jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1372773 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/ oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/ oak-jcr/src/main/j...
Date Tue, 14 Aug 2012 08:39:50 GMT
Author: angela
Date: Tue Aug 14 08:39:49 2012
New Revision: 1372773

URL: http://svn.apache.org/viewvc?rev=1372773&view=rev
Log:
OAK-50 : Implement User Management (WIP)
OAK-136 : NodeDelegate leakage from NodeImpl

Added:
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/NodeTreeUtil.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/TreeBasedPrincipal.java   (contents, props changed)
      - copied, changed from r1371183, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ItemBasedPrincipalImpl.java
Removed:
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableNodeCreator.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ItemBasedPrincipalImpl.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/NodeImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/MembershipManager.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Tue Aug 14 08:39:49 2012
@@ -143,16 +143,22 @@ public class UserProviderImpl implements
     }
 
     @Override
-    public String createUser(String userID, String intermediateJcrPath) throws RepositoryException {
+    public Tree createUser(String userID, String intermediateJcrPath) throws RepositoryException {
         return createAuthorizableNode(userID, false, intermediateJcrPath);
     }
 
     @Override
-    public String createGroup(String groupID, String intermediateJcrPath) throws RepositoryException {
+    public Tree createGroup(String groupID, String intermediateJcrPath) throws RepositoryException {
         return createAuthorizableNode(groupID, true, intermediateJcrPath);
     }
 
     @Override
+    public Tree getAuthorizable(String authorizableId) {
+        // TODO: add implementation (requires identifier utility in oak-core)
+        return null;
+    }
+
+    @Override
     public String getContentID(String authorizableId) throws RepositoryException {
         try {
             UUID uuid = UUID.nameUUIDFromBytes(authorizableId.toLowerCase().getBytes("UTF-8"));
@@ -162,7 +168,7 @@ public class UserProviderImpl implements
         }
     }
 
-    private String createAuthorizableNode(String authorizableId, boolean isGroup, String intermediatePath) throws RepositoryException {
+    private Tree createAuthorizableNode(String authorizableId, boolean isGroup, String intermediatePath) throws RepositoryException {
         String nodeName = Text.escapeIllegalJcrChars(authorizableId);
         NodeUtil folder = createFolderNodes(authorizableId, nodeName, isGroup, intermediatePath);
 
@@ -172,7 +178,7 @@ public class UserProviderImpl implements
         String nodeID = getContentID(authorizableId);
         authorizableNode.setString(JcrConstants.JCR_UUID, nodeID);
 
-        return authorizableNode.getTree().getPath();
+        return authorizableNode.getTree();
     }
 
     /**

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java Tue Aug 14 08:39:49 2012
@@ -16,17 +16,27 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user;
 
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 
+import org.apache.jackrabbit.oak.api.Tree;
+
 /**
  * UserProvider deals with with creating and resolving repository content
  * associated with {@code User}s and {@code Group}s.
  */
 public interface UserProvider {
 
-    String createUser(String userId, String intermediateJcrPath) throws RepositoryException;
+    @Nonnull
+    Tree createUser(String userId, String intermediateJcrPath) throws RepositoryException;
+
+    @Nonnull
+    Tree createGroup(String groupId, String intermediateJcrPath) throws RepositoryException;
 
-    String createGroup(String groupId, String intermediateJcrPath) throws RepositoryException;
+    @CheckForNull
+    Tree getAuthorizable(String authorizableId);
 
+    @Nonnull
     String getContentID(String authorizableId) throws RepositoryException;
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/NodeImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/NodeImpl.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/NodeImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/NodeImpl.java Tue Aug 14 08:39:49 2012
@@ -1292,13 +1292,6 @@ public class NodeImpl extends ItemImpl<N
 
     }
 
-    //-----------------------------------------------------------< internal >---
-
-    // FIXME: remove again. See OAK-136
-    NodeDelegate getNodeDelegate() {
-        return dlg;
-    }
-
     //------------------------------------------------------------< private >---
 
     private static Iterator<Node> nodeIterator(Iterator<NodeDelegate> childNodes) {

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Tue Aug 14 08:39:49 2012
@@ -25,11 +25,11 @@ import java.util.concurrent.ScheduledExe
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.ItemExistsException;
-import javax.jcr.Node;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.jcr.Workspace;
 import javax.jcr.lock.LockManager;
 import javax.jcr.nodetype.NodeTypeManager;
@@ -38,6 +38,7 @@ import javax.jcr.query.Query;
 import javax.jcr.query.QueryManager;
 import javax.jcr.version.VersionManager;
 
+import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.ChangeExtractor;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
@@ -52,11 +53,13 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.core.DefaultConflictHandler;
 import org.apache.jackrabbit.oak.jcr.observation.ObservationManagerImpl;
+import org.apache.jackrabbit.oak.jcr.security.user.UserManagerImpl;
 import org.apache.jackrabbit.oak.jcr.value.ValueFactoryImpl;
 import org.apache.jackrabbit.oak.namepath.AbstractNameMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
 import org.apache.jackrabbit.oak.plugins.value.AnnotatingConflictHandler;
+import org.apache.jackrabbit.oak.util.TODO;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -182,14 +185,6 @@ public class SessionDelegate {
         return tree == null ? null : new NodeDelegate(this, tree);
     }
 
-    public NodeDelegate getNode(Node jcrNode) {
-        if (jcrNode instanceof NodeImpl) {
-            return ((NodeImpl) jcrNode).getNodeDelegate();
-        } else {
-            throw new IllegalArgumentException("NodeImpl expected");
-        }
-    }
-
     @CheckForNull
     public NodeDelegate getNodeByIdentifier(String id) {
         // TODO delegate identifier handling  to the OAK-API (or oak-utility)
@@ -480,6 +475,10 @@ public class SessionDelegate {
         }
     }
 
+    UserManager getUserManager() throws UnsupportedRepositoryOperationException {
+        return TODO.unimplemented().returnValue(new UserManagerImpl(this, root, null));
+    }
+
     //--------------------------------------------------< SessionNameMapper >---
 
     private class SessionNameMapper extends AbstractNameMapper {

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java Tue Aug 14 08:39:49 2012
@@ -50,7 +50,6 @@ import org.apache.jackrabbit.commons.Abs
 import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerImpl;
-import org.apache.jackrabbit.oak.jcr.security.user.UserManagerImpl;
 import org.apache.jackrabbit.oak.jcr.xml.XmlImportHandler;
 import org.apache.jackrabbit.oak.security.principal.KernelPrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
@@ -533,7 +532,7 @@ public class SessionImpl extends Abstrac
     @Override
     @Nonnull
     public UserManager getUserManager() throws RepositoryException {
-        return TODO.unimplemented().returnValue(new UserManagerImpl(dlg, null));
+        return dlg.getUserManager();
     }
 
     //------------------------------------------------------------< private >---

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java Tue Aug 14 08:39:49 2012
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.jcr.se
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.util.Text;
@@ -39,6 +40,9 @@ import java.util.List;
 
 /**
  * AuthorizableImpl... TODO
+ *
+ * FIXME: get rid of keeping both tree AND node fields. this is workaround for
+ *        missing conversion from Node to Tree and vice version in OAK-JCR
  */
 abstract class AuthorizableImpl implements Authorizable, UserConstants {
 
@@ -48,13 +52,16 @@ abstract class AuthorizableImpl implemen
     private static final Logger log = LoggerFactory.getLogger(AuthorizableImpl.class);
 
     private final Node node;
+    private final Tree tree;
     private final UserManagerImpl userManager;
 
     private int hashCode;
 
-    AuthorizableImpl(Node node, UserManagerImpl userManager) throws RepositoryException {
-        this.userManager = userManager;
+    AuthorizableImpl(Node node, Tree tree, UserManagerImpl userManager) throws RepositoryException {
         this.node = node;
+        this.tree = tree;
+        this.userManager = userManager;
+
         checkValidNode(node);
     }
 
@@ -281,6 +288,14 @@ abstract class AuthorizableImpl implemen
         return node;
     }
 
+    Tree getTree() {
+        return tree;
+    }
+
+    String getContentID() throws RepositoryException {
+        return getNode().getUUID();
+    }
+
     String getJcrName(String oakName) {
         return userManager.getJcrName(oakName);
     }

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java Tue Aug 14 08:39:49 2012
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.jcr.se
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.commons.flat.PropertySequence;
+import org.apache.jackrabbit.oak.api.CoreValue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -28,6 +29,7 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import java.util.Arrays;
 import java.util.Iterator;
+import java.util.List;
 import java.util.NoSuchElementException;
 
 /**
@@ -44,8 +46,8 @@ class AuthorizableIterator implements It
 
     private Authorizable next;
 
-    AuthorizableIterator(Value[] authorizableNodeIds, int authorizableType, UserManagerImpl userManager) {
-        this(Arrays.asList(authorizableNodeIds).iterator(), authorizableType, userManager, authorizableNodeIds.length);
+    AuthorizableIterator(List<CoreValue> authorizableNodeIds, int authorizableType, UserManagerImpl userManager) {
+        this(Arrays.asList(authorizableNodeIds).iterator(), authorizableType, userManager, authorizableNodeIds.size());
     }
 
     AuthorizableIterator(PropertySequence authorizableNodeIds, int authorizableType, UserManagerImpl userManager) {
@@ -111,7 +113,9 @@ class AuthorizableIterator implements It
     }
 
     private static String getNodeId(Object o) throws RepositoryException {
-        if (o instanceof Value) {
+        if (o instanceof CoreValue) {
+            return ((CoreValue) o).getString();
+        } else if (o instanceof Value) {
             return ((Value) o).getString();
         } else if (o instanceof Property) {
             return ((Property) o).getString();

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java Tue Aug 14 08:39:49 2012
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.jcr.se
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -39,8 +40,8 @@ class GroupImpl extends AuthorizableImpl
      */
     private static final Logger log = LoggerFactory.getLogger(GroupImpl.class);
 
-    GroupImpl(Node node, UserManagerImpl userManager) throws RepositoryException {
-        super(node, userManager);
+    GroupImpl(Node node, Tree tree, UserManagerImpl userManager) throws RepositoryException {
+        super(node, tree, userManager);
     }
 
     @Override
@@ -64,7 +65,7 @@ class GroupImpl extends AuthorizableImpl
      */
     @Override
     public Principal getPrincipal() throws RepositoryException {
-        return new GroupPrincipal(getPrincipalName(), getNode().getPath());
+        return new GroupPrincipal(getPrincipalName());
     }
 
     //--------------------------------------------------------------< Group >---
@@ -162,6 +163,7 @@ class GroupImpl extends AuthorizableImpl
      */
     private Iterator<Authorizable> getMembers(boolean includeInherited) throws RepositoryException {
         if (isEveryone()) {
+            // TODO: improve using authorizable-query
             String propName = getJcrName(REP_PRINCIPAL_NAME);
             return getUserManager().findAuthorizables(propName, null, UserManager.SEARCH_TYPE_AUTHORIZABLE);
         } else {
@@ -198,10 +200,10 @@ class GroupImpl extends AuthorizableImpl
     /**
      * Principal representation of this group instance.
      */
-    private class GroupPrincipal extends ItemBasedPrincipalImpl implements java.security.acl.Group {
+    private class GroupPrincipal extends TreeBasedPrincipal implements java.security.acl.Group {
 
-        GroupPrincipal(String principalName, String nodePath) {
-            super(principalName, getNode());
+        GroupPrincipal(String principalName) {
+            super(principalName, getTree(), getUserManager().getSessionDelegate().getNamePathMapper());
         }
 
         @Override

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java Tue Aug 14 08:39:49 2012
@@ -16,27 +16,29 @@
  */
 package org.apache.jackrabbit.oak.jcr.security.user;
 
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.HashSet;
+import java.util.Set;
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.security.auth.Subject;
+
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Impersonation;
+import org.apache.jackrabbit.oak.api.CoreValue;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.jcr.security.principal.PrincipalIteratorAdapter;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.PropertyType;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.Value;
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.HashSet;
-import java.util.Set;
-
 /**
  * ImpersonationImpl...
  */
@@ -163,7 +165,7 @@ class ImpersonationImpl implements Imper
                 if (p instanceof Group) {
                     continue;
                 }
-                UserManagerImpl userManager = getUserManagerImpl();
+                UserManagerImpl userManager = user.getUserManager();
                 Authorizable a = userManager.getAuthorizable(p);
                 if (a != null && userManager.isAdminId(a.getID())) {
                     allows = true;
@@ -178,10 +180,10 @@ class ImpersonationImpl implements Imper
 
     private Set<String> getImpersonatorNames() throws RepositoryException {
         Set<String> princNames = new HashSet<String>();
-        String propName = user.getJcrName(REP_IMPERSONATORS);
-        if (user.getNode().hasProperty(propName)) {
-            Value[] vs = user.getNode().getProperty(propName).getValues();
-            for (Value v : vs) {
+        Tree userTree = user.getTree();
+        PropertyState impersonators = userTree.getProperty(REP_IMPERSONATORS);
+        if (impersonators != null) {
+            for (CoreValue v : impersonators.getValues()) {
                 princNames.add(v.getString());
             }
         }
@@ -191,22 +193,18 @@ class ImpersonationImpl implements Imper
     private void updateImpersonatorNames(Set<String> principalNames) throws RepositoryException {
         String[] pNames = principalNames.toArray(new String[principalNames.size()]);
         if (pNames.length == 0) {
-            user.getUserManager().removeInternalProperty(user.getNode(), REP_IMPERSONATORS);
+            user.getUserManager().removeInternalProperty(user.getTree(), REP_IMPERSONATORS);
         } else {
-            user.getUserManager().setInternalProperty(user.getNode(), REP_IMPERSONATORS, pNames, PropertyType.STRING);
+            user.getUserManager().setInternalProperty(user.getTree(), REP_IMPERSONATORS, pNames, PropertyType.STRING);
         }
     }
 
     private PrincipalManager getPrincipalManager() throws RepositoryException {
-        Session s = user.getNode().getSession();
+        Session s = user.getUserManager().getSession();
         if (s instanceof JackrabbitSession) {
             return ((JackrabbitSession) s).getPrincipalManager();
         } else {
             throw new UnsupportedRepositoryOperationException("Principal management not supported.");
         }
     }
-
-    private UserManagerImpl getUserManagerImpl() {
-        return user.getUserManager();
-    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/MembershipManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/MembershipManager.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/MembershipManager.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/MembershipManager.java Tue Aug 14 08:39:49 2012
@@ -16,6 +16,17 @@
  */
 package org.apache.jackrabbit.oak.jcr.security.user;
 
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Iterator;
+import java.util.List;
+import javax.jcr.Node;
+import javax.jcr.PropertyIterator;
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+
+import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.UserManager;
@@ -25,49 +36,33 @@ import org.apache.jackrabbit.commons.fla
 import org.apache.jackrabbit.commons.flat.Rank;
 import org.apache.jackrabbit.commons.flat.TreeManager;
 import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
+import org.apache.jackrabbit.oak.api.CoreValue;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.collect.Iterators;
-
-import javax.jcr.Node;
-import javax.jcr.Property;
-import javax.jcr.PropertyIterator;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.ValueFactory;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Comparator;
-import java.util.Iterator;
-import java.util.List;
-
 /**
  * MembershipManager...
  */
-class MembershipManager {
+class MembershipManager implements UserConstants {
 
     private static final Logger log = LoggerFactory.getLogger(MembershipManager.class);
 
     private final UserManagerImpl userManager;
-    private final ValueFactory valueFactory;
     private final int memberSplitSize;
 
-    private final String repMembers;
-
-    MembershipManager(UserManagerImpl userManager, int memberSplitSize, ValueFactory valueFactory) {
+    MembershipManager(UserManagerImpl userManager, int memberSplitSize) {
         this.userManager = userManager;
-        this.valueFactory = valueFactory;
         this.memberSplitSize = memberSplitSize;
-
-        repMembers = userManager.getJcrName(UserConstants.REP_MEMBERS);
     }
 
     Iterator<Group> getMembership(AuthorizableImpl authorizable, boolean includeInherited) throws RepositoryException {
         PropertyIterator refs = null;
         try {
-            String nodeID = authorizable.getNode().getIdentifier();
+            String nodeID = authorizable.getContentID();
             refs = authorizable.getNode().getWeakReferences(null);
         } catch (RepositoryException e) {
             log.error("Failed to retrieve membership references of " + authorizable.getID(), e);
@@ -88,7 +83,7 @@ class MembershipManager {
     }
 
     boolean isMember(GroupImpl group, AuthorizableImpl authorizable, boolean includeInherited) throws RepositoryException {
-        Node node = group.getNode();
+        Tree groupTree = group.getTree();
 
         if (includeInherited) {
             Iterator<Group> groups = getMembership(authorizable, true);
@@ -99,17 +94,21 @@ class MembershipManager {
                 }
             }
         } else {
-            if (useMemberNode(node)) {
-                if (node.hasNode(repMembers)) {
-                    // TODO: fix.. testing for property name isn't correct.
-                    PropertySequence propertySequence = getPropertySequence(node.getNode(repMembers));
-                    return propertySequence.hasItem(authorizable.getID());
+            if (useMemberNode(groupTree)) {
+                Tree membersTree = groupTree.getChild(REP_MEMBERS);
+                if (membersTree != null) {
+                    // FIXME: fix.. testing for property name isn't correct.
+                    // FIXME: usage of PropertySequence isn't possible when operating on oak-API
+//                    PropertySequence propertySequence = getPropertySequence(membersTree);
+//                    return propertySequence.hasItem(authorizable.getID());
+                    return false;
                 }
             } else {
-                if (node.hasProperty(repMembers)) {
-                    Value[] members = node.getProperty(repMembers).getValues();
-                    for (Value v : members) {
-                        if (authorizable.getNode().getIdentifier().equals(v.getString())) {
+                PropertyState property = groupTree.getProperty(REP_MEMBERS);
+                if (property != null) {
+                    List<CoreValue> members = property.getValues();
+                    for (CoreValue v : members) {
+                        if (authorizable.getContentID().equals(v.getString())) {
                             return true;
                         }
                     }
@@ -122,16 +121,20 @@ class MembershipManager {
 
     Iterator<Authorizable> getMembers(GroupImpl group, int authorizableType,
                                       boolean includeInherited) throws RepositoryException {
-        Node node = group.getNode();
+        Tree groupTree = group.getTree();
         AuthorizableIterator iterator = null;
-        if (useMemberNode(node)) {
-            if (node.hasNode(repMembers)) {
-                PropertySequence propertySequence = getPropertySequence(node.getNode(repMembers));
-                iterator = new AuthorizableIterator(propertySequence, authorizableType, userManager);
+
+        if (useMemberNode(groupTree)) {
+            Tree membersTree = groupTree.getChild(REP_MEMBERS);
+            if (membersTree != null) {
+                // FIXME: replace usage of PropertySequence (oak-api not possible there)
+//                PropertySequence propertySequence = getPropertySequence(membersTree);
+//                iterator = new AuthorizableIterator(propertySequence, authorizableType, userManager);
             }
         } else {
-            if (node.hasProperty(repMembers)) {
-                Value[] members = node.getProperty(repMembers).getValues();
+            PropertyState property = groupTree.getProperty(REP_MEMBERS);
+            if (property != null) {
+                List<CoreValue> members = property.getValues();
                 iterator = new AuthorizableIterator(members, authorizableType, userManager);
             }
         }
@@ -148,54 +151,71 @@ class MembershipManager {
     }
 
     boolean addMember(GroupImpl group, AuthorizableImpl authorizable) throws RepositoryException {
-        Node node = group.getNode();
-        if (useMemberNode(node)) {
-            // TODO: modify items on oak-api directly
+        Tree groupTree = group.getTree();
+        if (useMemberNode(groupTree)) {
+            Tree membersTree = groupTree.getChild(REP_MEMBERS);
+            if (membersTree == null) {
+                membersTree = groupTree.addChild(REP_MEMBERS);
+                membersTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, getCoreValueFactory().createValue(NT_REP_MEMBERS, PropertyType.NAME));
+            }
+
+            //FIXME: replace usage of PropertySequence with oak-compatible utility
+//            PropertySequence properties = getPropertySequence(membersTree);
+//            String propName = Text.escapeIllegalJcrChars(authorizable.getID());
+//            if (properties.hasItem(propName)) {
+//                log.debug("Authorizable {} is already member of {}", authorizable, this);
+//                return false;
+//            } else {
+//                CoreValue newMember = createCoreValue(authorizable);
+//                properties.addProperty(propName, newMember);
+//            }
         } else {
-            Node memberNode = authorizable.getNode();
-            Value[] values;
-            Value toAdd = valueFactory.createValue(memberNode, true);
-            if (node.hasProperty(repMembers)) {
-                Value[] old = node.getProperty(repMembers).getValues();
-                values = new Value[old.length + 1];
-                System.arraycopy(old, 0, values, 0, old.length);
+            List<CoreValue> values;
+            CoreValue toAdd = createCoreValue(authorizable);
+
+            PropertyState property = groupTree.getProperty(REP_MEMBERS);
+            if (property != null) {
+                values = property.getValues();
+                if (values.contains(toAdd)) {
+                    return false;
+                } else {
+                    values.add(toAdd);
+                }
             } else {
-                values = new Value[1];
+                values = Collections.singletonList(toAdd);
             }
-            values[values.length - 1] = toAdd;
-
-            userManager.setInternalProperty(node, repMembers, values);
+            userManager.setInternalProperty(groupTree, REP_MEMBERS, values);
         }
         return true;
     }
 
     boolean removeMember(GroupImpl group, AuthorizableImpl authorizable) throws RepositoryException {
-        Node node = group.getNode();
-
-        if (useMemberNode(node)) {
-            if (node.hasNode(repMembers)) {
-                Node nMembers = node.getNode(repMembers);
-                PropertySequence properties = getPropertySequence(nMembers);
-                String propName = authorizable.getNode().getName();
-                // TODO: fix.. testing for property name isn't correct.
-                if (properties.hasItem(propName)) {
-                    Property p = properties.getItem(propName);
-                    userManager.removeInternalProperty(p.getParent(), propName);
-                }
-                return true;
+        Tree groupTree = group.getTree();
+        if (useMemberNode(groupTree)) {
+            Tree membersTree = groupTree.getChild(REP_MEMBERS);
+            if (membersTree != null) {
+                // FIXME: replace usage of PropertySequence with oak-compatible utility
+//                PropertySequence properties = getPropertySequence(membersTree);
+//                String propName = authorizable.getTree().getName();
+                // FIXME: fix.. testing for property name isn't correct.
+//                if (properties.hasItem(propName)) {
+//                    Property p = properties.getItem(propName);
+//                    userManager.removeInternalProperty(p.getParent(), propName);
+//                }
+//                return true;
+                return false;
             }
         } else {
-            if (node.hasProperty(repMembers)) {
-                Value toRemove = valueFactory.createValue((authorizable).getNode(), true);
-                Property property = node.getProperty(repMembers);
-                List<Value> valList = new ArrayList<Value>(Arrays.asList(property.getValues()));
-
-                if (valList.remove(toRemove)) {
-                    if (valList.isEmpty()) {
-                        userManager.removeInternalProperty(node, repMembers);
+            PropertyState property = groupTree.getProperty(REP_MEMBERS);
+            if (property != null) {
+                CoreValue toRemove = createCoreValue(authorizable);
+                List<CoreValue> values = property.getValues();
+
+                if (values.remove(toRemove)) {
+                    if (values.isEmpty()) {
+                        userManager.removeInternalProperty(groupTree, REP_MEMBERS);
                     } else {
-                        Value[] values = valList.toArray(new Value[valList.size()]);
-                        userManager.setInternalProperty(node, repMembers, values);
+                        userManager.setInternalProperty(groupTree, REP_MEMBERS, values);
                     }
                     return true;
                 }
@@ -208,10 +228,11 @@ class MembershipManager {
     }
 
     //--------------------------------------------------------------------------
-    private boolean useMemberNode(Node n) throws RepositoryException {
-        return memberSplitSize >= 4 && !n.hasProperty(repMembers);
+    private boolean useMemberNode(Tree groupTree) {
+        return memberSplitSize >= 4 && !groupTree.hasProperty(REP_MEMBERS);
     }
 
+    // FIXME: replace usage of PropertySequence with utility operating on oak-api
     private PropertySequence getPropertySequence(Node nMembers) throws RepositoryException {
         Comparator<String> order = Rank.comparableComparator();
         int minChildren = memberSplitSize / 2;
@@ -296,4 +317,12 @@ class MembershipManager {
 
         return new InheritingAuthorizableIterator(inheritedMembership);
     }
+
+    private CoreValue createCoreValue(AuthorizableImpl authorizable) throws RepositoryException {
+        return getCoreValueFactory().createValue(authorizable.getContentID(), PropertyType.WEAKREFERENCE);
+    }
+
+    private CoreValueFactory getCoreValueFactory() {
+        return userManager.getSessionDelegate().getContentSession().getCoreValueFactory();
+    }
 }
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/NodeTreeUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/NodeTreeUtil.java?rev=1372773&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/NodeTreeUtil.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/NodeTreeUtil.java Tue Aug 14 08:39:49 2012
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+
+/**
+ * NodeUtil...
+ *
+ * FIXME: remove again.
+ * FIXME: this is a tmp workaround for missing conversion from Node to Tree
+ */
+class NodeTreeUtil {
+
+    private final Session session;
+    private final Root root;
+    private final NamePathMapper mapper;
+
+    NodeTreeUtil(Session session, Root root, NamePathMapper mapper) {
+        this.session = session;
+        this.root = root;
+        this.mapper = mapper;
+    }
+
+    Tree getTree(Node node) throws RepositoryException {
+        return root.getTree(mapper.getOakPath(node.getPath()));
+    }
+
+    Node getNode(Tree tree) throws RepositoryException {
+        return session.getNode(mapper.getJcrPath(tree.getPath()));
+    }
+}
\ No newline at end of file

Copied: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/TreeBasedPrincipal.java (from r1371183, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ItemBasedPrincipalImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/TreeBasedPrincipal.java?p2=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/TreeBasedPrincipal.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ItemBasedPrincipalImpl.java&r1=1371183&r2=1372773&rev=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ItemBasedPrincipalImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/TreeBasedPrincipal.java Tue Aug 14 08:39:49 2012
@@ -18,35 +18,37 @@ package org.apache.jackrabbit.oak.jcr.se
 
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.PathMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.Item;
-import javax.jcr.RepositoryException;
 import java.security.Principal;
 
 /**
- * ItemBasedPrincipalImpl...
+ * TreeBasedPrincipal...
  */
-class ItemBasedPrincipalImpl implements ItemBasedPrincipal {
+class TreeBasedPrincipal implements ItemBasedPrincipal {
 
     /**
      * logger instance
      */
-    private static final Logger log = LoggerFactory.getLogger(ItemBasedPrincipalImpl.class);
+    private static final Logger log = LoggerFactory.getLogger(TreeBasedPrincipal.class);
 
     private final String principalName;
-    private final Item item;
+    private final Tree tree;
+    private final PathMapper pathMapper;
 
-    ItemBasedPrincipalImpl(String principalName, Item item) {
+    TreeBasedPrincipal(String principalName, Tree tree, PathMapper pathMapper) {
         this.principalName = principalName;
-        this.item = item;
+        this.tree = tree;
+        this.pathMapper = pathMapper;
     }
 
     //-------------------------------------------------< ItemBasedPrincipal >---
     @Override
-    public String getPath() throws RepositoryException {
-        return item.getPath();
+    public String getPath() {
+        return pathMapper.getJcrPath(tree.getPath());
     }
 
     //----------------------------------------------------------< Principal >---

Propchange: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/TreeBasedPrincipal.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java Tue Aug 14 08:39:49 2012
@@ -18,6 +18,8 @@ package org.apache.jackrabbit.oak.jcr.se
 
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -39,8 +41,8 @@ class UserImpl extends AuthorizableImpl 
      */
     private static final Logger log = LoggerFactory.getLogger(UserImpl.class);
 
-    UserImpl(Node node, UserManagerImpl userManager) throws RepositoryException {
-        super(node, userManager);
+    UserImpl(Node node, Tree tree, UserManagerImpl userManager) throws RepositoryException {
+        super(node, tree, userManager);
     }
 
     void checkValidNode(Node node) throws RepositoryException {
@@ -64,7 +66,7 @@ class UserImpl extends AuthorizableImpl 
     @Override
     public Principal getPrincipal() throws RepositoryException {
         String principalName = getPrincipalName();
-        return new ItemBasedPrincipalImpl(principalName, getNode());
+        return new TreeBasedPrincipal(principalName, getTree(), getUserManager().getSessionDelegate().getNamePathMapper());
 
     }
 
@@ -108,7 +110,7 @@ class UserImpl extends AuthorizableImpl 
     public void changePassword(String password) throws RepositoryException {
         UserManagerImpl userManager = getUserManager();
         userManager.onPasswordChange(this, password);
-        userManager.setPassword(getNode(), password, true);
+        userManager.setPassword(getTree(), password, true);
     }
 
     /**
@@ -118,9 +120,9 @@ class UserImpl extends AuthorizableImpl 
     public void changePassword(String password, String oldPassword) throws RepositoryException {
         // make sure the old password matches.
         String pwHash = null;
-        String pwPropName = getJcrName(REP_PASSWORD);
-        if (getNode().hasProperty(pwPropName)) {
-            pwHash = getNode().getProperty(pwPropName).getString();
+        PropertyState pwProp = getTree().getProperty(REP_PASSWORD);
+        if (pwProp != null) {
+            pwHash = pwProp.getValue().getString();
         }
         if (!PasswordUtility.isSame(pwHash, oldPassword)) {
             throw new RepositoryException("Failed to change password: Old password does not match.");
@@ -139,10 +141,10 @@ class UserImpl extends AuthorizableImpl 
         if (reason == null) {
             if (isDisabled()) {
                 // enable the user again.
-                getUserManager().removeInternalProperty(getNode(), REP_DISABLED);
+                getUserManager().removeInternalProperty(getTree(), REP_DISABLED);
             } // else: nothing to do.
         } else {
-            getUserManager().setInternalProperty(getNode(), REP_DISABLED, reason, PropertyType.STRING);
+            getUserManager().setInternalProperty(getTree(), REP_DISABLED, reason, PropertyType.STRING);
         }
     }
 
@@ -150,19 +152,19 @@ class UserImpl extends AuthorizableImpl 
      * @see org.apache.jackrabbit.api.security.user.User#isDisabled()
      */
     @Override
-    public boolean isDisabled() throws RepositoryException {
-        return getNode().hasProperty(getJcrName(REP_DISABLED));
+    public boolean isDisabled() {
+        return getTree().hasProperty(REP_DISABLED);
     }
 
     /**
      * @see org.apache.jackrabbit.api.security.user.User#getDisabledReason()
      */
     @Override
-    public String getDisabledReason() throws RepositoryException {
-        if (isDisabled()) {
-            return getNode().getProperty(getJcrName(REP_DISABLED)).getString();
-        } else {
+    public String getDisabledReason() {
+        PropertyState disabled = getTree().getProperty(REP_DISABLED);
+        if (disabled != null) {
+            return disabled.getValue().getString();
+        } else
             return null;
-        }
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java?rev=1372773&r1=1372772&r2=1372773&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java Tue Aug 14 08:39:49 2012
@@ -28,7 +28,6 @@ import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.Value;
 
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -38,13 +37,17 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.CoreValue;
-import org.apache.jackrabbit.oak.jcr.PropertyDelegate;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.jcr.SessionDelegate;
 import org.apache.jackrabbit.oak.jcr.value.ValueConverter;
+import org.apache.jackrabbit.oak.security.user.UserProviderImpl;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserManagerConfig;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -58,14 +61,18 @@ public class UserManagerImpl implements 
 
     private final SessionDelegate sessionDelegate;
     private final UserManagerConfig config;
-    private final AuthorizableNodeCreator nodeCreator;
+    private final UserProvider userProvider;
+    private final NodeTreeUtil util;
 
     private MembershipManager membershipManager;
     
-    public UserManagerImpl(SessionDelegate sessionDelegate, UserManagerConfig config) {
+    public UserManagerImpl(SessionDelegate sessionDelegate, Root root, UserManagerConfig config) {
         this.sessionDelegate = sessionDelegate;
         this.config = (config == null) ? new UserManagerConfig("admin") : config;
-        nodeCreator = new AuthorizableNodeCreator(sessionDelegate, this.config);
+        userProvider = new UserProviderImpl(root, sessionDelegate.getContentSession().getCoreValueFactory(), sessionDelegate.getNamePathMapper(), this.config);
+
+        // FIXME: remove again. only tmp workaround
+        this.util = new NodeTreeUtil(sessionDelegate.getSession(), root, sessionDelegate.getNamePathMapper());
     }
 
     //--------------------------------------------------------< UserManager >---
@@ -75,8 +82,13 @@ public class UserManagerImpl implements 
     @Override
     public Authorizable getAuthorizable(String id) throws RepositoryException {
         Authorizable authorizable = null;
+        // TODO: replace
+//        Tree tree = userProvider.getAuthorizable(id);
+//        if (tree != null) {
+//            authorizable = getAuthorizable(tree);
+//        }
         try {
-            Node node = getSession().getNodeByIdentifier(nodeCreator.getNodeID(id));
+            Node node = getSession().getNodeByIdentifier(userProvider.getContentID(id));
             authorizable = getAuthorizable(node);
         } catch (ItemNotFoundException e) {
             log.debug("No authorizable with ID " + id);
@@ -162,14 +174,14 @@ public class UserManagerImpl implements 
         checkValidID(userID);
         checkValidPrincipal(principal, false);
 
-        Node userNode = nodeCreator.createUserNode(userID, intermediatePath);
-        setPrincipal(userNode, principal);
-        setPassword(userNode, password, true);
+        Tree userTree = userProvider.createUser(userID, intermediatePath);
+        setPrincipal(userTree, principal);
+        setPassword(userTree, password, true);
 
-        User user = new UserImpl(userNode, this);
+        User user = new UserImpl(util.getNode(userTree), userTree, this);
         onCreate(user, password);
 
-        log.debug("User created: " + userID + "; " + userNode.getPath());
+        log.debug("User created: " + userID);
         return user;
     }
 
@@ -199,13 +211,13 @@ public class UserManagerImpl implements 
         checkValidID(groupID);
         checkValidPrincipal(principal, true);
 
-        Node groupNode = nodeCreator.createGroupNode(groupID, intermediatePath);
-        setPrincipal(groupNode, principal);
+        Tree groupTree = userProvider.createGroup(groupID, intermediatePath);
+        setPrincipal(groupTree, principal);
 
-        Group group = new GroupImpl(groupNode, this);
+        Group group = new GroupImpl(util.getNode(groupTree), groupTree, this);
         onCreate(group);
 
-        log.debug("Group created: " + groupID + "; " + groupNode.getPath());
+        log.debug("Group created: " + groupID);
         return group;
     }
 
@@ -309,7 +321,7 @@ public class UserManagerImpl implements 
      * @param forceHash If true the specified password will always be hashed.
      * @throws javax.jcr.RepositoryException If an error occurs
      */
-    void setPassword(Node userNode, String password, boolean forceHash) throws RepositoryException {
+    void setPassword(Tree userNode, String password, boolean forceHash) throws RepositoryException {
         if (password == null) {
             log.debug("Password is null.");
             return;
@@ -332,34 +344,33 @@ public class UserManagerImpl implements 
         setInternalProperty(userNode, UserConstants.REP_PASSWORD, pwHash, PropertyType.STRING);
     }
 
-    void setPrincipal(Node userNode, Principal principal) throws RepositoryException {
-        if (!userNode.isNew() || userNode.hasProperty(getJcrName(UserConstants.REP_PRINCIPAL_NAME))) {
+    void setPrincipal(Tree userNode, Principal principal) throws RepositoryException {
+        if (userNode.getStatus() != Tree.Status.NEW || userNode.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) {
             throw new RepositoryException("rep:principalName can only be set once on a new node.");
         }
         setInternalProperty(userNode, UserConstants.REP_PRINCIPAL_NAME, principal.getName(), PropertyType.STRING);
     }
 
-    void setInternalProperty(Node userNode, String oakName, String value, int type) throws RepositoryException {
+    void setInternalProperty(Tree userNode, String oakName, String value, int type) throws RepositoryException {
         CoreValue cv = ValueConverter.toCoreValue(value, type, sessionDelegate);
-        sessionDelegate.getNode(userNode).setProperty(oakName, cv);
+        userNode.setProperty(oakName, cv);
     }
 
-    void setInternalProperty(Node userNode, String oakName, String[] values, int type) throws RepositoryException {
+    void setInternalProperty(Tree userNode, String oakName, String[] values, int type) throws RepositoryException {
         List<CoreValue> cvs = ValueConverter.toCoreValues(values, type, sessionDelegate);
-        sessionDelegate.getNode(userNode).setProperty(oakName, cvs);
+        userNode.setProperty(oakName, cvs);
     }
 
-    void setInternalProperty(Node userNode, String oakName, Value[] values) throws RepositoryException {
-        List<CoreValue> cvs = ValueConverter.toCoreValues(values, sessionDelegate);
-        sessionDelegate.getNode(userNode).setProperty(oakName, cvs);
+    void setInternalProperty(Tree userNode, String oakName, List<CoreValue> values) throws RepositoryException {
+        userNode.setProperty(oakName, values);
     }
 
-    void removeInternalProperty(Node userNode, String oakName) throws RepositoryException {
-        PropertyDelegate pd = sessionDelegate.getNode(userNode).getProperty(oakName);
+    void removeInternalProperty(Tree userNode, String oakName) throws RepositoryException {
+        PropertyState pd = userNode.getProperty(oakName);
         if (pd == null) {
             throw new PathNotFoundException("Missing authorizable property " + oakName);
         } else {
-            pd.remove();
+            userNode.removeProperty(oakName);
         }
     }
 
@@ -367,6 +378,10 @@ public class UserManagerImpl implements 
         return sessionDelegate.getSession();
     }
 
+    SessionDelegate getSessionDelegate() {
+        return sessionDelegate;
+    }
+
     MembershipManager getMembershipManager() {
         if (membershipManager == null) {
             int splitSize = config.getConfigValue(UserManagerConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE, 0);
@@ -374,16 +389,16 @@ public class UserManagerImpl implements 
                 log.warn("Invalid value {} for {}. Expected integer >= 4", splitSize, UserManagerConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE);
                 splitSize = 0;
             }
-            membershipManager = new MembershipManager(this, splitSize, sessionDelegate.getValueFactory());
+            membershipManager = new MembershipManager(this, splitSize);
         }
         return membershipManager;
     }
 
     Authorizable getAuthorizable(Node node) throws RepositoryException {
         if (node.isNodeType(getJcrName(UserConstants.NT_REP_USER))) {
-            return new UserImpl(node, this);
+            return new UserImpl(node, util.getTree(node), this);
         } else if (node.isNodeType(getJcrName(UserConstants.NT_REP_GROUP))) {
-            return new GroupImpl(node, this);
+            return new GroupImpl(node, util.getTree(node), this);
         } else {
             throw new RepositoryException("Unexpected node type " + node.getPrimaryNodeType().getName() + ". Expected rep:User or rep:Group.");
         }



Mime
View raw message