jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ju...@apache.org
Subject svn commit: r812570 [13/24] - in /jackrabbit/sandbox/JCR-1456: ./ jackrabbit-api/ jackrabbit-api/src/main/appended-resources/ jackrabbit-api/src/main/appended-resources/META-INF/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabb...
Date Tue, 08 Sep 2009 16:09:45 GMT
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java Tue Sep  8 16:09:28 2009
@@ -16,9 +16,26 @@
  */
 package org.apache.jackrabbit.core.security.user;
 
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Property;
+import javax.jcr.PropertyIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.PropertyType;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.nodetype.PropertyDefinition;
+
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
 import org.apache.jackrabbit.api.security.user.Group;
@@ -27,28 +44,12 @@
 import org.apache.jackrabbit.core.PropertyImpl;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
-import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
 import org.apache.jackrabbit.spi.Name;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.PathNotFoundException;
-import javax.jcr.Property;
-import javax.jcr.PropertyIterator;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.nodetype.PropertyDefinition;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
 /**
  * AuthorizableImpl
  */
@@ -80,23 +81,16 @@
      * @see Authorizable#getPrincipals()
      */
     public PrincipalIterator getPrincipals() throws RepositoryException {
-        Collection coll = new ArrayList();
+        Collection<Principal> coll = new ArrayList<Principal>();
         // the first element is the main principal of this user.
         coll.add(getPrincipal());
         // in addition add all referees.
         PrincipalManager prMgr = getSession().getPrincipalManager();
-        for (Iterator it = getRefereeValues().iterator(); it.hasNext();) {
-            String refName = ((Value) it.next()).getString();
-            Principal princ = null;
-            if (prMgr.hasPrincipal(refName)) {
-                try {
-                    princ = prMgr.getPrincipal(refName);
-                } catch (NoSuchPrincipalException e) {
-                    // should not get here
-                }
-            }
+        for (Object o : getRefereeValues()) {
+            String refName = ((Value) o).getString();
+            Principal princ = prMgr.getPrincipal(refName);
             if (princ == null) {
-                log.warn("Principal "+ refName +" unknown to PrincipalManager.");
+                log.warn("Principal " + refName + " unknown to PrincipalManager.");
                 princ = new PrincipalImpl(refName);
             }
             coll.add(princ);
@@ -111,7 +105,7 @@
         String principalName = principal.getName();
         Value princValue = getSession().getValueFactory().createValue(principalName);
 
-        List refereeValues = getRefereeValues();
+        List<Value> refereeValues = getRefereeValues();
         if (refereeValues.contains(princValue) || getPrincipal().getName().equals(principalName)) {
             return false;
         }
@@ -120,7 +114,7 @@
         }
         refereeValues.add(princValue);
 
-        userManager.setProtectedProperty(node, P_REFEREES, (Value[]) refereeValues.toArray(new Value[refereeValues.size()]));
+        userManager.setProtectedProperty(node, P_REFEREES, refereeValues.toArray(new Value[refereeValues.size()]));
         return true;
     }
 
@@ -129,14 +123,14 @@
      */
     public synchronized boolean removeReferee(Principal principal) throws RepositoryException {
         Value princValue = getSession().getValueFactory().createValue(principal.getName());
-        List existingValues = getRefereeValues();
+        List<Value> existingValues = getRefereeValues();
 
         if (existingValues.remove(princValue))  {
             PropertyImpl prop = node.getProperty(P_REFEREES);
             if (existingValues.isEmpty()) {
                 userManager.removeProtectedItem(prop, node);
             } else {
-                userManager.setProtectedProperty(node, P_REFEREES, (Value[]) existingValues.toArray(new Value[existingValues.size()]));
+                userManager.setProtectedProperty(node, P_REFEREES, existingValues.toArray(new Value[existingValues.size()]));
             }
             return true;
         }
@@ -148,8 +142,8 @@
     /**
      * @see Authorizable#declaredMemberOf()
      */
-    public Iterator declaredMemberOf() throws RepositoryException {
-        List memberShip = new ArrayList();
+    public Iterator<Group> declaredMemberOf() throws RepositoryException {
+        List<Group> memberShip = new ArrayList<Group>();
         collectMembership(memberShip, false);
         return memberShip.iterator();
     }
@@ -157,8 +151,8 @@
     /**
      * @see Authorizable#memberOf()
      */
-    public Iterator memberOf() throws RepositoryException {
-        List memberShip = new ArrayList();
+    public Iterator<Group> memberOf() throws RepositoryException {
+        List<Group> memberShip = new ArrayList<Group>();
         collectMembership(memberShip, true);
         return memberShip.iterator();
     }
@@ -166,8 +160,8 @@
     /**
      * @see Authorizable#getPropertyNames()
      */
-    public Iterator getPropertyNames() throws RepositoryException {
-        List l = new ArrayList();
+    public Iterator<String> getPropertyNames() throws RepositoryException {
+        List<String> l = new ArrayList<String>();
         for (PropertyIterator it = node.getProperties(); it.hasNext();) {
             Property prop = it.nextProperty();
             if (isAuthorizableProperty(prop)) {
@@ -192,7 +186,7 @@
         if (hasProperty(name)) {
             Property prop = node.getProperty(name);
             if (isAuthorizableProperty(prop)) {
-                if (prop.getDefinition().isMultiple()) {
+                if (prop.isMultiple()) {
                     return prop.getValues();
                 } else {
                     return new Value[] {prop.getValue()};
@@ -256,7 +250,7 @@
             if (node.hasProperty(name)) {
                 // 'node' is protected -> use setValue instead of Property.remove()
                 Property p = node.getProperty(name);
-                if (p.getDefinition().isMultiple()) {
+                if (p.isMultiple()) {
                     p.setValue((Value[]) null);
                 } else {
                     p.setValue((Value) null);
@@ -315,11 +309,10 @@
                 values = new Value[1];
             }
             values[values.length - 1] = added;
-            userManager.setProtectedProperty(node, P_GROUPS, values);
+            userManager.setProtectedProperty(node, P_GROUPS, values, PropertyType.WEAKREFERENCE);
             return true;
         } catch (RepositoryException e) {
             // revert all pending changes and rethrow.
-            log.warn("Error while editing group membership:", e.getMessage());
             getSession().refresh(false);
             throw e;
         }
@@ -335,14 +328,14 @@
 
         Value toRemove = getSession().getValueFactory().createValue(group.getNode(), true);
         PropertyImpl property = node.getProperty(P_GROUPS);
-        List valList = new ArrayList(Arrays.asList(property.getValues()));
+        List<Value> valList = new ArrayList<Value>(Arrays.asList(property.getValues()));
         if (valList.remove(toRemove)) {
             try {
                 if (valList.isEmpty()) {
                     userManager.removeProtectedItem(property, node);
                 } else {
-                    Value[] values = (Value[]) valList.toArray(new Value[valList.size()]);
-                    userManager.setProtectedProperty(node, P_GROUPS, values);
+                    Value[] values = valList.toArray(new Value[valList.size()]);
+                    userManager.setProtectedProperty(node, P_GROUPS, values, PropertyType.WEAKREFERENCE);
                 }
                 return true;
             } catch (RepositoryException e) {
@@ -357,23 +350,23 @@
         }
     }
 
-    private void collectMembership(List groups, boolean includedIndirect) throws RepositoryException {
+    private void collectMembership(List<Group> groups, boolean includedIndirect) throws RepositoryException {
         NodeImpl node = getNode();
         if (!node.hasProperty(P_GROUPS)) {
             return;
         }
         Value[] refs = node.getProperty(P_GROUPS).getValues();
-        for (int i = 0; i < refs.length; i++) {
+        for (Value ref : refs) {
             try {
-                NodeImpl groupNode = (NodeImpl) getSession().getNodeByUUID(refs[i].getString());
+                NodeImpl groupNode = (NodeImpl) getSession().getNodeByUUID(ref.getString());
                 Group group = GroupImpl.create(groupNode, userManager);
                 if (groups.add(group) && includedIndirect) {
                     ((AuthorizableImpl) group).collectMembership(groups, true);
                 }
             } catch (ItemNotFoundException e) {
                 // groupNode doesn't exist any more
-                log.warn("Group node referenced by " + getID() + " doesn't exist -> Ignored from membership list.");
-                // TODO: ev. clean up list of group memberships
+                log.warn("Group node referenced by " + getID() + " doesn't exist anymore -> Ignored from membership list.");
+                // TODO: possibly clean up list of group memberships
             }
         }
     }
@@ -442,14 +435,12 @@
         }
     }
 
-    private List getRefereeValues() throws RepositoryException {
-        List principalNames = new ArrayList();
+    private List<Value> getRefereeValues() throws RepositoryException {
+        List<Value> principalNames = new ArrayList<Value>();
         if (node.hasProperty(P_REFEREES)) {
             try {
-                Value[] refProp = node.getProperty(P_REFEREES).getValues();
-                for (int i = 0; i < refProp.length; i++) {
-                    principalNames.add(refProp[i]);
-                }
+                principalNames.addAll(Arrays.asList(
+                        node.getProperty(P_REFEREES).getValues()));
             } catch (PathNotFoundException e) {
                 // ignore. should never occur.
             }

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java Tue Sep  8 16:09:28 2009
@@ -65,13 +65,15 @@
     //-------------------------------------------------------< Authorizable >---
     /**
      * Returns the name of the node that defines this <code>Group</code>, that
-     * has been used taking the principal name as hint.
+     * has been used taking the principal name as hint, unescaping any chars
+     * that have been escaped to circumvent incompatitibilities with JCR name
+     * limitations.
      *
      * @return name of the node that defines this <code>Group</code>.
      * @see Authorizable#getID()
      */
     public String getID() throws RepositoryException {
-        return getNode().getName();
+        return Text.unescapeIllegalJcrChars(getNode().getName());
     }
 
     /**
@@ -95,14 +97,14 @@
     /**
      * @see Group#getDeclaredMembers()
      */
-    public Iterator getDeclaredMembers() throws RepositoryException {
+    public Iterator<Authorizable> getDeclaredMembers() throws RepositoryException {
         return getMembers(false).iterator();
     }
 
     /**
      * @see Group#getMembers()
      */
-    public Iterator getMembers() throws RepositoryException {
+    public Iterator<Authorizable> getMembers() throws RepositoryException {
         return getMembers(true).iterator();
     }
 
@@ -167,9 +169,9 @@
      * @return A collection of members of this group.
      * @throws RepositoryException If an error occurs while collecting the members.
      */
-    private Collection getMembers(boolean includeIndirect) throws RepositoryException {
+    private Collection<Authorizable> getMembers(boolean includeIndirect) throws RepositoryException {
         PropertyIterator itr = getNode().getWeakReferences(getSession().getJCRName(P_GROUPS));
-        Collection members = new HashSet((int) itr.getSize());
+        Collection<Authorizable> members = new HashSet<Authorizable>((int) itr.getSize());
         while (itr.hasNext()) {
             NodeImpl n = (NodeImpl) itr.nextProperty().getParent();
             if (n.isNodeType(NT_REP_GROUP)) {
@@ -264,7 +266,7 @@
      */
     private class NodeBasedGroup extends NodeBasedPrincipal implements java.security.acl.Group {
 
-        private Set members;
+        private Set<Principal> members;
 
         private NodeBasedGroup(String name) {
             super(name);
@@ -287,15 +289,14 @@
          * @see java.security.acl.Group#isMember(Principal)
          */
         public boolean isMember(Principal member) {
-            Collection members = getMembers();
+            Collection<Principal> members = getMembers();
             if (members.contains(member)) {
                 // shortcut.
                 return true;
             }
 
             // test if member of a member-group
-            for (Iterator it = members.iterator(); it.hasNext();) {
-                Principal p = (Principal) it.next();
+            for (Principal p : members) {
                 if (p instanceof java.security.acl.Group &&
                         ((java.security.acl.Group) p).isMember(member)) {
                     return true;
@@ -320,7 +321,7 @@
          *
          * @see java.security.acl.Group#members()
          */
-        public Enumeration members() {
+        public Enumeration<? extends Principal> members() {
             return Collections.enumeration(getMembers());
         }
 
@@ -338,9 +339,9 @@
         }
 
         //----------------------------------------------------------------------
-        private Collection getMembers() {
+        private Collection<Principal> getMembers() {
             if (members == null) {
-                members = new HashSet();
+                members = new HashSet<Principal>();
                 try {
                     for (Iterator it = GroupImpl.this.getMembers(); it.hasNext();) {
                         Authorizable authrz = (Authorizable) it.next();

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java Tue Sep  8 16:09:28 2009
@@ -16,7 +16,14 @@
  */
 package org.apache.jackrabbit.core.security.user;
 
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.security.auth.Subject;
+
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -31,14 +38,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
 /**
  * ImpersonationImpl
  */
@@ -59,23 +58,15 @@
      * @see Impersonation#getImpersonators()
      */
     public PrincipalIterator getImpersonators() throws RepositoryException {
-        Set impersonators = getImpersonatorNames();
+        Set<String> impersonators = getImpersonatorNames();
         if (impersonators.isEmpty()) {
             return PrincipalIteratorAdapter.EMPTY;
         } else {
             final PrincipalManager pMgr = user.getSession().getPrincipalManager();
 
-            Set s = new HashSet();
-            for (Iterator it = impersonators.iterator(); it.hasNext();) {
-                String pName = it.next().toString();
-                Principal p = null;
-                if (pMgr.hasPrincipal(pName)) {
-                    try {
-                        p = pMgr.getPrincipal(pName);
-                    } catch (NoSuchPrincipalException e) {
-                        // should never get here.
-                    }
-                }
+            Set<Principal> s = new HashSet<Principal>();
+            for (String pName: impersonators) {
+                Principal p = pMgr.getPrincipal(pName);
                 if (p == null) {
                     log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
                     p = new PrincipalImpl(pName);
@@ -115,7 +106,7 @@
         }
 
         boolean granted = false;
-        Set impersonators = getImpersonatorNames();
+        Set<String> impersonators = getImpersonatorNames();
         if (impersonators.add(pName)) {
             updateImpersonatorNames(impersonators);
             granted = true;
@@ -135,7 +126,7 @@
         boolean revoked = false;
         String pName = principal.getName();
 
-        Set impersonators = getImpersonatorNames();
+        Set<String> impersonators = getImpersonatorNames();
         if (impersonators.remove(pName)) {
             updateImpersonatorNames(impersonators);
             revoked = true;
@@ -156,9 +147,9 @@
             return true;
         }
 
-        Set principalNames = new HashSet();
-        for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
-            principalNames.add(((Principal) it.next()).getName());
+        Set<String> principalNames = new HashSet<String>();
+        for (Principal p: subject.getPrincipals()) {
+            principalNames.add(p.getName());
         }
 
         boolean allows = false;
@@ -174,21 +165,21 @@
 
     //------------------------------------------------------------< private >---
 
-    private Set getImpersonatorNames() throws RepositoryException {
-        Set princNames = new HashSet();
+    private Set<String> getImpersonatorNames() throws RepositoryException {
+        Set<String> princNames = new HashSet<String>();
         if (user.getNode().hasProperty(P_IMPERSONATORS)) {
             Value[] vs = user.getNode().getProperty(P_IMPERSONATORS).getValues();
-            for (int i = 0; i < vs.length; i++) {
-                princNames.add(vs[i].getString());
+            for (Value v : vs) {
+                princNames.add(v.getString());
             }
         }
         return princNames;
     }
 
-    private void updateImpersonatorNames(Set principalNames) throws RepositoryException {
+    private void updateImpersonatorNames(Set<String> principalNames) throws RepositoryException {
         NodeImpl userNode = user.getNode();
         try {
-            String[] pNames = (String[]) principalNames.toArray(new String[principalNames.size()]);
+            String[] pNames = principalNames.toArray(new String[principalNames.size()]);
             if (pNames.length == 0) {
                 PropertyImpl prop = userNode.getProperty(P_IMPERSONATORS);
                 userManager.removeProtectedItem(prop, userNode);

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java Tue Sep  8 16:09:28 2009
@@ -79,7 +79,7 @@
      * @return
      * @throws javax.jcr.RepositoryException
      */
-    public NodeIterator findNodes(Set propertyNames, String value, Name ntName,
+    public NodeIterator findNodes(Set<Name> propertyNames, String value, Name ntName,
                                   boolean exact, long maxSize) throws RepositoryException {
         Query query = buildQuery(value, propertyNames, ntName, exact, maxSize);
         return query.execute().getNodes();
@@ -115,7 +115,7 @@
      * @return
      * @throws RepositoryException
      */
-    private Query buildQuery(String value, Set props, Name ntName,
+    private Query buildQuery(String value, Set<Name> props, Name ntName,
                              boolean exact, long maxSize)
             throws RepositoryException {
         StringBuilder stmt = new StringBuilder("/jcr:root");
@@ -128,10 +128,9 @@
         } else {
             stmt.append(")[");
             int i = 0;
-            Iterator itr = props.iterator();
-            while (itr.hasNext()) {
+            for (Name prop : props) {
                 stmt.append((exact) ? "@" : "jcr:like(@");
-                String pName = getNamePathResolver().getJCRName((Name) itr.next());
+                String pName = getNamePathResolver().getJCRName(prop);
                 stmt.append(ISO9075.encode(pName));
                 if (exact) {
                     stmt.append("='");

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java Tue Sep  8 16:09:28 2009
@@ -16,17 +16,16 @@
  */
 package org.apache.jackrabbit.core.security.user;
 
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.util.Collections;
+import java.util.Set;
 
 import javax.jcr.Node;
 import javax.jcr.NodeIterator;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import java.util.Collections;
-import java.util.Set;
+
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
 
 /**
  * Resolver: searches for Principals stored in Nodes of a {@link javax.jcr.Workspace}
@@ -35,8 +34,6 @@
  */
 abstract class NodeResolver {
 
-    private static final Logger log = LoggerFactory.getLogger(NodeResolver.class);
-
     private final Session session;
     private final NamePathResolver resolver;
 
@@ -109,7 +106,7 @@
      * @return matching nodes (or an empty iterator if no match was found).
      * @throws RepositoryException If an error occurs.
      */
-    public abstract NodeIterator findNodes(Set propertyNames, String value,
+    public abstract NodeIterator findNodes(Set<Name> propertyNames, String value,
                                            Name ntName, boolean exact, long maxSize)
             throws RepositoryException;
 

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java Tue Sep  8 16:09:28 2009
@@ -100,7 +100,7 @@
     /**
      * @inheritDoc
      */
-    public NodeIterator findNodes(Set propertyNames, String value, Name ntName,
+    public NodeIterator findNodes(Set<Name> propertyNames, String value, Name ntName,
                                   boolean exact, long maxSize) throws RepositoryException {
         String sr = getSearchRoot(ntName);
         if (getSession().nodeExists(sr)) {
@@ -151,11 +151,12 @@
      * @param exact   if set to true the value has to match exactly else a
      * substring is searched
      * @param maxSize
+     * @return
      */
-    private NodeIterator collectNodes(String value, Set props, Name ntName,
+    private NodeIterator collectNodes(String value, Set<Name> props, Name ntName,
                                       NodeIterator nodes, boolean exact,
                                       long maxSize) {
-        Set matchSet = new HashSet();
+        Set<Node> matchSet = new HashSet<Node>();
         collectNodes(value, props, ntName, nodes, matchSet, exact, maxSize);
         return new NodeIteratorAdapter(matchSet);
     }
@@ -172,9 +173,9 @@
      * @param exact         if set to true the value has to match exact
      * @param maxSize
      */
-    private void collectNodes(String value, Set propertyNames,
+    private void collectNodes(String value, Set<Name> propertyNames,
                               Name nodeTypeName, NodeIterator itr,
-                              Set matchSet, boolean exact, long maxSize) {
+                              Set<Node> matchSet, boolean exact, long maxSize) {
         while (itr.hasNext()) {
             NodeImpl node = (NodeImpl) itr.nextNode();
             try {
@@ -203,7 +204,7 @@
      * @throws RepositoryException
      */
     private static boolean matches(NodeImpl node, Name nodeTypeName,
-                            Collection propertyNames, String value,
+                            Collection<Name> propertyNames, String value,
                             boolean exact) throws RepositoryException {
 
         boolean match = false;
@@ -216,12 +217,12 @@
                         match = (exact) ? node.getName().equals(value) :
                                 node.getName().matches(".*"+value+".*");
                     } else {
-                        Iterator pItr = propertyNames.iterator();
+                        Iterator<Name> pItr = propertyNames.iterator();
                         while (!match && pItr.hasNext()) {
-                            Name propertyName = (Name) pItr.next();
+                            Name propertyName = pItr.next();
                             if (node.hasProperty(propertyName)) {
                                 Property prop = node.getProperty(propertyName);
-                                if (prop.getDefinition().isMultiple()) {
+                                if (prop.isMultiple()) {
                                     Value[] values = prop.getValues();
                                     for (int i = 0; i < values.length && !match; i++) {
                                         match = matches(value, values[i].getString(), exact);

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java Tue Sep  8 16:09:28 2009
@@ -20,6 +20,7 @@
 import javax.jcr.security.Privilege;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.core.ItemImpl;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
@@ -31,7 +32,6 @@
 import org.apache.jackrabbit.core.security.authorization.NamedAccessControlPolicyImpl;
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
-import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.util.Text;
@@ -72,16 +72,13 @@
  * her/his group membership,</li>
  *
  * <li>members of the 'User administrator' group are allowed to create, modify
- * and remove those users whose node representation is within the subtree
- * defined by the node representation of the editing user,</li>
+ * and remove users,</li>
  *
  * <li>members of the 'Group administrator' group are allowed to create, modify
  * and remove groups,</li>
  *
  * <li>group membership can only be edited by members of the 'Group administrator'
- * and the 'User administrator' group. The range of users that can be added
- * as member to any Group is limited to those that are editable according to
- * the restrictions described above for the 'User administrator'.</li>
+ * and the 'User administrator' group.</li>
  * </ul>
  */
 public class UserAccessControlProvider extends AbstractAccessControlProvider
@@ -127,7 +124,7 @@
 
     //----------------------------------------------< AccessControlProvider >---
     /**
-     * @see AccessControlProvider#init(Session, Map)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
      */
     public void init(Session systemSession, Map configuration) throws RepositoryException {
         super.init(systemSession, configuration);
@@ -136,7 +133,7 @@
             userAdminGroup = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
             groupAdminGroup = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
 
-            // make sure the groups exist (and ev. create them).
+            // make sure the groups exist (and possibly create them).
             UserManager uMgr = sImpl.getUserManager();
             if (!initGroup(uMgr, userAdminGroup)) {
                 log.warn("Unable to initialize User admininistrator group -> no user admins.");
@@ -155,7 +152,7 @@
     }
 
     /**
-     * @see AccessControlProvider#getEffectivePolicies(Path)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(Path)
      */
     public AccessControlPolicy[] getEffectivePolicies(Path absPath) throws ItemNotFoundException, RepositoryException {
         checkInitialized();
@@ -165,7 +162,7 @@
     /**
      * Always returns <code>null</code>.
      *
-     * @see AccessControlProvider#getEditor(Session)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEditor(Session)
      */
     public AccessControlEditor getEditor(Session session) {
         checkInitialized();
@@ -175,9 +172,9 @@
     }
 
     /**
-     * @see AccessControlProvider#compilePermissions(Set)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#compilePermissions(Set)
      */
-    public CompiledPermissions compilePermissions(Set principals) throws RepositoryException {
+    public CompiledPermissions compilePermissions(Set<Principal> principals) throws RepositoryException {
         checkInitialized();
         if (isAdminOrSystem(principals)) {
             return getAdminPermissions();
@@ -195,7 +192,7 @@
     }
 
     /**
-     * @see AccessControlProvider#canAccessRoot(Set)
+     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#canAccessRoot(Set)
      */
     public boolean canAccessRoot(Set principals) throws RepositoryException {
         checkInitialized();
@@ -204,11 +201,10 @@
 
     //------------------------------------------------------------< private >---
 
-    private ItemBasedPrincipal getUserPrincipal(Set principals) {
+    private ItemBasedPrincipal getUserPrincipal(Set<Principal> principals) {
         try {
             UserManager uMgr = session.getUserManager();
-            for (Iterator it = principals.iterator(); it.hasNext();) {
-                Principal p = (Principal) it.next();
+            for (Principal p : principals) {
                 if (!(p instanceof Group) && p instanceof ItemBasedPrincipal
                         && uMgr.getAuthorizable(p) != null) {
                     return (ItemBasedPrincipal) p;
@@ -256,7 +252,7 @@
         return PrivilegeRegistry.getBits(privs);
     }
 
-    private static boolean containsGroup(Set principals, String groupName) {
+    private static boolean containsGroup(Set<Principal> principals, String groupName) {
         for (Iterator it = principals.iterator(); it.hasNext() && groupName != null;) {
             Principal p = (Principal) it.next();
             if (p.getName().equals(groupName)) {
@@ -299,7 +295,7 @@
         private boolean isUserAdmin;
         private boolean isGroupAdmin;
 
-        protected CompiledPermissionsImpl(Set principals, String userNodePath) throws RepositoryException {
+        protected CompiledPermissionsImpl(Set<Principal> principals, String userNodePath) throws RepositoryException {
             this.userNodePath = userNodePath;
             isUserAdmin = containsGroup(principals, userAdminGroup);
             isGroupAdmin = containsGroup(principals, groupAdminGroup);
@@ -324,7 +320,7 @@
 
             if (userNode == null) {
                 // no Node corresponding to user for which the permissions are
-                // calculated -> no permissions/priviles.
+                // calculated -> no permissions/privileges.
                 log.debug("No node at " + userNodePath);
                 return new Result(Permission.NONE, Permission.NONE, PrivilegeRegistry.NO_PRIVILEGE, PrivilegeRegistry.NO_PRIVILEGE);
             }
@@ -347,100 +343,81 @@
             if (usersPath.equals(abs2Path)) {
                 /*
                  below the user-tree
-                 - determine position of target relative to the node of the editing user
+                 - determine position of target relative
+                 - target may not be below an existing user but only below an
+                   authorizable folder.
                  - determine if the editing user is user/group-admin
                  - special treatment for rep:groups property
                  */
                 NodeImpl node = (NodeImpl) getExistingNode(path);
-                NodeImpl authN = null;
-                // seek next rep:authorizable parent
-                if (node.isNodeType(NT_REP_AUTHORIZABLE)) {
-                    authN = node;
-                } else if (node.isNodeType(NT_REP_AUTHORIZABLE_FOLDER)) {
-                    NodeImpl parent = node;
-                    while (authN == null && parent.getDepth() > 0) {
-                        parent = (NodeImpl) parent.getParent();
-                        if (parent.isNodeType(NT_REP_AUTHORIZABLE)) {
-                            authN = parent;
-                        } else if (!parent.isNodeType(NT_REP_AUTHORIZABLE_FOLDER)) {
-                            // outside of user/group-tree
-                            break;
-                        }
-                    }
-                } // else: outside of user tree -> authN = null
 
-                if (authN != null && authN.isNodeType(NT_REP_USER)) {
-                    int relDepth = session.getHierarchyManager().getRelativeDepth(userNode.getNodeId(), authN.getNodeId());
+                if (node.isNodeType(NT_REP_AUTHORIZABLE) || node.isNodeType(NT_REP_AUTHORIZABLE_FOLDER)) {
+                    boolean editingHimSelf = node.isSame(userNode);
                     boolean isGroupProp = P_GROUPS.equals(path.getNameElement().getName());
                     // only user-admin is allowed to modify users.
                     // for group membership (rep:groups) group-admin is required
                     // in addition.
-                    boolean requiredGroups = isUserAdmin;
-                    if (requiredGroups && isGroupProp) {
-                        requiredGroups = isGroupAdmin;
+                    boolean memberOfRequiredGroups = isUserAdmin;
+                    if (memberOfRequiredGroups && isGroupProp) {
+                        memberOfRequiredGroups = isGroupAdmin;
                     }
-                    switch (relDepth) {
-                        case -1:
-                            // authN is not below the userNode -> can't write anyway.
-                            break;
-                        case 0:
-                            /*
-                            authN is same node as userNode. 3 cases to distinguish
-                            1) user is User-Admin -> R, W
-                            2) user is NOT U-admin but nodeID is its own node.
-                            3) special treatment for rep:group property which can
-                               only be modified by group-administrators
-                            */
-                            Path aPath = session.getQPath(authN.getPath());
-                            if (requiredGroups) {
-                                // principals contain 'user-admin'
-                                // -> user can modify items below the user-node except rep:group.
-                                // principals contains 'user-admin' + 'group-admin'
-                                // -> user can modify rep:group property as well.
-                                if (path.equals(aPath)) {
-                                    allows |= (Permission.ADD_NODE | Permission.REMOVE_PROPERTY | Permission.SET_PROPERTY);
-                                } else {
-                                    allows |= Permission.ALL;
-                                }
-                                if (calcPrivs) {
-                                    // grant WRITE privilege
-                                    // note: ac-read/modification is not included
-                                    //       remove_node is not included
-                                    privs |= getPrivilegeBits(PrivilegeRegistry.REP_WRITE);
-                                    if (!path.equals(aPath)) {
-                                       privs |= getPrivilegeBits(Privilege.JCR_REMOVE_NODE);
-                                    }
-                                }
-                            } else if (userNode.isSame(node) && (!isGroupProp || isGroupAdmin)) {
-                                // user can only read && write his own props
-                                // except for the rep:group property.
-                                allows |= (Permission.SET_PROPERTY | Permission.REMOVE_PROPERTY);
-                                if (calcPrivs) {
-                                    privs |= getPrivilegeBits(Privilege.JCR_MODIFY_PROPERTIES);
-                                }
-                            } // else some other node below but not U-admin -> read-only.
-                            break;
-                        default:
-                            /*
-                            authN is somewhere below the userNode, i.e.
-                            1) nodeId points to an authorizable below userNode
-                            2) nodeId points to an auth-folder below some authorizable below userNode.
-
-                            In either case user-admin group-membership is
-                            required in order to get write permission.
-                            group-admin group-membership is required in addition
-                            if rep:groups is the target item.
-                            */
-                            if (requiredGroups) {
-                                allows = Permission.ALL;
-                                if (calcPrivs) {
-                                    // grant WRITE privilege
-                                    // note: ac-read/modification is not included
-                                    privs |= getPrivilegeBits(PrivilegeRegistry.REP_WRITE);
+                    if (editingHimSelf) {
+                        /*
+                        node to be modified is same node as userNode. 3 cases to distinguish
+                        1) user is User-Admin -> R, W
+                        2) user is NOT U-admin but nodeID is its own node.
+                        3) special treatment for rep:group property which can
+                           only be modified by group-administrators
+                        */
+                        Path aPath = session.getQPath(node.getPath());
+                        if (memberOfRequiredGroups) {
+                            // principals contain 'user-admin'
+                            // -> user can modify items below the user-node except rep:group.
+                            // principals contains 'user-admin' + 'group-admin'
+                            // -> user can modify rep:group property as well.
+                            if (path.equals(aPath)) {
+                                allows |= (Permission.ADD_NODE | Permission.REMOVE_PROPERTY | Permission.SET_PROPERTY);
+                            } else {
+                                allows |= Permission.ALL;
+                            }
+                            if (calcPrivs) {
+                                // grant WRITE privilege
+                                // note: ac-read/modification is not included
+                                //       remove_node is not included
+                                privs |= getPrivilegeBits(PrivilegeRegistry.REP_WRITE);
+                                if (!path.equals(aPath)) {
+                                    privs |= getPrivilegeBits(Privilege.JCR_REMOVE_NODE);
                                 }
                             }
+                        } else if (userNode.isSame(node) && (!isGroupProp || isGroupAdmin)) {
+                            // user can only read && write his own props
+                            // except for the rep:group property.
+                            allows |= (Permission.SET_PROPERTY | Permission.REMOVE_PROPERTY);
+                            if (calcPrivs) {
+                                privs |= getPrivilegeBits(Privilege.JCR_MODIFY_PROPERTIES);
+                            }
+                        } // else some other node below but not U-admin -> read-only.
+                    } else {
+                        /*
+                        authN points to some other user-node, i.e.
+                        1) nodeId points to an authorizable that isn't the editing user
+                        2) nodeId points to an auth-folder within the user-tree
+
+                        In either case user-admin group-membership is
+                        required in order to get write permission.
+                        group-admin group-membership is required in addition
+                        if rep:groups is the target item.
+                        */
+                        if (memberOfRequiredGroups) {
+                            allows = Permission.ALL;
+                            if (calcPrivs) {
+                                // grant WRITE privilege
+                                // note: ac-read/modification is not included
+                                privs |= getPrivilegeBits(PrivilegeRegistry.REP_WRITE);
+                            }
+                        }
                     }
-                } // no rep:User parent node found.
+                } // outside of the user tree
             } else if (groupsPath.equals(abs2Path)) {
                 /*
                 below group-tree:
@@ -515,8 +492,8 @@
                                 if (session.propertyExists(evPath)) {
                                     Value[] vs = session.getProperty(evPath).getValues();
                                     String princName = session.getJCRName(P_PRINCIPAL_NAME);
-                                    for (int i = 0; i < vs.length; i++) {
-                                        Node groupNode = session.getNodeByUUID(vs[i].getString());
+                                    for (Value v : vs) {
+                                        Node groupNode = session.getNodeByUUID(v.getString());
                                         String pName = groupNode.getProperty(princName).getString();
                                         if (userAdminGroup.equals(pName)) {
                                             isUserAdmin = true;

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java Tue Sep  8 16:09:28 2009
@@ -16,13 +16,12 @@
  */
 package org.apache.jackrabbit.core.security.user;
 
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
-import org.apache.jackrabbit.util.Text;
 
 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
@@ -68,7 +67,7 @@
 
     //-------------------------------------------------------< Authorizable >---
     /**
-     * @see Authorizable#getID()
+     * @see org.apache.jackrabbit.api.security.user.Authorizable#getID()
      */
     public String getID() throws RepositoryException {
         return id;



Mime
View raw message