jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1393009 [1/2] - in /jackrabbit/oak/trunk: oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/ oak-core/ oak-core/src/main/java/org/apache/jackrabbit/oak/ oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/m...
Date Tue, 02 Oct 2012 16:21:14 GMT
Author: angela
Date: Tue Oct  2 16:21:12 2012
New Revision: 1393009

URL: http://svn.apache.org/viewvc?rev=1393009&view=rev
Log:
OAK-50 : Implement User Management (WIP)

- move implementation of jackrabbit-api to user-plugin code
- remove hardcoded uservalidator from RepositoryImpl
- change UserContext#getUserValidatorProvider to return list
- adjust SessionDelegate such that user-mgt implementation is created from UserContext 
   which itself is part of the SecurityProvider -> Oak.with(SecurityProvider)
   
OAK-51 : Implement JCR Access Control Management 

- rename AccessControlContextProvider to AccessControlProvider
- add method to retrieve implementation specific validation providers associated with that implementation
- replace Oak.with(AccessControlContextProvider) by with(SecurityProvider) in order to assert that
   the various security related components are managed and maintained together
   
OAK-91 : Implement Authentication Support 

- replace Oak.with(LoginContextProvider) by with(SecurityProvider) in order to assert that
   the various security related components are managed and maintained together

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java   (contents, props changed)
      - copied, changed from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java   (contents, props changed)
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java   (contents, props changed)
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java   (contents, props changed)
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java   (contents, props changed)
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java   (contents, props changed)
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java   (contents, props changed)
      - copied, changed from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java   (contents, props changed)
      - copied, changed from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java   (contents, props changed)
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableTest.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java
      - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImplTest.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImplTest.java
Modified:
    jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java
    jackrabbit/oak/trunk/oak-core/pom.xml
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/OsgiRepository.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
    jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/run/Main.java

Modified: jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java (original)
+++ jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java Tue Oct  2 16:21:12 2012
@@ -178,7 +178,7 @@ public abstract class AbstractPerformanc
         mk = new IndexWrapper(mk);
         ContentRepository contentRepository =
                 new Oak(mk).createContentRepository();
-        return new RepositoryImpl(contentRepository, null);
+        return new RepositoryImpl(contentRepository, null, null);
 
     }
 

Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Tue Oct  2 16:21:12 2012
@@ -44,7 +44,7 @@
               org.apache.jackrabbit.oak.core,
               org.apache.jackrabbit.oak.util,
               org.apache.jackrabbit.oak.namepath,
-              org.apache.jackrabbit.oak.value,  
+              org.apache.jackrabbit.oak.value,
               org.apache.jackrabbit.oak.plugins.identifier,
               org.apache.jackrabbit.oak.plugins.name,
               org.apache.jackrabbit.oak.plugins.type,
@@ -53,6 +53,7 @@
               org.apache.jackrabbit.oak.spi.query,
               org.apache.jackrabbit.oak.spi.commit,
               org.apache.jackrabbit.oak.spi.state,
+              org.apache.jackrabbit.oak.spi.security,
               org.apache.jackrabbit.oak.spi.security.authentication,
               org.apache.jackrabbit.oak.spi.security.principal,
               org.apache.jackrabbit.oak.spi.security.privilege,

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java Tue Oct  2 16:21:12 2012
@@ -17,9 +17,9 @@
 package org.apache.jackrabbit.oak;
 
 import java.util.List;
-
 import javax.annotation.Nonnull;
 
+import com.google.common.collect.Lists;
 import org.apache.jackrabbit.mk.api.MicroKernel;
 import org.apache.jackrabbit.mk.core.MicroKernelImpl;
 import org.apache.jackrabbit.oak.api.ContentRepository;
@@ -34,13 +34,12 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
-import com.google.common.collect.Lists;
-
 /**
  * Builder class for constructing {@link ContentRepository} instances with
  * a set of specified plugin components. This class acts as a public facade
@@ -61,9 +60,11 @@ public class Oak {
     private final List<ValidatorProvider> validatorProviders =
             Lists.newArrayList();
 
+    private SecurityProvider securityProvider;
+
     private LoginContextProvider loginContextProvider;
 
-    private AccessControlContextProvider accProvider;
+    private AccessControlProvider accProvider;
 
     public Oak(MicroKernel kernel) {
         this.kernel = kernel;
@@ -145,29 +146,14 @@ public class Oak {
         });
     }
 
-    /**
-     * Associates the given login context provider with the repository to be
-     * created.
-     *
-     * @param loginContextProvider a login context provider.
-     * @return this builder.
-     */
     @Nonnull
-    public Oak with(@Nonnull LoginContextProvider loginContextProvider) {
-        this.loginContextProvider = loginContextProvider;
-        return this;
-    }
+    public Oak with(@Nonnull SecurityProvider securityProvider) {
+        this.securityProvider = securityProvider;
 
-    /**
-     * Associates the given access control context provider with the repository
-     * to be created.
-     *
-     * @param accProvider an access control context provider.
-     * @return this builder.
-     */
-    @Nonnull
-    public Oak with(@Nonnull AccessControlContextProvider accProvider) {
-        this.accProvider = accProvider;
+        if (securityProvider != null) {
+            this.validatorProviders.addAll(securityProvider.getAccessControlProvider().getValidatorProviders());
+            this.validatorProviders.addAll(securityProvider.getUserContext().getValidatorProviders());
+        }
         return this;
     }
 
@@ -176,7 +162,7 @@ public class Oak {
                 kernel,
                 CompositeQueryIndexProvider.compose(queryIndexProviders),
                 createCommitHook(),
-                loginContextProvider, accProvider);
+                securityProvider);
     }
 
     private CommitHook createCommitHook() {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java Tue Oct  2 16:21:12 2012
@@ -28,8 +28,9 @@ import org.apache.jackrabbit.oak.api.Con
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
 import org.apache.jackrabbit.oak.plugins.commit.AnnotatingConflictHandlerProvider;
+import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
 import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
 import org.apache.jackrabbit.oak.spi.commit.CommitHook;
 import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
 import org.apache.jackrabbit.oak.spi.commit.ConflictHandlerProvider;
@@ -38,8 +39,9 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -59,7 +61,7 @@ public class ContentRepositoryImpl imple
             new AnnotatingConflictHandlerProvider();
 
     private final LoginContextProvider loginContextProvider;
-    private final AccessControlContextProvider accProvider;
+    private final AccessControlProvider accProvider;
     private final QueryIndexProvider indexProvider;
     private final KernelNodeStore nodeStore;
 
@@ -73,7 +75,7 @@ public class ContentRepositoryImpl imple
     }
 
     public ContentRepositoryImpl(CommitHook hook) {
-        this(new MicroKernelImpl(), new LoginContextProviderImpl(),
+        this(new MicroKernelImpl(), new SecurityProviderImpl(),
                 new CompositeQueryIndexProvider(), hook);
     }
 
@@ -93,7 +95,7 @@ public class ContentRepositoryImpl imple
     public ContentRepositoryImpl(
             MicroKernel microKernel, QueryIndexProvider indexProvider,
             ValidatorProvider validatorProvider) {
-        this(microKernel, new LoginContextProviderImpl(), indexProvider,
+        this(microKernel, new SecurityProviderImpl(), indexProvider,
                 new ValidatingHook(validatorProvider != null
                     ? validatorProvider : DefaultValidatorProvider.INSTANCE));
     }
@@ -108,14 +110,14 @@ public class ContentRepositoryImpl imple
      * initialized components.
      *
      * @param microKernel underlying kernel instance
-     * @param loginContextProvider login context provider
+     * @param securityProvider security provider
      * @param indexProvider index provider
      * @param commitHook the commit hook
      */
     public ContentRepositoryImpl(
-            MicroKernel microKernel, LoginContextProvider loginContextProvider,
+            MicroKernel microKernel, SecurityProvider securityProvider,
             QueryIndexProvider indexProvider, CommitHook commitHook) {
-        this(microKernel, indexProvider, commitHook, loginContextProvider, null);
+        this(microKernel, indexProvider, commitHook, securityProvider);
     }
 
     /**
@@ -125,17 +127,13 @@ public class ContentRepositoryImpl imple
      * @param microKernel   underlying kernel instance
      * @param indexProvider index provider
      * @param commitHook    the commit hook
-     * @param lcProvider    the login context provider or <code>null</code> if a
-     *                      default implementation should be used.
-     * @param accProvider   the access control context provider or
-     *                      <code>null</code> if a default implementation should
-     *                      be used.
+     * @param securityProvider The configured security provider or {@code null} if
+     * default implementations should be used.
      */
     public ContentRepositoryImpl(MicroKernel microKernel,
                                  QueryIndexProvider indexProvider,
                                  CommitHook commitHook,
-                                 LoginContextProvider lcProvider,
-                                 AccessControlContextProvider accProvider) {
+                                 SecurityProvider securityProvider) {
 
         nodeStore = new KernelNodeStore(microKernel);
         nodeStore.setHook(commitHook);
@@ -143,17 +141,13 @@ public class ContentRepositoryImpl imple
         this.indexProvider = indexProvider != null ? indexProvider
                 : new CompositeQueryIndexProvider();
 
-        if (lcProvider != null) {
-            this.loginContextProvider = lcProvider;
+        if (securityProvider != null) {
+            this.loginContextProvider = securityProvider.getLoginContextProvider();
+            this.accProvider = securityProvider.getAccessControlProvider();
         } else {
             // use default implementation
             this.loginContextProvider = new LoginContextProviderImpl();
-        }
-        if (accProvider != null) {
-            this.accProvider = accProvider;
-        } else {
-            // use default implementation
-            this.accProvider = new AccessControlContextProviderImpl();
+            this.accProvider = new AccessControlProviderImpl();
         }
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java Tue Oct  2 16:21:12 2012
@@ -29,7 +29,7 @@ import org.apache.jackrabbit.oak.api.Cor
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.spi.commit.ConflictHandlerProvider;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -42,14 +42,14 @@ class ContentSessionImpl implements Cont
     private static final Logger log = LoggerFactory.getLogger(ContentSessionImpl.class);
 
     private final LoginContext loginContext;
-    private final AccessControlContextProvider accProvider;
+    private final AccessControlProvider accProvider;
     private final String workspaceName;
     private final NodeStore store;
     private final ConflictHandlerProvider conflictHandlerProvider;
     private final QueryIndexProvider indexProvider;
 
     public ContentSessionImpl(LoginContext loginContext,
-            AccessControlContextProvider accProvider, String workspaceName,
+            AccessControlProvider accProvider, String workspaceName,
             NodeStore store, ConflictHandlerProvider conflictHandlerProvider,
             QueryIndexProvider indexProvider) {
         this.loginContext = loginContext;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java Tue Oct  2 16:21:12 2012
@@ -133,6 +133,7 @@ public class ReadOnlyTree implements Tre
 
     @Override
     public TreeLocation getLocation() {
+        // TODO: add implementation
         throw new UnsupportedOperationException();
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Tue Oct  2 16:21:12 2012
@@ -35,7 +35,7 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.query.SessionQueryEngineImpl;
 import org.apache.jackrabbit.oak.spi.commit.ConflictHandler;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -66,7 +66,7 @@ public class RootImpl implements Root {
     /**
      * The access control context provider.
      */
-    private final AccessControlContextProvider accProvider;
+    private final AccessControlProvider accProvider;
 
     /** Current branch this root operates on */
     private NodeStoreBranch branch;
@@ -116,7 +116,7 @@ public class RootImpl implements Root {
     public RootImpl(NodeStore store,
                     String workspaceName,
                     Subject subject,
-                    AccessControlContextProvider accProvider,
+                    AccessControlProvider accProvider,
                     QueryIndexProvider indexProvider) {
         this.store = checkNotNull(store);
         this.subject = checkNotNull(subject);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java Tue Oct  2 16:21:12 2012
@@ -16,15 +16,30 @@
  */
 package org.apache.jackrabbit.oak.plugins.type;
 
+import java.util.Collections;
+import java.util.List;
+import javax.annotation.Nonnull;
+import javax.jcr.Session;
+
 import org.apache.felix.scr.annotations.Component;
 import org.apache.felix.scr.annotations.Service;
+import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.mk.api.MicroKernel;
 import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.lifecycle.DefaultMicroKernelTracker;
 import org.apache.jackrabbit.oak.spi.lifecycle.MicroKernelTracker;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
@@ -60,9 +75,42 @@ public class InitialContent extends Defa
     }
 
     private Root createRoot(MicroKernel mk) {
+        SecurityProvider securityProvider = new SecurityProvider() {
+            @Override
+            public LoginContextProvider getLoginContextProvider() {
+                return new OpenLoginContextProvider();
+            }
+            @Override
+            public AccessControlProvider getAccessControlProvider() {
+                return new OpenAccessControlProvider();
+            }
+            @Override
+            public UserContext getUserContext() {
+                return new UserContext() {
+                    @Override
+                    public UserProvider getUserProvider(ContentSession contentSession, Root root) {
+                        throw new UnsupportedOperationException();
+                    }
+                    @Override
+                    public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) {
+                        throw new UnsupportedOperationException();
+                    }
+                    @Override
+                    public List<ValidatorProvider> getValidatorProviders() {
+                        return Collections.emptyList();
+                    }
+
+                    @Nonnull
+                    @Override
+                    public UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+                        throw new UnsupportedOperationException();
+                    }
+                };
+            }
+        };
+
         Oak oak = new Oak(mk);
-        oak.with(new OpenLoginContextProvider());
-        oak.with(new OpenAccessControlContextProvider());
+        oak.with(securityProvider);
 
         // TODO: The context class loader hack below shouldn't be needed
         // with a properly OSGi-compatible JAAS implementation

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1393009&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Tue Oct  2 16:21:12 2012
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
+import org.apache.jackrabbit.oak.security.user.UserContextImpl;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+
+public class SecurityProviderImpl implements SecurityProvider {
+    @Nonnull
+    @Override
+    public LoginContextProvider getLoginContextProvider() {
+        return new LoginContextProviderImpl();
+    }
+
+    @Nonnull
+    @Override
+    public AccessControlProvider getAccessControlProvider() {
+        return new AccessControlProviderImpl();
+    }
+
+    @Nonnull
+    @Override
+    public UserContext getUserContext() {
+        return new UserContextImpl();
+    }
+}

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Tue Oct  2 16:21:12 2012
@@ -22,9 +22,9 @@ import java.util.Set;
 import javax.security.auth.Subject;
 
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 
 /**
@@ -35,7 +35,7 @@ class AccessControlContextImpl implement
     private static final CompiledPermissions ADMIN_PERMISSIONS;
 
     static {
-        AccessControlContextProvider accProvider = new OpenAccessControlContextProvider();
+        AccessControlProvider accProvider = new OpenAccessControlProvider();
         Subject subject = new Subject();
         subject.getPrincipals().add(AdminPrincipal.INSTANCE);
         ADMIN_PERMISSIONS = accProvider.createAccessControlContext(subject).getPermissions();

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java?rev=1393009&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java Tue Oct  2 16:21:12 2012
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import org.apache.jackrabbit.oak.spi.commit.Observer;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+
+/**
+ * {@code Observer} implementation that processes any modification made to
+ * access control content and updates persisted permission caches associated
+ * with access control related data stored in the repository.
+ */
+public class AccessControlObserver implements Observer {
+
+    @Override
+    public void contentChanged(NodeState before, NodeState after) {
+        // TODO
+        throw new UnsupportedOperationException("not yet implemented");
+    }
+}
\ No newline at end of file

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java (from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java&r1=1392909&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java Tue Oct  2 16:21:12 2012
@@ -16,20 +16,32 @@
  */
 package org.apache.jackrabbit.oak.security.authorization;
 
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 
 /**
  * <code>AccessControlContextProviderImpl</code> is a default implementation and
  * creates {@link AccessControlContextImpl} for a given set of principals.
  */
-public class AccessControlContextProviderImpl
-        implements AccessControlContextProvider {
+public class AccessControlProviderImpl
+        implements AccessControlProvider {
 
     @Override
     public AccessControlContext createAccessControlContext(Subject subject) {
         return new AccessControlContextImpl(subject);
     }
+
+    @Override
+    public List<ValidatorProvider> getValidatorProviders() {
+        List<ValidatorProvider> vps = new ArrayList<ValidatorProvider>();
+        vps.add(new PermissionValidatorProvider());
+        vps.add(new AccessControlValidatorProvider());
+        return Collections.unmodifiableList(vps);
+    }
 }

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Tue Oct  2 16:21:12 2012
@@ -17,8 +17,6 @@
 package org.apache.jackrabbit.oak.security.authorization;
 
 import java.security.AccessController;
-import java.security.Principal;
-import java.util.Set;
 
 import javax.annotation.Nonnull;
 import javax.security.auth.Subject;
@@ -30,8 +28,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 
-import com.google.common.collect.ImmutableSet;
-
 /**
  * PermissionValidatorProvider... TODO
  */
@@ -47,7 +43,7 @@ public class PermissionValidatorProvider
         }
 
         // FIXME: should use same provider as in ContentRepositoryImpl
-        AccessControlContext context = new AccessControlContextProviderImpl()
+        AccessControlContext context = new AccessControlProviderImpl()
                 .createAccessControlContext(subject);
 
         NodeUtil rootBefore = new NodeUtil(new ReadOnlyTree(before));

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user;
+package org.apache.jackrabbit.oak.security.user;
 
 import java.util.ArrayList;
 import java.util.Collections;

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user;
+package org.apache.jackrabbit.oak.security.user;
 
 import java.util.Iterator;
 import javax.jcr.RangeIterator;

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user;
+package org.apache.jackrabbit.oak.security.user;
 
 import java.security.Principal;
 import java.util.Enumeration;

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user;
+package org.apache.jackrabbit.oak.security.user;
 
 import java.security.Principal;
 import java.security.acl.Group;
@@ -34,7 +34,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.CoreValue;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.jcr.security.principal.PrincipalIteratorAdapter;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalIteratorAdapter;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java Tue Oct  2 16:21:12 2012
@@ -16,9 +16,14 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
+import java.util.Collections;
+import java.util.List;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.ContentSession;
-import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
@@ -42,11 +47,6 @@ public class UserContextImpl implements 
     }
 
     @Override
-    public UserConfig getConfig() {
-        return config;
-    }
-
-    @Override
     public UserProvider getUserProvider(ContentSession contentSession, Root root) {
         return new UserProviderImpl(contentSession, root, config);
     }
@@ -57,7 +57,16 @@ public class UserContextImpl implements 
     }
 
     @Override
-    public ValidatorProvider getUserValidatorProvider(CoreValueFactory valueFactory) {
-        return new UserValidatorProvider(config);
+    public List<ValidatorProvider> getValidatorProviders() {
+        ValidatorProvider vp = new UserValidatorProvider(config);
+        return Collections.singletonList(vp);
+    }
+
+    @Override
+    public UserManager getUserManager(Session session, ContentSession contentSession,
+                                      Root root, NamePathMapper namePathMapper) {
+        UserProvider up = getUserProvider(contentSession, root);
+        MembershipProvider mp = getMembershipProvider(contentSession, root);
+        return new UserManagerImpl(session, namePathMapper, up, mp, config);
     }
 }
\ No newline at end of file

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user;
+package org.apache.jackrabbit.oak.security.user;
 
 import java.security.Principal;
 import javax.jcr.Credentials;

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user;
+package org.apache.jackrabbit.oak.security.user;
 
 import java.io.UnsupportedEncodingException;
 import java.security.NoSuchAlgorithmException;
@@ -33,9 +33,9 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.jcr.security.user.query.XPathQueryBuilder;
-import org.apache.jackrabbit.oak.jcr.security.user.query.XPathQueryEvaluator;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.security.user.query.XPathQueryBuilder;
+import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user.query;
+package org.apache.jackrabbit.oak.security.user.query;
 
 import java.util.ArrayList;
 import java.util.Iterator;

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user.query;
+package org.apache.jackrabbit.oak.security.user.query;
 
 import javax.jcr.RepositoryException;
 

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java Tue Oct  2 16:21:12 2012
@@ -1,4 +1,4 @@
-package org.apache.jackrabbit.oak.jcr.security.user.query;
+package org.apache.jackrabbit.oak.security.user.query;
 
 /**
  * Relational operators for comparing a property to a value. Correspond

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user.query;
+package org.apache.jackrabbit.oak.security.user.query;
 
 import java.util.Iterator;
 import java.util.NoSuchElementException;

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user.query;
+package org.apache.jackrabbit.oak.security.user.query;
 
 import javax.jcr.Value;
 

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java Tue Oct  2 16:21:12 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.user.query;
+package org.apache.jackrabbit.oak.security.user.query;
 
 import java.util.Iterator;
 
@@ -35,7 +35,6 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.QueryBuilder;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.jcr.security.user.UserManagerImpl;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.util.Text;
@@ -56,7 +55,7 @@ public class XPathQueryEvaluator impleme
 
     private final StringBuilder xPath = new StringBuilder();
 
-    public XPathQueryEvaluator(XPathQueryBuilder builder, UserManagerImpl userManager,
+    public XPathQueryEvaluator(XPathQueryBuilder builder, UserManager userManager,
                                QueryManager queryManager, NamePathMapper namePathMapper) {
         this.builder = builder;
         this.userManager = userManager;

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1393009&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java Tue Oct  2 16:21:12 2012
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+
+/**
+ * SecurityProvider... TODO
+ */
+public interface SecurityProvider {
+
+    @Nonnull
+    LoginContextProvider getLoginContextProvider();
+
+    @Nonnull
+    AccessControlProvider getAccessControlProvider();
+
+    @Nonnull
+    UserContext getUserContext(); // TODO review naming consistency
+}
\ No newline at end of file

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java (from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java&r1=1392909&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java Tue Oct  2 16:21:12 2012
@@ -16,15 +16,17 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
-import java.security.Principal;
-import java.util.Set;
-
+import java.util.List;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+
 /**
- * <code>AccessControlContextProvider</code>...
+ * {@code AccessControlContextProvider}...
  */
-public interface AccessControlContextProvider {
+public interface AccessControlProvider {
 
     public AccessControlContext createAccessControlContext(Subject subject);
+
+    public List<ValidatorProvider> getValidatorProviders();
 }

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java (from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java&r1=1392909&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java Tue Oct  2 16:21:12 2012
@@ -16,17 +16,20 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
+import java.util.Collections;
+import java.util.List;
 import javax.security.auth.Subject;
 
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 
 /**
- * This class implements an {@link AccessControlContextProvider} which grants
+ * This class implements an {@link AccessControlProvider} which grants
  * full access to any {@link Subject} passed to {@link #createAccessControlContext(Subject)}.
  */
-public class OpenAccessControlContextProvider
-        implements AccessControlContextProvider {
+public class OpenAccessControlProvider
+        implements AccessControlProvider {
 
     @Override
     public AccessControlContext createAccessControlContext(Subject subject) {
@@ -38,6 +41,11 @@ public class OpenAccessControlContextPro
         };
     }
 
+    @Override
+    public List<ValidatorProvider> getValidatorProviders() {
+        return Collections.emptyList();
+    }
+
     private static final class AllPermissions implements CompiledPermissions {
 
         private static final CompiledPermissions INSTANCE = new AllPermissions();

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java Tue Oct  2 16:21:12 2012
@@ -28,7 +28,7 @@ public final class AdminPrincipal implem
 
     public static final String NAME = "administrator";
 
-    public static final AdminPrincipal INSTANCE = new AdminPrincipal();
+    public static final Principal INSTANCE = new AdminPrincipal();
 
     private AdminPrincipal() { }
 

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java&r1=1392769&r2=1393009&rev=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java Tue Oct  2 16:21:12 2012
@@ -14,22 +14,21 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.principal;
+package org.apache.jackrabbit.oak.spi.security.principal;
 
-import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
-import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
-import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator;
-
-import javax.jcr.RangeIterator;
 import java.security.Principal;
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.NoSuchElementException;
+import javax.jcr.RangeIterator;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
+import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator;
 
 /**
- * PrincipalIteratorAdapter...
- *
- * TODO: move to jackrabbit-jcr-commons
+ * Principal specific {@code RangeIteratorAdapter} implementing the
+ * {@code PrincipalIterator} interface.
  */
 public class PrincipalIteratorAdapter extends RangeIteratorDecorator implements PrincipalIterator {
 

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java Tue Oct  2 16:21:12 2012
@@ -36,19 +36,4 @@ public interface UserConstants {
     String DEFAULT_USER_PATH = "/rep:security/rep:authorizables/rep:users";
     String DEFAULT_GROUP_PATH = "/rep:security/rep:authorizables/rep:groups";
     int DEFAULT_DEPTH = 2;
-
-    int SEARCH_TYPE_USER = 1;
-
-    /**
-     * Filter flag indicating that only <code>Group</code>s should be searched
-     * and returned.
-     */
-    int SEARCH_TYPE_GROUP = 2;
-
-    /**
-     * Filter flag indicating that all <code>Authorizable</code>s should be
-     * searched.
-     */
-    int SEARCH_TYPE_AUTHORIZABLE = 3;
-
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java Tue Oct  2 16:21:12 2012
@@ -16,11 +16,15 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user;
 
+import java.util.List;
 import javax.annotation.Nonnull;
+import javax.jcr.Session;
 
+import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 
 /**
@@ -29,15 +33,14 @@ import org.apache.jackrabbit.oak.spi.com
 public interface UserContext {
 
     @Nonnull
-    UserConfig getConfig();
-
-    @Nonnull
     UserProvider getUserProvider(ContentSession contentSession, Root root);
 
     @Nonnull
     MembershipProvider getMembershipProvider(ContentSession contentSession, Root root);
 
     @Nonnull
-    ValidatorProvider getUserValidatorProvider(CoreValueFactory valueFactory);
+    List<ValidatorProvider> getValidatorProviders();
 
+    @Nonnull
+    UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper);
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java Tue Oct  2 16:21:12 2012
@@ -22,7 +22,7 @@ import org.apache.jackrabbit.mk.api.Micr
 import org.apache.jackrabbit.mk.core.MicroKernelImpl;
 import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
 import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.junit.Before;
@@ -57,6 +57,6 @@ public abstract class AbstractCoreTest {
 
     protected RootImpl createRootImpl(String workspaceName) {
         return new RootImpl(store, workspaceName, new Subject(),
-                new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider());
+                new AccessControlProviderImpl(), new CompositeQueryIndexProvider());
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java Tue Oct  2 16:21:12 2012
@@ -32,7 +32,7 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.core.RootImplFuzzIT.Operation.Rebase;
 import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
 import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
 import org.junit.Before;
 import org.junit.Test;
@@ -83,13 +83,13 @@ public class RootImplFuzzIT {
         vf = store1.getValueFactory();
         mk1.commit("", "+\"/root\":{}", mk1.getHeadRevision(), "");
         root1 = new RootImpl(store1, null, new Subject(),
-                new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider());
+                new AccessControlProviderImpl(), new CompositeQueryIndexProvider());
 
         MicroKernel mk2 = new MicroKernelImpl("./target/mk2/" + random.nextInt());
         store2 = new KernelNodeStore(mk2);
         mk2.commit("", "+\"/root\":{}", mk2.getHeadRevision(), "");
         root2 = new RootImpl(store2, null, new Subject(),
-                new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider());
+                new AccessControlProviderImpl(), new CompositeQueryIndexProvider());
     }
 
     @Test

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java Tue Oct  2 16:21:12 2012
@@ -26,7 +26,7 @@ import org.apache.jackrabbit.oak.kernel.
 import org.apache.jackrabbit.oak.plugins.memory.MemoryValueFactory;
 import org.apache.jackrabbit.oak.query.ast.Operator;
 import org.apache.jackrabbit.oak.query.index.FilterImpl;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
 import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.query.Cursor;
 import org.apache.jackrabbit.oak.spi.query.Filter;
@@ -50,7 +50,7 @@ public class LuceneEditorTest implements
         KernelNodeStore store = new KernelNodeStore(new MicroKernelImpl());
         store.setHook(new LuceneEditor(testID));
         Root root = new RootImpl(store, null, new Subject(),
-                new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider());
+                new AccessControlProviderImpl(), new CompositeQueryIndexProvider());
         Tree tree = root.getTree("/");
 
         tree.setProperty("foo", MemoryValueFactory.INSTANCE.createValue("bar"));

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java Tue Oct  2 16:21:12 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.jcr;
 
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
-
 import javax.jcr.Credentials;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
@@ -32,22 +31,19 @@ import org.apache.jackrabbit.mk.core.Mic
 import org.apache.jackrabbit.oak.Oak;
 import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.api.ContentSession;
-import org.apache.jackrabbit.oak.core.ContentRepositoryImpl;
+import org.apache.jackrabbit.oak.plugins.commit.ConflictValidatorProvider;
 import org.apache.jackrabbit.oak.plugins.name.NameValidatorProvider;
 import org.apache.jackrabbit.oak.plugins.name.NamespaceValidatorProvider;
 import org.apache.jackrabbit.oak.plugins.type.InitialContent;
 import org.apache.jackrabbit.oak.plugins.type.TypeValidatorProvider;
 import org.apache.jackrabbit.oak.plugins.unique.UniqueIndexHook;
-import org.apache.jackrabbit.oak.plugins.commit.ConflictValidatorProvider;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlValidatorProvider;
 import org.apache.jackrabbit.oak.security.authorization.PermissionValidatorProvider;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeValidatorProvider;
-import org.apache.jackrabbit.oak.security.user.UserValidatorProvider;
 import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
 import org.apache.jackrabbit.oak.spi.commit.CompositeValidatorProvider;
 import org.apache.jackrabbit.oak.spi.commit.ValidatingHook;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -67,10 +63,8 @@ public class RepositoryImpl implements R
                     new NamespaceValidatorProvider(),
                     new TypeValidatorProvider(),
                     new ConflictValidatorProvider(),
+                    // FIXME: permission validator depends on AccessControlProvider
                     new PermissionValidatorProvider(),
-                    new AccessControlValidatorProvider(),
-                    // FIXME: retrieve from user context
-                    new UserValidatorProvider(new UserConfig("admin")),
                     new PrivilegeValidatorProvider());
 
     private static final CompositeHook DEFAULT_COMMIT_HOOK =
@@ -83,11 +77,15 @@ public class RepositoryImpl implements R
 
     private final ScheduledExecutorService executor;
 
+    private final SecurityProvider securityProvider;
+
     public RepositoryImpl(
             ContentRepository contentRepository,
-            ScheduledExecutorService executor) {
+            ScheduledExecutorService executor,
+            SecurityProvider securityProvider) {
         this.contentRepository = contentRepository;
         this.executor = executor;
+        this.securityProvider = securityProvider;
     }
 
     public RepositoryImpl(
@@ -95,7 +93,7 @@ public class RepositoryImpl implements R
         this(new Oak(setupInitialContent(kernel))
                 .with(DEFAULT_COMMIT_HOOK)
                 .createContentRepository(),
-                executor);
+                executor, null);
     }
 
     /**
@@ -175,7 +173,7 @@ public class RepositoryImpl implements R
         // TODO: needs complete refactoring
         try {
             ContentSession contentSession = contentRepository.login(credentials, workspaceName);
-            return new SessionDelegate(this, executor, contentSession, false).getSession();
+            return new SessionDelegate(this, executor, contentSession, securityProvider, false).getSession();
         } catch (LoginException e) {
             throw new javax.jcr.LoginException(e.getMessage(), e);
         }



Mime
View raw message