jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1370139 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authorization/acl/ test/java/org/apache/jackrabbit/core/security/authorization/ test/java/org/apache/jackrabbit/core/security/authorization/acl/
Date Tue, 07 Aug 2012 08:29:28 GMT
Author: angela
Date: Tue Aug  7 08:29:28 2012
New Revision: 1370139

URL: http://svn.apache.org/viewvc?rev=1370139&view=rev
Log:
JCR-3395 : separate entries used for permission eval from ACEs exposed in JCR

Added:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java Tue Aug  7 08:29:28 2012
@@ -43,14 +43,12 @@ import javax.jcr.Session;
 import javax.jcr.query.Query;
 import javax.jcr.query.QueryManager;
 import javax.jcr.query.QueryResult;
-import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlList;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.AccessControlPolicy;
 import javax.jcr.security.Privilege;
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
@@ -137,9 +135,7 @@ public class ACLProvider extends Abstrac
             targetNode = (NodeImpl) session.getRootNode();
             if (isRepoAccessControlled(targetNode)) {
                 if (permissions.grants(targetNode.getPrimaryPath(), Permission.READ_AC)) {
-                    // retrieve the entries for the access controlled node
-                    List<AccessControlEntry> entries = entryCollector.collectEntries(null, new EntryFilterImpl(null, (NodeId) null, session));
-                    acls.add(new UnmodifiableAccessControlList(entries));
+                    acls.add(getACL(targetNode, N_REPO_POLICY, null));
                 } else {
                     throw new AccessDeniedException("Access denied at " + targetNode.getPath());
                 }
@@ -204,15 +200,13 @@ public class ACLProvider extends Abstrac
 
             if (N_POLICY.equals(aclName) && isAccessControlled(accessControlledNode)) {
                 if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
-                    List<AccessControlEntry> aces = entryCollector.getEntries(accessControlledNode).getACEs();
-                    acls.add(new UnmodifiableAccessControlList(aces, accessControlledNode.getPath(), Collections.<String, Integer>emptyMap()));
+                    acls.add(getACL(accessControlledNode, N_POLICY, accessControlledNode.getPath()));
                 } else {
                     throw new AccessDeniedException("Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
                 }
             } else if (N_REPO_POLICY.equals(aclName) && isRepoAccessControlled(accessControlledNode)) {
                 if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
-                    List<AccessControlEntry> aces = entryCollector.collectEntries(null, new EntryFilterImpl(null, (NodeId) null, session));
-                    acls.add(new UnmodifiableAccessControlList(aces));
+                    acls.add(getACL(accessControlledNode, N_REPO_POLICY, null));
                 } else {
                     throw new AccessDeniedException("Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
                 }
@@ -290,9 +284,7 @@ public class ACLProvider extends Abstrac
         // it to the list
         if (isAccessControlled(node)) {
             if (permissions.grants(node.getPrimaryPath(), Permission.READ_AC)) {
-                // retrieve the entries for the access controlled node
-                List<AccessControlEntry> aces = entryCollector.getEntries(node).getACEs();
-                acls.add(new UnmodifiableAccessControlList(aces, node.getPath(), Collections.<String, Integer>emptyMap()));
+                acls.add(getACL(node, N_POLICY, node.getPath()));
             } else {
                 throw new AccessDeniedException("Access denied at " + node.getPath());
             }
@@ -304,6 +296,14 @@ public class ACLProvider extends Abstrac
         }
     }
 
+    private AccessControlList getACL(NodeImpl accessControlledNode, Name policyName, String path) throws RepositoryException {
+        // collect the aces of that node.
+        NodeImpl aclNode = accessControlledNode.getNode(policyName);
+        AccessControlList acl = new ACLTemplate(aclNode, path);
+
+        return new UnmodifiableAccessControlList(acl);
+    }
+
     /**
      * Set-up minimal permissions for the workspace:
      *

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java Tue Aug  7 08:29:28 2012
@@ -38,12 +38,10 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.id.NodeId;
 import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplate;
 import org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeBits;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl;
-import org.apache.jackrabbit.core.security.authorization.GlobPattern;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.core.security.principal.UnknownPrincipal;
 import org.apache.jackrabbit.core.value.InternalValue;
@@ -87,15 +85,7 @@ class ACLTemplate extends AbstractACLTem
     private final NameResolver resolver;
 
     /**
-     * The id of the access controlled node or <code>null</code> if this
-     * ACLTemplate isn't created for an existing access controlled node.
-     * Used for the Entry#isLocal(NodeId) call only in order to avoid calls
-     * to {@link javax.jcr.Node#getPath()}.
-     */
-    private final NodeId id;
-
-    /**
-     *
+     * Namespace sensitive name of the REP_GLOB property in standard JCR form.
      */
     private final String jcrRepGlob;
 
@@ -116,7 +106,6 @@ class ACLTemplate extends AbstractACLTem
         this.principalMgr = principalMgr;
         this.privilegeMgr = (PrivilegeManagerImpl) privilegeMgr;
         this.resolver = resolver;
-        this.id = null;
 
         jcrRepGlob = resolver.getJCRName(P_GLOB);
     }
@@ -126,17 +115,6 @@ class ACLTemplate extends AbstractACLTem
      * node.
      *
      * @param aclNode node
-     * @throws RepositoryException if an error occurs
-     */
-    ACLTemplate(NodeImpl aclNode) throws RepositoryException {
-        this(aclNode, ((aclNode != null) ? aclNode.getParent().getPath() : null));
-    }
-
-    /**
-     * Create a {@link ACLTemplate} that is used to edit an existing ACL
-     * node.
-     *
-     * @param aclNode node
      * @param path The path as exposed by "@link JackrabbitAccessControlList#getPath()}
      * @throws RepositoryException if an error occurs
      */
@@ -150,7 +128,6 @@ class ACLTemplate extends AbstractACLTem
         privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) sImpl.getWorkspace()).getPrivilegeManager();
 
         this.resolver = sImpl;
-        this.id = aclNode.getParentId();
         jcrRepGlob = sImpl.getJCRName(P_GLOB);
 
         // load the entries:
@@ -422,61 +399,22 @@ class ACLTemplate extends AbstractACLTem
      */
     class Entry extends AccessControlEntryImpl {
 
-        private final GlobPattern pattern;
-
         private Entry(Principal principal, PrivilegeBits privilegeBits, boolean allow, Map<String,Value> restrictions)
                 throws RepositoryException {
             super(principal, privilegeBits, allow, restrictions);
-            pattern = calculatePattern();
         }
 
         private Entry(Principal principal, Privilege[] privileges, boolean allow, Map<String,Value> restrictions)
                 throws RepositoryException {
             super(principal, privileges, allow, restrictions);
-            pattern = calculatePattern();
         }
 
         private Entry(Entry base, PrivilegeBits newPrivilegeBits, boolean isAllow) throws RepositoryException {
             super(base, newPrivilegeBits, isAllow);
-            pattern = calculatePattern();
         }
 
         private Entry(Entry base, Privilege[] newPrivileges, boolean isAllow) throws RepositoryException {
             super(base, newPrivileges, isAllow);
-            pattern = calculatePattern();
-        }
-
-        private GlobPattern calculatePattern() throws RepositoryException {
-            if (path == null) {
-                return null; // no pattern for repo-level aces.
-            } else {
-                GlobPattern p;
-                Value glob = getRestrictions().get(P_GLOB);
-                if (glob != null) {
-                    p = GlobPattern.create(path, glob.getString());
-                } else {
-                    p = GlobPattern.create(path);
-                }
-                return p;
-            }
-        }
-        
-        /**
-         * @param nodeId
-         * @return <code>true</code> if this entry is defined on the node
-         * at <code>nodeId</code>
-         */
-        boolean isLocal(NodeId nodeId) {
-            return id != null && id.equals(nodeId);
-        }
-
-        /**
-         * 
-         * @param jcrPath
-         * @return
-         */
-        boolean matches(String jcrPath) {
-            return pattern != null && pattern.matches(jcrPath);
         }
 
         @Override

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java Tue Aug  7 08:29:28 2012
@@ -39,7 +39,6 @@ import org.apache.jackrabbit.util.Text;
 
 import javax.jcr.ItemNotFoundException;
 import javax.jcr.RepositoryException;
-import javax.jcr.security.AccessControlEntry;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -92,7 +91,7 @@ class CompiledPermissionsImpl extends Ab
         // retrieve all ACEs at path or at the direct ancestor of path that
         // apply for the principal names.
         NodeImpl n = ACLProvider.getNode(node, isAcItem);
-        Iterator<AccessControlEntry> entries = entryCollector.collectEntries(n, filter).iterator();
+        Iterator<Entry> entries = entryCollector.collectEntries(n, filter).iterator();
 
         /*
         Calculate privileges and permissions:
@@ -112,7 +111,7 @@ class CompiledPermissionsImpl extends Ab
         NodeId nodeId = (node == null) ? null : node.getNodeId();
 
         while (entries.hasNext()) {
-            ACLTemplate.Entry ace = (ACLTemplate.Entry) entries.next();
+            Entry ace = entries.next();
             /*
             Determine if the ACE also takes effect on the parent:
             Some permissions (e.g. add-node or removal) must be determined
@@ -261,8 +260,7 @@ class CompiledPermissionsImpl extends Ab
                      (see special treatment of remove, create or ac-specific
                       permissions).
                      */
-                    for (AccessControlEntry accessControlEntry : entryCollector.collectEntries(node, filter)) {
-                        ACLTemplate.Entry ace = (ACLTemplate.Entry) accessControlEntry;
+                    for (Entry ace : entryCollector.collectEntries(node, filter)) {
                         if (ace.getPrivilegeBits().includesRead()) {
                             canRead = ace.isAllow();
                             break;

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java?rev=1370139&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java Tue Aug  7 08:29:28 2012
@@ -0,0 +1,199 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.List;
+import javax.jcr.NodeIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.core.NodeImpl;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.core.security.authorization.GlobPattern;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeBits;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl;
+import org.apache.jackrabbit.core.value.InternalValue;
+import org.apache.jackrabbit.spi.Name;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Entry... TODO
+ */
+class Entry implements AccessControlConstants {
+
+    private static final Logger log = LoggerFactory.getLogger(ACLTemplate.class);
+
+    private final String principalName;
+    private final boolean isGroupEntry;
+    private final PrivilegeBits privilegeBits;
+    private final boolean isAllow;
+    private final NodeId id;
+    private final GlobPattern pattern;
+    private final boolean hasRestrictions;
+
+    private int hashCode;
+
+    private Entry(NodeId id, String principalName, boolean isGroupEntry,
+                  PrivilegeBits privilegeBits, boolean allow, String path, Value globValue) throws RepositoryException {
+
+        this.principalName = principalName;
+        this.isGroupEntry = isGroupEntry;
+        this.privilegeBits = privilegeBits;
+        this.isAllow = allow;
+        this.id = id;
+        this.pattern = calculatePattern(path, globValue);
+        this.hasRestrictions = (globValue != null);
+    }
+
+    static List<Entry> readEntries(NodeImpl aclNode, String path) throws RepositoryException {
+        if (aclNode == null || !NT_REP_ACL.equals(aclNode.getPrimaryNodeTypeName())) {
+            throw new IllegalArgumentException("Node must be of type 'rep:ACL'");
+        }
+        SessionImpl sImpl = (SessionImpl) aclNode.getSession();
+        PrincipalManager principalMgr = sImpl.getPrincipalManager();
+        PrivilegeManagerImpl privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) sImpl.getWorkspace()).getPrivilegeManager();
+
+        NodeId nodeId = aclNode.getParentId();
+
+        List<Entry> entries = new ArrayList<Entry>();
+        // load the entries:
+        NodeIterator itr = aclNode.getNodes();
+        while (itr.hasNext()) {
+            NodeImpl aceNode = (NodeImpl) itr.nextNode();
+            try {
+                String principalName = aceNode.getProperty(P_PRINCIPAL_NAME).getString();
+                boolean isGroupEntry = false;
+                Principal princ = principalMgr.getPrincipal(principalName);
+                if (princ != null) {
+                    isGroupEntry = (princ instanceof Group);
+                }
+
+                InternalValue[] privValues = aceNode.getProperty(P_PRIVILEGES).internalGetValues();
+                Name[] privNames = new Name[privValues.length];
+                for (int i = 0; i < privValues.length; i++) {
+                    privNames[i] = privValues[i].getName();
+                }
+
+                Value globValue = null;
+                if (aceNode.hasProperty(P_GLOB)) {
+                    globValue = aceNode.getProperty(P_GLOB).getValue();
+                }
+
+                boolean isAllow = NT_REP_GRANT_ACE.equals(aceNode.getPrimaryNodeTypeName());
+                Entry ace = new Entry(nodeId, principalName, isGroupEntry, privilegeMgr.getBits(privNames), isAllow, path, globValue);
+                entries.add(ace);
+            } catch (RepositoryException e) {
+                log.debug("Failed to build ACE from content.", e.getMessage());
+            }
+        }
+
+        return entries;
+    }
+
+    private static GlobPattern calculatePattern(String path, Value globValue) throws RepositoryException {
+        if (path == null) {
+            return null;
+        } else {
+            if (globValue == null) {
+                return GlobPattern.create(path);
+            } else {
+                return GlobPattern.create(path, globValue.getString());
+            }
+        }
+    }
+
+    /**
+     * @param nodeId
+     * @return <code>true</code> if this entry is defined on the node
+     * at <code>nodeId</code>
+     */
+    boolean isLocal(NodeId nodeId) {
+        return id != null && id.equals(nodeId);
+    }
+
+    /**
+     *
+     * @param jcrPath
+     * @return
+     */
+    boolean matches(String jcrPath) {
+        return pattern != null && pattern.matches(jcrPath);
+    }
+
+    PrivilegeBits getPrivilegeBits() {
+        return privilegeBits;
+    }
+
+    boolean isAllow() {
+        return isAllow;
+    }
+
+    String getPrincipalName() {
+        return principalName;
+    }
+
+    boolean isGroupEntry() {
+        return isGroupEntry;
+    }
+
+    boolean hasRestrictions() {
+        return hasRestrictions;
+    }
+
+    //-------------------------------------------------------------< Object >---
+    /**
+     * @see Object#hashCode()
+     */
+    @Override
+    public int hashCode() {
+        if (hashCode == -1) {
+            int h = 17;
+            h = 37 * h + principalName.hashCode();
+            h = 37 * h + privilegeBits.hashCode();
+            h = 37 * h + Boolean.valueOf(isAllow).hashCode();
+            h = 37 * h + pattern.hashCode();
+            hashCode = h;
+        }
+        return hashCode;
+    }
+
+    /**
+     * @see Object#equals(Object)
+     */
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == this) {
+            return true;
+        }
+        if (obj instanceof Entry) {
+            Entry other = (Entry) obj;
+            return principalName.equals(other.principalName) &&
+                   privilegeBits.equals(other.privilegeBits) &&
+                   isAllow == other.isAllow &&
+                   pattern.equals(other.pattern);
+        }
+        return false;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java Tue Aug  7 08:29:28 2012
@@ -36,7 +36,6 @@ import javax.jcr.observation.Event;
 import javax.jcr.observation.EventIterator;
 import javax.jcr.observation.EventListener;
 import javax.jcr.observation.ObservationManager;
-import javax.jcr.security.AccessControlEntry;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -130,16 +129,16 @@ public class EntryCollector extends Acce
      * @return
      * @throws RepositoryException
      */
-    protected List<AccessControlEntry> collectEntries(NodeImpl node, EntryFilter filter) throws RepositoryException {
-        LinkedList<AccessControlEntry> userAces = new LinkedList<AccessControlEntry>();
-        LinkedList<AccessControlEntry> groupAces = new LinkedList<AccessControlEntry>();
+    protected List<Entry> collectEntries(NodeImpl node, EntryFilter filter) throws RepositoryException {
+        LinkedList<Entry> userAces = new LinkedList<Entry>();
+        LinkedList<Entry> groupAces = new LinkedList<Entry>();
 
         if (node == null) {
             // repository level permissions
             NodeImpl root = (NodeImpl) systemSession.getRootNode();
             if (ACLProvider.isRepoAccessControlled(root)) {
                 NodeImpl aclNode = root.getNode(N_REPO_POLICY);
-                filterEntries(filter, new ACLTemplate(aclNode, null).getEntries(), userAces, groupAces);
+                filterEntries(filter, Entry.readEntries(aclNode, null), userAces, groupAces);
             }
         } else {
             filterEntries(filter, getEntries(node).getACEs(), userAces, groupAces);
@@ -151,7 +150,7 @@ public class EntryCollector extends Acce
             }
         }
 
-        List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>(userAces.size() + groupAces.size());
+        List<Entry> entries = new ArrayList<Entry>(userAces.size() + groupAces.size());
         entries.addAll(userAces);
         entries.addAll(groupAces);
 
@@ -167,9 +166,9 @@ public class EntryCollector extends Acce
      * @param groupAces
      */
     @SuppressWarnings("unchecked")
-    private static void filterEntries(EntryFilter filter, List<AccessControlEntry> aces,
-                                      LinkedList<AccessControlEntry> userAces,
-                                      LinkedList<AccessControlEntry> groupAces) {
+    private static void filterEntries(EntryFilter filter, List<Entry> aces,
+                                      LinkedList<Entry> userAces,
+                                      LinkedList<Entry> groupAces) {
         if (!aces.isEmpty() && filter != null) {
             filter.filterEntries(aces, userAces, groupAces);
         }
@@ -185,11 +184,11 @@ public class EntryCollector extends Acce
      * @throws RepositoryException
      */
     protected Entries getEntries(NodeImpl node) throws RepositoryException {
-        List<AccessControlEntry> aces;
+        List<Entry> aces;
         if (ACLProvider.isAccessControlled(node)) {
             // collect the aces of that node.
             NodeImpl aclNode = node.getNode(N_POLICY);
-            aces = new ACLTemplate(aclNode, node.getPath()).getEntries();
+            aces = Entry.readEntries(aclNode, node.getPath());
         } else {
             // not access controlled
             aces = Collections.emptyList();
@@ -438,15 +437,15 @@ public class EntryCollector extends Acce
      */
     static class Entries {
 
-        private final List<AccessControlEntry> aces;
+        private final List<Entry> aces;
         private NodeId nextId;
 
-        Entries(List<AccessControlEntry> aces, NodeId nextId) {
+        Entries(List<Entry> aces, NodeId nextId) {
             this.aces = aces;
             this.nextId = nextId;
         }
 
-        List<AccessControlEntry> getACEs() {
+        List<Entry> getACEs() {
             return aces;
         }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java Tue Aug  7 08:29:28 2012
@@ -16,7 +16,6 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import javax.jcr.security.AccessControlEntry;
 import java.util.List;
 
 /**
@@ -24,6 +23,6 @@ import java.util.List;
  */
 public interface EntryFilter {
 
-    void filterEntries(List<AccessControlEntry> entries, List<AccessControlEntry>... resultLists);
+    void filterEntries(List<Entry> entries, List<Entry>... resultLists);
 
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java Tue Aug  7 08:29:28 2012
@@ -24,8 +24,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.jcr.RepositoryException;
-import javax.jcr.security.AccessControlEntry;
-import java.security.acl.Group;
 import java.util.Collection;
 import java.util.List;
 
@@ -71,16 +69,16 @@ class EntryFilterImpl implements EntryFi
      * @param resultLists
      * @see EntryFilter#filterEntries(java.util.List, java.util.List[])
      */
-    public void filterEntries(List<AccessControlEntry> entries, List<AccessControlEntry>... resultLists) {
+    public void filterEntries(List<Entry> entries, List<Entry>... resultLists) {
         if (resultLists.length == 2) {
-            List<AccessControlEntry> userAces = resultLists[0];
-            List<AccessControlEntry> groupAces = resultLists[1];
+            List<Entry> userAces = resultLists[0];
+            List<Entry> groupAces = resultLists[1];
 
             int uInsertIndex = userAces.size();
             int gInsertIndex = groupAces.size();
 
             // first collect aces present on the given aclNode.
-            for (AccessControlEntry ace : entries) {
+            for (Entry ace : entries) {
                 // only process ace if 'principalName' is contained in the given set
                 if (matches(ace)) {
                     // add it to the proper list (e.g. separated by principals)
@@ -88,7 +86,7 @@ class EntryFilterImpl implements EntryFi
                      * NOTE: access control entries must be collected in reverse
                      * order in order to assert proper evaluation.
                      */
-                    if (ace.getPrincipal() instanceof Group) {
+                    if (ace.isGroupEntry()) {
                         groupAces.add(gInsertIndex, ace);
                     } else {
                         userAces.add(uInsertIndex, ace);
@@ -100,9 +98,8 @@ class EntryFilterImpl implements EntryFi
         }
     }
 
-    private boolean matches(AccessControlEntry ace) {
-        if (principalNames == null || principalNames.contains(ace.getPrincipal().getName())) {
-            ACLTemplate.Entry entry = (ACLTemplate.Entry) ace;
+    private boolean matches(Entry entry) {
+        if (principalNames == null || principalNames.contains(entry.getPrincipalName())) {
             if (!entry.hasRestrictions()) {
                 // short cut: there is no glob-restriction -> the entry matches
                 // because it is either defined on the node or inherited.

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java Tue Aug  7 08:29:28 2012
@@ -457,9 +457,10 @@ public abstract class AbstractRepository
             assertNotNull(aces);
             assertEquals(2, aces.length);
 
-            // change the policy
+            // change the policy: removing the second entry in the access control list
             acl = (AccessControlList) acMgr.getPolicies(null)[0];
-            acl.removeAccessControlEntry(aces[0]);
+            AccessControlEntry toRemove = acl.getAccessControlEntries()[1];
+            acl.removeAccessControlEntry(toRemove);
             acMgr.setPolicy(null, acl);
             superuser.save();
 

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java?rev=1370139&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java Tue Aug  7 08:29:28 2012
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+/**
+ * <code>EntryTest</code>...
+ */
+public class ACLTemplateEntryTest extends AbstractEntryTest {
+
+    private ACLTemplate acl;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        SessionImpl s = (SessionImpl) superuser;
+        PrivilegeManager privMgr = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
+
+        acl = new ACLTemplate(testPath, s.getPrincipalManager(), privMgr, s.getValueFactory(), s);
+    }
+
+    @Override
+    protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
+            throws RepositoryException {
+        return acl.createEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
+    }
+
+    @Override
+    protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws RepositoryException {
+        return acl.createEntry(principal, privileges, isAllow, restrictions);
+    }
+
+    @Override
+    protected JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException {
+        if (base instanceof ACLTemplate.Entry) {
+            return acl.createEntry((ACLTemplate.Entry) base, privileges, isAllow);
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    @Override
+    protected Map<String, Value> getTestRestrictions() throws RepositoryException {
+        String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
+        return Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));        
+    }
+
+    public void testRestrictions() throws RepositoryException {
+        // test if restrictions with expanded name are properly resolved
+        Map<String, Value> restrictions = new HashMap<String,Value>();
+        restrictions.put(ACLTemplate.P_GLOB.toString(), superuser.getValueFactory().createValue("*/test"));
+
+        Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
+        ACLTemplate.Entry ace = acl.createEntry(testPrincipal, privs, true, restrictions);
+
+        Value v = ace.getRestriction(ACLTemplate.P_GLOB.toString());
+        Value v2 = ace.getRestriction(((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB));
+        assertEquals(v, v2);
+    }
+}
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java Tue Aug  7 08:29:28 2012
@@ -28,7 +28,6 @@ import javax.jcr.Node;
 import javax.jcr.NodeIterator;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlList;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.AccessControlPolicy;
@@ -239,48 +238,6 @@ public class EntryCollectorTest extends 
         return names;
     }
 
-    public void testEntriesAreCached() throws Exception {
-        modifyPrivileges(path, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_READ), true);
-        AccessControlPolicy[] plcs = acMgr.getEffectivePolicies(path);
-        AccessControlPolicy[] plcs2 = acMgr.getEffectivePolicies(childNPath);
-
-        // ACEs must be the same on path and childPath as the entries are
-        // obtained from the cache
-        assertTrue(Arrays.equals(plcs, plcs2));
-        assertEquals(plcs.length, plcs2.length);
-        for (int i = 0; i < plcs.length; i++) {
-            if (plcs[i] instanceof AccessControlList) {
-                assertTrue(plcs2[i] instanceof AccessControlList);
-
-                AccessControlEntry[] aces = ((AccessControlList) plcs[0]).getAccessControlEntries();
-                AccessControlEntry[] aces2 = ((AccessControlList) plcs2[0]).getAccessControlEntries();
-                for (int j = 0; j < aces.length; j++) {
-                    assertTrue(aces[j] == aces2[j]);
-                }
-            } else {
-                assertEquals(plcs[i].getClass(), plcs2[i].getClass());
-            }
-        }
-
-
-        // retrieve effective policies for path again
-        // -> test if aces are retrieved from the cache and thus refer to the same objects.
-        AccessControlPolicy[] plcs3 = acMgr.getEffectivePolicies(path);
-        for (int i = 0; i < plcs.length; i++) {
-            if (plcs[i] instanceof AccessControlList) {
-                assertTrue(plcs3[i] instanceof AccessControlList);
-
-                AccessControlEntry[] aces = ((AccessControlList) plcs[0]).getAccessControlEntries();
-                AccessControlEntry[] aces3 = ((AccessControlList) plcs3[0]).getAccessControlEntries();
-                for (int j = 0; j < aces.length; j++) {
-                    assertTrue(aces[j] == aces3[j]);
-                }
-            } else {
-                assertEquals(plcs[i].getClass(), plcs2[i].getClass());
-            }
-        }
-    }
-
     public void testPermissions() throws Exception {
         Session superuser2 = getHelper().getSuperuserSession();
         try {
@@ -403,14 +360,6 @@ public class EntryCollectorTest extends 
         });
     }
 
-    public void testEntriesAreCachedUnderLoad() throws Exception {
-        runTestUnderLoad(new TestInvokation() {
-            public void runTest() throws Exception {
-                testEntriesAreCached();
-            }
-        });
-    }
-
     public void testPermissionsUnderLoad() throws Exception {
         runTestUnderLoad(new TestInvokation() {
             public void runTest() throws Exception {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java Tue Aug  7 08:29:28 2012
@@ -16,113 +16,87 @@
  */
 package org.apache.jackrabbit.core.security.authorization.acl;
 
-import org.apache.jackrabbit.api.JackrabbitWorkspace;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
-import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.core.NodeImpl;
-import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.id.NodeId;
-import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
-import org.apache.jackrabbit.test.NotExecutableException;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlPolicyIterator;
-import javax.jcr.security.Privilege;
 import java.security.Principal;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.NodeImpl;
+import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
+import org.apache.jackrabbit.test.NotExecutableException;
 
 /**
  * <code>EntryTest</code>...
  */
-public class EntryTest extends AbstractEntryTest {
+public class EntryTest extends AbstractEvaluationTest {
 
-    private ACLTemplate acl;
+    private String testPath;
+    private JackrabbitAccessControlList acl;
 
-    @Override
     protected void setUp() throws Exception {
         super.setUp();
-
-        SessionImpl s = (SessionImpl) superuser;
-        PrivilegeManager privMgr = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
-
-        acl = new ACLTemplate(testPath, s.getPrincipalManager(), privMgr, s.getValueFactory(), s);
+        testPath = testRootNode.getPath();
     }
 
     @Override
-    protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
-            throws RepositoryException {
-        return acl.createEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
+    protected void tearDown() throws Exception {
+        try {
+            acMgr.removePolicy(testPath, acl);
+            superuser.save();
+        } finally {
+            super.tearDown();
+        }
     }
 
     @Override
-    protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws RepositoryException {
-        return acl.createEntry(principal, privileges, isAllow, restrictions);
+    protected boolean isExecutable() {
+        return EvaluationUtil.isExecutable(acMgr);
     }
 
     @Override
-    protected JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException {
-        if (base instanceof ACLTemplate.Entry) {
-            return acl.createEntry((ACLTemplate.Entry) base, privileges, isAllow);
-        } else {
-            throw new NotExecutableException();
-        }
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
+        return EvaluationUtil.getPolicy(acM, path, principal);
     }
 
     @Override
-    protected Map<String, Value> getTestRestrictions() throws RepositoryException {
-        String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
-        return Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));        
+    protected Map<String, Value> getRestrictions(Session s, String path) {
+        return Collections.emptyMap();
     }
 
     public void testIsLocal() throws NotExecutableException, RepositoryException {
-        ACLTemplate.Entry entry = (ACLTemplate.Entry) createEntry(new String[] {Privilege.JCR_READ}, true);
-
-        // false since acl has been created from path only -> no id
-        assertFalse(entry.isLocal(((NodeImpl) testRootNode).getNodeId()));
-        // false since internal id is null -> will never match.
-        assertFalse(entry.isLocal(NodeId.randomId()));
-    }
+        acl = getPolicy(acMgr, testPath, testUser.getPrincipal());
+        modifyPrivileges(testPath, Privilege.JCR_READ, true);
 
-    public void testIsLocal2()  throws NotExecutableException, RepositoryException {
-        String path = testRootNode.getPath();
-        AccessControlPolicy[] acls = acMgr.getPolicies(path);
-        if (acls.length == 0) {
-            AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
-            if (!it.hasNext()) {
-                throw new NotExecutableException();
-            }
-            acMgr.setPolicy(path, it.nextAccessControlPolicy());
-            acls = acMgr.getPolicies(path);
-        }
-
-        assertTrue(acls[0] instanceof ACLTemplate);
-
-        ACLTemplate acl = (ACLTemplate) acls[0];
-        assertEquals(path, acl.getPath());
-
-        ACLTemplate.Entry entry = acl.createEntry(testPrincipal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}, true, Collections.<String,Value>emptyMap());
+        NodeImpl aclNode = (NodeImpl) superuser.getNode(acl.getPath() + "/rep:policy");
+        List<Entry> entries = Entry.readEntries(aclNode, testRootNode.getPath());
+        assertTrue(!entries.isEmpty());
+        assertEquals(1, entries.size());
 
-        // node is must be present + must match to testrootnodes id.
+        Entry entry = entries.iterator().next();
+        // false since acl has been created from path only -> no id
         assertTrue(entry.isLocal(((NodeImpl) testRootNode).getNodeId()));
-        // but not to a random id.
+        // false since internal id is null -> will never match.
         assertFalse(entry.isLocal(NodeId.randomId()));
     }
 
-    public void testRestrictions() throws RepositoryException {
+    public void testRestrictions() throws RepositoryException, NotExecutableException {
         // test if restrictions with expanded name are properly resolved
         Map<String, Value> restrictions = new HashMap<String,Value>();
         restrictions.put(ACLTemplate.P_GLOB.toString(), superuser.getValueFactory().createValue("*/test"));
 
-        Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
-        ACLTemplate.Entry ace = acl.createEntry(testPrincipal, privs, true, restrictions);
-
-        Value v = ace.getRestriction(ACLTemplate.P_GLOB.toString());
-        Value v2 = ace.getRestriction(((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB));
-        assertEquals(v, v2);
+        acl = getPolicy(acMgr, testPath, testUser.getPrincipal());
+        acl.addEntry(testUser.getPrincipal(), new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)}, true, restrictions);
+        acMgr.setPolicy(testPath, acl);
+        superuser.save();
 
         Map<String, Boolean> toMatch = new HashMap<String, Boolean>();
         toMatch.put(acl.getPath(), false);
@@ -132,8 +106,14 @@ public class EntryTest extends AbstractE
         toMatch.put(acl.getPath() + "/something/test", true);
         toMatch.put(acl.getPath() + "de/test", true);
 
+        NodeImpl aclNode = (NodeImpl) superuser.getNode(acl.getPath() + "/rep:policy");
+        List<Entry> entries = Entry.readEntries(aclNode, testRootNode.getPath());
+        assertTrue(!entries.isEmpty());
+        assertEquals(1, entries.size());
+
+        Entry entry = entries.iterator().next();
         for (String str : toMatch.keySet()) {
-            assertEquals("Path to match : " + str, toMatch.get(str).booleanValue(), ace.matches(str));
+            assertEquals("Path to match : " + str, toMatch.get(str).booleanValue(), entry.matches(str));
         }
     }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java Tue Aug  7 08:29:28 2012
@@ -38,6 +38,7 @@ public class TestAll extends TestCase {
         TestSuite suite = new ConcurrentTestSuite("security.authorization.acl tests");
 
         suite.addTestSuite(ACLTemplateTest.class);
+        suite.addTestSuite(ACLTemplateEntryTest.class);
         suite.addTestSuite(EntryTest.class);
         suite.addTestSuite(EntryCollectorTest.class);
 



Mime
View raw message