workspaceName);
+    void dispose(String workspaceName);
 
     /**
      * Disposes this security manager instance and cleans all internal caches.
      */
-    public void close();
+    void close();
 
     /**
      * Returns a new <code>AuthContext</code> for the specified credentials and
@@ -57,7 +56,7 @@
      * and <code>subject</code>.
      * @throws RepositoryException
      */
-    public AuthContext getAuthContext(Credentials creds, Subject subject) throws RepositoryException;
+    AuthContext getAuthContext(Credentials creds, Subject subject) throws RepositoryException;
 
     /**
      * Retrieve the <code>AccessManager</code> for the given <code>session</code>.
@@ -67,29 +66,29 @@
      * @return <code>AccessManager</code> for the specified <code>session</code>.
      * @throws RepositoryException
      */
-    public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException;
+    AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException;
 
     /**
      * Retrieve the principal manager for the given <code>session</code>.
      *
      * @param session
      * @return PrincipalManager for the given <code>session</code>.
-     * @throws UnsupportedRepositoryOperationException If principal management
+     * @throws javax.jcr.UnsupportedRepositoryOperationException If principal management
      * is not supported.
      * @throws RepositoryException if an error occurs
      */
-    public PrincipalManager getPrincipalManager(Session session) throws RepositoryException;
+    PrincipalManager getPrincipalManager(Session session) throws RepositoryException;
 
     /**
      * Returns the user manager for the specified <code>session</code>.
      *
      * @param session
      * @return UserManager for the given <code>session</code>.
-     * @throws UnsupportedRepositoryOperationException If user management is
+     * @throws javax.jcr.UnsupportedRepositoryOperationException If user management is
      * not supported.
      * @throws RepositoryException
      */
-    public UserManager getUserManager(Session session) throws RepositoryException;
+    UserManager getUserManager(Session session) throws RepositoryException;
 
     /**
      * Retrieve the id to be displayed upon {@link Session#getUserID()} for
@@ -99,5 +98,5 @@
      * @return userID to be displayed upon {@link Session#getUserID()}.
      * @throws RepositoryException
      */
-    public String getUserID(Subject subject) throws RepositoryException;
+    String getUserID(Subject subject) throws RepositoryException;
 }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java Wed Jul  8 13:57:13 2009
@@ -32,7 +32,6 @@
 import java.security.Principal;
 import java.security.acl.Group;
 import java.util.Enumeration;
-import java.util.Iterator;
 import java.util.Properties;
 
 /**
@@ -53,9 +52,9 @@
     private static Logger log =
         LoggerFactory.getLogger(SimpleJBossAccessManager.class);
 
-    protected boolean system = false;
+    protected boolean system;
 
-    protected boolean anonymous = false;
+    protected boolean anonymous;
 
     //--------------------------------------------------------< AccessManager >
 
@@ -75,15 +74,13 @@
             rolefs.close();
         }
 
-        Iterator iterator = context.getSubject().getPrincipals().iterator();
-        while (iterator.hasNext()) {
-            Principal principal = (Principal) iterator.next();
+        for (Principal principal : context.getSubject().getPrincipals()) {
             if (principal instanceof Group
                     && principal.getName().equalsIgnoreCase("Roles")) {
                 Group group = (Group) principal;
-                Enumeration members = group.members();
+                Enumeration< ? extends Principal> members = group.members();
                 while (members.hasMoreElements()) {
-                    Principal member = (Principal) members.nextElement();
+                    Principal member = members.nextElement();
                     String role = rolemaps.getProperty(member.getName());
                     system = system || "full".equalsIgnoreCase(role);
                     anonymous = anonymous || "read".equalsIgnoreCase(role);

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java Wed Jul  8 13:57:13 2009
@@ -18,9 +18,6 @@
 
 import org.apache.commons.collections.set.ListOrderedSet;
 import javax.jcr.GuestCredentials;
-import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.api.security.user.Impersonation;
-import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.core.config.LoginModuleConfig;
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
@@ -86,7 +83,6 @@
      * Initialize this LoginModule.<br> This abstract implementation, initalizes
      * the following fields for later use:
      * <ul>
-     * <li>{@link PrincipalManager} for group-membership resoultion</li>
      * <li>{@link PrincipalProvider} for user-{@link Principal} resolution.</li>
      * <li>{@link LoginModuleConfig#PARAM_ADMIN_ID} option is evaluated</li>
      * <li>{@link LoginModuleConfig#PARAM_ANONYMOUS_ID} option is evaluated</li>
@@ -108,7 +104,7 @@
      * @see #isInitialized()
      */
     public void initialize(Subject subject, CallbackHandler callbackHandler,
-                           Map sharedState, Map options) {
+                           Map<String,?> sharedState, Map<String,?> options) {
         // common jaas state variables
         this.callbackHandler = callbackHandler;
         this.subject = subject;
@@ -120,18 +116,21 @@
             RepositoryCallback repositoryCb = new RepositoryCallback();
             callbackHandler.handle(new Callback[]{repositoryCb});
 
-            // retrieve the principal-provider configured for this module.
-            // if not configured -> retrieve the provider from the callback.
             PrincipalProviderRegistry registry = repositoryCb.getPrincipalProviderRegistry();
+            // check if the class name of a PrincipalProvider implementation
+            // is present with the module configuration.
             if (options.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS)) {
-                principalProviderClassName = (String) options.get(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS);
-                principalProvider = registry.getProvider(principalProviderClassName);
-            } else if (principalProviderClassName != null) {
+                Object pcOption = options.get(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS);
+                if (pcOption != null) {
+                    principalProviderClassName = pcOption.toString();
+                }
+            }
+            if (principalProviderClassName != null) {
                 principalProvider = registry.getProvider(principalProviderClassName);
             }
             if (principalProvider == null) {
                 principalProvider = registry.getDefault();
-                if (principalProvider==null) {
+                if (principalProvider == null) {
                     return; // abort. not even a default principal provider
                 }
             }
@@ -267,7 +266,7 @@
             return false;
         }
 
-        // check for availablity of Credentials;
+        // check for availability of Credentials;
         Credentials creds = getCredentials();
         if (creds == null) {
             log.warn("No credentials available -> try default (anonymous) authentication.");
@@ -323,7 +322,7 @@
      * there is no principal set the login is considered as ignored.
      * <p/>
      * The implementation stores the principal associated to the UserID and all
-     * the Groups it is member of. {@link PrincipalManager#getGroupMembership(Principal)}
+     * the Groups it is member of.
      * An instance of (#link SimpleCredentials} containing only the UserID used
      * to login is set to the Subject's public Credentials.
      *
@@ -419,9 +418,9 @@
             throws FailedLoginException, RepositoryException {
 
         Authentication auth = getAuthentication(principal, credentials);
-        if(auth == null) {
+        if (auth == null) {
             return false;
-        } else if (auth.authenticate(credentials)){
+        } else if (auth.authenticate(credentials)) {
             return true;
         }
         throw new FailedLoginException();
@@ -442,9 +441,7 @@
     }
 
     /**
-     * Handles the impersonation of given Credentials.<p />
-     * Current implementation takes {@link User} for the given Principal and
-     * delegates the check to {@link Impersonation#allows(javax.security.auth.Subject)} }
+     * Handles the impersonation of given Credentials.
      *
      * @param principal Principal to impersonate.
      * @param credentials Credentials used to create the impersonation subject.
@@ -453,7 +450,7 @@
      * @throws LoginException If credentials don't allow to impersonate to principal.
      * @throws RepositoryException If another error occurs.
      */
-    abstract protected boolean impersonate(Principal principal, Credentials credentials)
+    protected abstract boolean impersonate(Principal principal, Credentials credentials)
             throws RepositoryException, LoginException;
 
     /**
@@ -464,7 +461,7 @@
      * @return Authentication object for the given principal / credentials.
      * @throws RepositoryException If an error occurs.
      */
-    abstract protected Authentication getAuthentication(Principal principal, Credentials creds)
+    protected abstract Authentication getAuthentication(Principal principal, Credentials creds)
             throws RepositoryException;
 
     /**
@@ -532,7 +529,9 @@
                     } else if (creds instanceof GuestCredentials) {
                        credentials = creds;
                     }
-                    sharedState.put(KEY_CREDENTIALS, credentials);
+                    if (credentials != null) {
+                        sharedState.put(KEY_CREDENTIALS, credentials);
+                    }
                 }
             } catch (UnsupportedCallbackException e) {
                 log.warn("Credentials-Callback not supported try Name-Callback");
@@ -540,12 +539,19 @@
                 log.error("Credentials-Callback failed: " + e.getMessage() + ": try Name-Callback");
             }
         }
-        // ask subject if still no credentials
+        // if still no credentials -> try to retrieve them from the subject.
         if (null == credentials) {
             // try if subject contains SimpleCredentials
-            Set preAuthCreds = subject.getPublicCredentials(SimpleCredentials.class);
+            Set<SimpleCredentials> preAuthCreds = subject.getPublicCredentials(SimpleCredentials.class);
+            if (!preAuthCreds.isEmpty()) {
+                credentials = preAuthCreds.iterator().next();
+            }
+        }
+        if (null == credentials) {
+            // try if subject contains GuestCredentials
+            Set<GuestCredentials> preAuthCreds = subject.getPublicCredentials(GuestCredentials.class);
             if (!preAuthCreds.isEmpty()) {
-                credentials = (Credentials) preAuthCreds.iterator().next();
+                credentials = preAuthCreds.iterator().next();
             }
         }
         return credentials;

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java Wed Jul  8 13:57:13 2009
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.core.security.authentication;
 
 import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
 /**
@@ -40,7 +39,7 @@
      * @see LoginContext#login()
      * @throws LoginException if the authentication fails.
      */
-    public abstract void login() throws LoginException;
+    void login() throws LoginException;
 
     /**
      * Return the authenticated Subject.
@@ -48,7 +47,7 @@
      * @see LoginContext#getSubject()
      * @return the authenticated Subject or <code>null</code> if authentication failed.
      */
-    public abstract Subject getSubject();
+    Subject getSubject();
 
     /**
      * Logout the <code>Subject</code>.
@@ -56,5 +55,5 @@
      * @see LoginContext#logout()
      * @exception LoginException if the logout fails.
      */
-    public abstract void logout() throws LoginException;
+    void logout() throws LoginException;
 }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java Wed Jul  8 13:57:13 2009
@@ -95,10 +95,10 @@
 
         CallbackHandler cbHandler = new CallbackHandlerImpl(credentials, session, principalProviderRegistry, adminId, anonymousId);
 
-        if (isJAAS()) {
-            return new JAASAuthContext(appName, cbHandler, subject);
-        } else if (isLocal()){
+        if (isLocal()) {
             return new LocalAuthContext(config, cbHandler, subject);
+        } else if (isJAAS()) {
+            return new JAASAuthContext(appName, cbHandler, subject);
         } else {
             throw new RepositoryException("No Login-Configuration");
         }
@@ -108,23 +108,23 @@
      * @return true if a application entry is available in a JAAS- {@link Configuration}
      */
     public boolean isJAAS() {
-        if (!initialized) {
+        if (!isLocal() && !initialized) {
             AppConfigurationEntry[] entries = getJAASConfig();
-            isJAAS = null!=entries && entries.length>0;
+            isJAAS = entries != null && entries.length > 0;
             initialized = true;
         }
         return isJAAS;
     }
 
     /**
-     * @return true if {@link #isJAAS()} is false and a login-module is configured
+     * @return true if a login-module is configured.
      */
     public boolean isLocal() {
-        return !(isJAAS() || config == null);
+        return config != null;
     }
 
     /**
-     * @return options configured for the LoginModules to use
+     * @return options configured for the LoginModules to use.
      */
     public Properties[] getModuleConfig() {
         Properties[] props = new Properties[0];
@@ -132,9 +132,9 @@
             props = new Properties[] {config.getParameters()};
         } else {
             AppConfigurationEntry[] entries = getJAASConfig();
-            if(entries != null) {
+            if (entries != null) {
                 List tmp = new ArrayList(entries.length);
-                for(int i=0; i < entries.length; i++) {
+                for (int i = 0; i < entries.length; i++) {
                     Map opt = entries[i].getOptions();
                     if (opt != null) {
                         Properties prop = new Properties();

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java Wed Jul  8 13:57:13 2009
@@ -35,7 +35,7 @@
     private final String algorithm;
     private final String cryptedPassword;
     private final String userId;
-    private final Map attributes;
+    private final Map<String, Object> attributes;
 
     /**
      * Take {@link javax.jcr.SimpleCredentials SimpleCredentials} and
@@ -68,7 +68,7 @@
         }
 
         String[] attNames = credentials.getAttributeNames();
-        attributes = new HashMap(attNames.length);
+        attributes = new HashMap<String, Object>(attNames.length);
         for (int i = 0; i < attNames.length; i++) {
             attributes.put(attNames[i], credentials.getAttribute(attNames[i]));
         }
@@ -101,7 +101,7 @@
     }
 
     public String[] getAttributeNames() {
-        return (String[]) attributes.keySet().toArray(new String[attributes.size()]);
+        return attributes.keySet().toArray(new String[attributes.size()]);
     }
 
     public String getAlgorithm() {
@@ -156,8 +156,8 @@
 
     private static String getAlgorithm(String password) {
         int end = password.indexOf("}");
-        if (password.startsWith("{") && end>0) {
-            return password.substring(1,end);
+        if (password.startsWith("{") && end > 0) {
+            return password.substring(1, end);
         } else {
             return null;
         }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java Wed Jul  8 13:57:13 2009
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.core.security.authentication;
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
-import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.core.SessionImpl;

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/LocalAuthContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/LocalAuthContext.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/LocalAuthContext.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/LocalAuthContext.java Wed Jul  8 13:57:13 2009
@@ -72,10 +72,10 @@
             throw new LoginException(e.getMessage());
         }
 
-        Map<String, String> state = new HashMap<String, String>();
+        Map<String, Object> state = new HashMap<String, Object>();
         Map<String, String> options = new HashMap<String, String>();
         Properties parameters = config.getParameters();
-        Enumeration<?> names = parameters.propertyNames();
+        Enumeration< ? > names = parameters.propertyNames();
         while (names.hasMoreElements()) {
             String name = (String) names.nextElement();
             options.put(name, parameters.getProperty(name));

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java Wed Jul  8 13:57:13 2009
@@ -183,4 +183,11 @@
         checkInitialized();
         initialized = false;
     }
+
+    /**
+     * @see AccessControlProvider#isLive()
+     */
+    public boolean isLive() {
+        return initialized && session.isLive();
+    }
 }
\ No newline at end of file

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java Wed Jul  8 13:57:13 2009
@@ -16,12 +16,13 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlPolicy;
 import java.security.Principal;
 
 /**
@@ -56,6 +57,26 @@
     AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException;
 
     /**
+     * Retrieves the policies that have been applied before for the given
+     * <code>principal</code>. In contrast to {@link #editAccessControlPolicies}
+     * this method returns an empty array if no policy has been applied before
+     * by calling {@link #setPolicy}). Still the returned policies are detached from
+     * the <code>AccessControlProvider</code> and are only an external representation.
+     * Modification will therefore not take effect, until they are written back to
+     * the editor and persisted.
+     *
+     * @param principal  Principal for which the editable policies should be
+     * returned.
+     * @return the policies applied so far or an empty array if no
+     * policy has been applied before.
+     * @throws AccessControlException if the specified principal does not exist,
+     * if this implementation cannot provide policies for individual principals or
+     * if same other access control related exception occurs.
+     * @throws RepositoryException if an error occurs
+     */
+    JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException;
+
+    /**
      * Retrieves the editable policies for the Node identified by the given
      * <code>nodePath</code> that are applicable but have not yet have been set.<br>
      * The AccessControlPolicy objects returned are detached from the underlying

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java Wed Jul  8 13:57:13 2009
@@ -16,18 +16,19 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.value.StringValue;
 import org.apache.jackrabbit.value.ValueHelper;
 
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
 import java.security.Principal;
 import java.util.Collections;
-import java.util.Map;
-import java.util.Iterator;
 import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
 
 /**
  * Simple, immutable implementation of the
@@ -93,8 +94,8 @@
      * @param isAllow <code>true</code> if this ACE grants the specified
      * privileges to the specified principal; <code>false</code> otherwise.
      * @param restrictions A map of restriction name (String) to restriction
-     * (Value). See {@link org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList#getRestrictionNames()}
-     * and {@link org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList#getRestrictionType(String)}. 
+     * (Value). See {@link org.apache.jackrabbit.api.security.JackrabbitAccessControlList#getRestrictionNames()}
+     * and {@link org.apache.jackrabbit.api.security.JackrabbitAccessControlList#getRestrictionType(String)}.
      * @param valueFactory the value factory.
      * @throws AccessControlException if either principal or privileges are invalid.
      */
@@ -183,14 +184,14 @@
     }
 
     /**
-     * @see JackrabbitAccessControlEntry#getRestrictionNames()
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry#getRestrictionNames()
      */
     public String[] getRestrictionNames() {
         return (String[]) restrictions.keySet().toArray(new String[restrictions.size()]);
     }
 
     /**
-     * @see JackrabbitAccessControlEntry#getRestriction(String)
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry#getRestriction(String)
      */
     public Value getRestriction(String restrictionName) {
         if (restrictions.containsKey(restrictionName)) {

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java Wed Jul  8 13:57:13 2009
@@ -72,6 +72,15 @@
     void close();
 
     /**
+     * Returns <code>true</code>, if this provider is still alive and able to
+     * evaluate permissions; <code>false</code> otherwise.
+     *
+     * @return <code>true</code>, if this provider is still alive and able to
+     * evaluate permissions; <code>false</code> otherwise.
+     */
+    boolean isLive();
+
+    /**
      * Returns the effective policies for the node at the given absPath.
      *
      * @param absPath an absolute path.

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java Wed Jul  8 13:57:13 2009
@@ -43,8 +43,8 @@
     /**
      * The name of the security workspace (containing users...)
      */
-    private String secWorkspaceName = null;
-    private String defaultWorkspaceName = null;
+    private String secWorkspaceName;
+    private String defaultWorkspaceName;
 
     //---------------------------------------< AccessControlProviderFactory >---
     /**

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java Wed Jul  8 13:57:13 2009
@@ -16,21 +16,16 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
-import javax.jcr.security.AccessControlEntry;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlList;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.ProtectedItemModifier;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
 import org.apache.jackrabbit.core.security.authorization.AccessControlUtils;
-import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.authorization.Permission;
-import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlPolicy;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.spi.commons.conversion.NameException;
 import org.apache.jackrabbit.spi.commons.conversion.NameParser;
@@ -40,12 +35,18 @@
 import javax.jcr.AccessDeniedException;
 import javax.jcr.Node;
 import javax.jcr.PathNotFoundException;
+import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
-import javax.jcr.PropertyType;
 import javax.jcr.ValueFormatException;
+import javax.jcr.NodeIterator;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.Privilege;
 import java.security.Principal;
 
 /**
@@ -93,7 +94,6 @@
     //------------------------------------------------< AccessControlEditor >---
     /**
      * @see AccessControlEditor#getPolicies(String)
-     * @param nodePath
      */
     public AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
         checkProtectsNode(nodePath);
@@ -107,8 +107,20 @@
     }
 
     /**
+     * Always returns an empty array as no applicable policies are exposed.
+     * 
+     * @see AccessControlEditor#getPolicies(Principal)
+     */
+    public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException {
+        if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
+            throw new AccessControlException("Unknown principal.");
+        }
+        // TODO: impl. missing
+        return new JackrabbitAccessControlPolicy[0];
+    }
+
+    /**
      * @see AccessControlEditor#editAccessControlPolicies(String)
-     * @param nodePath
      */
     public AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
         checkProtectsNode(nodePath);
@@ -147,17 +159,17 @@
         checkValidPolicy(nodePath, policy);
 
         NodeImpl aclNode = getAclNode(nodePath);
-        /* in order to assert that the parent (ac-controlled node) gets modified
-           an existing ACL node is removed first and the recreated.
-           this also asserts that all ACEs are cleared without having to
-           access and removed the explicitely
-         */
         if (aclNode != null) {
-            removeItem(aclNode);
+            // remove all existing aces
+            for (NodeIterator aceNodes = aclNode.getNodes(); aceNodes.hasNext();) {
+                NodeImpl aceNode = (NodeImpl) aceNodes.nextNode();
+                removeItem(aceNode);
+            }
+        } else {
+            // create the acl node
+            aclNode = createAclNode(nodePath);
         }
-        // now (re) create it
-        aclNode = createAclNode(nodePath);
-
+        
         AccessControlEntry[] entries = ((ACLTemplate) policy).getAccessControlEntries();
         for (int i = 0; i < entries.length; i++) {
             JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entries[i];
@@ -178,6 +190,9 @@
             Value[] names = getPrivilegeNames(pvlgs, vf);
             setProperty(aceNode, P_PRIVILEGES, names);
         }
+
+        // mark the parent modified.
+        markModified(((NodeImpl)aclNode.getParent()));
     }
 
     /**
@@ -305,7 +320,7 @@
                 log.debug("Invalid path name for Permission: " + name + ".");
             }
         }
-        int i=0;
+        int i = 0;
         String check = name;
         while (node.hasNode(check)) {
             check = name + i;

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java Wed Jul  8 13:57:13 2009
@@ -32,7 +32,6 @@
 import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
-import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
@@ -53,7 +52,6 @@
 import javax.jcr.Value;
 import javax.jcr.observation.Event;
 import javax.jcr.observation.EventIterator;
-import javax.jcr.observation.EventListener;
 import javax.jcr.query.Query;
 import javax.jcr.query.QueryManager;
 import java.security.Principal;
@@ -85,7 +83,7 @@
  * ACL items inherit the ACL from node they defined the ACL for.</li>
  * </ul>
  *
- * @see AccessControlProvider for additional information.
+ * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider for additional information.
  */
 public class ACLProvider extends AbstractAccessControlProvider implements AccessControlConstants {
 
@@ -135,7 +133,7 @@
 
     //----------------------------------------------< AccessControlProvider >---
     /**
-     * @see AccessControlProvider#init(Session, Map)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
      */
     public void init(Session systemSession, Map configuration) throws RepositoryException {
         super.init(systemSession, configuration);
@@ -152,7 +150,7 @@
     }
 
     /**
-     * @see AccessControlProvider#getEffectivePolicies(Path)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(Path)
      * @param absPath
      */
     public AccessControlPolicy[] getEffectivePolicies(Path absPath) throws ItemNotFoundException, RepositoryException {
@@ -168,15 +166,14 @@
         if (acls.isEmpty()) {
             // no access control information can be retrieved for the specified
             // node, since neither the node nor any of its parents is access
-            // controlled -> build a default policy.
+            // controlled.
             log.warn("No access controlled node present in item hierarchy starting from " + targetNode.getPath());
-            acls.add(new UnmodifiableAccessControlList(Collections.EMPTY_LIST));
         }
         return (AccessControlList[]) acls.toArray(new AccessControlList[acls.size()]);
     }
 
     /**
-     * @see AccessControlProvider#getEditor(Session)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEditor(Session)
      */
     public AccessControlEditor getEditor(Session session) {
         checkInitialized();
@@ -184,7 +181,7 @@
     }
 
     /**
-     * @see AccessControlProvider#compilePermissions(Set)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#compilePermissions(Set)
      */
     public CompiledPermissions compilePermissions(Set principals) throws RepositoryException {
         checkInitialized();
@@ -198,7 +195,7 @@
     }
 
     /**
-     * @see AccessControlProvider#canAccessRoot(Set)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#canAccessRoot(Set)
      */
     public boolean canAccessRoot(Set principals) throws RepositoryException {
         checkInitialized();
@@ -276,31 +273,34 @@
             log.debug("Install initial ACL:...");
             String rootPath = session.getRootNode().getPath();
             AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
-            ACLTemplate acl = (ACLTemplate) acls[0];
+            if (acls.length > 0) {
+                ACLTemplate acl = (ACLTemplate) acls[0];
+                
+                PrincipalManager pMgr = session.getPrincipalManager();
+                AccessControlManager acMgr = session.getAccessControlManager();
+
+                log.debug("... Privilege.ALL for administrators.");
+                Principal administrators;
+                String pName = SecurityConstants.ADMINISTRATORS_NAME;
+                if (pMgr.hasPrincipal(pName)) {
+                    administrators = pMgr.getPrincipal(pName);
+                } else {
+                    log.warn("Administrators principal group is missing.");
+                    administrators = new PrincipalImpl(pName);
+                }
+                Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_ALL)};
+                acl.addAccessControlEntry(administrators, privs);
 
-            PrincipalManager pMgr = session.getPrincipalManager();
-            AccessControlManager acMgr = session.getAccessControlManager();
+                Principal everyone = pMgr.getEveryone();
+                log.debug("... Privilege.READ for everyone.");
+                privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
+                acl.addAccessControlEntry(everyone, privs);
 
-            log.debug("... Privilege.ALL for administrators.");
-            Principal administrators;
-            String pName = SecurityConstants.ADMINISTRATORS_NAME;
-            if (pMgr.hasPrincipal(pName)) {
-                administrators = pMgr.getPrincipal(pName);
+                editor.setPolicy(rootPath, acl);
+                session.save();
             } else {
-                log.warn("Administrators principal group is missing.");
-                administrators = new PrincipalImpl(pName);
+                log.warn("No applicable ACL available for the root node -> skip initialization of the root node's ACL.");
             }
-            Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_ALL)};
-            acl.addAccessControlEntry(administrators, privs);
-
-            Principal everyone = pMgr.getEveryone();
-            log.debug("... Privilege.READ for everyone.");
-            privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
-            acl.addAccessControlEntry(everyone, privs);
-
-            editor.setPolicy(rootPath, acl);
-            session.save();
-
         } catch (RepositoryException e) {
             log.error("Failed to set-up minimal access control for root node of workspace " + session.getWorkspace().getName());
             session.getRootNode().refresh(false);
@@ -336,7 +336,7 @@
          * flag indicating that there is not 'deny READ'.
          * -> simplify {@link #grants(Path, int)} in case of permissions == READ
          */
-        private boolean readAllowed = false;
+        private boolean readAllowed;
 
         private AclPermissions(Set principals) throws RepositoryException {
             this(principals, true);
@@ -537,7 +537,7 @@
 
         //--------------------------------------------------< EventListener >---
         /**
-         * @see EventListener#onEvent(EventIterator)
+         * @see javax.jcr.observation.EventListener#onEvent(EventIterator)
          */
         public synchronized void onEvent(EventIterator events) {
             // only invalidate cache if any of the events affects the
@@ -598,6 +598,10 @@
                                 }
                             }
                             break;
+                        case Event.NODE_MOVED:
+                            // protected ac nodes cannot be moved around
+                            // -> nothing to do TODO check again
+                            break;
                         default:
                             // illegal event-type: should never occur. ignore
                     }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java Wed Jul  8 13:57:13 2009
@@ -17,28 +17,28 @@
 package org.apache.jackrabbit.core.security.authorization.acl;
 
 import org.apache.commons.collections.map.ListOrderedMap;
-import javax.jcr.security.AccessControlEntry;
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
-import javax.jcr.security.AccessControlManager;
-import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl;
-import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.authorization.Permission;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.jcr.NodeIterator;
+import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
-import javax.jcr.PropertyType;
 import javax.jcr.ValueFactory;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
 import java.security.Principal;
 import java.security.acl.Group;
 import java.util.ArrayList;
@@ -48,7 +48,7 @@
 import java.util.Map;
 
 /**
- * Implementation of the {@link JackrabbitAccessControlList} interface that
+ * Implementation of the {@link org.apache.jackrabbit.api.security.JackrabbitAccessControlList} interface that
  * is detached from the effective access control content. Consequently, any
  * modifications applied to this ACL only take effect, if the policy gets
  * {@link javax.jcr.security.AccessControlManager#setPolicy(String, javax.jcr.security.AccessControlPolicy) reapplied}
@@ -343,7 +343,7 @@
 
     //-----------------------------------------------------< JackrabbitAccessControlList >---
     /**
-     * @see JackrabbitAccessControlList#getPath()
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlList#getPath()
      */
     public String getPath() {
         return path;
@@ -352,7 +352,7 @@
     /**
      * Returns an empty String array.
      *
-     * @see JackrabbitAccessControlList#getRestrictionType(String)
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlList#getRestrictionType(String)
      */
     public String[] getRestrictionNames() {
         return new String[0];
@@ -369,21 +369,21 @@
     }
 
     /**
-     * @see JackrabbitAccessControlList#isEmpty()
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlList#isEmpty()
      */
     public boolean isEmpty() {
         return entries.isEmpty();
     }
 
     /**
-     * @see JackrabbitAccessControlList#size()
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlList#size()
      */
     public int size() {
         return internalGetEntries().size();
     }
 
     /**
-     * @see JackrabbitAccessControlList#addEntry(Principal, Privilege[], boolean)
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlList#addEntry(Principal, Privilege[], boolean)
      */
     public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow)
             throws AccessControlException, RepositoryException {
@@ -391,10 +391,10 @@
     }
 
     /**
-     * @see JackrabbitAccessControlList#addEntry(Principal, Privilege[], boolean, Map)
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlList#addEntry(Principal, Privilege[], boolean, Map)
      */
     public boolean addEntry(Principal principal, Privilege[] privileges,
-                            boolean isAllow, Map restrictions)
+                            boolean isAllow, Map<String, Value> restrictions)
             throws AccessControlException, RepositoryException {
         if (restrictions != null && !restrictions.isEmpty()) {
             throw new AccessControlException("This AccessControlList does not allow for additional restrictions.");

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java Wed Jul  8 13:57:13 2009
@@ -16,19 +16,19 @@
  */
 package org.apache.jackrabbit.core.security.authorization.combined;
 
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
-import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlPolicy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlPolicy;
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.List;
 import java.util.Arrays;
+import java.util.List;
 
 /**
  * <code>CombinedEditor</code>...
@@ -48,21 +48,35 @@
      * @see AccessControlEditor#getPolicies(String)
      */
     public AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
-        List templates = new ArrayList(editors.length);
+        List<AccessControlPolicy> templates = new ArrayList<AccessControlPolicy>();
         for (int i = 0; i < editors.length; i++) {
             AccessControlPolicy[] ts = editors[i].getPolicies(nodePath);
-            if (ts.length > 0) {
+            if (ts != null && ts.length > 0) {
+                templates.addAll(Arrays.asList(ts));
+            }
+        }
+        return templates.toArray(new AccessControlPolicy[templates.size()]);
+    }
+
+    /**
+     * @see AccessControlEditor#getPolicies(Principal)
+     */
+    public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException {
+        List<JackrabbitAccessControlPolicy> templates = new ArrayList<JackrabbitAccessControlPolicy>();
+        for (int i = 0; i < editors.length; i++) {
+            JackrabbitAccessControlPolicy[] ts = editors[i].getPolicies(principal);
+            if (ts != null && ts.length > 0) {
                 templates.addAll(Arrays.asList(ts));
             }
         }
-        return (AccessControlPolicy[]) templates.toArray(new AccessControlPolicy[templates.size()]);
+        return templates.toArray(new JackrabbitAccessControlPolicy[templates.size()]);
     }
 
     /**
      * @see AccessControlEditor#editAccessControlPolicies(String)
      */
     public AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
-        List templates = new ArrayList(editors.length);
+        List<AccessControlPolicy> templates = new ArrayList<AccessControlPolicy>();
         for (int i = 0; i < editors.length; i++) {
             try {
                 templates.addAll(Arrays.asList(editors[i].editAccessControlPolicies(nodePath)));
@@ -71,14 +85,14 @@
                 // ignore.
             }
         }
-        return (AccessControlPolicy[]) templates.toArray(new AccessControlPolicy[templates.size()]);
+        return templates.toArray(new AccessControlPolicy[templates.size()]);
     }
 
     /**
      * @see AccessControlEditor#editAccessControlPolicies(Principal)
      */
     public JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws RepositoryException {
-        List templates = new ArrayList();
+        List<JackrabbitAccessControlPolicy> templates = new ArrayList<JackrabbitAccessControlPolicy>();
         for (int i = 0; i < editors.length; i++) {
             try {
                 templates.addAll(Arrays.asList(editors[i].editAccessControlPolicies(principal)));
@@ -87,7 +101,7 @@
                 // ignore.
             }
         }
-        return (JackrabbitAccessControlPolicy[]) templates.toArray(new JackrabbitAccessControlPolicy[templates.size()]);
+        return templates.toArray(new JackrabbitAccessControlPolicy[templates.size()]);
     }
 
     /**

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=792142&r1=792141&r2=792142&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java Wed Jul  8 13:57:13 2009
@@ -21,14 +21,14 @@
 import javax.jcr.security.Privilege;
 import javax.jcr.security.AccessControlPolicy;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.ProtectedItemModifier;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
-import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.core.security.authorization.Permission;
-import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlPolicy;
 import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.spi.Name;
@@ -45,6 +45,7 @@
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
 import javax.jcr.PropertyType;
+import javax.jcr.NodeIterator;
 import java.security.Principal;
 
 /**
@@ -105,6 +106,21 @@
     }
 
     /**
+     * @see AccessControlEditor#getPolicies(Principal)
+     */
+    public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException {
+        if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
+            throw new AccessControlException("Cannot edit access control: " + principal.getName() +" isn't a known principal.");
+        }
+        JackrabbitAccessControlPolicy acl = getACL(principal);
+        if (acl == null) {
+            return new JackrabbitAccessControlPolicy[0];
+        } else {
+            return new JackrabbitAccessControlPolicy[] {acl};
+        }
+    }
+
+    /**
      * @see AccessControlEditor#editAccessControlPolicies(String)
      */
     public AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
@@ -119,6 +135,9 @@
                     throw new AccessControlException("Access control modification not allowed at " + nodePath);
                 }
                 acNode = createAcNode(nodePath);
+            }
+
+            if (!isAccessControlled(acNode)) {
                 return new AccessControlPolicy[] {createTemplate(acNode)};
             } // else: acl has already been set before -> use getPolicies instead
         }
@@ -142,7 +161,15 @@
         } else {
             acNode = (NodeImpl) session.getNode(nPath);
         }
-        return new JackrabbitAccessControlPolicy[] {createTemplate(acNode)};
+        if (!isAccessControlled(acNode)) {
+            return new JackrabbitAccessControlPolicy[] {createTemplate(acNode)};
+        } else {
+            // policy child node has already been created -> set policy has
+            // been called before for this principal and getPolicy is used
+            // to retrieve the ACL template.
+            // no additional applicable policies present.
+            return new JackrabbitAccessControlPolicy[0];
+        }
     }
 
     /**
@@ -157,22 +184,22 @@
         if (acNode == null) {
             throw new PathNotFoundException("No such node " + nodePath);
         }
+
         // write the entries to the node
-        /*
-         in order to assert that the parent (ac-controlled node) gets
-         modified an existing ACL node is removed first and the recreated.
-         this also asserts that all ACEs are cleared without having to
-         access and removed the explicitely
-        */
         NodeImpl aclNode;
         if (acNode.hasNode(N_POLICY)) {
             aclNode = acNode.getNode(N_POLICY);
-            removeItem(aclNode);
+            // remove all existing aces
+            for (NodeIterator aceNodes = aclNode.getNodes(); aceNodes.hasNext();) {
+                NodeImpl aceNode = (NodeImpl) aceNodes.nextNode();
+                removeItem(aceNode);
+            }
+        } else {
+            /* doesn't exist yet -> create */
+            aclNode = addNode(acNode, N_POLICY, NT_REP_ACL);
         }
-        /* now (re) create it */
-        aclNode = addNode(acNode, N_POLICY, NT_REP_ACL);
 
-        /* add all entries defined on the template */
+        /* add all new entries defined on the template */
         AccessControlEntry[] aces = acl.getAccessControlEntries();
         for (int i = 0; i < aces.length; i++) {
             JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) aces[i];
@@ -201,6 +228,9 @@
                 setProperty(aceNode, pName, value);
             }
         }
+
+        // mark the parent modified.
+        markModified((NodeImpl) aclNode.getParent());
     }
 
     /**
@@ -243,10 +273,19 @@
 
     private NodeImpl createAcNode(String acPath) throws RepositoryException {
         String[] segms = Text.explode(acPath, '/', false);
+        StringBuilder currentPath = new StringBuilder();
         NodeImpl node = (NodeImpl) session.getRootNode();
         for (int i = 0; i < segms.length; i++) {
+            if (i > 0) {
+                currentPath.append('/').append(segms[i]);
+            }
             Name nName = session.getQName(segms[i]);
-            Name ntName = (i < segms.length-1) ? NT_REP_ACCESS_CONTROL : NT_REP_PRINCIPAL_ACCESS_CONTROL;
+            Name ntName;
+            if (denotesPrincipalPath(currentPath.toString())) {
+                ntName = NT_REP_PRINCIPAL_ACCESS_CONTROL;
+            } else {
+                ntName = (i < segms.length - 1) ? NT_REP_ACCESS_CONTROL : NT_REP_PRINCIPAL_ACCESS_CONTROL;
+            }
             if (node.hasNode(nName)) {
                 NodeImpl n = node.getNode(nName);
                 if (!n.isNodeType(ntName)) {
@@ -261,6 +300,25 @@
         return node;
     }
 
+    private boolean denotesPrincipalPath(final String path) {
+        if (path == null || path.length() == 0) {
+            return false;
+        }
+        ItemBasedPrincipal princ = new ItemBasedPrincipal() {
+            public String getPath() throws RepositoryException {
+                return path;
+            }
+            public String getName() {
+                return Text.getName(path);
+            }
+        };
+        try {
+            return session.getUserManager().getAuthorizable(princ) != null;
+        } catch (RepositoryException e) {
+            return false;
+        }
+    }
+
     /**
      * Check if the Node identified by <code>id</code> is itself part of ACL
      * defining content. It this case setting or modifying an AC-policy is
@@ -381,7 +439,7 @@
                 log.debug("Invalid path name for Permission: " + name + ".");
             }
         }
-        int i=0;
+        int i = 0;
         String check = name;
         while (node.hasNode(check)) {
             check = name + i;



Mime
View raw message