Return-Path: Delivered-To: apmail-jackrabbit-commits-archive@www.apache.org Received: (qmail 986 invoked from network); 8 Sep 2009 16:10:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 8 Sep 2009 16:10:51 -0000 Received: (qmail 65503 invoked by uid 500); 8 Sep 2009 16:10:51 -0000 Delivered-To: apmail-jackrabbit-commits-archive@jackrabbit.apache.org Received: (qmail 65460 invoked by uid 500); 8 Sep 2009 16:10:51 -0000 Mailing-List: contact commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list commits@jackrabbit.apache.org Received: (qmail 65451 invoked by uid 99); 8 Sep 2009 16:10:51 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Sep 2009 16:10:51 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Sep 2009 16:10:44 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 455BF23889B6; Tue, 8 Sep 2009 16:09:54 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r812570 [11/24] - in /jackrabbit/sandbox/JCR-1456: ./ jackrabbit-api/ jackrabbit-api/src/main/appended-resources/ jackrabbit-api/src/main/appended-resources/META-INF/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabb... Date: Tue, 08 Sep 2009 16:09:45 -0000 To: commits@jackrabbit.apache.org From: jukka@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090908160954.455BF23889B6@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java Tue Sep 8 16:09:28 2009 @@ -60,8 +60,7 @@ int[] docNums = new int[1]; while ((nodes = child.nextScoreNodes()) != null) { docNums = resolver.getParents(nodes[idx].getDoc(reader), docNums); - for (int i = 0; i < docNums.length; i++) { - Integer parentId = new Integer(docNums[i]); + for (int parentId : docNums) { childIndex.addScoreNodes(parentId, nodes); } } @@ -73,6 +72,6 @@ */ public ScoreNode[][] getMatchingScoreNodes(ScoreNode parent) throws IOException { - return childIndex.getScoreNodes(new Integer(parent.getDoc(reader))); + return childIndex.getScoreNodes(parent.getDoc(reader)); } } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java Tue Sep 8 16:09:28 2009 @@ -32,7 +32,7 @@ /** * The internal map. */ - private final Map map = new HashMap(); + private final Map map = new HashMap(); /** * Adds scoreNodes to this map under the given key. @@ -62,8 +62,8 @@ ((List) existing).add(nodes); } else { // ScoreNode[] - ArrayList tmp = new ArrayList(); - tmp.add(existing); + List tmp = new ArrayList(); + tmp.add((ScoreNode[]) existing); tmp.add(nodes); existing = tmp; map.put(key, existing); @@ -83,8 +83,8 @@ if (sn == null) { return null; } else if (sn instanceof List) { - List list = (List) sn; - return (ScoreNode[][]) list.toArray(new ScoreNode[list.size()][]); + List list = (List) sn; + return list.toArray(new ScoreNode[list.size()][]); } else { // ScoreNode[] return new ScoreNode[][]{(ScoreNode[]) sn}; Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java Tue Sep 8 16:09:28 2009 @@ -63,16 +63,16 @@ return valueFactory.createValue(str); } - static Hold createFromValue(Value val, NodeId nodeId, NameResolver resolver) throws RepositoryException { + static HoldImpl createFromValue(Value val, NodeId nodeId, NameResolver resolver) throws RepositoryException { String str = val.getString(); Name name = NAME_FACTORY.create(str.substring(2)); boolean isDeep = str.startsWith(DEEP); return new HoldImpl(name, isDeep, nodeId, resolver); } - static Hold[] createFromProperty(PropertyImpl property, NodeId nodeId) throws RepositoryException { + static HoldImpl[] createFromProperty(PropertyImpl property, NodeId nodeId) throws RepositoryException { Value[] vs = property.getValues(); - Hold[] holds = new Hold[vs.length]; + HoldImpl[] holds = new HoldImpl[vs.length]; for (int i = 0; i < vs.length; i++) { holds[i] = createFromValue(vs[i], nodeId, (SessionImpl) property.getSession()); } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java Tue Sep 8 16:09:28 2009 @@ -63,8 +63,10 @@ */ private static final String FILE_NAME = "retention"; - private final PathMap retentionMap = new PathMap(); - private final PathMap holdMap = new PathMap(); + private final PathMap retentionMap = + new PathMap(); + + private final PathMap> holdMap = new PathMap>(); private final SessionImpl session; private final FileSystemResource retentionFile; @@ -150,23 +152,22 @@ * present only once. */ private void writeRetentionFile() { - final Set nodeIds = new HashSet(); + final Set nodeIds = new HashSet(); // first look for nodes containing holds - holdMap.traverse(new PathMap.ElementVisitor() { - public void elementVisited(PathMap.Element element) { - List holds = (List) element.get(); + holdMap.traverse(new PathMap.ElementVisitor>() { + public void elementVisited(PathMap.Element> element) { + List holds = element.get(); if (!holds.isEmpty()) { - nodeIds.add(((HoldImpl) holds.get(0)).getNodeId()); + nodeIds.add(holds.get(0).getNodeId()); } } }, false); // then collect ids of nodes having an retention policy - retentionMap.traverse(new PathMap.ElementVisitor() { - public void elementVisited(PathMap.Element element) { - RetentionPolicyImpl rp = (RetentionPolicyImpl) element.get(); - nodeIds.add(rp.getNodeId()); + retentionMap.traverse(new PathMap.ElementVisitor() { + public void elementVisited(PathMap.Element element) { + nodeIds.add(element.get().getNodeId()); } }, false); @@ -174,7 +175,7 @@ BufferedWriter writer = null; try { writer = new BufferedWriter(new OutputStreamWriter(retentionFile.getOutputStream())); - for (Iterator it = nodeIds.iterator(); it.hasNext();) { + for (Iterator it = nodeIds.iterator(); it.hasNext();) { writer.write(it.next().toString()); if (it.hasNext()) { writer.newLine(); @@ -197,7 +198,7 @@ private void addHolds(Path nodePath, PropertyImpl p) throws RepositoryException { synchronized (holdMap) { - Hold[] holds = HoldImpl.createFromProperty(p, ((PropertyId) p.getId()).getParentId()); + HoldImpl[] holds = HoldImpl.createFromProperty(p, ((PropertyId) p.getId()).getParentId()); holdMap.put(nodePath, Arrays.asList(holds)); holdCnt++; } @@ -205,7 +206,7 @@ private void removeHolds(Path nodePath) { synchronized (holdMap) { - PathMap.Element el = holdMap.map(nodePath, true); + PathMap.Element> el = holdMap.map(nodePath, true); if (el != null) { el.remove(); holdCnt--; @@ -215,7 +216,8 @@ private void addRetentionPolicy(Path nodePath, PropertyImpl p) throws RepositoryException { synchronized (retentionMap) { - RetentionPolicy rp = new RetentionPolicyImpl(p.getString(), ((PropertyId) p.getId()).getParentId(), session); + RetentionPolicyImpl rp = new RetentionPolicyImpl( + p.getString(), ((PropertyId) p.getId()).getParentId(), session); retentionMap.put(nodePath, rp); retentionCnt++; } @@ -223,7 +225,8 @@ private void removeRetentionPolicy(Path nodePath) { synchronized (retentionMap) { - PathMap.Element el = retentionMap.map(nodePath, true); + PathMap.Element el = + retentionMap.map(nodePath, true); if (el != null) { el.remove(); retentionCnt--; @@ -242,8 +245,8 @@ if (holdCnt <= 0) { return false; } - PathMap.Element element = holdMap.map(nodePath, false); - List holds = (List) element.get(); + PathMap.Element> element = holdMap.map(nodePath, false); + List holds = element.get(); if (holds != null) { if (element.hasPath(nodePath)) { // one or more holds on the specified path @@ -257,9 +260,8 @@ // by a deep hold on any ancestor. return true; } else { - for (Iterator it = holds.iterator(); it.hasNext();) { - Hold h = (Hold) it.next(); - if (h.isDeep()) { + for (Hold hold : holds) { + if (hold.isDeep()) { return true; } } @@ -280,14 +282,14 @@ return false; } RetentionPolicy rp = null; - PathMap.Element element = retentionMap.map(nodePath, true); + PathMap.Element element = retentionMap.map(nodePath, true); if (element != null) { - rp = (RetentionPolicy) element.get(); + rp = element.get(); } if (rp == null && checkParent) { element = retentionMap.map(nodePath.getAncestor(1), true); if (element != null) { - rp = (RetentionPolicy) element.get(); + rp = element.get(); } } return rp != null; Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java Tue Sep 8 16:09:28 2009 @@ -326,7 +326,6 @@ checkInitialized(); checkPermission(absPath, Permission.READ_AC); - // TODO: acProvider may not retrieve the correct policy in case of transient modifications return acProvider.getEffectivePolicies(getPath(absPath)); } @@ -395,6 +394,44 @@ } return editor.getPolicies(principal); } + + /** + * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#hasPrivileges(String, Set, Privilege[]) + */ + public boolean hasPrivileges(String absPath, Set principals, Privilege[] privileges) throws PathNotFoundException, RepositoryException { + checkInitialized(); + checkValidNodePath(absPath); + checkPermission(absPath, Permission.READ_AC); + + if (privileges == null || privileges.length == 0) { + // null or empty privilege array -> return true + log.debug("No privileges passed -> allowed."); + return true; + } else { + int privs = PrivilegeRegistry.getBits(privileges); + Path p = resolver.getQPath(absPath); + return (acProvider.compilePermissions(principals).getPrivileges(p) | ~privs) == -1; + } + } + + /** + * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getPrivileges(String, Set) + */ + public Privilege[] getPrivileges(String absPath, Set principals) throws PathNotFoundException, RepositoryException { + checkInitialized(); + checkValidNodePath(absPath); + checkPermission(absPath, Permission.READ_AC); + CompiledPermissions perms = acProvider.compilePermissions(principals); + try { + int bits = perms.getPrivileges(resolver.getQPath(absPath)); + return (bits == PrivilegeRegistry.NO_PRIVILEGE) ? + new Privilege[0] : + privilegeRegistry.getPrivileges(bits); + } finally { + perms.close(); + } + } + //---------------------------------------< AbstractAccessControlManager >--- /** * @see AbstractAccessControlManager#checkInitialized() Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java Tue Sep 8 16:09:28 2009 @@ -16,16 +16,14 @@ */ package org.apache.jackrabbit.core.security.authentication; -import org.apache.commons.collections.set.ListOrderedSet; -import javax.jcr.GuestCredentials; -import org.apache.jackrabbit.core.config.LoginModuleConfig; -import org.apache.jackrabbit.core.security.SecurityConstants; -import org.apache.jackrabbit.core.security.principal.PrincipalProvider; -import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import java.io.IOException; +import java.security.Principal; +import java.util.LinkedHashSet; +import java.util.Map; +import java.util.Set; import javax.jcr.Credentials; +import javax.jcr.GuestCredentials; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.SimpleCredentials; @@ -37,24 +35,27 @@ import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import java.io.IOException; -import java.security.Principal; -import java.util.Iterator; -import java.util.Map; -import java.util.Set; + +import org.apache.jackrabbit.api.security.principal.PrincipalIterator; +import org.apache.jackrabbit.core.config.LoginModuleConfig; +import org.apache.jackrabbit.core.security.SecurityConstants; +import org.apache.jackrabbit.core.security.principal.PrincipalProvider; +import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * AbstractLoginModule provides the means for the common * authentication tasks within the Repository. *

- * On successfull authentication it associates the credentials to principals + * On successful authentication it associates the credentials to principals * using the {@link PrincipalProvider} configured for this LoginModule

* Jackrabbit distinguishes between Login and Impersonation dispatching the * the correspoding Repository/Session methods to * {@link #authenticate(java.security.Principal, javax.jcr.Credentials)} and * {@link #impersonate(java.security.Principal, javax.jcr.Credentials)}, respectively. *
- * This LoginModule implements default behaviors for both methods. + * This LoginModule implements default behavior for either method. * * @see LoginModule */ @@ -65,23 +66,23 @@ private static final String KEY_CREDENTIALS = "org.apache.jackrabbit.credentials"; private static final String KEY_LOGIN_NAME = "javax.security.auth.login.name"; + private String principalProviderClassName; + private boolean initialized; + protected String adminId; protected String anonymousId; - private String principalProviderClassName; - private CallbackHandler callbackHandler; - private boolean initialized; + protected CallbackHandler callbackHandler; protected Principal principal; protected SimpleCredentials credentials; protected Subject subject; protected PrincipalProvider principalProvider; - private Map sharedState; + protected Map sharedState; /** - * Initialize this LoginModule.
This abstract implementation, initalizes - * the following fields for later use: + * Initialize this LoginModule and sets the following fields for later usage: *

    *
  • {@link PrincipalProvider} for user-{@link Principal} resolution.
    • *
  • {@link LoginModuleConfig#PARAM_ADMIN_ID} option is evaluated
    • @@ -156,11 +157,8 @@ //log config values for debug if (log.isDebugEnabled()) { - Iterator itr = options.keySet().iterator(); - while (itr.hasNext()) { - String option = (String) itr.next(); - log.debug("- Option: "+ option +" -> '"+ options.get(option) +"'"); - + for (String option : options.keySet()) { + log.debug("- Option: " + option + " -> '" + options.get(option) + "'"); } } initialized = (this.subject != null); @@ -171,13 +169,12 @@ } /** - * Implementations may set-up their own state. E. g. a DataSource if it is - * authorized against an external System + * Implementations may set-up their own state. * * @param callbackHandler as passed by {@link javax.security.auth.login.LoginContext} * @param session to security-workspace of Jackrabbit * @param options options from Logini config - * @throws LoginException in case initializeaiton failes + * @throws LoginException in case initialization failes */ protected abstract void doInit(CallbackHandler callbackHandler, Session session, @@ -255,7 +252,7 @@ * @return true if the authentication succeeded, or false if this * LoginModule should be ignored. * @throws LoginException if the authentication fails - * @see LoginModule#login() + * @see javax.security.auth.spi.LoginModule#login() * @see #getCredentials() * @see #getUserID(Credentials) * @see #getImpersonatorSubject(Credentials) @@ -266,7 +263,7 @@ return false; } - // check for availability of Credentials; + // check the availability of Credentials Credentials creds = getCredentials(); if (creds == null) { log.warn("No credentials available -> try default (anonymous) authentication."); @@ -329,8 +326,7 @@ * @return true if this method succeeded, or false if this * LoginModule should be ignored. * @throws LoginException if the commit fails - * @see LoginModule#commit() - * @see AbstractLoginModule#login() + * @see javax.security.auth.spi.LoginModule#commit() */ public boolean commit() throws LoginException { //check login-state @@ -341,7 +337,7 @@ return false; } - Set principals = getPrincipals(); + Set principals = getPrincipals(); subject.getPrincipals().addAll(principals); subject.getPublicCredentials().add(credentials); return true; @@ -363,6 +359,7 @@ * @return true if this method succeeded, or false if this * LoginModule should be ignored. * @throws LoginException if the abort fails + * @see javax.security.auth.spi.LoginModule#abort() */ public boolean abort() throws LoginException { if (!isInitialized()) { @@ -377,16 +374,10 @@ } /** - * Method which logs out a Subject. - *

    - *

    An implementation of this method might remove/destroy a Subject's - * Principals and Credentials. - *

    - *

    - * - * @return true if this method succeeded, or false if this - * LoginModule should be ignored. + * @return true if this method succeeded, + * or false if this LoginModule should be ignored. * @throws LoginException if the logout fails + * @see javax.security.auth.spi.LoginModule#logout() */ public boolean logout() throws LoginException { Set thisPrincipals = subject.getPrincipals(); @@ -648,14 +639,14 @@ * @return a Collection of principals that contains the current user * principal and all groups it is member of. */ - protected Set getPrincipals() { - // use ListOrderedSet instead of Hashset in order to maintain the order + protected Set getPrincipals() { + // use linked HashSet instead of HashSet in order to maintain the order // of principals (as in the Subject). - Set principals = new ListOrderedSet(); + Set principals = new LinkedHashSet(); principals.add(principal); - Iterator groups = principalProvider.getGroupMembership(principal); + PrincipalIterator groups = principalProvider.getGroupMembership(principal); while (groups.hasNext()) { - principals.add(groups.next()); + principals.add(groups.nextPrincipal()); } return principals; } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java Tue Sep 8 16:09:28 2009 @@ -30,13 +30,13 @@ * JAAS LoginModule *

*/ -public abstract interface AuthContext { +public interface AuthContext { /** * Perform the authentication and, if successful, associate Principals and Credentials * with the authenticatedSubject. * - * @see LoginContext#login() + * @see javax.security.auth.login.LoginContext#login() * @throws LoginException if the authentication fails. */ void login() throws LoginException; @@ -44,7 +44,7 @@ /** * Return the authenticated Subject. * - * @see LoginContext#getSubject() + * @see javax.security.auth.login.LoginContext#getSubject() * @return the authenticated Subject or null if authentication failed. */ Subject getSubject(); @@ -52,8 +52,8 @@ /** * Logout the Subject. * - * @see LoginContext#logout() - * @exception LoginException if the logout fails. + * @see javax.security.auth.login.LoginContext#logout() + * @throws LoginException if the logout fails. */ void logout() throws LoginException; } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java Tue Sep 8 16:09:28 2009 @@ -133,16 +133,16 @@ } else { AppConfigurationEntry[] entries = getJAASConfig(); if (entries != null) { - List tmp = new ArrayList(entries.length); - for (int i = 0; i < entries.length; i++) { - Map opt = entries[i].getOptions(); + List tmp = new ArrayList(entries.length); + for (AppConfigurationEntry entry : entries) { + Map opt = entry.getOptions(); if (opt != null) { Properties prop = new Properties(); prop.putAll(opt); tmp.add(prop); } } - props = (Properties[]) tmp.toArray(new Properties[tmp.size()]); + props = tmp.toArray(new Properties[tmp.size()]); } } return props; Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java Tue Sep 8 16:09:28 2009 @@ -82,9 +82,7 @@ */ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { - for (int i = 0; i < callbacks.length; i++) { - Callback callback = callbacks[i]; - + for (Callback callback : callbacks) { if (callback instanceof CredentialsCallback) { ((CredentialsCallback) callback).setCredentials(credentials); } else if (callback instanceof RepositoryCallback) { Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java Tue Sep 8 16:09:28 2009 @@ -69,8 +69,8 @@ String[] attNames = credentials.getAttributeNames(); attributes = new HashMap(attNames.length); - for (int i = 0; i < attNames.length; i++) { - attributes.put(attNames[i], credentials.getAttribute(attNames[i])); + for (String attName : attNames) { + attributes.put(attName, credentials.getAttribute(attName)); } } @@ -89,7 +89,7 @@ algorithm = algo; cryptedPassword = password; } - attributes = Collections.EMPTY_MAP; + attributes = Collections.emptyMap(); } public String getUserID() { @@ -134,7 +134,7 @@ // uncrypted pw to match -> crypt with algorithm present here. return crypt(toMatch, algorithm).equals(cryptedPassword); } else if (algr != null && algorithm == null) { - // crypted pw to match but unkown algorithm here -> crypt this pw + // crypted pw to match but unknown algorithm here -> crypt this pw return crypt(algr, cryptedPassword).equals(toMatch); } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java Tue Sep 8 16:09:28 2009 @@ -105,14 +105,15 @@ return authentication; } } - // no valid user or authencation could not handle the given creds. + // no valid user or authentication could not handle the given credentials return null; } /** * Handles the impersonation of given Credentials.

* Current implementation takes {@link User} for the given Principal and - * delegates the check to {@link Impersonation#allows(javax.security.auth.Subject)} + * delegates the check to + * {@link org.apache.jackrabbit.api.security.user.Impersonation#allows(javax.security.auth.Subject)} * * @param principal Principal to impersonate. * @param credentials Credentials used to create the impersonation subject. Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java Tue Sep 8 16:09:28 2009 @@ -50,7 +50,7 @@ context = new LoginContext(appName, subject, cbHandler); } } catch (LoginException e) { - //all caseses it is thrown are checked -> ignore + //all cases it is thrown are checked -> ignore } finally { current.setContextClassLoader(orig); } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java Tue Sep 8 16:09:28 2009 @@ -16,30 +16,37 @@ */ package org.apache.jackrabbit.core.security.authorization; +import java.security.Principal; +import java.util.Map; +import java.util.Set; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.observation.ObservationManager; +import javax.jcr.security.Privilege; + import org.apache.jackrabbit.core.SessionImpl; import org.apache.jackrabbit.core.security.SystemPrincipal; import org.apache.jackrabbit.core.security.principal.AdminPrincipal; import org.apache.jackrabbit.spi.Path; import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver; -import javax.jcr.security.Privilege; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.observation.ObservationManager; -import java.security.Principal; -import java.util.Iterator; -import java.util.Map; -import java.util.Set; /** * AbstractAccessControlProvider... */ -public abstract class AbstractAccessControlProvider implements AccessControlProvider, AccessControlUtils { - - private static Logger log = LoggerFactory.getLogger(AbstractAccessControlProvider.class); +public abstract class AbstractAccessControlProvider implements AccessControlProvider, + AccessControlUtils { + /** + * Constant for the name of the configuration option "omit-default-permission". + * The option is a flag indicating whether default permissions should be + * created upon initialization of this provider.

+ * If this option is present in the configuration no initial ACL content + * is created.
+ * If this configuration option is omitted the default permissions are + * installed. Note however, that the initialization should not overwrite + * previously installed AC content. + */ public static final String PARAM_OMIT_DEFAULT_PERMISSIONS = "omit-default-permission"; /** @@ -131,9 +138,8 @@ /** * @see AccessControlUtils#isAdminOrSystem(Set) */ - public boolean isAdminOrSystem(Set principals) { - for (Iterator it = principals.iterator(); it.hasNext();) { - Principal p = (Principal) it.next(); + public boolean isAdminOrSystem(Set principals) { + for (Principal p : principals) { if (p instanceof AdminPrincipal || p instanceof SystemPrincipal) { return true; } @@ -144,7 +150,7 @@ /** * @see AccessControlUtils#isReadOnly(Set) */ - public boolean isReadOnly(Set principals) { + public boolean isReadOnly(Set principals) { // TODO: find ways to determine read-only status return false; } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java Tue Sep 8 16:09:28 2009 @@ -16,6 +16,8 @@ */ package org.apache.jackrabbit.core.security.authorization; +import java.util.Map; + import org.apache.commons.collections.map.LRUMap; import org.apache.jackrabbit.spi.Path; @@ -27,8 +29,9 @@ public abstract class AbstractCompiledPermissions implements CompiledPermissions { // cache mapping a Path to a 'Result' containing permissions and privileges. - private final LRUMap cache; + private final Map cache; + @SuppressWarnings("unchecked") protected AbstractCompiledPermissions() { cache = new LRUMap(1000); } @@ -42,7 +45,7 @@ public Result getResult(Path absPath) throws RepositoryException { Result result; synchronized (cache) { - result = (Result) cache.get(absPath); + result = cache.get(absPath); if (result == null) { result = buildResult(absPath); cache.put(absPath, result); Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java Tue Sep 8 16:09:28 2009 @@ -54,7 +54,8 @@ * nodePath. * @throws RepositoryException if an error occurs */ - AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException; + AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, + PathNotFoundException, RepositoryException; /** * Retrieves the policies that have been applied before for the given @@ -74,7 +75,8 @@ * if same other access control related exception occurs. * @throws RepositoryException if an error occurs */ - JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException; + JackrabbitAccessControlPolicy[] getPolicies(Principal principal) + throws AccessControlException, RepositoryException; /** * Retrieves the editable policies for the Node identified by the given @@ -100,7 +102,8 @@ * nodePath. * @throws RepositoryException if an error occurs */ - AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException; + AccessControlPolicy[] editAccessControlPolicies(String nodePath) + throws AccessControlException, PathNotFoundException, RepositoryException; /** * Returns an array of editable policies for the given principal. @@ -115,7 +118,8 @@ * if same other access control related exception occurs. * @throws RepositoryException if another error occurs. */ - JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws AccessDeniedException, AccessControlException, RepositoryException; + JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) + throws AccessDeniedException, AccessControlException, RepositoryException; /** * Stores the policy template to the respective node. @@ -129,7 +133,8 @@ * nodePath. * @throws RepositoryException if an other error occurs. */ - void setPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException; + void setPolicy(String nodePath, AccessControlPolicy policy) + throws AccessControlException, PathNotFoundException, RepositoryException; /** * Removes the specified policy from the node at nodePath. @@ -143,5 +148,6 @@ * nodePath. * @throws RepositoryException if an other error occurs */ - void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException; + void removePolicy(String nodePath, AccessControlPolicy policy) + throws AccessControlException, PathNotFoundException, RepositoryException; } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java Tue Sep 8 16:09:28 2009 @@ -16,19 +16,18 @@ */ package org.apache.jackrabbit.core.security.authorization; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; -import org.apache.jackrabbit.value.StringValue; -import org.apache.jackrabbit.value.ValueHelper; +import java.security.Principal; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import javax.jcr.Value; import javax.jcr.ValueFactory; import javax.jcr.security.AccessControlException; import javax.jcr.security.Privilege; -import java.security.Principal; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; + +import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; +import org.apache.jackrabbit.value.ValueHelper; /** * Simple, immutable implementation of the @@ -62,7 +61,7 @@ * Jackrabbit specific extension: the list of additional restrictions to be * included in the evaluation. */ - private final Map restrictions; + private final Map restrictions; /** * Value factory @@ -100,15 +99,16 @@ * @throws AccessControlException if either principal or privileges are invalid. */ protected AccessControlEntryImpl(Principal principal, Privilege[] privileges, - boolean isAllow, Map restrictions, ValueFactory valueFactory) + boolean isAllow, Map restrictions, + ValueFactory valueFactory) throws AccessControlException { if (principal == null) { throw new IllegalArgumentException(); } // make sure no abstract privileges are passed. - for (int i = 0; i < privileges.length; i++) { - if (privileges[i].isAbstract()) { - throw new AccessControlException("Privilege " + privileges[i] + " is abstract."); + for (Privilege privilege : privileges) { + if (privilege.isAbstract()) { + throw new AccessControlException("Privilege " + privilege + " is abstract."); } } this.principal = principal; @@ -118,22 +118,14 @@ this.valueFactory = valueFactory; if (restrictions == null) { - this.restrictions = Collections.EMPTY_MAP; + this.restrictions = Collections.emptyMap(); } else { - this.restrictions = new HashMap(restrictions.size()); + this.restrictions = new HashMap(restrictions.size()); // validate the passed restrictions and fill the map - for (Iterator it = restrictions.keySet().iterator(); it.hasNext();) { - Object key = it.next(); - Object v = restrictions.get(key); - Value value; - if (v instanceof Value) { - // create copy of the value - value = ValueHelper.copy((Value) v, valueFactory); - } else { - // fallback - value = new StringValue(v.toString()); - } - this.restrictions.put(key.toString(), value); + for (String key : restrictions.keySet()) { + Value value = restrictions.get(key); + value = ValueHelper.copy(value, valueFactory); + this.restrictions.put(key, value); } } } @@ -187,7 +179,7 @@ * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry#getRestrictionNames() */ public String[] getRestrictionNames() { - return (String[]) restrictions.keySet().toArray(new String[restrictions.size()]); + return restrictions.keySet().toArray(new String[restrictions.size()]); } /** @@ -195,7 +187,7 @@ */ public Value getRestriction(String restrictionName) { if (restrictions.containsKey(restrictionName)) { - return ValueHelper.copy((Value) restrictions.get(restrictionName), valueFactory); + return ValueHelper.copy(restrictions.get(restrictionName), valueFactory); } else { return null; } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java Tue Sep 8 16:09:28 2009 @@ -31,22 +31,20 @@ /** * AccessControlEntryIterator... */ -public class AccessControlEntryIterator implements Iterator { +public class AccessControlEntryIterator implements Iterator { private static Logger log = LoggerFactory.getLogger(AccessControlEntryIterator.class); - private final List acls = new ArrayList(); - private Iterator currentEntries; - private Object next; + private final List acls = new ArrayList(); + private Iterator currentEntries; + private AccessControlEntry next; - public AccessControlEntryIterator(List aces) { + public AccessControlEntryIterator(List aces) { this(new AccessControlList[] {new UnmodifiableAccessControlList(aces)}); } public AccessControlEntryIterator(AccessControlList[] acls) { - for (int i = 0; i < acls.length; i++) { - this.acls.add(acls[i]); - } + this.acls.addAll(Arrays.asList(acls)); next = seekNext(); } @@ -58,16 +56,16 @@ return next != null; } - public Object next() { + public AccessControlEntry next() { if (next == null) { throw new NoSuchElementException(); } - Object ret = next; + AccessControlEntry ret = next; next = seekNext(); return ret; } - private Object seekNext() { + private AccessControlEntry seekNext() { while (currentEntries == null || !currentEntries.hasNext()) { if (acls.isEmpty()) { // reached last acl -> break out of while loop @@ -76,7 +74,7 @@ } else { AccessControlEntry[] entries = new AccessControlEntry[0]; try { - entries = ((AccessControlList) acls.remove(0)).getAccessControlEntries(); + entries = (acls.remove(0)).getAccessControlEntries(); } catch (RepositoryException e) { log.error("Unable to retrieve ACEs: " + e.getMessage() + " -> try next."); } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java Tue Sep 8 16:09:28 2009 @@ -22,9 +22,10 @@ import javax.jcr.ItemNotFoundException; import javax.jcr.RepositoryException; import javax.jcr.Session; + +import java.security.Principal; import java.util.Map; import java.util.Set; -import java.security.Principal; /** * The AccessControlProvider is used to provide access control policy and entry Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java Tue Sep 8 16:09:28 2009 @@ -20,6 +20,8 @@ import org.apache.jackrabbit.core.ItemImpl; import javax.jcr.RepositoryException; + +import java.security.Principal; import java.util.Set; /** @@ -58,7 +60,7 @@ * @return true if the specified set of principals contains an * AdminPrincipal or a SystemPrincipal. */ - boolean isAdminOrSystem(Set principals); + boolean isAdminOrSystem(Set principals); /** * Test if if the specified set of principals will have read-only permissions @@ -69,6 +71,6 @@ * @return true if the specified set of principals will only be granted * read permission on all items. */ - boolean isReadOnly(Set principals); + boolean isReadOnly(Set principals); } \ No newline at end of file Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Tue Sep 8 16:09:28 2009 @@ -16,24 +16,24 @@ */ package org.apache.jackrabbit.core.security.authorization; -import javax.jcr.security.AccessControlException; -import javax.jcr.security.Privilege; -import org.apache.jackrabbit.spi.commons.conversion.NameResolver; -import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl; -import org.apache.jackrabbit.spi.Name; -import org.apache.jackrabbit.spi.NameFactory; - -import javax.jcr.RepositoryException; -import javax.jcr.NamespaceException; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; +import javax.jcr.NamespaceException; +import javax.jcr.RepositoryException; +import javax.jcr.security.AccessControlException; +import javax.jcr.security.Privilege; + +import org.apache.jackrabbit.spi.Name; +import org.apache.jackrabbit.spi.NameFactory; +import org.apache.jackrabbit.spi.commons.conversion.NameResolver; +import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl; + /** * The PrivilegeRegistry defines the set of Privileges * known to the repository. @@ -46,8 +46,8 @@ */ public static final String REP_WRITE = "{" + Name.NS_REP_URI + "}write"; - private static final Set REGISTERED_PRIVILEGES = new HashSet(20); - private static final Map BITS_TO_PRIVILEGES = new HashMap(); + private static final Set REGISTERED_PRIVILEGES = new HashSet(20); + private static final Map BITS_TO_PRIVILEGES = new HashMap(); private static final NameFactory NAME_FACTORY = NameFactoryImpl.getInstance(); private static final Privilege[] EMPTY_ARRAY = new Privilege[0]; @@ -123,7 +123,7 @@ * Per instance map containing the instance specific representation of * the registered privileges. */ - private final Map localCache; + private final Map localCache; /** * Create a new PrivilegeRegistry instance. @@ -133,9 +133,8 @@ */ public PrivilegeRegistry(NameResolver resolver) { this.resolver = resolver; - localCache = new HashMap(REGISTERED_PRIVILEGES.size()); - for (Iterator it = REGISTERED_PRIVILEGES.iterator(); it.hasNext();) { - InternalPrivilege ip = (InternalPrivilege) it.next(); + localCache = new HashMap(REGISTERED_PRIVILEGES.size()); + for (InternalPrivilege ip : REGISTERED_PRIVILEGES) { Privilege priv = new PrivilegeImpl(ip, resolver); localCache.put(ip.name, priv); } @@ -147,7 +146,7 @@ * @return all registered privileges. */ public Privilege[] getRegisteredPrivileges() { - return (Privilege[]) localCache.values().toArray(new Privilege[localCache.size()]); + return localCache.values().toArray(new Privilege[localCache.size()]); } /** @@ -161,7 +160,7 @@ public Privilege getPrivilege(String privilegeName) throws AccessControlException, RepositoryException { Name name = resolver.getQName(privilegeName); if (localCache.containsKey(name)) { - return (Privilege) localCache.get(name); + return localCache.get(name); } else { throw new AccessControlException("Unknown privilege " + privilegeName); } @@ -187,7 +186,7 @@ InternalPrivilege[] internalPrivs = getInteralPrivileges(bits); privs = new Privilege[internalPrivs.length]; for (int i = 0; i < internalPrivs.length; i++) { - privs[i] = (Privilege) localCache.get(internalPrivs[i].name); + privs[i] = localCache.get(internalPrivs[i].name); } } else { privs = new Privilege[0]; @@ -207,8 +206,7 @@ throw new AccessControlException("Privilege array is empty or null."); } int bits = NO_PRIVILEGE; - for (int i = 0; i < privileges.length; i++) { - Privilege priv = privileges[i]; + for (Privilege priv : privileges) { if (priv instanceof PrivilegeImpl) { bits |= ((PrivilegeImpl) priv).internalPrivilege.getBits(); } else { @@ -307,11 +305,10 @@ * @return InternalPrivilege that corresponds to the given bits. */ private static InternalPrivilege[] getInteralPrivileges(int bits) { - Object key = new Integer(bits); - if (BITS_TO_PRIVILEGES.containsKey(key)) { - return (InternalPrivilege[]) BITS_TO_PRIVILEGES.get(key); + if (BITS_TO_PRIVILEGES.containsKey(bits)) { + return BITS_TO_PRIVILEGES.get(bits); } else { - List privileges = new ArrayList(); + List privileges = new ArrayList(); if ((bits & READ) == READ) { privileges.add(READ_PRIVILEGE); } @@ -357,8 +354,8 @@ InternalPrivilege[] privs; if (!privileges.isEmpty()) { - privs = (InternalPrivilege[]) privileges.toArray(new InternalPrivilege[privileges.size()]); - BITS_TO_PRIVILEGES.put(key, privs); + privs = privileges.toArray(new InternalPrivilege[privileges.size()]); + BITS_TO_PRIVILEGES.put(bits, privs); } else { privs = new InternalPrivilege[0]; } @@ -368,7 +365,7 @@ private static InternalPrivilege registerPrivilege(InternalPrivilege privilege) { REGISTERED_PRIVILEGES.add(privilege); - BITS_TO_PRIVILEGES.put(new Integer(privilege.getBits()), new InternalPrivilege[] {privilege}); + BITS_TO_PRIVILEGES.put(privilege.getBits(), new InternalPrivilege[] {privilege}); return privilege; } @@ -383,7 +380,7 @@ private final boolean isAbstract; private final boolean isAggregate; private final InternalPrivilege[] declaredAggregates; - private final Set aggregates; + private final Set aggregates; private final int bits; @@ -417,10 +414,9 @@ this.name = NAME_FACTORY.create(name); this.isAbstract = false; this.declaredAggregates = declaredAggregates; - Set aggrgt = new HashSet(); + Set aggrgt = new HashSet(); int bts = 0; - for (int i = 0; i < declaredAggregates.length; i++) { - InternalPrivilege priv = declaredAggregates[i]; + for (InternalPrivilege priv : declaredAggregates) { bts |= priv.getBits(); if (priv.isAggregate) { aggrgt.addAll(priv.aggregates); @@ -491,7 +487,7 @@ Privilege[] privs = new Privilege[len]; for (int i = 0; i < len; i++) { InternalPrivilege ip = internalPrivilege.declaredAggregates[i]; - privs[i] = (Privilege) localCache.get(ip.name); + privs[i] = localCache.get(ip.name); } return privs; } else { @@ -503,9 +499,8 @@ if (internalPrivilege.isAggregate) { Privilege[] privs = new Privilege[internalPrivilege.aggregates.size()]; int i = 0; - for (Iterator it = internalPrivilege.aggregates.iterator(); it.hasNext();) { - InternalPrivilege ip = (InternalPrivilege) it.next(); - privs[i++] = (Privilege) localCache.get(ip.name); + for (InternalPrivilege ip : internalPrivilege.aggregates) { + privs[i++] = localCache.get(ip.name); } return privs; } else { Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java Tue Sep 8 16:09:28 2009 @@ -22,8 +22,16 @@ import javax.jcr.security.Privilege; import javax.jcr.RepositoryException; +import javax.jcr.Value; +import javax.jcr.PropertyType; + import java.security.Principal; import java.util.List; +import java.util.Map; +import java.util.Collections; +import java.util.HashMap; + +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; /** * An implementation of the AccessControlList interface that only @@ -32,10 +40,14 @@ * and {@link #removeAccessControlEntry(AccessControlEntry) removeAccessControlEntry}) * throw an AccessControlException. */ -public class UnmodifiableAccessControlList implements AccessControlList { +public class UnmodifiableAccessControlList implements JackrabbitAccessControlList { private final AccessControlEntry[] accessControlEntries; + private final Map restrictions; + + private final String path; + /** * Construct a new UnmodifiableAccessControlList * @@ -45,7 +57,20 @@ * specified AccessControlList. */ public UnmodifiableAccessControlList(AccessControlList acl) throws RepositoryException { - accessControlEntries = acl.getAccessControlEntries(); + if (acl instanceof JackrabbitAccessControlList) { + JackrabbitAccessControlList jAcl = (JackrabbitAccessControlList) acl; + accessControlEntries = acl.getAccessControlEntries(); + path = jAcl.getPath(); + Map r = new HashMap(); + for (String name: jAcl.getRestrictionNames()) { + r.put(name, jAcl.getRestrictionType(name)); + } + restrictions = Collections.unmodifiableMap(r); + } else { + accessControlEntries = acl.getAccessControlEntries(); + path = null; + restrictions = Collections.emptyMap(); + } } /** @@ -53,8 +78,10 @@ * * @param accessControlEntries A list of {@link AccessControlEntry access control entries}. */ - public UnmodifiableAccessControlList(List accessControlEntries) { - this.accessControlEntries = (AccessControlEntry[]) accessControlEntries.toArray(new AccessControlEntry[accessControlEntries.size()]); + public UnmodifiableAccessControlList(List accessControlEntries) { + this.accessControlEntries = accessControlEntries.toArray(new AccessControlEntry[accessControlEntries.size()]); + path = null; + restrictions = Collections.emptyMap(); } //--------------------------------------------------< AccessControlList >--- @@ -82,4 +109,36 @@ throws AccessControlException, RepositoryException { throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL."); } + + public String[] getRestrictionNames() { + return restrictions.keySet().toArray(new String[restrictions.size()]); + } + + public int getRestrictionType(String restrictionName) { + if (restrictions.containsKey(restrictionName)) { + return restrictions.get(restrictionName); + } else { + return PropertyType.UNDEFINED; + } + } + + public boolean isEmpty() { + return accessControlEntries.length == 0; + } + + public int size() { + return accessControlEntries.length; + } + + public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow) throws AccessControlException, RepositoryException { + throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL."); + } + + public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map restrictions) throws AccessControlException, RepositoryException { + throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL."); + } + + public String getPath() { + return path; + } } \ No newline at end of file Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java Tue Sep 8 16:09:28 2009 @@ -19,6 +19,7 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import java.util.Set; +import java.security.Principal; /** * The WorkspaceAccessManager is responsible for workspace access. @@ -53,5 +54,6 @@ * workspace with the specified name. * @throws RepositoryException If an error occurs. */ - boolean grants(Set principals, String workspaceName) throws RepositoryException; + boolean grants(Set principals, String workspaceName) + throws RepositoryException; } Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java Tue Sep 8 16:09:28 2009 @@ -83,9 +83,9 @@ /** * - * @param aclNode - * @return - * @throws RepositoryException + * @param aclNode the node + * @return the control list + * @throws RepositoryException if an error occurs */ AccessControlList getACL(NodeImpl aclNode) throws RepositoryException { return new ACLTemplate(aclNode, privilegeRegistry); @@ -171,8 +171,8 @@ } AccessControlEntry[] entries = ((ACLTemplate) policy).getAccessControlEntries(); - for (int i = 0; i < entries.length; i++) { - JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entries[i]; + for (AccessControlEntry entry : entries) { + JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entry; Name nodeName = getUniqueNodeName(aclNode, ace.isAllow() ? "allow" : "deny"); Name ntName = (ace.isAllow()) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE; @@ -216,7 +216,7 @@ * defining content. It this case setting or modifying an AC-policy is * obviously not possible. * - * @param nodePath + * @param nodePath the node path * @throws AccessControlException If the given nodePath identifies a Node that * represents a ACL or ACE item. * @throws RepositoryException @@ -231,9 +231,9 @@ /** * Check if the specified policy can be set/removed from this editor. * - * @param nodePath - * @param policy - * @throws AccessControlException + * @param nodePath the node path + * @param policy the policy + * @throws AccessControlException if not allowed */ private static void checkValidPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException { if (policy == null || !(policy instanceof ACLTemplate)) { @@ -247,10 +247,10 @@ /** * - * @param path - * @return - * @throws PathNotFoundException - * @throws RepositoryException + * @param path the path + * @return the node + * @throws PathNotFoundException if not found + * @throws RepositoryException if an error occurs */ private NodeImpl getNode(String path) throws PathNotFoundException, RepositoryException { return (NodeImpl) session.getNode(path); @@ -261,10 +261,10 @@ * path or null if the node is not mix:AccessControllable * or if no policy node exists. * - * @param nodePath + * @param nodePath the node path * @return node or null - * @throws PathNotFoundException - * @throws RepositoryException + * @throws PathNotFoundException if not found + * @throws RepositoryException if an error occurs */ private NodeImpl getAclNode(String nodePath) throws PathNotFoundException, RepositoryException { NodeImpl controlledNode = getNode(nodePath); @@ -275,9 +275,9 @@ * Returns the rep:Policy node below the given Node or null * if the node is not mix:AccessControllable or if no policy node exists. * - * @param controlledNode + * @param controlledNode the controlled node * @return node or null - * @throws RepositoryException + * @throws RepositoryException if an error occurs */ private NodeImpl getAclNode(NodeImpl controlledNode) throws RepositoryException { NodeImpl aclNode = null; @@ -289,9 +289,9 @@ /** * - * @param nodePath - * @return - * @throws RepositoryException + * @param nodePath the node path + * @return the new node + * @throws RepositoryException if an error occurs */ private NodeImpl createAclNode(String nodePath) throws RepositoryException { NodeImpl protectedNode = getNode(nodePath); @@ -306,8 +306,8 @@ * * @param node a name for the child is resolved * @param name if missing the {@link #DEFAULT_ACE_NAME} is taken - * @return - * @throws RepositoryException + * @return the name + * @throws RepositoryException if an error occurs */ protected static Name getUniqueNodeName(Node node, String name) throws RepositoryException { if (name == null) { @@ -333,12 +333,13 @@ * Build an array of Value from the specified privileges using * the given valueFactory. * - * @param privileges - * @param valueFactory + * @param privileges the privileges + * @param valueFactory the value factory * @return an array of Value. - * @throws javax.jcr.ValueFormatException + * @throws ValueFormatException if an error occurs */ - private static Value[] getPrivilegeNames(Privilege[] privileges, ValueFactory valueFactory) throws ValueFormatException { + private static Value[] getPrivilegeNames(Privilege[] privileges, ValueFactory valueFactory) + throws ValueFormatException { Value[] names = new Value[privileges.length]; for (int i = 0; i < privileges.length; i++) { names[i] = valueFactory.createValue(privileges[i].getName(), PropertyType.NAME); Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java?rev=812570&r1=812569&r2=812570&view=diff ============================================================================== --- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java (original) +++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java Tue Sep 8 16:09:28 2009 @@ -16,54 +16,55 @@ */ package org.apache.jackrabbit.core.security.authorization.acl; -import javax.jcr.security.AccessControlPolicy; -import javax.jcr.security.Privilege; +import java.security.Principal; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.jcr.ItemNotFoundException; +import javax.jcr.NodeIterator; +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.Value; +import javax.jcr.observation.Event; +import javax.jcr.observation.EventIterator; +import javax.jcr.query.Query; +import javax.jcr.query.QueryManager; +import javax.jcr.security.AccessControlEntry; import javax.jcr.security.AccessControlList; import javax.jcr.security.AccessControlManager; +import javax.jcr.security.AccessControlPolicy; +import javax.jcr.security.Privilege; + import org.apache.jackrabbit.api.security.principal.PrincipalManager; -import org.apache.jackrabbit.core.id.NodeId; +import org.apache.jackrabbit.core.ItemImpl; import org.apache.jackrabbit.core.NodeImpl; import org.apache.jackrabbit.core.PropertyImpl; -import org.apache.jackrabbit.core.ItemImpl; import org.apache.jackrabbit.core.SessionImpl; +import org.apache.jackrabbit.core.id.NodeId; import org.apache.jackrabbit.core.observation.SynchronousEventListener; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider; import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions; import org.apache.jackrabbit.core.security.authorization.AccessControlConstants; import org.apache.jackrabbit.core.security.authorization.AccessControlEditor; +import org.apache.jackrabbit.core.security.authorization.AccessControlEntryIterator; import org.apache.jackrabbit.core.security.authorization.CompiledPermissions; import org.apache.jackrabbit.core.security.authorization.Permission; import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry; import org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList; -import org.apache.jackrabbit.core.security.authorization.AccessControlEntryIterator; import org.apache.jackrabbit.core.security.principal.PrincipalImpl; import org.apache.jackrabbit.spi.Path; import org.apache.jackrabbit.spi.commons.name.PathFactoryImpl; import org.apache.jackrabbit.util.Text; -import org.apache.commons.collections.map.ListOrderedMap; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.jcr.ItemNotFoundException; -import javax.jcr.NodeIterator; -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.Value; -import javax.jcr.observation.Event; -import javax.jcr.observation.EventIterator; -import javax.jcr.query.Query; -import javax.jcr.query.QueryManager; -import java.security.Principal; -import java.util.Collections; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Arrays; - /** * The ACLProvider generates access control policies out of the items stored * in the workspace applying the following rules: @@ -114,8 +115,8 @@ */ public boolean isAcItem(Path absPath) throws RepositoryException { Path.Element[] elems = absPath.getElements(); - for (int i = 0; i < elems.length; i++) { - if (N_POLICY.equals(elems[i].getName())) { + for (Path.Element elem : elems) { + if (N_POLICY.equals(elem.getName())) { return true; } } @@ -151,14 +152,14 @@ /** * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(Path) - * @param absPath + * @param absPath absolute path */ public AccessControlPolicy[] getEffectivePolicies(Path absPath) throws ItemNotFoundException, RepositoryException { checkInitialized(); NodeImpl targetNode = (NodeImpl) session.getNode(session.getJCRPath(absPath)); NodeImpl node = getNode(targetNode); - List acls = new ArrayList(); + List acls = new ArrayList(); // collect all ACLs effective at node collectAcls(node, acls); @@ -169,7 +170,7 @@ // controlled. log.warn("No access controlled node present in item hierarchy starting from " + targetNode.getPath()); } - return (AccessControlList[]) acls.toArray(new AccessControlList[acls.size()]); + return acls.toArray(new AccessControlList[acls.size()]); } /** @@ -215,8 +216,8 @@ * searched and returned. * * @param targetNode The node for which AC information needs to be retrieved. - * @return - * @throws RepositoryException + * @return the node + * @throws RepositoryException if an error occurs */ private NodeImpl getNode(NodeImpl targetNode) throws RepositoryException { NodeImpl node; @@ -238,9 +239,9 @@ * @param node the Node to collect the ACLs for, which must NOT be part of the * structure defined by mix:AccessControllable. * @param acls List used to collect the effective acls. - * @throws RepositoryException + * @throws RepositoryException if an error occurs */ - private void collectAcls(NodeImpl node, List acls) throws RepositoryException { + private void collectAcls(NodeImpl node, List acls) throws RepositoryException { // if the given node is access-controlled, construct a new ACL and add // it to the list if (isAccessControlled(node)) { @@ -314,10 +315,10 @@ * and if it has a child node named * {@link AccessControlConstants#N_POLICY "rep:ACL"}. * - * @param node + * @param node hte node * @return true if the node is access controlled; * false otherwise. - * @throws RepositoryException + * @throws RepositoryException if an error occurs */ static boolean isAccessControlled(NodeImpl node) throws RepositoryException { return node.isNodeType(NT_REP_ACCESS_CONTROLLABLE) && node.hasNode(N_POLICY); @@ -329,7 +330,7 @@ */ private class AclPermissions extends AbstractCompiledPermissions implements SynchronousEventListener { - private final List principalNames; + private final List principalNames; private final String jcrReadPrivilegeName; /** @@ -343,7 +344,7 @@ } private AclPermissions(Set principals, boolean listenToEvents) throws RepositoryException { - principalNames = new ArrayList(principals.size()); + principalNames = new ArrayList(principals.size()); for (Principal princ : principals) { principalNames.add(princ.getName()); } @@ -381,7 +382,7 @@ * permissions for any of the principals AND denies-READ. Otherwise * this shortcut is not possible. * - * @param principalnames + * @param principalnames names of the principals * @return true if read is allowed everywhere. */ private boolean isReadAllowed(Collection principalnames) { @@ -397,10 +398,9 @@ // where the rep:principalName property exactly matches any of // the given principalsNames int i = 0; - Iterator itr = principalnames.iterator(); - while (itr.hasNext()) { + for (String principalname : principalnames) { stmt.append("@").append(resolver.getJCRName(P_PRINCIPAL_NAME)).append(" eq "); - stmt.append("'").append(itr.next().toString()).append("'"); + stmt.append("'").append(principalname).append("'"); if (++i < principalnames.size()) { stmt.append(" or "); } @@ -522,9 +522,9 @@ /** * - * @param absPath - * @param permissions - * @return + * @param absPath absolute path + * @param permissions permission bits + * @return true if the permissions are granted * @throws RepositoryException * @see CompiledPermissions#grants(Path, int) */ @@ -560,8 +560,8 @@ // ACE denies READ. if (readAllowed && n.isNodeType(NT_REP_DENY_ACE)) { Value[] vs = n.getProperty(P_PRIVILEGES).getValues(); - for (int i = 0; i < vs.length; i++) { - if (jcrReadPrivilegeName.equals(vs[i].getString())) { + for (Value v : vs) { + if (jcrReadPrivilegeName.equals(v.getString())) { readAllowed = false; } } @@ -624,12 +624,12 @@ */ private class Entries { - private final ListOrderedMap principalNamesToEntries; + private final Map> principalNamesToEntries; - private Entries(NodeImpl node, Collection principalNames) throws RepositoryException { - principalNamesToEntries = new ListOrderedMap(); - for (Iterator it = principalNames.iterator(); it.hasNext();) { - principalNamesToEntries.put(it.next(), new ArrayList()); + private Entries(NodeImpl node, Collection principalNames) throws RepositoryException { + principalNamesToEntries = new LinkedHashMap>(); + for (String name : principalNames) { + principalNamesToEntries.put(name, new ArrayList()); } collectEntries(node); } @@ -650,11 +650,9 @@ } private AccessControlEntryIterator iterator() { - List entries = new ArrayList(); - for (Iterator it = - principalNamesToEntries.asList().iterator(); it.hasNext();) { - Object key = it.next(); - entries.addAll((List) principalNamesToEntries.get(key)); + List entries = new ArrayList(); + for (List list: principalNamesToEntries.values()) { + entries.addAll(list); } return new AccessControlEntryIterator(entries); }