jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tri...@apache.org
Subject svn commit: r806534 [1/2] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbi...
Date Fri, 21 Aug 2009 12:49:10 GMT
Author: tripod
Date: Fri Aug 21 12:49:09 2009
New Revision: 806534

URL: http://svn.apache.org/viewvc?rev=806534&view=rev
Log:
JCR-2268 Generify Security API

Modified:
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/JackrabbitAccessControlList.java
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplate.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplate.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/EveryonePrincipal.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleWorkspaceAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/JackrabbitAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/JackrabbitAccessControlList.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/JackrabbitAccessControlList.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/JackrabbitAccessControlList.java Fri Aug 21 12:49:09 2009
@@ -71,9 +71,9 @@
      * Same as {@link #addEntry(Principal, Privilege[], boolean, Map)} using
      * some implementation specific restrictions.
      *
-     * @param principal
-     * @param privileges
-     * @param isAllow
+     * @param principal the principal to add the entry for
+     * @param privileges the privileges to add
+     * @param isAllow if <code>true</code> if this is a positive (allow) entry
      * @return true if this policy has changed by incorporating the given entry;
      * false otherwise.
      * @throws AccessControlException If any of the given parameter is invalid
@@ -81,7 +81,8 @@
      * @throws RepositoryException If another error occurs.
      * @see AccessControlList#addAccessControlEntry(Principal, Privilege[])
      */
-    boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow) throws AccessControlException, RepositoryException;
+    boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow)
+            throws AccessControlException, RepositoryException;
 
     /**
      * Adds an access control entry to this policy consisting of the specified
@@ -95,9 +96,9 @@
      * An <code>AccessControlException</code> is thrown if any of the specified
      * parameters is invalid or if some other access control related exception occurs.
      * 
-     * @param principal
-     * @param privileges
-     * @param isAllow
+     * @param principal the principal to add the entry for
+     * @param privileges the privileges to add
+     * @param isAllow if <code>true</code> if this is a positive (allow) entry
      * @param restrictions A map of additional restrictions used to narrow the
      * effect of the entry to be created. The map must map JCR names to a single
      * {@link javax.jcr.Value} object.
@@ -109,5 +110,6 @@
      * @see AccessControlList#addAccessControlEntry(Principal, Privilege[])
      */
     boolean addEntry(Principal principal, Privilege[] privileges,
-                     boolean isAllow, Map<String, Value> restrictions) throws AccessControlException, RepositoryException;
+                     boolean isAllow, Map<String, Value> restrictions)
+            throws AccessControlException, RepositoryException;
 }

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java Fri Aug 21 12:49:09 2009
@@ -16,12 +16,13 @@
  */
 package org.apache.jackrabbit.api.security.user;
 
-import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import java.security.Principal;
+import java.util.Iterator;
 
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
-import java.security.Principal;
-import java.util.Iterator;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 
 /**
  * The Authorizable is the common base interface for {@link User} and
@@ -29,23 +30,23 @@
  * with an <code>Authorizable</code> (see below) and allow to access and
  * modify additional properties such as e.g. full name, e-mail or address.
  * <p/>
- *
+ * <p/>
  * Please note the difference between <code>Authorizable</code> and
  * {@link java.security.Principal Principal}:<br>
  * An <code>Authorizable</code> is repository object that is neither associated
  * with nor depending from a particular <code>Session</code> and thus independant
  * of the login mechanisms creating <code>Session</code>s.<br>
- *
+ * <p/>
  * On the other hand <code>Principal</code>s are representations of user
  * identities. In other words: each <code>Principal</code> within the set
  * associated with the Session's Subject upon login represents an identity for
  * that user. An the set of <code>Principal</code>s may differ between different
  * login mechanisms.<br>
- *
+ * <p/>
  * Consequently an one-to-many relationship exists between Authorizable
  * and Principal (see also {@link #getPrincipal()} and {@link #getPrincipals()}).
- * <p />
- *
+ * <p/>
+ * <p/>
  * The interfaces derived from Authorizable are defined as follows:
  * <ul>
  * <li>{@link User}: defined to be an authorizable that can be authenticated
@@ -57,7 +58,7 @@
  * @see User
  * @see Group
  */
-public interface Authorizable  {
+public interface Authorizable {
 
     /**
      * Return the implementation specific identifer for this
@@ -70,9 +71,9 @@
     String getID() throws RepositoryException;
 
     /**
-	 * @return if the current Authorizable is a {@link Group}
-	 */
-	boolean isGroup();
+     * @return if the current Authorizable is a {@link Group}
+     */
+    boolean isGroup();
 
     /**
      * @return a representation as Principal.
@@ -87,10 +88,8 @@
      * Principal a <code>AuthorizableExistsException</code> is thrown.
      *
      * @param principal
-     * @return true if added, false if this Authorizable already represents
-     * the given Principal.
      * @return AuthorizableExistsException If the given principal is already refered
-     * to by another Authorizable.
+     *         to by another Authorizable.
      * @throws RepositoryException
      */
     boolean addReferee(Principal principal) throws AuthorizableExistsException, RepositoryException;
@@ -106,7 +105,7 @@
 
     /**
      * @return Iterator of all Principal related to this authentication Object
-     * including the main principal, (see {@link #getPrincipal()}).
+     *         including the main principal, (see {@link #getPrincipal()}).
      * @throws RepositoryException
      */
     PrincipalIterator getPrincipals() throws RepositoryException;
@@ -115,14 +114,14 @@
      * @return all {@link Group}s, this Authorizable is declared member of.
      * @throws RepositoryException
      */
-    Iterator declaredMemberOf() throws RepositoryException;
+    Iterator<Group> declaredMemberOf() throws RepositoryException;
 
     /**
      * @return all {@link Group}s, this Authorizable is member of included
-     * indirect group membership.
+     *         indirect group membership.
      * @throws RepositoryException
      */
-    Iterator memberOf() throws RepositoryException;
+    Iterator<Group> memberOf() throws RepositoryException;
 
     /**
      * Removes this <code>Authorizable</code>, if the session has sufficient
@@ -131,7 +130,7 @@
      * a Group itself).
      *
      * @throws RepositoryException If an error occured and the
-     * <code>Authorizable</code> could not be removed.
+     *                             <code>Authorizable</code> could not be removed.
      */
     void remove() throws RepositoryException;
 
@@ -143,17 +142,17 @@
      * @see #getProperty(String)
      * @see #hasProperty(String)
      */
-    Iterator getPropertyNames() throws RepositoryException;
+    Iterator<String> getPropertyNames() throws RepositoryException;
 
     /**
-	 * Tests if a the property with specified name exists.
+     * Tests if a the property with specified name exists.
      *
-	 * @param name
-	 * @return
-	 * @throws RepositoryException
-	 * @see #getProperty(String)
-	 */
-	boolean hasProperty(String name) throws RepositoryException;
+     * @param name
+     * @return
+     * @throws RepositoryException
+     * @see #getProperty(String)
+     */
+    boolean hasProperty(String name) throws RepositoryException;
 
     /**
      * Set an arbitrary property to this <code>Authorizable</code>.
@@ -169,17 +168,17 @@
      *
      * @param name
      * @param value multiple values
-     * @throws RepositoryException  If the specified property could not be set.
+     * @throws RepositoryException If the specified property could not be set.
      */
     void setProperty(String name, Value[] value) throws RepositoryException;
 
-	/**
+    /**
      * Returns the values for the properties with the specified name or
      * <code>null</code>.
      *
      * @param name
      * @return value of the property with the given name or <code>null</code>
-     * if no such property exists.
+     *         if no such property exists.
      * @throws RepositoryException If an error occurs.
      */
     Value[] getProperty(String name) throws RepositoryException;
@@ -189,7 +188,7 @@
      *
      * @param name
      * @return true If the property with the specified name was successfully
-     * removed; false if no such property was present.
+     *         removed; false if no such property was present.
      * @throws RepositoryException If an error occurs.
      */
     boolean removeProperty(String name) throws RepositoryException;

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java Fri Aug 21 12:49:09 2009
@@ -29,7 +29,7 @@
      * members of this Group.
      * @throws RepositoryException
      */
-    Iterator getDeclaredMembers() throws RepositoryException;
+    Iterator<Authorizable> getDeclaredMembers() throws RepositoryException;
 
     /**
      * @return Iterator of <code>Authorizable</code>s which are members of
@@ -37,7 +37,7 @@
      * that are indirect group members.
      * @throws RepositoryException
      */
-    Iterator getMembers() throws RepositoryException;
+    Iterator<Authorizable> getMembers() throws RepositoryException;
 
     /**
      * @return true if the Authorizable to test is a direct or indirect member

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java Fri Aug 21 12:49:09 2009
@@ -16,55 +16,56 @@
  */
 package org.apache.jackrabbit.core;
 
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Credentials;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
 import javax.jcr.security.AccessControlException;
+import javax.security.auth.Subject;
+
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.core.config.AccessManagerConfig;
+import org.apache.jackrabbit.core.config.BeanConfig;
 import org.apache.jackrabbit.core.config.LoginModuleConfig;
 import org.apache.jackrabbit.core.config.SecurityConfig;
+import org.apache.jackrabbit.core.config.SecurityManagerConfig;
 import org.apache.jackrabbit.core.config.WorkspaceConfig;
 import org.apache.jackrabbit.core.config.WorkspaceSecurityConfig;
-import org.apache.jackrabbit.core.config.SecurityManagerConfig;
-import org.apache.jackrabbit.core.config.BeanConfig;
 import org.apache.jackrabbit.core.security.AMContext;
 import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.security.DefaultAccessManager;
 import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 import org.apache.jackrabbit.core.security.SecurityConstants;
-import org.apache.jackrabbit.core.security.DefaultAccessManager;
 import org.apache.jackrabbit.core.security.authentication.AuthContext;
 import org.apache.jackrabbit.core.security.authentication.AuthContextProvider;
 import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactory;
 import org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl;
 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
+import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.core.security.principal.PrincipalManagerImpl;
 import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
 import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
-import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.core.security.user.UserManagerImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
-import javax.jcr.NoSuchWorkspaceException;
-import javax.jcr.Repository;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-
 /**
  * The security manager acts as central managing class for all security related
  * operations on a low-level non-protected level. It manages the
@@ -183,7 +184,7 @@
 
         Properties[] moduleConfig = authContextProvider.getModuleConfig();
 
-        // retrieve default-ids (admin and anomymous) from login-module-configuration.
+        // retrieve default-ids (admin and anonymous) from login-module-configuration.
         for (Properties props : moduleConfig) {
             if (props.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
                 adminId = props.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
@@ -221,7 +222,7 @@
         }
         workspaceAccessManager.init(securitySession);
 
-        // initialize principa-provider registry
+        // initialize principal-provider registry
         // 1) create default
         PrincipalProvider defaultPP = new DefaultPrincipalProvider(securitySession, (UserManagerImpl) systemUserManager);
         defaultPP.init(new Properties());
@@ -250,7 +251,7 @@
         BeanConfig umc = repository.getConfig().getSecurityConfig().getSecurityManagerConfig().getUserManagerConfig();
         Properties config = null;
         if (umc != null) {
-            // TODO: deal with other umgr implementations.
+            // TODO: deal with other user manager implementations.
             String clName = umc.getClassName();
             if (clName != null && !(UserManagerImpl.class.getName().equals(clName) || clName.length() == 0)) {
                 log.warn("Unsupported custom UserManager implementation: '" + clName + "' -> Ignored.");
@@ -279,9 +280,8 @@
     public void close() {
         checkInitialized();
         synchronized (acProviders) {
-            Iterator<AccessControlProvider> itr = acProviders.values().iterator();
-            while (itr.hasNext()) {
-                itr.next().close();
+            for (AccessControlProvider accessControlProvider : acProviders.values()) {
+                accessControlProvider.close();
             }
             acProviders.clear();
         }
@@ -390,8 +390,7 @@
             // no SimpleCredentials: retrieve authorizables corresponding to
             // a non-group principal. the first one present is used to determine
             // the userID.
-            for (Iterator<Principal> it = subject.getPrincipals().iterator(); it.hasNext();) {
-                Principal p = (Principal) it.next();
+            for (Principal p : subject.getPrincipals()) {
                 if (!(p instanceof Group)) {
                     Authorizable authorz = systemUserManager.getAuthorizable(p);
                     if (authorz != null && !authorz.isGroup()) {
@@ -522,7 +521,7 @@
         /**
          * {@inheritDoc}
          */
-        public boolean grants(Set principals, String workspaceName) throws RepositoryException {
+        public boolean grants(Set<Principal> principals, String workspaceName) throws RepositoryException {
             AccessControlProvider prov = getAccessControlProvider(workspaceName);
             return prov.canAccessRoot(principals);
         }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplate.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplate.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplate.java Fri Aug 21 12:49:09 2009
@@ -16,28 +16,23 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-
-import javax.jcr.security.Privilege;
-import javax.jcr.security.AccessControlException;
-import javax.jcr.RepositoryException;
-import javax.jcr.ValueFactory;
-import javax.jcr.Value;
 import java.security.Principal;
 import java.util.Collections;
 import java.util.Map;
 
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.ValueFactory;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+
 /**
  * <code>AbstractACLTemplate</code>...
  */
-public abstract class AbstractACLTemplate implements JackrabbitAccessControlList, AccessControlConstants {
-
-    /**
-     * logger instance
-     */
-    private static final Logger log = LoggerFactory.getLogger(AbstractACLTemplate.class);
+public abstract class AbstractACLTemplate implements JackrabbitAccessControlList,
+        AccessControlConstants {
 
     /**
      * Path of the node this ACL template has been created for.
@@ -84,7 +79,7 @@
      */
     public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow)
             throws AccessControlException, RepositoryException {
-        return addEntry(principal, privileges, isAllow, Collections.EMPTY_MAP);
+        return addEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
     }
 
 
@@ -94,6 +89,6 @@
      */
     public boolean addAccessControlEntry(Principal principal, Privilege[] privileges)
             throws AccessControlException, RepositoryException {
-        return addEntry(principal, privileges, true, Collections.EMPTY_MAP);
+        return addEntry(principal, privileges, true, Collections.<String, Value>emptyMap());
     }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java Fri Aug 21 12:49:09 2009
@@ -16,28 +16,26 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
+import java.security.Principal;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.observation.ObservationManager;
+import javax.jcr.security.Privilege;
+
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.SystemPrincipal;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import javax.jcr.security.Privilege;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.observation.ObservationManager;
-import java.security.Principal;
-import java.util.Map;
-import java.util.Set;
 
 /**
  * <code>AbstractAccessControlProvider</code>...
  */
-public abstract class AbstractAccessControlProvider implements AccessControlProvider, AccessControlUtils {
-
-    private static Logger log = LoggerFactory.getLogger(AbstractAccessControlProvider.class);
+public abstract class AbstractAccessControlProvider implements AccessControlProvider,
+        AccessControlUtils {
 
     /**
      * Constant for the name of the configuration option "omit-default-permission".

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java Fri Aug 21 12:49:09 2009
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
+import java.util.Map;
+
 import org.apache.commons.collections.map.LRUMap;
 import org.apache.jackrabbit.spi.Path;
 
@@ -27,8 +29,9 @@
 public abstract class AbstractCompiledPermissions implements CompiledPermissions {
 
     // cache mapping a Path to a 'Result' containing permissions and privileges.
-    private final LRUMap cache;
+    private final Map<Path, Result> cache;
 
+    @SuppressWarnings("unchecked")
     protected AbstractCompiledPermissions() {
         cache = new LRUMap(1000);
     }
@@ -42,7 +45,7 @@
     public Result getResult(Path absPath) throws RepositoryException {
         Result result;
         synchronized (cache) {
-            result = (Result) cache.get(absPath);
+            result = cache.get(absPath);
             if (result == null) {
                 result = buildResult(absPath);
                 cache.put(absPath, result);

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java Fri Aug 21 12:49:09 2009
@@ -54,7 +54,8 @@
      * <code>nodePath</code>.
      * @throws RepositoryException if an error occurs
      */
-    AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException;
+    AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException,
+            PathNotFoundException, RepositoryException;
 
     /**
      * Retrieves the policies that have been applied before for the given
@@ -74,7 +75,8 @@
      * if same other access control related exception occurs.
      * @throws RepositoryException if an error occurs
      */
-    JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException;
+    JackrabbitAccessControlPolicy[] getPolicies(Principal principal)
+            throws AccessControlException, RepositoryException;
 
     /**
      * Retrieves the editable policies for the Node identified by the given
@@ -100,7 +102,8 @@
      * <code>nodePath</code>.
      * @throws RepositoryException if an error occurs
      */
-    AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException;
+    AccessControlPolicy[] editAccessControlPolicies(String nodePath)
+            throws AccessControlException, PathNotFoundException, RepositoryException;
 
     /**
      * Returns an array of editable policies for the given <code>principal</code>.
@@ -115,7 +118,8 @@
      * if same other access control related exception occurs.
      * @throws RepositoryException if another error occurs.
      */
-    JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws AccessDeniedException, AccessControlException, RepositoryException;
+    JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal)
+            throws AccessDeniedException, AccessControlException, RepositoryException;
 
     /**
      * Stores the policy template to the respective node.
@@ -129,7 +133,8 @@
      * <code>nodePath</code>.
      * @throws RepositoryException if an other error occurs.
      */
-    void setPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException;
+    void setPolicy(String nodePath, AccessControlPolicy policy)
+            throws AccessControlException, PathNotFoundException, RepositoryException;
 
     /**
      * Removes the specified policy from the node at <code>nodePath</code>.
@@ -143,5 +148,6 @@
      * <code>nodePath</code>.
      * @throws RepositoryException if an other error occurs
      */
-    void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException;
+    void removePolicy(String nodePath, AccessControlPolicy policy)
+            throws AccessControlException, PathNotFoundException, RepositoryException;
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java Fri Aug 21 12:49:09 2009
@@ -16,19 +16,18 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
-import org.apache.jackrabbit.value.StringValue;
-import org.apache.jackrabbit.value.ValueHelper;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.value.ValueHelper;
 
 /**
  * Simple, immutable implementation of the
@@ -62,7 +61,7 @@
      * Jackrabbit specific extension: the list of additional restrictions to be
      * included in the evaluation.
      */
-    private final Map restrictions;
+    private final Map<String, Value> restrictions;
 
     /**
      * Value factory
@@ -100,15 +99,16 @@
      * @throws AccessControlException if either principal or privileges are invalid.
      */
     protected AccessControlEntryImpl(Principal principal, Privilege[] privileges,
-                                     boolean isAllow, Map restrictions, ValueFactory valueFactory)
+                                     boolean isAllow, Map<String, Value> restrictions,
+                                     ValueFactory valueFactory)
             throws AccessControlException {
         if (principal == null) {
             throw new IllegalArgumentException();
         }
         // make sure no abstract privileges are passed.
-        for (int i = 0; i < privileges.length; i++) {
-            if (privileges[i].isAbstract()) {
-                throw new AccessControlException("Privilege " + privileges[i] + " is abstract.");
+        for (Privilege privilege : privileges) {
+            if (privilege.isAbstract()) {
+                throw new AccessControlException("Privilege " + privilege + " is abstract.");
             }
         }
         this.principal = principal;
@@ -118,22 +118,14 @@
         this.valueFactory = valueFactory;
         
         if (restrictions == null) {
-            this.restrictions = Collections.EMPTY_MAP;
+            this.restrictions = Collections.emptyMap();
         } else {
-            this.restrictions = new HashMap(restrictions.size());
+            this.restrictions = new HashMap<String, Value>(restrictions.size());
             // validate the passed restrictions and fill the map
-            for (Iterator it = restrictions.keySet().iterator(); it.hasNext();) {
-                Object key = it.next();
-                Object v = restrictions.get(key);
-                Value value;
-                if (v instanceof Value) {
-                    // create copy of the value
-                    value = ValueHelper.copy((Value) v, valueFactory);
-                } else {
-                    // fallback
-                    value = new StringValue(v.toString());
-                }
-                this.restrictions.put(key.toString(), value);
+            for (String key : restrictions.keySet()) {
+                Value value = restrictions.get(key);
+                value = ValueHelper.copy(value, valueFactory);
+                this.restrictions.put(key, value);
             }
         }
     }
@@ -187,7 +179,7 @@
      * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry#getRestrictionNames()
      */
     public String[] getRestrictionNames() {
-        return (String[]) restrictions.keySet().toArray(new String[restrictions.size()]);
+        return restrictions.keySet().toArray(new String[restrictions.size()]);
     }
 
     /**
@@ -195,7 +187,7 @@
      */
     public Value getRestriction(String restrictionName) {
         if (restrictions.containsKey(restrictionName)) {
-            return ValueHelper.copy((Value) restrictions.get(restrictionName), valueFactory);
+            return ValueHelper.copy(restrictions.get(restrictionName), valueFactory);
         } else {
             return null;
         }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java Fri Aug 21 12:49:09 2009
@@ -39,14 +39,12 @@
     private Iterator<AccessControlEntry> currentEntries;
     private AccessControlEntry next;
 
-    public AccessControlEntryIterator(List<AccessControlList> aces) {
+    public AccessControlEntryIterator(List<AccessControlEntry> aces) {
         this(new AccessControlList[] {new UnmodifiableAccessControlList(aces)});
     }
 
     public AccessControlEntryIterator(AccessControlList[] acls) {
-        for (AccessControlList a : acls) {
-            this.acls.add(a);
-        }
+        this.acls.addAll(Arrays.asList(acls));
         next = seekNext();
     }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Fri Aug 21 12:49:09 2009
@@ -16,24 +16,24 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
-import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
-import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.NameFactory;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.NamespaceException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.jcr.NamespaceException;
+import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.NameFactory;
+import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
+import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
+
 /**
  * The <code>PrivilegeRegistry</code> defines the set of <code>Privilege</code>s
  * known to the repository.
@@ -46,8 +46,8 @@
      */
     public static final String REP_WRITE = "{" + Name.NS_REP_URI + "}write";
 
-    private static final Set REGISTERED_PRIVILEGES = new HashSet(20);
-    private static final Map BITS_TO_PRIVILEGES = new HashMap();
+    private static final Set<InternalPrivilege> REGISTERED_PRIVILEGES = new HashSet<InternalPrivilege>(20);
+    private static final Map<Integer, InternalPrivilege[]> BITS_TO_PRIVILEGES = new HashMap<Integer, InternalPrivilege[]>();
     private static final NameFactory NAME_FACTORY = NameFactoryImpl.getInstance();
 
     private static final Privilege[] EMPTY_ARRAY = new Privilege[0];
@@ -123,7 +123,7 @@
      * Per instance map containing the instance specific representation of
      * the registered privileges.
      */
-    private final Map localCache;
+    private final Map<Name, Privilege> localCache;
 
     /**
      * Create a new <code>PrivilegeRegistry</code> instance.
@@ -133,9 +133,8 @@
      */
     public PrivilegeRegistry(NameResolver resolver) {
         this.resolver = resolver;
-        localCache = new HashMap(REGISTERED_PRIVILEGES.size());
-        for (Iterator it = REGISTERED_PRIVILEGES.iterator(); it.hasNext();) {
-            InternalPrivilege ip = (InternalPrivilege) it.next();
+        localCache = new HashMap<Name, Privilege>(REGISTERED_PRIVILEGES.size());
+        for (InternalPrivilege ip : REGISTERED_PRIVILEGES) {
             Privilege priv = new PrivilegeImpl(ip, resolver);
             localCache.put(ip.name, priv);
         }
@@ -147,7 +146,7 @@
      * @return all registered privileges.
      */
     public Privilege[] getRegisteredPrivileges() {
-        return (Privilege[]) localCache.values().toArray(new Privilege[localCache.size()]);
+        return localCache.values().toArray(new Privilege[localCache.size()]);
     }
 
     /**
@@ -161,7 +160,7 @@
     public Privilege getPrivilege(String privilegeName) throws AccessControlException, RepositoryException {
         Name name = resolver.getQName(privilegeName);
         if (localCache.containsKey(name)) {
-            return (Privilege) localCache.get(name);
+            return localCache.get(name);
         } else {
             throw new AccessControlException("Unknown privilege " + privilegeName);
         }
@@ -187,7 +186,7 @@
             InternalPrivilege[] internalPrivs = getInteralPrivileges(bits);
             privs = new Privilege[internalPrivs.length];
             for (int i = 0; i < internalPrivs.length; i++) {
-                privs[i] = (Privilege) localCache.get(internalPrivs[i].name);
+                privs[i] = localCache.get(internalPrivs[i].name);
             }
         } else {
             privs = new Privilege[0];
@@ -207,8 +206,7 @@
             throw new AccessControlException("Privilege array is empty or null.");
         }
         int bits = NO_PRIVILEGE;
-        for (int i = 0; i < privileges.length; i++) {
-            Privilege priv = privileges[i];
+        for (Privilege priv : privileges) {
             if (priv instanceof PrivilegeImpl) {
                 bits |= ((PrivilegeImpl) priv).internalPrivilege.getBits();
             } else {
@@ -307,11 +305,10 @@
      * @return InternalPrivilege that corresponds to the given bits.
      */
     private static InternalPrivilege[] getInteralPrivileges(int bits) {
-        Object key = new Integer(bits);
-        if (BITS_TO_PRIVILEGES.containsKey(key)) {
-            return (InternalPrivilege[]) BITS_TO_PRIVILEGES.get(key);
+        if (BITS_TO_PRIVILEGES.containsKey(bits)) {
+            return BITS_TO_PRIVILEGES.get(bits);
         } else {
-            List privileges = new ArrayList();
+            List<InternalPrivilege> privileges = new ArrayList<InternalPrivilege>();
             if ((bits & READ) == READ) {
                 privileges.add(READ_PRIVILEGE);
             }
@@ -357,8 +354,8 @@
 
             InternalPrivilege[] privs;
             if (!privileges.isEmpty()) {
-                privs = (InternalPrivilege[]) privileges.toArray(new InternalPrivilege[privileges.size()]);
-                BITS_TO_PRIVILEGES.put(key, privs);
+                privs = privileges.toArray(new InternalPrivilege[privileges.size()]);
+                BITS_TO_PRIVILEGES.put(bits, privs);
             } else {
                 privs = new InternalPrivilege[0];
             }
@@ -368,7 +365,7 @@
 
     private static InternalPrivilege registerPrivilege(InternalPrivilege privilege) {
         REGISTERED_PRIVILEGES.add(privilege);
-        BITS_TO_PRIVILEGES.put(new Integer(privilege.getBits()), new InternalPrivilege[] {privilege});
+        BITS_TO_PRIVILEGES.put(privilege.getBits(), new InternalPrivilege[] {privilege});
         return privilege;
     }
 
@@ -383,7 +380,7 @@
         private final boolean isAbstract;
         private final boolean isAggregate;
         private final InternalPrivilege[] declaredAggregates;
-        private final Set aggregates;
+        private final Set<InternalPrivilege> aggregates;
 
         private final int bits;
 
@@ -417,10 +414,9 @@
             this.name = NAME_FACTORY.create(name);
             this.isAbstract = false;
             this.declaredAggregates = declaredAggregates;
-            Set aggrgt = new HashSet();
+            Set<InternalPrivilege> aggrgt = new HashSet<InternalPrivilege>();
             int bts = 0;
-            for (int i = 0; i < declaredAggregates.length; i++) {
-                InternalPrivilege priv = declaredAggregates[i];
+            for (InternalPrivilege priv : declaredAggregates) {
                 bts |= priv.getBits();
                 if (priv.isAggregate) {
                     aggrgt.addAll(priv.aggregates);
@@ -491,7 +487,7 @@
                 Privilege[] privs = new Privilege[len];
                 for (int i = 0; i < len; i++) {
                     InternalPrivilege ip = internalPrivilege.declaredAggregates[i];
-                    privs[i] = (Privilege) localCache.get(ip.name);
+                    privs[i] = localCache.get(ip.name);
                 }
                 return privs;
             } else {
@@ -503,9 +499,8 @@
             if (internalPrivilege.isAggregate) {
                 Privilege[] privs = new Privilege[internalPrivilege.aggregates.size()];
                 int i = 0;
-                for (Iterator it = internalPrivilege.aggregates.iterator(); it.hasNext();) {
-                    InternalPrivilege ip = (InternalPrivilege) it.next();
-                    privs[i++] = (Privilege) localCache.get(ip.name);
+                for (InternalPrivilege ip : internalPrivilege.aggregates) {
+                    privs[i++] = localCache.get(ip.name);
                 }
                 return privs;
             } else {

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java Fri Aug 21 12:49:09 2009
@@ -53,8 +53,8 @@
      *
      * @param accessControlEntries A list of {@link AccessControlEntry access control entries}.
      */
-    public UnmodifiableAccessControlList(List accessControlEntries) {
-        this.accessControlEntries = (AccessControlEntry[]) accessControlEntries.toArray(new AccessControlEntry[accessControlEntries.size()]);
+    public UnmodifiableAccessControlList(List<AccessControlEntry> accessControlEntries) {
+        this.accessControlEntries = accessControlEntries.toArray(new AccessControlEntry[accessControlEntries.size()]);
     }
 
     //--------------------------------------------------< AccessControlList >---

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java Fri Aug 21 12:49:09 2009
@@ -19,6 +19,7 @@
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import java.util.Set;
+import java.security.Principal;
 
 /**
  * The <code>WorkspaceAccessManager</code> is responsible for workspace access.
@@ -53,5 +54,6 @@
      * workspace with the specified name.
      * @throws RepositoryException If an error occurs. 
      */
-    boolean grants(Set principals, String workspaceName) throws RepositoryException;
+    boolean grants(Set<Principal> principals, String workspaceName)
+            throws RepositoryException;
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java Fri Aug 21 12:49:09 2009
@@ -83,9 +83,9 @@
 
     /**
      *
-     * @param aclNode
-     * @return
-     * @throws RepositoryException
+     * @param aclNode the node
+     * @return the control list
+     * @throws RepositoryException if an error occurs
      */
     AccessControlList getACL(NodeImpl aclNode) throws RepositoryException {
         return new ACLTemplate(aclNode, privilegeRegistry);
@@ -171,8 +171,8 @@
         }
         
         AccessControlEntry[] entries = ((ACLTemplate) policy).getAccessControlEntries();
-        for (int i = 0; i < entries.length; i++) {
-            JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entries[i];
+        for (AccessControlEntry entry : entries) {
+            JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entry;
 
             Name nodeName = getUniqueNodeName(aclNode, ace.isAllow() ? "allow" : "deny");
             Name ntName = (ace.isAllow()) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
@@ -216,7 +216,7 @@
      * defining content. It this case setting or modifying an AC-policy is
      * obviously not possible.
      *
-     * @param nodePath
+     * @param nodePath the node path
      * @throws AccessControlException If the given nodePath identifies a Node that
      * represents a ACL or ACE item.
      * @throws RepositoryException
@@ -231,9 +231,9 @@
     /**
      * Check if the specified policy can be set/removed from this editor.
      *
-     * @param nodePath
-     * @param policy
-     * @throws AccessControlException
+     * @param nodePath the node path
+     * @param policy the policy
+     * @throws AccessControlException if not allowed
      */
     private static void checkValidPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException {
         if (policy == null || !(policy instanceof ACLTemplate)) {
@@ -247,10 +247,10 @@
 
     /**
      *
-     * @param path
-     * @return
-     * @throws PathNotFoundException
-     * @throws RepositoryException
+     * @param path the path
+     * @return the node
+     * @throws PathNotFoundException if not found
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl getNode(String path) throws PathNotFoundException, RepositoryException {
         return (NodeImpl) session.getNode(path);
@@ -261,10 +261,10 @@
      * path or <code>null</code> if the node is not mix:AccessControllable
      * or if no policy node exists.
      *
-     * @param nodePath
+     * @param nodePath the node path
      * @return node or <code>null</code>
-     * @throws PathNotFoundException
-     * @throws RepositoryException
+     * @throws PathNotFoundException if not found
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl getAclNode(String nodePath) throws PathNotFoundException, RepositoryException {
         NodeImpl controlledNode = getNode(nodePath);
@@ -275,9 +275,9 @@
      * Returns the rep:Policy node below the given Node or <code>null</code>
      * if the node is not mix:AccessControllable or if no policy node exists.
      *
-     * @param controlledNode
+     * @param controlledNode the controlled node
      * @return node or <code>null</code>
-     * @throws RepositoryException
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl getAclNode(NodeImpl controlledNode) throws RepositoryException {
         NodeImpl aclNode = null;
@@ -289,9 +289,9 @@
 
     /**
      *
-     * @param nodePath
-     * @return
-     * @throws RepositoryException
+     * @param nodePath the node path
+     * @return the new node
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl createAclNode(String nodePath) throws RepositoryException {
         NodeImpl protectedNode = getNode(nodePath);
@@ -306,8 +306,8 @@
      *
      * @param node a name for the child is resolved
      * @param name if missing the {@link #DEFAULT_ACE_NAME} is taken
-     * @return
-     * @throws RepositoryException
+     * @return the name
+     * @throws RepositoryException if an error occurs
      */
     protected static Name getUniqueNodeName(Node node, String name) throws RepositoryException {
         if (name == null) {
@@ -333,12 +333,13 @@
      * Build an array of Value from the specified <code>privileges</code> using
      * the given <code>valueFactory</code>.
      *
-     * @param privileges
-     * @param valueFactory
+     * @param privileges the privileges
+     * @param valueFactory the value factory
      * @return an array of Value.
-     * @throws javax.jcr.ValueFormatException
+     * @throws ValueFormatException if an error occurs
      */
-    private static Value[] getPrivilegeNames(Privilege[] privileges, ValueFactory valueFactory) throws ValueFormatException {
+    private static Value[] getPrivilegeNames(Privilege[] privileges, ValueFactory valueFactory)
+            throws ValueFormatException {
         Value[] names = new Value[privileges.length];
         for (int i = 0; i < privileges.length; i++) {
             names[i] = valueFactory.createValue(privileges[i].getName(), PropertyType.NAME);

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java Fri Aug 21 12:49:09 2009
@@ -16,54 +16,55 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.Privilege;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.NodeIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.observation.Event;
+import javax.jcr.observation.EventIterator;
+import javax.jcr.query.Query;
+import javax.jcr.query.QueryManager;
+import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlList;
 import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.Privilege;
+
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.ItemImpl;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.PropertyImpl;
-import org.apache.jackrabbit.core.ItemImpl;
 import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.id.NodeId;
 import org.apache.jackrabbit.core.observation.SynchronousEventListener;
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider;
 import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
+import org.apache.jackrabbit.core.security.authorization.AccessControlEntryIterator;
 import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList;
-import org.apache.jackrabbit.core.security.authorization.AccessControlEntryIterator;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.commons.name.PathFactoryImpl;
 import org.apache.jackrabbit.util.Text;
-import org.apache.commons.collections.map.ListOrderedMap;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.NodeIterator;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.Value;
-import javax.jcr.observation.Event;
-import javax.jcr.observation.EventIterator;
-import javax.jcr.query.Query;
-import javax.jcr.query.QueryManager;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Arrays;
-
 /**
  * The ACLProvider generates access control policies out of the items stored
  * in the workspace applying the following rules:
@@ -114,8 +115,8 @@
      */
     public boolean isAcItem(Path absPath) throws RepositoryException {
         Path.Element[] elems = absPath.getElements();
-        for (int i = 0; i < elems.length; i++) {
-            if (N_POLICY.equals(elems[i].getName())) {
+        for (Path.Element elem : elems) {
+            if (N_POLICY.equals(elem.getName())) {
                 return true;
             }
         }
@@ -151,14 +152,14 @@
 
     /**
      * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(Path)
-     * @param absPath
+     * @param absPath absolute path
      */
     public AccessControlPolicy[] getEffectivePolicies(Path absPath) throws ItemNotFoundException, RepositoryException {
         checkInitialized();
 
         NodeImpl targetNode = (NodeImpl) session.getNode(session.getJCRPath(absPath));
         NodeImpl node = getNode(targetNode);
-        List acls = new ArrayList();
+        List<AccessControlList> acls = new ArrayList<AccessControlList>();
 
         // collect all ACLs effective at node
         collectAcls(node, acls);
@@ -169,7 +170,7 @@
             // controlled.
             log.warn("No access controlled node present in item hierarchy starting from " + targetNode.getPath());
         }
-        return (AccessControlList[]) acls.toArray(new AccessControlList[acls.size()]);
+        return acls.toArray(new AccessControlList[acls.size()]);
     }
 
     /**
@@ -215,8 +216,8 @@
      * searched and returned.
      *
      * @param targetNode The node for which AC information needs to be retrieved.
-     * @return
-     * @throws RepositoryException
+     * @return the node
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl getNode(NodeImpl targetNode) throws RepositoryException {
         NodeImpl node;
@@ -238,9 +239,9 @@
      * @param node the Node to collect the ACLs for, which must NOT be part of the
      * structure defined by mix:AccessControllable.
      * @param acls List used to collect the effective acls.
-     * @throws RepositoryException
+     * @throws RepositoryException if an error occurs
      */
-    private void collectAcls(NodeImpl node, List acls) throws RepositoryException {
+    private void collectAcls(NodeImpl node, List<AccessControlList> acls) throws RepositoryException {
         // if the given node is access-controlled, construct a new ACL and add
         // it to the list
         if (isAccessControlled(node)) {
@@ -314,10 +315,10 @@
      * and if it has a child node named
      * {@link AccessControlConstants#N_POLICY "rep:ACL"}.
      *
-     * @param node
+     * @param node hte node
      * @return <code>true</code> if the node is access controlled;
      *         <code>false</code> otherwise.
-     * @throws RepositoryException
+     * @throws RepositoryException if an error occurs
      */
     static boolean isAccessControlled(NodeImpl node) throws RepositoryException {
         return node.isNodeType(NT_REP_ACCESS_CONTROLLABLE) && node.hasNode(N_POLICY);
@@ -329,7 +330,7 @@
      */
     private class AclPermissions extends AbstractCompiledPermissions implements SynchronousEventListener {
 
-        private final List principalNames;
+        private final List<String> principalNames;
         private final String jcrReadPrivilegeName;
 
         /**
@@ -343,7 +344,7 @@
         }
 
         private AclPermissions(Set<Principal> principals, boolean listenToEvents) throws RepositoryException {
-            principalNames = new ArrayList(principals.size());
+            principalNames = new ArrayList<String>(principals.size());
             for (Principal princ : principals) {
                 principalNames.add(princ.getName());
             }
@@ -381,7 +382,7 @@
          * permissions for any of the principals AND denies-READ. Otherwise
          * this shortcut is not possible.
          *
-         * @param principalnames
+         * @param principalnames names of the principals
          * @return true if read is allowed everywhere.
          */
         private boolean isReadAllowed(Collection<String> principalnames) {
@@ -397,10 +398,9 @@
                     // where the rep:principalName property exactly matches any of
                     // the given principalsNames
                     int i = 0;
-                    Iterator itr = principalnames.iterator();
-                    while (itr.hasNext()) {
+                    for (String principalname : principalnames) {
                         stmt.append("@").append(resolver.getJCRName(P_PRINCIPAL_NAME)).append(" eq ");
-                        stmt.append("'").append(itr.next().toString()).append("'");
+                        stmt.append("'").append(principalname).append("'");
                         if (++i < principalnames.size()) {
                             stmt.append(" or ");
                         }
@@ -522,9 +522,9 @@
 
         /**
          *
-         * @param absPath
-         * @param permissions
-         * @return
+         * @param absPath absolute path
+         * @param permissions permission bits
+         * @return <code>true</code> if the permissions are granted
          * @throws RepositoryException
          * @see CompiledPermissions#grants(Path, int)
          */
@@ -560,8 +560,8 @@
                                 // ACE denies READ.
                                 if (readAllowed && n.isNodeType(NT_REP_DENY_ACE)) {
                                     Value[] vs = n.getProperty(P_PRIVILEGES).getValues();
-                                    for (int i = 0; i < vs.length; i++) {
-                                        if (jcrReadPrivilegeName.equals(vs[i].getString())) {
+                                    for (Value v : vs) {
+                                        if (jcrReadPrivilegeName.equals(v.getString())) {
                                             readAllowed = false;
                                         }
                                     }
@@ -624,12 +624,12 @@
      */
     private class Entries {
 
-        private final ListOrderedMap principalNamesToEntries;
+        private final Map<String, List<AccessControlEntry>> principalNamesToEntries;
 
-        private Entries(NodeImpl node, Collection principalNames) throws RepositoryException {
-            principalNamesToEntries = new ListOrderedMap();
-            for (Iterator it = principalNames.iterator(); it.hasNext();) {
-                principalNamesToEntries.put(it.next(), new ArrayList());
+        private Entries(NodeImpl node, Collection<String> principalNames) throws RepositoryException {
+            principalNamesToEntries = new LinkedHashMap<String, List<AccessControlEntry>>();
+            for (String name : principalNames) {
+                principalNamesToEntries.put(name, new ArrayList<AccessControlEntry>());
             }
             collectEntries(node);
         }
@@ -650,11 +650,9 @@
         }
 
         private AccessControlEntryIterator iterator() {
-            List entries = new ArrayList();
-            for (Iterator it =
-                    principalNamesToEntries.asList().iterator(); it.hasNext();) {
-                Object key = it.next();
-                entries.addAll((List) principalNamesToEntries.get(key));
+            List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();
+            for (List<AccessControlEntry> list: principalNamesToEntries.values()) {
+                entries.addAll(list);
             }
             return new AccessControlEntryIterator(entries);
         }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java Fri Aug 21 12:49:09 2009
@@ -16,37 +16,37 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import org.apache.commons.collections.map.ListOrderedMap;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.jcr.NodeIterator;
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.ValueFactory;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplate;
 import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl;
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
-import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplate;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.NodeIterator;
-import javax.jcr.PropertyType;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.ValueFactory;
-import javax.jcr.security.AccessControlEntry;
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.Privilege;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
 /**
  * Implementation of the {@link org.apache.jackrabbit.api.security.JackrabbitAccessControlList} interface that
  * is detached from the effective access control content. Consequently, any
@@ -63,7 +63,7 @@
      * name as key. The value represents a List containing maximal one grant
      * and one deny ACE per principal.
      */
-    private final Map entries = new ListOrderedMap();
+    private final Map<String, List<Entry>> entries = new LinkedHashMap<String, List<Entry>>();
 
     /**
      * The principal manager used for validation checks
@@ -78,14 +78,14 @@
     /**
      * Construct a new empty {@link ACLTemplate}.
      *
-     * @param path
-     * @param privilegeRegistry
-     * @param principalMgr
+     * @param path path
+     * @param privilegeRegistry registry
+     * @param valueFactory value factory
+     * @param principalMgr manager
      */
     ACLTemplate(String path, PrincipalManager principalMgr, 
                 PrivilegeRegistry privilegeRegistry, ValueFactory valueFactory) {
         super(path, valueFactory);
-
         this.principalMgr = principalMgr;
         this.privilegeRegistry = privilegeRegistry;
     }
@@ -94,9 +94,9 @@
      * Create a {@link ACLTemplate} that is used to edit an existing ACL
      * node.
      *
-     * @param aclNode
-     * @param privilegeRegistry
-     * @throws RepositoryException
+     * @param aclNode node
+     * @param privilegeRegistry registry
+     * @throws RepositoryException if an error occurs
      */
     ACLTemplate(NodeImpl aclNode, PrivilegeRegistry privilegeRegistry) throws RepositoryException {
         super((aclNode != null) ? aclNode.getParent().getPath() : null, (aclNode != null) ? aclNode.getSession().getValueFactory() : null);
@@ -152,12 +152,12 @@
      * specified names and return a map consisting of principal name key
      * and a list of ACEs as value.
      *
-     * @param aclNode
+     * @param aclNode acl node
      * @param princToEntries Map of key = principalName and value = ArrayList
      * to be filled with ACEs matching the principal names.
-     * @throws RepositoryException
+     * @throws RepositoryException if an error occurs
      */
-    static void collectEntries(NodeImpl aclNode, Map princToEntries)
+    static void collectEntries(NodeImpl aclNode, Map<String, List<AccessControlEntry>> princToEntries)
             throws RepositoryException {
         SessionImpl sImpl = (SessionImpl) aclNode.getSession();
         PrincipalManager principalMgr = sImpl.getPrincipalManager();
@@ -194,31 +194,31 @@
                         aceNode.isNodeType(AccessControlConstants.NT_REP_GRANT_ACE),
                         sImpl.getValueFactory());
                 // add it to the proper list (e.g. separated by principals)
-                ((List) princToEntries.get(principalName)).add(ace);
+                princToEntries.get(principalName).add(ace);
             }
         }
     }
 
-    private List internalGetEntries() {
-        List l = new ArrayList();
-        for (Iterator it = entries.values().iterator(); it.hasNext();) {
-            l.addAll((List) it.next());
+    private List<? extends AccessControlEntry> internalGetEntries() {
+        List<Entry> l = new ArrayList<Entry>();
+        for (List<Entry> o : entries.values()) {
+            l.addAll(o);
         }
         return l;
     }
 
-    private List internalGetEntries(Principal principal) {
+    private List<Entry> internalGetEntries(Principal principal) {
         String principalName = principal.getName();
         if (entries.containsKey(principalName)) {
-            return (List) entries.get(principalName);
+            return entries.get(principalName);
         } else {
-            return new ArrayList(2);
+            return new ArrayList<Entry>(2);
         }
     }
 
     private synchronized boolean internalAdd(Entry entry) throws AccessControlException {
         Principal principal = entry.getPrincipal();
-        List l = internalGetEntries(principal);
+        List<Entry> l = internalGetEntries(principal);
         if (l.isEmpty()) {
             // simple case: just add the new entry
             l.add(entry);
@@ -229,9 +229,9 @@
                 // the same entry is already contained -> no modification
                 return false;
             }
-            // ev. need to adjust existing entries
+            // check if need to adjust existing entries
             Entry complementEntry = null;
-            Entry[] entries = (Entry[]) l.toArray(new Entry[l.size()]);
+            Entry[] entries = l.toArray(new Entry[l.size()]);
             for (int i = 0; i < entries.length; i++) {
                 if (entry.isAllow() == entries[i].isAllow()) {
                     int existingPrivs = entries[i].getPrivilegeBits();
@@ -242,7 +242,7 @@
                     }
 
                     // remove the existing entry and create a new that includes
-                    // both the new privileges and the existing onces.
+                    // both the new privileges and the existing ones.
                     l.remove(i);
                     int mergedBits = entries[i].getPrivilegeBits() | entry.getPrivilegeBits();
                     Privilege[] mergedPrivs = privilegeRegistry.getPrivileges(mergedBits);
@@ -254,7 +254,7 @@
             }
 
             // make sure, that the complement entry (if existing) does not
-            // grant/deny the same privileges -> remove privs that are now
+            // grant/deny the same privileges -> remove privileges that are now
             // denied/granted.
             if (complementEntry != null) {
                 int complPrivs = complementEntry.getPrivilegeBits();
@@ -299,8 +299,8 @@
      * @see javax.jcr.security.AccessControlList#getAccessControlEntries()
      */
     public AccessControlEntry[] getAccessControlEntries() throws RepositoryException {
-        List l = internalGetEntries();
-        return (AccessControlEntry[]) l.toArray(new AccessControlEntry[l.size()]);
+        List<? extends AccessControlEntry> l = internalGetEntries();
+        return l.toArray(new AccessControlEntry[l.size()]);
     }
 
     /**
@@ -403,8 +403,9 @@
      */
     static class Entry extends AccessControlEntryImpl {
 
-        Entry(Principal principal, Privilege[] privileges, boolean allow, ValueFactory valueFactory) throws AccessControlException {
-            super(principal, privileges, allow, Collections.EMPTY_MAP, valueFactory);
+        Entry(Principal principal, Privilege[] privileges, boolean allow, ValueFactory valueFactory)
+                throws AccessControlException {
+            super(principal, privileges, allow, Collections.<String, Value>emptyMap(), valueFactory);
         }
     }
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java Fri Aug 21 12:49:09 2009
@@ -49,8 +49,8 @@
      */
     public AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
         List<AccessControlPolicy> templates = new ArrayList<AccessControlPolicy>();
-        for (int i = 0; i < editors.length; i++) {
-            AccessControlPolicy[] ts = editors[i].getPolicies(nodePath);
+        for (AccessControlEditor editor : editors) {
+            AccessControlPolicy[] ts = editor.getPolicies(nodePath);
             if (ts != null && ts.length > 0) {
                 templates.addAll(Arrays.asList(ts));
             }
@@ -63,8 +63,8 @@
      */
     public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException {
         List<JackrabbitAccessControlPolicy> templates = new ArrayList<JackrabbitAccessControlPolicy>();
-        for (int i = 0; i < editors.length; i++) {
-            JackrabbitAccessControlPolicy[] ts = editors[i].getPolicies(principal);
+        for (AccessControlEditor editor : editors) {
+            JackrabbitAccessControlPolicy[] ts = editor.getPolicies(principal);
             if (ts != null && ts.length > 0) {
                 templates.addAll(Arrays.asList(ts));
             }
@@ -77,9 +77,9 @@
      */
     public AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
         List<AccessControlPolicy> templates = new ArrayList<AccessControlPolicy>();
-        for (int i = 0; i < editors.length; i++) {
+        for (AccessControlEditor editor : editors) {
             try {
-                templates.addAll(Arrays.asList(editors[i].editAccessControlPolicies(nodePath)));
+                templates.addAll(Arrays.asList(editor.editAccessControlPolicies(nodePath)));
             } catch (AccessControlException e) {
                 log.debug(e.getMessage());
                 // ignore.
@@ -93,9 +93,9 @@
      */
     public JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws RepositoryException {
         List<JackrabbitAccessControlPolicy> templates = new ArrayList<JackrabbitAccessControlPolicy>();
-        for (int i = 0; i < editors.length; i++) {
+        for (AccessControlEditor editor : editors) {
             try {
-                templates.addAll(Arrays.asList(editors[i].editAccessControlPolicies(principal)));
+                templates.addAll(Arrays.asList(editor.editAccessControlPolicies(principal)));
             } catch (AccessControlException e) {
                 log.debug(e.getMessage());
                 // ignore.
@@ -108,12 +108,12 @@
      * @see AccessControlEditor#setPolicy(String,AccessControlPolicy)
      */
     public void setPolicy(String nodePath, AccessControlPolicy template) throws AccessControlException, PathNotFoundException, RepositoryException {
-        for (int i = 0; i < editors.length; i++) {
+        for (AccessControlEditor editor : editors) {
             try {
                 // return as soon as the first editor successfully handled the
                 // specified template
-                editors[i].setPolicy(nodePath, template);
-                log.debug("Set template " + template + " using " + editors[i]);
+                editor.setPolicy(nodePath, template);
+                log.debug("Set template " + template + " using " + editor);
                 return;
             } catch (AccessControlException e) {
                 log.debug(e.getMessage());
@@ -130,12 +130,12 @@
      */
     public void removePolicy(String nodePath,
                              AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException {
-        for (int i = 0; i < editors.length; i++) {
+        for (AccessControlEditor editor : editors) {
             try {
                 // return as soon as the first editor successfully handled the
                 // specified template
-                editors[i].removePolicy(nodePath, policy);
-                log.debug("Removed template " + policy + " using " + editors[i]);
+                editor.removePolicy(nodePath, policy);
+                log.debug("Removed template " + policy + " using " + editor);
                 return;
             } catch (AccessControlException e) {
                 log.debug(e.getMessage());

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java?rev=806534&r1=806533&r2=806534&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java Fri Aug 21 12:49:09 2009
@@ -41,6 +41,7 @@
 import java.util.HashMap;
 import java.util.Arrays;
 import java.util.Iterator;
+import java.security.Principal;
 
 /**
  * <code>CombinedProvider</code>...
@@ -56,8 +57,8 @@
      * @see AccessControlUtils#isAcItem(Path)
      */
     public boolean isAcItem(Path absPath) throws RepositoryException {
-        for (int i = 0; i < providers.length; i++) {
-            if (providers[i] instanceof AccessControlUtils && ((AccessControlUtils) providers[i]).isAcItem(absPath)) {
+        for (AccessControlProvider provider : providers) {
+            if (provider instanceof AccessControlUtils && ((AccessControlUtils) provider).isAcItem(absPath)) {
                 return true;
             }
         }
@@ -68,8 +69,8 @@
      * @see AccessControlUtils#isAcItem(ItemImpl)
      */
     public boolean isAcItem(ItemImpl item) throws RepositoryException {
-        for (int i = 0; i < providers.length; i++) {
-            if (providers[i] instanceof AccessControlUtils && ((AccessControlUtils) providers[i]).isAcItem(item)) {
+        for (AccessControlProvider provider : providers) {
+            if (provider instanceof AccessControlUtils && ((AccessControlUtils) provider).isAcItem(item)) {
                 return true;
             }
         }
@@ -81,8 +82,8 @@
      * @see AccessControlProvider#close()
      */
     public void close() {
-        for (int i = 0; i < providers.length; i++) {
-            providers[i].close();
+        for (AccessControlProvider provider : providers) {
+            provider.close();
         }
         super.close();
     }
@@ -93,11 +94,11 @@
     public void init(Session systemSession, Map configuration) throws RepositoryException {
         super.init(systemSession, configuration);
 
-        // this provider combines the result of 2 (currently hardcoded) AC-providers
+        // this provider combines the result of 2 (currently hard coded) AC-providers
         // TODO: make this configurable
         providers = new AccessControlProvider[2];
 
-        // 1) a resource-based ACL provider, that is not inited with default
+        // 1) a resource-based ACL provider, that is not initialized with default
         //    permissions and should only be used to overrule the permissions
         //    granted or denied by the default provider (see 2).
         providers[0] = new org.apache.jackrabbit.core.security.authorization.acl.ACLProvider();
@@ -117,11 +118,11 @@
      */
     public AccessControlPolicy[] getEffectivePolicies(Path absPath)
             throws ItemNotFoundException, RepositoryException {
-        List l = new ArrayList();
-        for (int i = 0; i < providers.length; i++) {
-            l.addAll(Arrays.asList(providers[i].getEffectivePolicies(absPath)));
+        List<AccessControlPolicy> l = new ArrayList<AccessControlPolicy>();
+        for (AccessControlProvider provider : providers) {
+            l.addAll(Arrays.asList(provider.getEffectivePolicies(absPath)));
         }
-        return (AccessControlPolicy[]) l.toArray(new AccessControlPolicy[l.size()]);
+        return l.toArray(new AccessControlPolicy[l.size()]);
     }
 
     /**
@@ -129,17 +130,17 @@
      */
     public AccessControlEditor getEditor(Session editingSession) {
         checkInitialized();
-        List editors = new ArrayList();
-        for (int i = 0; i < providers.length; i++) {
+        List<AccessControlEditor> editors = new ArrayList<AccessControlEditor>();
+        for (AccessControlProvider provider : providers) {
             try {
-                editors.add(providers[i].getEditor(editingSession));
+                editors.add(provider.getEditor(editingSession));
             } catch (RepositoryException e) {
                 log.debug(e.getMessage());
                 // ignore.
             }
         }
         if (!editors.isEmpty()) {
-            return new CombinedEditor((AccessControlEditor[]) editors.toArray(new AccessControlEditor[editors.size()]));
+            return new CombinedEditor(editors.toArray(new AccessControlEditor[editors.size()]));
         } else {
             log.debug("None of the derived access control providers supports editing.");
             return null;
@@ -149,7 +150,7 @@
     /**
      * @see AccessControlProvider#compilePermissions(Set)
      */
-    public CompiledPermissions compilePermissions(Set principals) throws RepositoryException {
+    public CompiledPermissions compilePermissions(Set<Principal> principals) throws RepositoryException {
         checkInitialized();
         if (isAdminOrSystem(principals)) {
             return getAdminPermissions();
@@ -161,7 +162,7 @@
     /**
      * @see AccessControlProvider#canAccessRoot(Set)
      */
-    public boolean canAccessRoot(Set principals) throws RepositoryException {
+    public boolean canAccessRoot(Set<Principal> principals) throws RepositoryException {
         checkInitialized();
         if (isAdminOrSystem(principals)) {
             return true;
@@ -182,20 +183,21 @@
      */
     private class CompiledPermissionImpl extends AbstractCompiledPermissions  {
 
-        private final List cPermissions;
+        private final List<AbstractCompiledPermissions> cPermissions;
 
         /**
-         * @param principals
+         * @param principals the principals
+         * @throws RepositoryException if an error occurs
          */
-        private CompiledPermissionImpl(Set principals) throws
+        private CompiledPermissionImpl(Set<Principal> principals) throws
                 RepositoryException {
-            this.cPermissions = new ArrayList();
-            for (int i = 0; i < providers.length; i++) {
-                CompiledPermissions cp = providers[i].compilePermissions(principals);
+            this.cPermissions = new ArrayList<AbstractCompiledPermissions>();
+            for (AccessControlProvider provider : providers) {
+                CompiledPermissions cp = provider.compilePermissions(principals);
                 if (cp instanceof AbstractCompiledPermissions) {
-                    cPermissions.add(cp);
+                    cPermissions.add((AbstractCompiledPermissions) cp);
                 } else {
-                    // TODO: deal with other impls.
+                    // TODO: deal with other implementations
                     log.warn("AbstractCompiledPermissions expected. Found " + cp.getClass().getName() + " -> ignore.");
                 }
             }
@@ -207,8 +209,7 @@
          */
         protected Result buildResult(Path absPath) throws RepositoryException {
             Result res = null;
-            for (Iterator it = cPermissions.iterator(); it.hasNext();) {
-                AbstractCompiledPermissions acp = (AbstractCompiledPermissions) it.next();
+            for (AbstractCompiledPermissions acp : cPermissions) {
                 Result other = acp.getResult(absPath);
                 res = (res == null) ? other : res.combine(other);
             }



Mime
View raw message