jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ju...@apache.org
Subject svn commit: r812570 [11/24] - in /jackrabbit/sandbox/JCR-1456: ./ jackrabbit-api/ jackrabbit-api/src/main/appended-resources/ jackrabbit-api/src/main/appended-resources/META-INF/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabb...
Date Tue, 08 Sep 2009 16:09:45 GMT
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java Tue Sep  8 16:09:28 2009
@@ -60,8 +60,7 @@
         int[] docNums = new int[1];
         while ((nodes = child.nextScoreNodes()) != null) {
             docNums = resolver.getParents(nodes[idx].getDoc(reader), docNums);
-            for (int i = 0; i < docNums.length; i++) {
-                Integer parentId = new Integer(docNums[i]);
+            for (int parentId : docNums) {
                 childIndex.addScoreNodes(parentId, nodes);
             }
         }
@@ -73,6 +72,6 @@
      */
     public ScoreNode[][] getMatchingScoreNodes(ScoreNode parent)
             throws IOException {
-        return childIndex.getScoreNodes(new Integer(parent.getDoc(reader)));
+        return childIndex.getScoreNodes(parent.getDoc(reader));
     }
 }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java Tue Sep  8 16:09:28 2009
@@ -32,7 +32,7 @@
     /**
      * The internal map.
      */
-    private final Map map = new HashMap();
+    private final Map<Object, Object> map = new HashMap<Object, Object>();
 
     /**
      * Adds <code>scoreNodes</code> to this map under the given <code>key</code>.
@@ -62,8 +62,8 @@
             ((List) existing).add(nodes);
         } else {
             // ScoreNode[]
-            ArrayList tmp = new ArrayList();
-            tmp.add(existing);
+            List<ScoreNode[]> tmp = new ArrayList<ScoreNode[]>();
+            tmp.add((ScoreNode[]) existing);
             tmp.add(nodes);
             existing = tmp;
             map.put(key, existing);
@@ -83,8 +83,8 @@
         if (sn == null) {
             return null;
         } else if (sn instanceof List) {
-            List list = (List) sn;
-            return (ScoreNode[][]) list.toArray(new ScoreNode[list.size()][]);
+            List<ScoreNode[]> list = (List<ScoreNode[]>) sn;
+            return list.toArray(new ScoreNode[list.size()][]);
         } else {
             // ScoreNode[]
             return new ScoreNode[][]{(ScoreNode[]) sn};

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java Tue Sep  8 16:09:28 2009
@@ -63,16 +63,16 @@
         return valueFactory.createValue(str);
     }
 
-    static Hold createFromValue(Value val, NodeId nodeId, NameResolver resolver) throws RepositoryException {
+    static HoldImpl createFromValue(Value val, NodeId nodeId, NameResolver resolver) throws RepositoryException {
         String str = val.getString();
         Name name = NAME_FACTORY.create(str.substring(2));
         boolean isDeep = str.startsWith(DEEP);
         return new HoldImpl(name, isDeep, nodeId, resolver);
     }
 
-    static Hold[] createFromProperty(PropertyImpl property, NodeId nodeId) throws RepositoryException {
+    static HoldImpl[] createFromProperty(PropertyImpl property, NodeId nodeId) throws RepositoryException {
         Value[] vs = property.getValues();
-        Hold[] holds = new Hold[vs.length];
+        HoldImpl[] holds = new HoldImpl[vs.length];
         for (int i = 0; i < vs.length; i++) {
             holds[i] = createFromValue(vs[i], nodeId, (SessionImpl) property.getSession());
         }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java Tue Sep  8 16:09:28 2009
@@ -63,8 +63,10 @@
      */
     private static final String FILE_NAME = "retention";
 
-    private final PathMap retentionMap  = new PathMap();
-    private final PathMap holdMap = new PathMap();
+    private final PathMap<RetentionPolicyImpl> retentionMap =
+        new PathMap<RetentionPolicyImpl>();
+
+    private final PathMap<List<HoldImpl>> holdMap = new PathMap<List<HoldImpl>>();
 
     private final SessionImpl session;
     private final FileSystemResource retentionFile;
@@ -150,23 +152,22 @@
      * present only once.
      */
     private void writeRetentionFile() {
-        final Set nodeIds = new HashSet();
+        final Set<NodeId> nodeIds = new HashSet<NodeId>();
 
         // first look for nodes containing holds
-        holdMap.traverse(new PathMap.ElementVisitor() {
-            public void elementVisited(PathMap.Element element) {
-                List holds = (List) element.get();
+        holdMap.traverse(new PathMap.ElementVisitor<List<HoldImpl>>() {
+            public void elementVisited(PathMap.Element<List<HoldImpl>> element) {
+                List<HoldImpl> holds = element.get();
                 if (!holds.isEmpty()) {
-                    nodeIds.add(((HoldImpl) holds.get(0)).getNodeId());
+                    nodeIds.add(holds.get(0).getNodeId());
                 }
             }
         }, false);
 
         // then collect ids of nodes having an retention policy
-        retentionMap.traverse(new PathMap.ElementVisitor() {
-            public void elementVisited(PathMap.Element element) {
-                RetentionPolicyImpl rp  = (RetentionPolicyImpl) element.get();
-                nodeIds.add(rp.getNodeId());
+        retentionMap.traverse(new PathMap.ElementVisitor<RetentionPolicyImpl>() {
+            public void elementVisited(PathMap.Element<RetentionPolicyImpl> element) {
+                nodeIds.add(element.get().getNodeId());
             }
         }, false);
 
@@ -174,7 +175,7 @@
             BufferedWriter writer = null;
             try {
                 writer = new BufferedWriter(new OutputStreamWriter(retentionFile.getOutputStream()));
-                for (Iterator it = nodeIds.iterator(); it.hasNext();) {
+                for (Iterator<NodeId> it = nodeIds.iterator(); it.hasNext();) {
                     writer.write(it.next().toString());
                     if (it.hasNext()) {
                         writer.newLine();
@@ -197,7 +198,7 @@
 
     private void addHolds(Path nodePath, PropertyImpl p) throws RepositoryException {
         synchronized (holdMap) {
-            Hold[] holds = HoldImpl.createFromProperty(p, ((PropertyId) p.getId()).getParentId());
+            HoldImpl[] holds = HoldImpl.createFromProperty(p, ((PropertyId) p.getId()).getParentId());
             holdMap.put(nodePath, Arrays.asList(holds));
             holdCnt++;
         }
@@ -205,7 +206,7 @@
 
     private void removeHolds(Path nodePath) {
         synchronized (holdMap) {
-            PathMap.Element el = holdMap.map(nodePath, true);
+            PathMap.Element<List<HoldImpl>> el = holdMap.map(nodePath, true);
             if (el != null) {
                 el.remove();
                 holdCnt--;
@@ -215,7 +216,8 @@
 
     private void addRetentionPolicy(Path nodePath, PropertyImpl p) throws RepositoryException {
         synchronized (retentionMap) {
-            RetentionPolicy rp = new RetentionPolicyImpl(p.getString(), ((PropertyId) p.getId()).getParentId(), session);
+            RetentionPolicyImpl rp = new RetentionPolicyImpl(
+                    p.getString(), ((PropertyId) p.getId()).getParentId(), session);
             retentionMap.put(nodePath, rp);
             retentionCnt++;
         }
@@ -223,7 +225,8 @@
 
     private void removeRetentionPolicy(Path nodePath) {
         synchronized (retentionMap) {
-            PathMap.Element el = retentionMap.map(nodePath, true);
+            PathMap.Element<RetentionPolicyImpl> el =
+                retentionMap.map(nodePath, true);
             if (el != null) {
                 el.remove();
                 retentionCnt--;
@@ -242,8 +245,8 @@
         if (holdCnt <= 0) {
             return false;
         }
-        PathMap.Element element = holdMap.map(nodePath, false);
-        List holds = (List) element.get();
+        PathMap.Element<List<HoldImpl>> element = holdMap.map(nodePath, false);
+        List<HoldImpl> holds = element.get();
         if (holds != null) {
             if (element.hasPath(nodePath)) {
                 // one or more holds on the specified path
@@ -257,9 +260,8 @@
                 // by a deep hold on any ancestor.
                 return true;
             } else {
-                for (Iterator it = holds.iterator(); it.hasNext();) {
-                    Hold h = (Hold) it.next();
-                    if (h.isDeep()) {
+                for (Hold hold : holds) {
+                    if (hold.isDeep()) {
                         return true;
                     }
                 }
@@ -280,14 +282,14 @@
             return false;
         }
         RetentionPolicy rp = null;
-        PathMap.Element element = retentionMap.map(nodePath, true);
+        PathMap.Element<RetentionPolicyImpl> element = retentionMap.map(nodePath, true);
         if (element != null) {
-            rp = (RetentionPolicy) element.get();
+            rp = element.get();
         }
         if (rp == null && checkParent) {
             element = retentionMap.map(nodePath.getAncestor(1), true);
             if (element != null) {
-                rp = (RetentionPolicy) element.get();
+                rp = element.get();
             }
         }
         return rp != null;

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java Tue Sep  8 16:09:28 2009
@@ -326,7 +326,6 @@
         checkInitialized();
         checkPermission(absPath, Permission.READ_AC);
 
-        // TODO: acProvider may not retrieve the correct policy in case of transient modifications
         return acProvider.getEffectivePolicies(getPath(absPath));
     }
 
@@ -395,6 +394,44 @@
         }
         return editor.getPolicies(principal);
     }
+
+    /**
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#hasPrivileges(String, Set, Privilege[])
+     */
+    public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
+        checkInitialized();
+        checkValidNodePath(absPath);
+        checkPermission(absPath, Permission.READ_AC);
+
+        if (privileges == null || privileges.length == 0) {
+            // null or empty privilege array -> return true
+            log.debug("No privileges passed -> allowed.");
+            return true;
+        } else {
+            int privs = PrivilegeRegistry.getBits(privileges);
+            Path p = resolver.getQPath(absPath);
+            return (acProvider.compilePermissions(principals).getPrivileges(p) | ~privs) == -1;
+        }
+    }
+
+    /**
+     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getPrivileges(String, Set)
+     */
+    public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, RepositoryException {
+        checkInitialized();
+        checkValidNodePath(absPath);
+        checkPermission(absPath, Permission.READ_AC);
+        CompiledPermissions perms = acProvider.compilePermissions(principals);
+        try {
+            int bits = perms.getPrivileges(resolver.getQPath(absPath));
+            return (bits == PrivilegeRegistry.NO_PRIVILEGE) ?
+                    new Privilege[0] :
+                    privilegeRegistry.getPrivileges(bits);
+        } finally {
+            perms.close();
+        }
+    }
+
     //---------------------------------------< AbstractAccessControlManager >---
     /**
      * @see AbstractAccessControlManager#checkInitialized()

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java Tue Sep  8 16:09:28 2009
@@ -16,16 +16,14 @@
  */
 package org.apache.jackrabbit.core.security.authentication;
 
-import org.apache.commons.collections.set.ListOrderedSet;
-import javax.jcr.GuestCredentials;
-import org.apache.jackrabbit.core.config.LoginModuleConfig;
-import org.apache.jackrabbit.core.security.SecurityConstants;
-import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
-import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
 
 import javax.jcr.Credentials;
+import javax.jcr.GuestCredentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
@@ -37,24 +35,27 @@
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
-import java.io.IOException;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.core.config.LoginModuleConfig;
+import org.apache.jackrabbit.core.security.SecurityConstants;
+import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * <code>AbstractLoginModule</code> provides the means for the common
  * authentication tasks within the Repository.
  * <p/>
- * On successfull authentication it associates the credentials to principals
+ * On successful authentication it associates the credentials to principals
  * using the {@link PrincipalProvider} configured for this LoginModule<p />
  * Jackrabbit distinguishes between Login and Impersonation dispatching the
  * the correspoding Repository/Session methods to
  * {@link #authenticate(java.security.Principal, javax.jcr.Credentials)} and
  * {@link #impersonate(java.security.Principal, javax.jcr.Credentials)}, respectively.
  * <br>
- * This LoginModule implements default behaviors for both methods.
+ * This LoginModule implements default behavior for either method.
  *
  * @see LoginModule
  */
@@ -65,23 +66,23 @@
     private static final String KEY_CREDENTIALS = "org.apache.jackrabbit.credentials";
     private static final String KEY_LOGIN_NAME = "javax.security.auth.login.name";
 
+    private String principalProviderClassName;
+    private boolean initialized; 
+
     protected String adminId;
     protected String anonymousId;
-    private String principalProviderClassName;
 
-    private CallbackHandler callbackHandler;
-    private boolean initialized;
+    protected CallbackHandler callbackHandler;
 
     protected Principal principal;
     protected SimpleCredentials credentials;
     protected Subject subject;
     protected PrincipalProvider principalProvider;
 
-    private Map sharedState;
+    protected Map sharedState;
 
     /**
-     * Initialize this LoginModule.<br> This abstract implementation, initalizes
-     * the following fields for later use:
+     * Initialize this LoginModule and sets the following fields for later usage:
      * <ul>
      * <li>{@link PrincipalProvider} for user-{@link Principal} resolution.</li>
      * <li>{@link LoginModuleConfig#PARAM_ADMIN_ID} option is evaluated</li>
@@ -156,11 +157,8 @@
 
             //log config values for debug
             if (log.isDebugEnabled()) {
-                Iterator itr = options.keySet().iterator();
-                while (itr.hasNext()) {
-                    String option = (String) itr.next();
-                    log.debug("- Option: "+ option +" -> '"+ options.get(option) +"'");
-
+                for (String option : options.keySet()) {
+                    log.debug("- Option: " + option + " -> '" + options.get(option) + "'");
                 }
             }
             initialized = (this.subject != null);
@@ -171,13 +169,12 @@
     }
 
     /**
-     * Implementations may set-up their own state. E. g. a DataSource if it is
-     * authorized against an external System
+     * Implementations may set-up their own state.
      *
      * @param callbackHandler as passed by {@link javax.security.auth.login.LoginContext}
      * @param session         to security-workspace of Jackrabbit
      * @param options         options from Logini config
-     * @throws LoginException in case initializeaiton failes
+     * @throws LoginException in case initialization failes
      */
     protected abstract void doInit(CallbackHandler callbackHandler,
                                    Session session,
@@ -255,7 +252,7 @@
      * @return true if the authentication succeeded, or false if this
      *         <code>LoginModule</code> should be ignored.
      * @throws LoginException if the authentication fails
-     * @see LoginModule#login()
+     * @see javax.security.auth.spi.LoginModule#login()
      * @see #getCredentials()
      * @see #getUserID(Credentials)
      * @see #getImpersonatorSubject(Credentials)
@@ -266,7 +263,7 @@
             return false;
         }
 
-        // check for availability of Credentials;
+        // check the availability of Credentials
         Credentials creds = getCredentials();
         if (creds == null) {
             log.warn("No credentials available -> try default (anonymous) authentication.");
@@ -329,8 +326,7 @@
      * @return true if this method succeeded, or false if this
      *         <code>LoginModule</code> should be ignored.
      * @throws LoginException if the commit fails
-     * @see LoginModule#commit()
-     * @see AbstractLoginModule#login()
+     * @see javax.security.auth.spi.LoginModule#commit()
      */
     public boolean commit() throws LoginException {
         //check login-state
@@ -341,7 +337,7 @@
             return false;
         }
 
-        Set principals = getPrincipals();
+        Set<Principal> principals = getPrincipals();
         subject.getPrincipals().addAll(principals);
         subject.getPublicCredentials().add(credentials);
         return true;
@@ -363,6 +359,7 @@
      * @return true if this method succeeded, or false if this
      *         <code>LoginModule</code> should be ignored.
      * @throws LoginException if the abort fails
+     * @see javax.security.auth.spi.LoginModule#abort()
      */
     public boolean abort() throws LoginException {
         if (!isInitialized()) {
@@ -377,16 +374,10 @@
     }
 
     /**
-     * Method which logs out a <code>Subject</code>.
-     * <p/>
-     * <p>An implementation of this method might remove/destroy a Subject's
-     * Principals and Credentials.
-     * <p/>
-     * <p/>
-     *
-     * @return true if this method succeeded, or false if this
-     *         <code>LoginModule</code> should be ignored.
+     * @return <code>true</code> if this method succeeded,
+     * or <code>false</code> if this <code>LoginModule</code> should be ignored.
      * @throws LoginException if the logout fails
+     * @see javax.security.auth.spi.LoginModule#logout()
      */
     public boolean logout() throws LoginException {
         Set thisPrincipals = subject.getPrincipals();
@@ -648,14 +639,14 @@
      * @return a Collection of principals that contains the current user
      * principal and all groups it is member of.
      */
-    protected Set getPrincipals() {
-        // use ListOrderedSet instead of Hashset in order to maintain the order
+    protected Set<Principal> getPrincipals() {
+        // use linked HashSet instead of HashSet in order to maintain the order
         // of principals (as in the Subject).
-        Set principals = new ListOrderedSet();
+        Set<Principal> principals = new LinkedHashSet<Principal>();
         principals.add(principal);
-        Iterator groups = principalProvider.getGroupMembership(principal);
+        PrincipalIterator groups = principalProvider.getGroupMembership(principal);
         while (groups.hasNext()) {
-            principals.add(groups.next());
+            principals.add(groups.nextPrincipal());
         }
         return principals;
     }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java Tue Sep  8 16:09:28 2009
@@ -30,13 +30,13 @@
  *       JAAS <code>LoginModule</code></li>
  * </ul>
  */
-public abstract interface AuthContext {
+public interface AuthContext {
 
     /**
      * Perform the authentication and, if successful, associate Principals and Credentials
      * with the authenticated<code>Subject</code>.
      *
-     * @see LoginContext#login()
+     * @see javax.security.auth.login.LoginContext#login()
      * @throws LoginException if the authentication fails.
      */
     void login() throws LoginException;
@@ -44,7 +44,7 @@
     /**
      * Return the authenticated Subject.
      *
-     * @see LoginContext#getSubject()
+     * @see javax.security.auth.login.LoginContext#getSubject()
      * @return the authenticated Subject or <code>null</code> if authentication failed.
      */
     Subject getSubject();
@@ -52,8 +52,8 @@
     /**
      * Logout the <code>Subject</code>.
      *
-     * @see LoginContext#logout()
-     * @exception LoginException if the logout fails.
+     * @see javax.security.auth.login.LoginContext#logout()
+     * @throws LoginException if the logout fails.
      */
     void logout() throws LoginException;
 }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java Tue Sep  8 16:09:28 2009
@@ -133,16 +133,16 @@
         } else {
             AppConfigurationEntry[] entries = getJAASConfig();
             if (entries != null) {
-                List tmp = new ArrayList(entries.length);
-                for (int i = 0; i < entries.length; i++) {
-                    Map opt = entries[i].getOptions();
+                List<Properties> tmp = new ArrayList<Properties>(entries.length);
+                for (AppConfigurationEntry entry : entries) {
+                    Map opt = entry.getOptions();
                     if (opt != null) {
                         Properties prop = new Properties();
                         prop.putAll(opt);
                         tmp.add(prop);
                     }
                 }
-                props = (Properties[]) tmp.toArray(new Properties[tmp.size()]);
+                props = tmp.toArray(new Properties[tmp.size()]);
             }
         }
         return props;

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java Tue Sep  8 16:09:28 2009
@@ -82,9 +82,7 @@
      */
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
 
-        for (int i = 0; i < callbacks.length; i++) {
-            Callback callback = callbacks[i];
-
+        for (Callback callback : callbacks) {
             if (callback instanceof CredentialsCallback) {
                 ((CredentialsCallback) callback).setCredentials(credentials);
             } else if (callback instanceof RepositoryCallback) {

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java Tue Sep  8 16:09:28 2009
@@ -69,8 +69,8 @@
 
         String[] attNames = credentials.getAttributeNames();
         attributes = new HashMap<String, Object>(attNames.length);
-        for (int i = 0; i < attNames.length; i++) {
-            attributes.put(attNames[i], credentials.getAttribute(attNames[i]));
+        for (String attName : attNames) {
+            attributes.put(attName, credentials.getAttribute(attName));
         }
     }
 
@@ -89,7 +89,7 @@
             algorithm = algo;
             cryptedPassword = password;
         }
-        attributes = Collections.EMPTY_MAP;
+        attributes = Collections.emptyMap();
     }
 
     public String getUserID() {
@@ -134,7 +134,7 @@
                 // uncrypted pw to match -> crypt with algorithm present here.
                 return crypt(toMatch, algorithm).equals(cryptedPassword);
             } else if (algr != null && algorithm == null) {
-                // crypted pw to match but unkown algorithm here -> crypt this pw
+                // crypted pw to match but unknown algorithm here -> crypt this pw
                 return crypt(algr, cryptedPassword).equals(toMatch);
             }
 

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java Tue Sep  8 16:09:28 2009
@@ -105,14 +105,15 @@
                 return authentication;
             }
         }
-        // no valid user or authencation could not handle the given creds.
+        // no valid user or authentication could not handle the given credentials
         return null;
     }
 
     /**
      * Handles the impersonation of given Credentials.<p />
      * Current implementation takes {@link User} for the given Principal and
-     * delegates the check to {@link Impersonation#allows(javax.security.auth.Subject)}
+     * delegates the check to
+     * {@link org.apache.jackrabbit.api.security.user.Impersonation#allows(javax.security.auth.Subject)}
      *
      * @param principal Principal to impersonate.
      * @param credentials Credentials used to create the impersonation subject.

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java Tue Sep  8 16:09:28 2009
@@ -50,7 +50,7 @@
                 context = new LoginContext(appName, subject, cbHandler);
             }
         } catch (LoginException e) {
-            //all caseses it is thrown are checked -> ignore
+            //all cases it is thrown are checked -> ignore
         } finally {
             current.setContextClassLoader(orig);
         }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java Tue Sep  8 16:09:28 2009
@@ -16,30 +16,37 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
+import java.security.Principal;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.observation.ObservationManager;
+import javax.jcr.security.Privilege;
+
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.SystemPrincipal;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import javax.jcr.security.Privilege;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.observation.ObservationManager;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
 
 /**
  * <code>AbstractAccessControlProvider</code>...
  */
-public abstract class AbstractAccessControlProvider implements AccessControlProvider, AccessControlUtils {
-
-    private static Logger log = LoggerFactory.getLogger(AbstractAccessControlProvider.class);
+public abstract class AbstractAccessControlProvider implements AccessControlProvider,
+        AccessControlUtils {
 
+    /**
+     * Constant for the name of the configuration option "omit-default-permission".
+     * The option is a flag indicating whether default permissions should be
+     * created upon initialization of this provider.<p/>
+     * If this option is present in the configuration no initial ACL content
+     * is created.<br>
+     * If this configuration option is omitted the default permissions are
+     * installed. Note however, that the initialization should not overwrite
+     * previously installed AC content.
+     */
     public static final String PARAM_OMIT_DEFAULT_PERMISSIONS = "omit-default-permission";
 
     /**
@@ -131,9 +138,8 @@
     /**
      * @see AccessControlUtils#isAdminOrSystem(Set)
      */
-    public boolean isAdminOrSystem(Set principals) {
-        for (Iterator it = principals.iterator(); it.hasNext();) {
-            Principal p = (Principal) it.next();
+    public boolean isAdminOrSystem(Set<Principal> principals) {
+        for (Principal p : principals) {
             if (p instanceof AdminPrincipal || p instanceof SystemPrincipal) {
                 return true;
             }
@@ -144,7 +150,7 @@
     /**
      * @see AccessControlUtils#isReadOnly(Set)
      */
-    public boolean isReadOnly(Set principals) {
+    public boolean isReadOnly(Set<Principal> principals) {
         // TODO: find ways to determine read-only status
         return false;
     }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java Tue Sep  8 16:09:28 2009
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
+import java.util.Map;
+
 import org.apache.commons.collections.map.LRUMap;
 import org.apache.jackrabbit.spi.Path;
 
@@ -27,8 +29,9 @@
 public abstract class AbstractCompiledPermissions implements CompiledPermissions {
 
     // cache mapping a Path to a 'Result' containing permissions and privileges.
-    private final LRUMap cache;
+    private final Map<Path, Result> cache;
 
+    @SuppressWarnings("unchecked")
     protected AbstractCompiledPermissions() {
         cache = new LRUMap(1000);
     }
@@ -42,7 +45,7 @@
     public Result getResult(Path absPath) throws RepositoryException {
         Result result;
         synchronized (cache) {
-            result = (Result) cache.get(absPath);
+            result = cache.get(absPath);
             if (result == null) {
                 result = buildResult(absPath);
                 cache.put(absPath, result);

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java Tue Sep  8 16:09:28 2009
@@ -54,7 +54,8 @@
      * <code>nodePath</code>.
      * @throws RepositoryException if an error occurs
      */
-    AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException;
+    AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException,
+            PathNotFoundException, RepositoryException;
 
     /**
      * Retrieves the policies that have been applied before for the given
@@ -74,7 +75,8 @@
      * if same other access control related exception occurs.
      * @throws RepositoryException if an error occurs
      */
-    JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException;
+    JackrabbitAccessControlPolicy[] getPolicies(Principal principal)
+            throws AccessControlException, RepositoryException;
 
     /**
      * Retrieves the editable policies for the Node identified by the given
@@ -100,7 +102,8 @@
      * <code>nodePath</code>.
      * @throws RepositoryException if an error occurs
      */
-    AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException;
+    AccessControlPolicy[] editAccessControlPolicies(String nodePath)
+            throws AccessControlException, PathNotFoundException, RepositoryException;
 
     /**
      * Returns an array of editable policies for the given <code>principal</code>.
@@ -115,7 +118,8 @@
      * if same other access control related exception occurs.
      * @throws RepositoryException if another error occurs.
      */
-    JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws AccessDeniedException, AccessControlException, RepositoryException;
+    JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal)
+            throws AccessDeniedException, AccessControlException, RepositoryException;
 
     /**
      * Stores the policy template to the respective node.
@@ -129,7 +133,8 @@
      * <code>nodePath</code>.
      * @throws RepositoryException if an other error occurs.
      */
-    void setPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException;
+    void setPolicy(String nodePath, AccessControlPolicy policy)
+            throws AccessControlException, PathNotFoundException, RepositoryException;
 
     /**
      * Removes the specified policy from the node at <code>nodePath</code>.
@@ -143,5 +148,6 @@
      * <code>nodePath</code>.
      * @throws RepositoryException if an other error occurs
      */
-    void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException;
+    void removePolicy(String nodePath, AccessControlPolicy policy)
+            throws AccessControlException, PathNotFoundException, RepositoryException;
 }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java Tue Sep  8 16:09:28 2009
@@ -16,19 +16,18 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
-import org.apache.jackrabbit.value.StringValue;
-import org.apache.jackrabbit.value.ValueHelper;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.value.ValueHelper;
 
 /**
  * Simple, immutable implementation of the
@@ -62,7 +61,7 @@
      * Jackrabbit specific extension: the list of additional restrictions to be
      * included in the evaluation.
      */
-    private final Map restrictions;
+    private final Map<String, Value> restrictions;
 
     /**
      * Value factory
@@ -100,15 +99,16 @@
      * @throws AccessControlException if either principal or privileges are invalid.
      */
     protected AccessControlEntryImpl(Principal principal, Privilege[] privileges,
-                                     boolean isAllow, Map restrictions, ValueFactory valueFactory)
+                                     boolean isAllow, Map<String, Value> restrictions,
+                                     ValueFactory valueFactory)
             throws AccessControlException {
         if (principal == null) {
             throw new IllegalArgumentException();
         }
         // make sure no abstract privileges are passed.
-        for (int i = 0; i < privileges.length; i++) {
-            if (privileges[i].isAbstract()) {
-                throw new AccessControlException("Privilege " + privileges[i] + " is abstract.");
+        for (Privilege privilege : privileges) {
+            if (privilege.isAbstract()) {
+                throw new AccessControlException("Privilege " + privilege + " is abstract.");
             }
         }
         this.principal = principal;
@@ -118,22 +118,14 @@
         this.valueFactory = valueFactory;
         
         if (restrictions == null) {
-            this.restrictions = Collections.EMPTY_MAP;
+            this.restrictions = Collections.emptyMap();
         } else {
-            this.restrictions = new HashMap(restrictions.size());
+            this.restrictions = new HashMap<String, Value>(restrictions.size());
             // validate the passed restrictions and fill the map
-            for (Iterator it = restrictions.keySet().iterator(); it.hasNext();) {
-                Object key = it.next();
-                Object v = restrictions.get(key);
-                Value value;
-                if (v instanceof Value) {
-                    // create copy of the value
-                    value = ValueHelper.copy((Value) v, valueFactory);
-                } else {
-                    // fallback
-                    value = new StringValue(v.toString());
-                }
-                this.restrictions.put(key.toString(), value);
+            for (String key : restrictions.keySet()) {
+                Value value = restrictions.get(key);
+                value = ValueHelper.copy(value, valueFactory);
+                this.restrictions.put(key, value);
             }
         }
     }
@@ -187,7 +179,7 @@
      * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry#getRestrictionNames()
      */
     public String[] getRestrictionNames() {
-        return (String[]) restrictions.keySet().toArray(new String[restrictions.size()]);
+        return restrictions.keySet().toArray(new String[restrictions.size()]);
     }
 
     /**
@@ -195,7 +187,7 @@
      */
     public Value getRestriction(String restrictionName) {
         if (restrictions.containsKey(restrictionName)) {
-            return ValueHelper.copy((Value) restrictions.get(restrictionName), valueFactory);
+            return ValueHelper.copy(restrictions.get(restrictionName), valueFactory);
         } else {
             return null;
         }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java Tue Sep  8 16:09:28 2009
@@ -31,22 +31,20 @@
 /**
  * <code>AccessControlEntryIterator</code>...
  */
-public class AccessControlEntryIterator implements Iterator {
+public class AccessControlEntryIterator implements Iterator<AccessControlEntry> {
 
     private static Logger log = LoggerFactory.getLogger(AccessControlEntryIterator.class);
 
-    private final List acls = new ArrayList();
-    private Iterator currentEntries;
-    private Object next;
+    private final List<AccessControlList> acls = new ArrayList<AccessControlList>();
+    private Iterator<AccessControlEntry> currentEntries;
+    private AccessControlEntry next;
 
-    public AccessControlEntryIterator(List aces) {
+    public AccessControlEntryIterator(List<AccessControlEntry> aces) {
         this(new AccessControlList[] {new UnmodifiableAccessControlList(aces)});
     }
 
     public AccessControlEntryIterator(AccessControlList[] acls) {
-        for (int i = 0; i < acls.length; i++) {
-            this.acls.add(acls[i]);
-        }
+        this.acls.addAll(Arrays.asList(acls));
         next = seekNext();
     }
 
@@ -58,16 +56,16 @@
         return next != null;
     }
 
-    public Object next() {
+    public AccessControlEntry next() {
         if (next == null) {
             throw new NoSuchElementException();
         }
-        Object ret = next;
+        AccessControlEntry ret = next;
         next = seekNext();
         return ret;
     }
 
-    private Object seekNext() {
+    private AccessControlEntry seekNext() {
         while (currentEntries == null || !currentEntries.hasNext()) {
             if (acls.isEmpty()) {
                 // reached last acl -> break out of while loop
@@ -76,7 +74,7 @@
             } else {
                 AccessControlEntry[] entries = new AccessControlEntry[0];
                 try {
-                    entries = ((AccessControlList) acls.remove(0)).getAccessControlEntries();
+                    entries = (acls.remove(0)).getAccessControlEntries();
                 } catch (RepositoryException e) {
                     log.error("Unable to retrieve ACEs: " + e.getMessage() + " -> try next.");
                 }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java Tue Sep  8 16:09:28 2009
@@ -22,9 +22,10 @@
 import javax.jcr.ItemNotFoundException;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+
+import java.security.Principal;
 import java.util.Map;
 import java.util.Set;
-import java.security.Principal;
 
 /**
  * The AccessControlProvider is used to provide access control policy and entry

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java Tue Sep  8 16:09:28 2009
@@ -20,6 +20,8 @@
 import org.apache.jackrabbit.core.ItemImpl;
 
 import javax.jcr.RepositoryException;
+
+import java.security.Principal;
 import java.util.Set;
 
 /**
@@ -58,7 +60,7 @@
      * @return true if the specified set of principals contains an
      * <code>AdminPrincipal</code> or a <code>SystemPrincipal</code>.
      */
-    boolean isAdminOrSystem(Set principals);
+    boolean isAdminOrSystem(Set<Principal> principals);
 
     /**
      * Test if if the specified set of principals will have read-only permissions
@@ -69,6 +71,6 @@
      * @return true if the specified set of principals will only be granted
      * read permission on all items.
      */
-    boolean isReadOnly(Set principals);
+    boolean isReadOnly(Set<Principal> principals);
 
 }
\ No newline at end of file

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Tue Sep  8 16:09:28 2009
@@ -16,24 +16,24 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
-import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
-import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.NameFactory;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.NamespaceException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.jcr.NamespaceException;
+import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.NameFactory;
+import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
+import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
+
 /**
  * The <code>PrivilegeRegistry</code> defines the set of <code>Privilege</code>s
  * known to the repository.
@@ -46,8 +46,8 @@
      */
     public static final String REP_WRITE = "{" + Name.NS_REP_URI + "}write";
 
-    private static final Set REGISTERED_PRIVILEGES = new HashSet(20);
-    private static final Map BITS_TO_PRIVILEGES = new HashMap();
+    private static final Set<InternalPrivilege> REGISTERED_PRIVILEGES = new HashSet<InternalPrivilege>(20);
+    private static final Map<Integer, InternalPrivilege[]> BITS_TO_PRIVILEGES = new HashMap<Integer, InternalPrivilege[]>();
     private static final NameFactory NAME_FACTORY = NameFactoryImpl.getInstance();
 
     private static final Privilege[] EMPTY_ARRAY = new Privilege[0];
@@ -123,7 +123,7 @@
      * Per instance map containing the instance specific representation of
      * the registered privileges.
      */
-    private final Map localCache;
+    private final Map<Name, Privilege> localCache;
 
     /**
      * Create a new <code>PrivilegeRegistry</code> instance.
@@ -133,9 +133,8 @@
      */
     public PrivilegeRegistry(NameResolver resolver) {
         this.resolver = resolver;
-        localCache = new HashMap(REGISTERED_PRIVILEGES.size());
-        for (Iterator it = REGISTERED_PRIVILEGES.iterator(); it.hasNext();) {
-            InternalPrivilege ip = (InternalPrivilege) it.next();
+        localCache = new HashMap<Name, Privilege>(REGISTERED_PRIVILEGES.size());
+        for (InternalPrivilege ip : REGISTERED_PRIVILEGES) {
             Privilege priv = new PrivilegeImpl(ip, resolver);
             localCache.put(ip.name, priv);
         }
@@ -147,7 +146,7 @@
      * @return all registered privileges.
      */
     public Privilege[] getRegisteredPrivileges() {
-        return (Privilege[]) localCache.values().toArray(new Privilege[localCache.size()]);
+        return localCache.values().toArray(new Privilege[localCache.size()]);
     }
 
     /**
@@ -161,7 +160,7 @@
     public Privilege getPrivilege(String privilegeName) throws AccessControlException, RepositoryException {
         Name name = resolver.getQName(privilegeName);
         if (localCache.containsKey(name)) {
-            return (Privilege) localCache.get(name);
+            return localCache.get(name);
         } else {
             throw new AccessControlException("Unknown privilege " + privilegeName);
         }
@@ -187,7 +186,7 @@
             InternalPrivilege[] internalPrivs = getInteralPrivileges(bits);
             privs = new Privilege[internalPrivs.length];
             for (int i = 0; i < internalPrivs.length; i++) {
-                privs[i] = (Privilege) localCache.get(internalPrivs[i].name);
+                privs[i] = localCache.get(internalPrivs[i].name);
             }
         } else {
             privs = new Privilege[0];
@@ -207,8 +206,7 @@
             throw new AccessControlException("Privilege array is empty or null.");
         }
         int bits = NO_PRIVILEGE;
-        for (int i = 0; i < privileges.length; i++) {
-            Privilege priv = privileges[i];
+        for (Privilege priv : privileges) {
             if (priv instanceof PrivilegeImpl) {
                 bits |= ((PrivilegeImpl) priv).internalPrivilege.getBits();
             } else {
@@ -307,11 +305,10 @@
      * @return InternalPrivilege that corresponds to the given bits.
      */
     private static InternalPrivilege[] getInteralPrivileges(int bits) {
-        Object key = new Integer(bits);
-        if (BITS_TO_PRIVILEGES.containsKey(key)) {
-            return (InternalPrivilege[]) BITS_TO_PRIVILEGES.get(key);
+        if (BITS_TO_PRIVILEGES.containsKey(bits)) {
+            return BITS_TO_PRIVILEGES.get(bits);
         } else {
-            List privileges = new ArrayList();
+            List<InternalPrivilege> privileges = new ArrayList<InternalPrivilege>();
             if ((bits & READ) == READ) {
                 privileges.add(READ_PRIVILEGE);
             }
@@ -357,8 +354,8 @@
 
             InternalPrivilege[] privs;
             if (!privileges.isEmpty()) {
-                privs = (InternalPrivilege[]) privileges.toArray(new InternalPrivilege[privileges.size()]);
-                BITS_TO_PRIVILEGES.put(key, privs);
+                privs = privileges.toArray(new InternalPrivilege[privileges.size()]);
+                BITS_TO_PRIVILEGES.put(bits, privs);
             } else {
                 privs = new InternalPrivilege[0];
             }
@@ -368,7 +365,7 @@
 
     private static InternalPrivilege registerPrivilege(InternalPrivilege privilege) {
         REGISTERED_PRIVILEGES.add(privilege);
-        BITS_TO_PRIVILEGES.put(new Integer(privilege.getBits()), new InternalPrivilege[] {privilege});
+        BITS_TO_PRIVILEGES.put(privilege.getBits(), new InternalPrivilege[] {privilege});
         return privilege;
     }
 
@@ -383,7 +380,7 @@
         private final boolean isAbstract;
         private final boolean isAggregate;
         private final InternalPrivilege[] declaredAggregates;
-        private final Set aggregates;
+        private final Set<InternalPrivilege> aggregates;
 
         private final int bits;
 
@@ -417,10 +414,9 @@
             this.name = NAME_FACTORY.create(name);
             this.isAbstract = false;
             this.declaredAggregates = declaredAggregates;
-            Set aggrgt = new HashSet();
+            Set<InternalPrivilege> aggrgt = new HashSet<InternalPrivilege>();
             int bts = 0;
-            for (int i = 0; i < declaredAggregates.length; i++) {
-                InternalPrivilege priv = declaredAggregates[i];
+            for (InternalPrivilege priv : declaredAggregates) {
                 bts |= priv.getBits();
                 if (priv.isAggregate) {
                     aggrgt.addAll(priv.aggregates);
@@ -491,7 +487,7 @@
                 Privilege[] privs = new Privilege[len];
                 for (int i = 0; i < len; i++) {
                     InternalPrivilege ip = internalPrivilege.declaredAggregates[i];
-                    privs[i] = (Privilege) localCache.get(ip.name);
+                    privs[i] = localCache.get(ip.name);
                 }
                 return privs;
             } else {
@@ -503,9 +499,8 @@
             if (internalPrivilege.isAggregate) {
                 Privilege[] privs = new Privilege[internalPrivilege.aggregates.size()];
                 int i = 0;
-                for (Iterator it = internalPrivilege.aggregates.iterator(); it.hasNext();) {
-                    InternalPrivilege ip = (InternalPrivilege) it.next();
-                    privs[i++] = (Privilege) localCache.get(ip.name);
+                for (InternalPrivilege ip : internalPrivilege.aggregates) {
+                    privs[i++] = localCache.get(ip.name);
                 }
                 return privs;
             } else {

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java Tue Sep  8 16:09:28 2009
@@ -22,8 +22,16 @@
 import javax.jcr.security.Privilege;
 
 import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.PropertyType;
+
 import java.security.Principal;
 import java.util.List;
+import java.util.Map;
+import java.util.Collections;
+import java.util.HashMap;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 
 /**
  * An implementation of the <code>AccessControlList</code> interface that only
@@ -32,10 +40,14 @@
  * and {@link #removeAccessControlEntry(AccessControlEntry) removeAccessControlEntry})
  * throw an <code>AccessControlException</code>.
  */
-public class UnmodifiableAccessControlList implements AccessControlList {
+public class UnmodifiableAccessControlList implements JackrabbitAccessControlList {
 
     private final AccessControlEntry[] accessControlEntries;
 
+    private final Map<String, Integer> restrictions;
+
+    private final String path;
+
     /**
      * Construct a new <code>UnmodifiableAccessControlList</code>
      *
@@ -45,7 +57,20 @@
      * specified <code>AccessControlList</code>.
      */
     public UnmodifiableAccessControlList(AccessControlList acl) throws RepositoryException {
-        accessControlEntries = acl.getAccessControlEntries();
+        if (acl instanceof JackrabbitAccessControlList) {
+            JackrabbitAccessControlList jAcl = (JackrabbitAccessControlList) acl;
+            accessControlEntries = acl.getAccessControlEntries();
+            path = jAcl.getPath();
+            Map<String, Integer> r = new HashMap<String, Integer>();
+            for (String name: jAcl.getRestrictionNames()) {
+                r.put(name, jAcl.getRestrictionType(name));
+            }
+            restrictions = Collections.unmodifiableMap(r);
+        } else {
+            accessControlEntries = acl.getAccessControlEntries();
+            path = null;
+            restrictions = Collections.emptyMap();
+        }
     }
 
     /**
@@ -53,8 +78,10 @@
      *
      * @param accessControlEntries A list of {@link AccessControlEntry access control entries}.
      */
-    public UnmodifiableAccessControlList(List accessControlEntries) {
-        this.accessControlEntries = (AccessControlEntry[]) accessControlEntries.toArray(new AccessControlEntry[accessControlEntries.size()]);
+    public UnmodifiableAccessControlList(List<AccessControlEntry> accessControlEntries) {
+        this.accessControlEntries = accessControlEntries.toArray(new AccessControlEntry[accessControlEntries.size()]);
+        path = null;
+        restrictions = Collections.emptyMap();
     }
 
     //--------------------------------------------------< AccessControlList >---
@@ -82,4 +109,36 @@
             throws AccessControlException, RepositoryException {
         throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL.");
     }
+
+    public String[] getRestrictionNames() {
+        return restrictions.keySet().toArray(new String[restrictions.size()]);
+    }
+
+    public int getRestrictionType(String restrictionName) {
+        if (restrictions.containsKey(restrictionName)) {
+            return restrictions.get(restrictionName);
+        } else {
+            return PropertyType.UNDEFINED;
+        }
+    }
+
+    public boolean isEmpty() {
+        return accessControlEntries.length == 0;
+    }
+
+    public int size() {
+        return accessControlEntries.length;
+    }
+
+    public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow) throws AccessControlException, RepositoryException {
+        throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL.");
+    }
+
+    public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws AccessControlException, RepositoryException {
+        throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL.");
+    }
+
+    public String getPath() {
+        return path;
+    }
 }
\ No newline at end of file

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java Tue Sep  8 16:09:28 2009
@@ -19,6 +19,7 @@
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import java.util.Set;
+import java.security.Principal;
 
 /**
  * The <code>WorkspaceAccessManager</code> is responsible for workspace access.
@@ -53,5 +54,6 @@
      * workspace with the specified name.
      * @throws RepositoryException If an error occurs. 
      */
-    boolean grants(Set principals, String workspaceName) throws RepositoryException;
+    boolean grants(Set<Principal> principals, String workspaceName)
+            throws RepositoryException;
 }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java Tue Sep  8 16:09:28 2009
@@ -83,9 +83,9 @@
 
     /**
      *
-     * @param aclNode
-     * @return
-     * @throws RepositoryException
+     * @param aclNode the node
+     * @return the control list
+     * @throws RepositoryException if an error occurs
      */
     AccessControlList getACL(NodeImpl aclNode) throws RepositoryException {
         return new ACLTemplate(aclNode, privilegeRegistry);
@@ -171,8 +171,8 @@
         }
         
         AccessControlEntry[] entries = ((ACLTemplate) policy).getAccessControlEntries();
-        for (int i = 0; i < entries.length; i++) {
-            JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entries[i];
+        for (AccessControlEntry entry : entries) {
+            JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entry;
 
             Name nodeName = getUniqueNodeName(aclNode, ace.isAllow() ? "allow" : "deny");
             Name ntName = (ace.isAllow()) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
@@ -216,7 +216,7 @@
      * defining content. It this case setting or modifying an AC-policy is
      * obviously not possible.
      *
-     * @param nodePath
+     * @param nodePath the node path
      * @throws AccessControlException If the given nodePath identifies a Node that
      * represents a ACL or ACE item.
      * @throws RepositoryException
@@ -231,9 +231,9 @@
     /**
      * Check if the specified policy can be set/removed from this editor.
      *
-     * @param nodePath
-     * @param policy
-     * @throws AccessControlException
+     * @param nodePath the node path
+     * @param policy the policy
+     * @throws AccessControlException if not allowed
      */
     private static void checkValidPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException {
         if (policy == null || !(policy instanceof ACLTemplate)) {
@@ -247,10 +247,10 @@
 
     /**
      *
-     * @param path
-     * @return
-     * @throws PathNotFoundException
-     * @throws RepositoryException
+     * @param path the path
+     * @return the node
+     * @throws PathNotFoundException if not found
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl getNode(String path) throws PathNotFoundException, RepositoryException {
         return (NodeImpl) session.getNode(path);
@@ -261,10 +261,10 @@
      * path or <code>null</code> if the node is not mix:AccessControllable
      * or if no policy node exists.
      *
-     * @param nodePath
+     * @param nodePath the node path
      * @return node or <code>null</code>
-     * @throws PathNotFoundException
-     * @throws RepositoryException
+     * @throws PathNotFoundException if not found
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl getAclNode(String nodePath) throws PathNotFoundException, RepositoryException {
         NodeImpl controlledNode = getNode(nodePath);
@@ -275,9 +275,9 @@
      * Returns the rep:Policy node below the given Node or <code>null</code>
      * if the node is not mix:AccessControllable or if no policy node exists.
      *
-     * @param controlledNode
+     * @param controlledNode the controlled node
      * @return node or <code>null</code>
-     * @throws RepositoryException
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl getAclNode(NodeImpl controlledNode) throws RepositoryException {
         NodeImpl aclNode = null;
@@ -289,9 +289,9 @@
 
     /**
      *
-     * @param nodePath
-     * @return
-     * @throws RepositoryException
+     * @param nodePath the node path
+     * @return the new node
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl createAclNode(String nodePath) throws RepositoryException {
         NodeImpl protectedNode = getNode(nodePath);
@@ -306,8 +306,8 @@
      *
      * @param node a name for the child is resolved
      * @param name if missing the {@link #DEFAULT_ACE_NAME} is taken
-     * @return
-     * @throws RepositoryException
+     * @return the name
+     * @throws RepositoryException if an error occurs
      */
     protected static Name getUniqueNodeName(Node node, String name) throws RepositoryException {
         if (name == null) {
@@ -333,12 +333,13 @@
      * Build an array of Value from the specified <code>privileges</code> using
      * the given <code>valueFactory</code>.
      *
-     * @param privileges
-     * @param valueFactory
+     * @param privileges the privileges
+     * @param valueFactory the value factory
      * @return an array of Value.
-     * @throws javax.jcr.ValueFormatException
+     * @throws ValueFormatException if an error occurs
      */
-    private static Value[] getPrivilegeNames(Privilege[] privileges, ValueFactory valueFactory) throws ValueFormatException {
+    private static Value[] getPrivilegeNames(Privilege[] privileges, ValueFactory valueFactory)
+            throws ValueFormatException {
         Value[] names = new Value[privileges.length];
         for (int i = 0; i < privileges.length; i++) {
             names[i] = valueFactory.createValue(privileges[i].getName(), PropertyType.NAME);

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java Tue Sep  8 16:09:28 2009
@@ -16,54 +16,55 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.Privilege;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.NodeIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.observation.Event;
+import javax.jcr.observation.EventIterator;
+import javax.jcr.query.Query;
+import javax.jcr.query.QueryManager;
+import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlList;
 import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.Privilege;
+
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.ItemImpl;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.PropertyImpl;
-import org.apache.jackrabbit.core.ItemImpl;
 import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.id.NodeId;
 import org.apache.jackrabbit.core.observation.SynchronousEventListener;
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider;
 import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
+import org.apache.jackrabbit.core.security.authorization.AccessControlEntryIterator;
 import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList;
-import org.apache.jackrabbit.core.security.authorization.AccessControlEntryIterator;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.spi.commons.name.PathFactoryImpl;
 import org.apache.jackrabbit.util.Text;
-import org.apache.commons.collections.map.ListOrderedMap;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.NodeIterator;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.Value;
-import javax.jcr.observation.Event;
-import javax.jcr.observation.EventIterator;
-import javax.jcr.query.Query;
-import javax.jcr.query.QueryManager;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Arrays;
-
 /**
  * The ACLProvider generates access control policies out of the items stored
  * in the workspace applying the following rules:
@@ -114,8 +115,8 @@
      */
     public boolean isAcItem(Path absPath) throws RepositoryException {
         Path.Element[] elems = absPath.getElements();
-        for (int i = 0; i < elems.length; i++) {
-            if (N_POLICY.equals(elems[i].getName())) {
+        for (Path.Element elem : elems) {
+            if (N_POLICY.equals(elem.getName())) {
                 return true;
             }
         }
@@ -151,14 +152,14 @@
 
     /**
      * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(Path)
-     * @param absPath
+     * @param absPath absolute path
      */
     public AccessControlPolicy[] getEffectivePolicies(Path absPath) throws ItemNotFoundException, RepositoryException {
         checkInitialized();
 
         NodeImpl targetNode = (NodeImpl) session.getNode(session.getJCRPath(absPath));
         NodeImpl node = getNode(targetNode);
-        List acls = new ArrayList();
+        List<AccessControlList> acls = new ArrayList<AccessControlList>();
 
         // collect all ACLs effective at node
         collectAcls(node, acls);
@@ -169,7 +170,7 @@
             // controlled.
             log.warn("No access controlled node present in item hierarchy starting from " + targetNode.getPath());
         }
-        return (AccessControlList[]) acls.toArray(new AccessControlList[acls.size()]);
+        return acls.toArray(new AccessControlList[acls.size()]);
     }
 
     /**
@@ -215,8 +216,8 @@
      * searched and returned.
      *
      * @param targetNode The node for which AC information needs to be retrieved.
-     * @return
-     * @throws RepositoryException
+     * @return the node
+     * @throws RepositoryException if an error occurs
      */
     private NodeImpl getNode(NodeImpl targetNode) throws RepositoryException {
         NodeImpl node;
@@ -238,9 +239,9 @@
      * @param node the Node to collect the ACLs for, which must NOT be part of the
      * structure defined by mix:AccessControllable.
      * @param acls List used to collect the effective acls.
-     * @throws RepositoryException
+     * @throws RepositoryException if an error occurs
      */
-    private void collectAcls(NodeImpl node, List acls) throws RepositoryException {
+    private void collectAcls(NodeImpl node, List<AccessControlList> acls) throws RepositoryException {
         // if the given node is access-controlled, construct a new ACL and add
         // it to the list
         if (isAccessControlled(node)) {
@@ -314,10 +315,10 @@
      * and if it has a child node named
      * {@link AccessControlConstants#N_POLICY "rep:ACL"}.
      *
-     * @param node
+     * @param node hte node
      * @return <code>true</code> if the node is access controlled;
      *         <code>false</code> otherwise.
-     * @throws RepositoryException
+     * @throws RepositoryException if an error occurs
      */
     static boolean isAccessControlled(NodeImpl node) throws RepositoryException {
         return node.isNodeType(NT_REP_ACCESS_CONTROLLABLE) && node.hasNode(N_POLICY);
@@ -329,7 +330,7 @@
      */
     private class AclPermissions extends AbstractCompiledPermissions implements SynchronousEventListener {
 
-        private final List principalNames;
+        private final List<String> principalNames;
         private final String jcrReadPrivilegeName;
 
         /**
@@ -343,7 +344,7 @@
         }
 
         private AclPermissions(Set<Principal> principals, boolean listenToEvents) throws RepositoryException {
-            principalNames = new ArrayList(principals.size());
+            principalNames = new ArrayList<String>(principals.size());
             for (Principal princ : principals) {
                 principalNames.add(princ.getName());
             }
@@ -381,7 +382,7 @@
          * permissions for any of the principals AND denies-READ. Otherwise
          * this shortcut is not possible.
          *
-         * @param principalnames
+         * @param principalnames names of the principals
          * @return true if read is allowed everywhere.
          */
         private boolean isReadAllowed(Collection<String> principalnames) {
@@ -397,10 +398,9 @@
                     // where the rep:principalName property exactly matches any of
                     // the given principalsNames
                     int i = 0;
-                    Iterator itr = principalnames.iterator();
-                    while (itr.hasNext()) {
+                    for (String principalname : principalnames) {
                         stmt.append("@").append(resolver.getJCRName(P_PRINCIPAL_NAME)).append(" eq ");
-                        stmt.append("'").append(itr.next().toString()).append("'");
+                        stmt.append("'").append(principalname).append("'");
                         if (++i < principalnames.size()) {
                             stmt.append(" or ");
                         }
@@ -522,9 +522,9 @@
 
         /**
          *
-         * @param absPath
-         * @param permissions
-         * @return
+         * @param absPath absolute path
+         * @param permissions permission bits
+         * @return <code>true</code> if the permissions are granted
          * @throws RepositoryException
          * @see CompiledPermissions#grants(Path, int)
          */
@@ -560,8 +560,8 @@
                                 // ACE denies READ.
                                 if (readAllowed && n.isNodeType(NT_REP_DENY_ACE)) {
                                     Value[] vs = n.getProperty(P_PRIVILEGES).getValues();
-                                    for (int i = 0; i < vs.length; i++) {
-                                        if (jcrReadPrivilegeName.equals(vs[i].getString())) {
+                                    for (Value v : vs) {
+                                        if (jcrReadPrivilegeName.equals(v.getString())) {
                                             readAllowed = false;
                                         }
                                     }
@@ -624,12 +624,12 @@
      */
     private class Entries {
 
-        private final ListOrderedMap principalNamesToEntries;
+        private final Map<String, List<AccessControlEntry>> principalNamesToEntries;
 
-        private Entries(NodeImpl node, Collection principalNames) throws RepositoryException {
-            principalNamesToEntries = new ListOrderedMap();
-            for (Iterator it = principalNames.iterator(); it.hasNext();) {
-                principalNamesToEntries.put(it.next(), new ArrayList());
+        private Entries(NodeImpl node, Collection<String> principalNames) throws RepositoryException {
+            principalNamesToEntries = new LinkedHashMap<String, List<AccessControlEntry>>();
+            for (String name : principalNames) {
+                principalNamesToEntries.put(name, new ArrayList<AccessControlEntry>());
             }
             collectEntries(node);
         }
@@ -650,11 +650,9 @@
         }
 
         private AccessControlEntryIterator iterator() {
-            List entries = new ArrayList();
-            for (Iterator it =
-                    principalNamesToEntries.asList().iterator(); it.hasNext();) {
-                Object key = it.next();
-                entries.addAll((List) principalNamesToEntries.get(key));
+            List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();
+            for (List<AccessControlEntry> list: principalNamesToEntries.values()) {
+                entries.addAll(list);
             }
             return new AccessControlEntryIterator(entries);
         }



Mime
View raw message