jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1398729 - in /jackrabbit/oak/trunk: oak-core/ oak-core/src/main/java/org/apache/jackrabbit/oak/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/ oak-...
Date Tue, 16 Oct 2012 10:57:12 GMT
Author: angela
Date: Tue Oct 16 10:57:10 2012
New Revision: 1398729

URL: http://svn.apache.org/viewvc?rev=1398729&view=rev
Log:
OAK-50 : Implement User Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
      - copied, changed from r1398672, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java
      - copied, changed from r1398672, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java   (contents, props changed)
      - copied, changed from r1398672, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
Modified:
    jackrabbit/oak/trunk/oak-core/pom.xml
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtilityTest.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java

Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Tue Oct 16 10:57:10 2012
@@ -62,6 +62,7 @@
               org.apache.jackrabbit.oak.spi.security.privilege,
               org.apache.jackrabbit.oak.spi.security.user,
               org.apache.jackrabbit.oak.spi.security.user.action,
+              org.apache.jackrabbit.oak.spi.security.user.util,
               org.apache.jackrabbit.oak.security,
               org.apache.jackrabbit.oak.security.privilege,
             </Export-Package>

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java Tue Oct 16 10:57:10 2012
@@ -143,7 +143,7 @@ public class Oak {
         this.securityProvider = securityProvider;
 
         validatorProviders.addAll(securityProvider.getAccessControlProvider().getValidatorProviders());
-        validatorProviders.addAll(securityProvider.getUserContext().getValidatorProviders());
+        validatorProviders.addAll(securityProvider.getUserConfiguration().getValidatorProviders());
         return this;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Tue Oct 16 10:57:10 2012
@@ -31,7 +31,7 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
 import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
 import org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl;
-import org.apache.jackrabbit.oak.security.user.UserContextImpl;
+import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
@@ -40,7 +40,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
@@ -71,7 +71,7 @@ public class SecurityProviderImpl implem
         try {
             loginConfig = Configuration.getConfiguration();
         } catch (SecurityException e) {
-            log.warn("Failed to read login configuration: using default.", e);
+            log.warn("Failed to retrieve login configuration: using default.", e);
             loginConfig = new OakConfiguration();
             Configuration.setConfiguration(loginConfig);
         }
@@ -87,13 +87,13 @@ public class SecurityProviderImpl implem
     @Nonnull
     @Override
     public TokenProvider getTokenProvider(Root root, ConfigurationParameters options) {
-        return new TokenProviderImpl(root, options, getUserContext());
+        return new TokenProviderImpl(root, options, getUserConfiguration());
     }
 
     @Nonnull
     @Override
-    public UserContext getUserContext() {
-        return new UserContextImpl();
+    public UserConfiguration getUserConfiguration() {
+        return new UserConfigurationImpl();
     }
 
     @Nonnull
@@ -110,9 +110,9 @@ public class SecurityProviderImpl implem
             @Nonnull
             @Override
             public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) {
-                UserContext userContext = getUserContext();
-                UserProvider userProvider = userContext.getUserProvider(root);
-                MembershipProvider msProvider = userContext.getMembershipProvider(root);
+                UserConfiguration userConfiguration = getUserConfiguration();
+                UserProvider userProvider = userConfiguration.getUserProvider(root);
+                MembershipProvider msProvider = userConfiguration.getMembershipProvider(root);
                 return new PrincipalProviderImpl(userProvider, msProvider, namePathMapper);
             }
         };

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Tue Oct 16 10:57:10 2012
@@ -43,9 +43,9 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.util.ISO8601;
@@ -99,14 +99,14 @@ public class TokenProviderImpl implement
     private final UserProvider userProvider;
     private final long tokenExpiration;
 
-    public TokenProviderImpl(Root root, ConfigurationParameters options, UserContext userContext) {
-        this(root, options.getConfigValue(PARAM_TOKEN_EXPIRATION, Long.valueOf(DEFAULT_TOKEN_EXPIRATION)), userContext);
+    public TokenProviderImpl(Root root, ConfigurationParameters options, UserConfiguration userConfiguration) {
+        this(root, options.getConfigValue(PARAM_TOKEN_EXPIRATION, Long.valueOf(DEFAULT_TOKEN_EXPIRATION)), userConfiguration);
     }
 
-    public TokenProviderImpl(Root root, long tokenExpiration, UserContext userContext) {
+    public TokenProviderImpl(Root root, long tokenExpiration, UserConfiguration userConfiguration) {
         this.root = root;
         this.tokenExpiration = tokenExpiration;
-        this.userProvider = userContext.getUserProvider(root);
+        this.userProvider = userConfiguration.getUserProvider(root);
     }
 
     //------------------------------------------------------< TokenProvider >---

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java Tue Oct 16 10:57:10 2012
@@ -39,6 +39,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -200,7 +201,7 @@ public final class LoginModuleImpl exten
         if (sp == null) {
             return null;
         } else {
-            return sp.getUserContext().getUserConfig().getAnonymousId();
+            return UserUtility.getAnonymousId(sp.getUserConfiguration().getConfigurationParameters());
         }
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java Tue Oct 16 10:57:10 2012
@@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Tue Oct 16 10:57:10 2012
@@ -28,10 +28,8 @@ import javax.annotation.Nonnull;
 import com.google.common.base.Function;
 import com.google.common.base.Predicates;
 import com.google.common.collect.Iterators;
-import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.namepath.PathMapper;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
@@ -44,9 +42,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Preconditions.checkState;
-
 /**
  * The {@code PrincipalProviderImpl} is a principal provider implementation
  * that operates on principal information read from user information exposed by
@@ -158,11 +153,7 @@ public class PrincipalProviderImpl imple
     }
 
     private boolean isGroup(Tree authorizableTree) {
-        checkNotNull(authorizableTree);
-        checkState(authorizableTree.hasProperty(JcrConstants.JCR_PRIMARYTYPE));
-
-        String ntName = authorizableTree.getProperty(JcrConstants.JCR_PRIMARYTYPE).getValue(Type.STRING);
-        return UserConstants.NT_REP_GROUP.equals(ntName);
+        return userProvider.isAuthorizableType(authorizableTree, AuthorizableType.GROUP);
     }
 
     //--------------------------------------------------------------------------

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java Tue Oct 16 10:57:10 2012
@@ -16,33 +16,24 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
-import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import static org.apache.jackrabbit.oak.api.Type.STRING;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 
 /**
  * AuthorizableBaseProvider... TODO
  */
 abstract class AuthorizableBaseProvider implements UserConstants {
 
-    /**
-     * logger instance
-     */
-    private static final Logger log = LoggerFactory.getLogger(AuthorizableBaseProvider.class);
-
-    final UserConfig config;
+    final ConfigurationParameters config;
     final Root root;
     final IdentifierManager identifierManager;
 
-    AuthorizableBaseProvider(Root root, UserConfig config) {
+    AuthorizableBaseProvider(Root root, ConfigurationParameters config) {
         this.root = root;
         this.config = config;
         this.identifierManager = new IdentifierManager(root);
@@ -50,7 +41,7 @@ abstract class AuthorizableBaseProvider 
 
     Tree getByID(String authorizableId, AuthorizableType authorizableType) {
         Tree tree = identifierManager.getTree(getContentID(authorizableId));
-        if (isAuthorizableTree(tree, authorizableType)) {
+        if (UserUtility.isAuthorizableTree(tree, authorizableType)) {
             return tree;
         } else {
             return null;
@@ -59,7 +50,7 @@ abstract class AuthorizableBaseProvider 
 
     Tree getByPath(String authorizableOakPath) {
         Tree tree = root.getTree(authorizableOakPath);
-        if (isAuthorizableTree(tree, AuthorizableType.AUTHORIZABLE)) {
+        if (UserUtility.isAuthorizableTree(tree, AuthorizableType.AUTHORIZABLE)) {
             return tree;
         } else {
             return null;
@@ -73,20 +64,4 @@ abstract class AuthorizableBaseProvider 
     String getContentID(Tree authorizableTree) {
         return identifierManager.getIdentifier(authorizableTree);
     }
-
-    boolean isAuthorizableTree(Tree tree, AuthorizableType authorizableType) {
-        // FIXME: check for node type according to the specified type constraint
-        if (tree != null && tree.hasProperty(JcrConstants.JCR_PRIMARYTYPE)) {
-            String ntName = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE).getValue(STRING);
-            switch (authorizableType) {
-                case GROUP:
-                    return NT_REP_GROUP.equals(ntName);
-                case USER:
-                    return NT_REP_USER.equals(ntName);
-                default:
-                    return NT_REP_USER.equals(ntName) || NT_REP_GROUP.equals(ntName);
-            }
-        }
-        return false;
-    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java Tue Oct 16 10:57:10 2012
@@ -20,7 +20,6 @@ import java.util.Collections;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
-
 import javax.annotation.Nullable;
 import javax.jcr.PropertyType;
 
@@ -34,9 +33,10 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.plugins.memory.MemoryPropertyBuilder;
 import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.oak.spi.state.PropertyBuilder;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.slf4j.Logger;
@@ -57,26 +57,26 @@ import static org.apache.jackrabbit.oak.
  * <ul>
  *     <li>Multivalued property {@link #REP_MEMBERS}</li>
  *     <li>Property type: {@link PropertyType#WEAKREFERENCE}</li>
- *     <li>Used if the config option {@link UserConfig#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE} is missing or &lt;4</li>
+ *     <li>Used if the config option {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE} is missing or &lt;4</li>
  * </ul>
  *
  * <h3>Membership stored in individual properties</h3>
  * Variant to store group membership based on the
- * {@link UserConfig#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE} configuration parameter:
+ * {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE} configuration parameter:
  *
  * <ul>
  *     <li>Membership information stored underneath a {@link #REP_MEMBERS} node hierarchy</li>
  *     <li>Individual member information is stored each in a {@link PropertyType#WEAKREFERENCE}
  *     property</li>
- *     <li>Node hierarchy is split based on the {@link UserConfig#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE}
+ *     <li>Node hierarchy is split based on the {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE}
  *     configuration parameter.</li>
- *     <li>{@link UserConfig#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE} must be greater than 4
+ *     <li>{@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE} must be greater than 4
  *     in order to turn on this behavior</li>
  * </ul>
  *
  * <h3>Compatibility</h3>
  * This membership provider is able to deal with both options being present in
- * the content. If the {@link UserConfig#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE} configuration
+ * the content. If the {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE} configuration
  * parameter is modified later on, existing membership information is not
  * modified or converted to the new structure.
  */
@@ -86,12 +86,12 @@ public class MembershipProviderImpl exte
 
     private final int splitSize;
 
-    MembershipProviderImpl(Root root, UserConfig config) {
+    MembershipProviderImpl(Root root, ConfigurationParameters config) {
         super(root, config);
 
-        int splitValue = config.getConfigValue(UserConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE, 0);
+        int splitValue = config.getConfigValue(PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE, 0);
         if (splitValue != 0 && splitValue < 4) {
-            log.warn("Invalid value {} for {}. Expected integer >= 4 or 0", splitValue, UserConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE);
+            log.warn("Invalid value {} for {}. Expected integer >= 4 or 0", splitValue, PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE);
             splitValue = 0;
         }
         this.splitSize = splitValue;
@@ -291,7 +291,7 @@ public class MembershipProviderImpl exte
 
             private Iterator<String> inherited(String authorizablePath) {
                 Tree group = getByPath(authorizablePath);
-                if (isAuthorizableTree(group, AuthorizableType.GROUP)) {
+                if (UserUtility.isAuthorizableTree(group, AuthorizableType.GROUP)) {
                     return getMembers(group, authorizableType, true);
                 } else {
                     return Iterators.emptyIterator();
@@ -321,7 +321,7 @@ public class MembershipProviderImpl exte
 
             private Iterator<String> inherited(String authorizablePath) {
                 Tree group = getByPath(authorizablePath);
-                if (isAuthorizableTree(group, AuthorizableType.GROUP)) {
+                if (UserUtility.isAuthorizableTree(group, AuthorizableType.GROUP)) {
                     return getMembership(group, true);
                 } else {
                     return Iterators.emptyIterator();

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (from r1398672, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java&r1=1398672&r2=1398729&rev=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Tue Oct 16 10:57:10 2012
@@ -25,30 +25,30 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
-import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 
 /**
  * UserContextImpl... TODO
  */
-public class UserContextImpl implements UserContext {
+public class UserConfigurationImpl implements UserConfiguration {
 
-    private final UserConfig config;
+    private final ConfigurationParameters config;
 
     // TODO add proper configuration
-    public UserContextImpl() {
-        this(new UserConfig());
+    public UserConfigurationImpl() {
+        this(new ConfigurationParameters());
     }
 
-    public UserContextImpl(UserConfig config) {
+    public UserConfigurationImpl(ConfigurationParameters config) {
         this.config = config;
     }
 
     @Nonnull
     @Override
-    public UserConfig getUserConfig() {
+    public ConfigurationParameters getConfigurationParameters() {
         return config;
     }
 
@@ -64,7 +64,7 @@ public class UserContextImpl implements 
 
     @Override
     public List<ValidatorProvider> getValidatorProviders() {
-        ValidatorProvider vp = new UserValidatorProvider(config);
+        ValidatorProvider vp = new UserValidatorProvider(getConfigurationParameters());
         return Collections.singletonList(vp);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Tue Oct 16 10:57:10 2012
@@ -25,7 +25,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
-import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Tue Oct 16 10:57:10 2012
@@ -36,11 +36,11 @@ import org.apache.jackrabbit.oak.namepat
 import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
 import org.apache.jackrabbit.oak.security.user.query.XPathQueryBuilder;
 import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
-import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
@@ -59,11 +59,11 @@ public class UserManagerImpl implements 
 
     private final UserProvider userProvider;
     private final MembershipProvider membershipProvider;
-    private final UserConfig config;
+    private final ConfigurationParameters config;
 
     public UserManagerImpl(Session session, NamePathMapper namePathMapper,
                            UserProvider userProvider, MembershipProvider membershipProvider,
-                           UserConfig config) {
+                           ConfigurationParameters config) {
         this.session = session;
         this.namePathMapper = namePathMapper;
         this.userProvider = userProvider;
@@ -288,7 +288,7 @@ public class UserManagerImpl implements 
     }
 
     private AuthorizableAction[] getAuthorizableActions() {
-        return config.getAuthorizableActions();
+        return config.getConfigValue(UserConstants.PARAM_AUTHORIZABLE_ACTIONS, new AuthorizableAction[0]);
     }
 
     //--------------------------------------------------------------------------

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Tue Oct 16 10:57:10 2012
@@ -22,7 +22,6 @@ import java.security.Principal;
 import java.text.ParseException;
 import java.util.Collections;
 import java.util.Iterator;
-
 import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.nodetype.ConstraintViolationException;
@@ -38,13 +37,14 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
 import org.apache.jackrabbit.oak.spi.query.PropertyValues;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
@@ -64,10 +64,10 @@ import static org.apache.jackrabbit.oak.
  * authorizable ID with the following behavior:
  * <ul>
  * <li>Users are created below /rep:security/rep:authorizables/rep:users or
- * the path configured in the {@link org.apache.jackrabbit.oak.spi.security.user.UserConfig#PARAM_USER_PATH}
+ * the path configured in the {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_USER_PATH}
  * respectively.</li>
  * <li>Groups are created below /rep:security/rep:authorizables/rep:groups or
- * the path configured in the {@link org.apache.jackrabbit.oak.spi.security.user.UserConfig#PARAM_GROUP_PATH}
+ * the path configured in the {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_PATH}
  * respectively.</li>
  * <li>Below each category authorizables are created within a human readable
  * structure based on the defined intermediate path or some internal logic
@@ -115,13 +115,13 @@ import static org.apache.jackrabbit.oak.
  *
  * <h3>Configuration Options</h3>
  * <ul>
- *     <li>{@link org.apache.jackrabbit.oak.spi.security.user.UserConfig#PARAM_USER_PATH}: Underneath this structure
+ *     <li>{@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_USER_PATH}: Underneath this structure
  *     all user nodes are created. Default value is
  *     "/rep:security/rep:authorizables/rep:users"</li>
- *     <li>{@link org.apache.jackrabbit.oak.spi.security.user.UserConfig#PARAM_GROUP_PATH}: Underneath this structure
+ *     <li>{@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_PATH}: Underneath this structure
  *     all group nodes are created. Default value is
  *     "/rep:security/rep:authorizables/rep:groups"</li>
- *     <li>{@link org.apache.jackrabbit.oak.spi.security.user.UserConfig#PARAM_DEFAULT_DEPTH}: A positive {@code integer}
+ *     <li>{@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_DEFAULT_DEPTH}: A positive {@code integer}
  *     greater than zero defining the depth of the default structure that is
  *     always created. Default value: 2</li>
  * </ul>
@@ -161,13 +161,13 @@ class UserProviderImpl extends Authoriza
     private final String groupPath;
     private final String userPath;
 
-    UserProviderImpl(Root root, UserConfig config) {
+    UserProviderImpl(Root root, ConfigurationParameters config) {
         super(root, config);
 
-        defaultDepth = config.getConfigValue(UserConfig.PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH);
+        defaultDepth = config.getConfigValue(PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH);
 
-        groupPath = config.getConfigValue(UserConfig.PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
-        userPath = config.getConfigValue(UserConfig.PARAM_USER_PATH, DEFAULT_USER_PATH);
+        groupPath = config.getConfigValue(PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
+        userPath = config.getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH);
     }
 
     //-------------------------------------------------------< UserProvider >---
@@ -230,7 +230,7 @@ class UserProviderImpl extends Authoriza
     @Override
     public String getAuthorizableId(Tree authorizableTree) {
         checkNotNull(authorizableTree);
-        if (isAuthorizableTree(authorizableTree, AuthorizableType.AUTHORIZABLE)) {
+        if (UserUtility.isAuthorizableTree(authorizableTree, AuthorizableType.AUTHORIZABLE)) {
             PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID);
             if (idProp != null) {
                 return idProp.getValue(STRING);
@@ -249,13 +249,13 @@ class UserProviderImpl extends Authoriza
 
     @Override
     public boolean isAuthorizableType(Tree authorizableTree, AuthorizableType authorizableType) {
-        return isAuthorizableTree(authorizableTree, authorizableType);
+        return UserUtility.isAuthorizableTree(authorizableTree, authorizableType);
     }
 
     @Override
     public boolean isAdminUser(Tree userTree) {
         checkNotNull(userTree);
-        return isAuthorizableType(userTree, AuthorizableType.USER) && config.getAdminId().equals(getAuthorizableId(userTree));
+        return isAuthorizableType(userTree, AuthorizableType.USER) && UserUtility.getAdminId(config).equals(getAuthorizableId(userTree));
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java Tue Oct 16 10:57:10 2012
@@ -23,9 +23,10 @@ import org.apache.jackrabbit.oak.api.Pro
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
-import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.util.Text;
@@ -61,13 +62,14 @@ class UserValidator extends DefaultValid
     @Override
     public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException {
         String name = before.getName();
-        if (isAuthorizableNode(parentBefore) && (REP_PRINCIPAL_NAME.equals(name) || REP_AUTHORIZABLE_ID.equals(name))) {
+        if (UserUtility.isAuthorizableTree(parentBefore.getTree()) && (REP_PRINCIPAL_NAME.equals(name) || REP_AUTHORIZABLE_ID.equals(name))) {
             String msg = "Authorizable property " + name + " may not be altered after user/group creation.";
             fail(msg);
         }
 
-        if (isUserNode(parentBefore) && REP_PASSWORD.equals(name) &&
-                PasswordUtility.isPlainTextPassword(after.getValue(Type.STRING))) {
+        if (UserUtility.isAuthorizableTree(parentBefore.getTree(), AuthorizableType.USER)
+                && REP_PASSWORD.equals(name)
+                && PasswordUtility.isPlainTextPassword(after.getValue(Type.STRING))) {
             String msg = "Password may not be plain text.";
             fail(msg);
         }
@@ -77,7 +79,8 @@ class UserValidator extends DefaultValid
     @Override
     public void propertyDeleted(PropertyState before) throws CommitFailedException {
         String name = before.getName();
-        if (isAuthorizableNode(parentBefore) && (REP_PASSWORD.equals(name) || REP_PRINCIPAL_NAME.equals(name) || REP_AUTHORIZABLE_ID.equals(name))) {
+        if (UserUtility.isAuthorizableTree(parentBefore.getTree())
+                && (REP_PASSWORD.equals(name) || REP_PRINCIPAL_NAME.equals(name) || REP_AUTHORIZABLE_ID.equals(name))) {
             String msg = "Authorizable property " + name + " may not be removed.";
             fail(msg);
         }
@@ -88,9 +91,9 @@ class UserValidator extends DefaultValid
         NodeUtil node = parentAfter.getChild(name);
         String authRoot = null;
         if (node.hasPrimaryNodeTypeName(NT_REP_USER)) {
-            authRoot = provider.getConfig().getConfigValue(UserConfig.PARAM_USER_PATH, DEFAULT_USER_PATH);
+            authRoot = provider.getConfig().getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH);
         } else if (node.hasPrimaryNodeTypeName(UserConstants.NT_REP_GROUP)) {
-            authRoot = provider.getConfig().getConfigValue(UserConfig.PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
+            authRoot = provider.getConfig().getConfigValue(PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
         }
         if (authRoot != null) {
             assertHierarchy(node, authRoot);
@@ -140,18 +143,11 @@ class UserValidator extends DefaultValid
         }
     }
 
-    private boolean isAuthorizableNode(NodeUtil node) {
-        return node.hasPrimaryNodeTypeName(NT_REP_USER) || node.hasPrimaryNodeTypeName(NT_REP_GROUP);
-    }
-
-    private boolean isUserNode(NodeUtil node) {
-        return node.hasPrimaryNodeTypeName(NT_REP_USER);
-    }
-
     // FIXME: copied from UserProvider#isAdminUser
     private boolean isAdminUser(NodeUtil userNode) {
         String id = (userNode.getString(REP_AUTHORIZABLE_ID, Text.unescapeIllegalJcrChars(userNode.getName())));
-        return isUserNode(userNode) && provider.getConfig().getAdminId().equals(id);
+        return UserUtility.isAuthorizableTree(userNode.getTree(), AuthorizableType.USER) &&
+               UserUtility.getAdminId(provider.getConfig()).equals(id);
     }
 
     private static void fail(String msg) throws CommitFailedException {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java Tue Oct 16 10:57:10 2012
@@ -21,7 +21,8 @@ import javax.annotation.Nonnull;
 import org.apache.jackrabbit.oak.core.ReadOnlyTree;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 
@@ -32,9 +33,10 @@ import static com.google.common.base.Pre
  */
 public class UserValidatorProvider implements ValidatorProvider {
 
-    private final UserConfig config;
+    private final ConfigurationParameters config;
+    private UserProvider userProvider;
 
-    public UserValidatorProvider(UserConfig config) {
+    public UserValidatorProvider(ConfigurationParameters config) {
         this.config = checkNotNull(config);
     }
     //--------------------------------------------------< ValidatorProvider >---
@@ -50,8 +52,7 @@ public class UserValidatorProvider imple
 
     //-----------------------------------------------------------< internal >---
     @Nonnull
-    UserConfig getConfig() {
+    ConfigurationParameters getConfig() {
         return config;
     }
-
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Tue Oct 16 10:57:10 2012
@@ -35,8 +35,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
-import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
@@ -59,19 +58,18 @@ public class OpenSecurityProvider implem
 
     @Nonnull
     @Override
-    public TokenProvider getTokenProvider(Root root, ConfigurationParameters options) {
+    public TokenProvider getTokenProvider(Root root, org.apache.jackrabbit.oak.spi.security.ConfigurationParameters options) {
         throw new UnsupportedOperationException();
     }
 
     @Nonnull
     @Override
-    public UserContext getUserContext() {
-        // TODO
-        return new UserContext() {
+    public UserConfiguration getUserConfiguration() {
+        return new UserConfiguration() {
             @Nonnull
             @Override
-            public UserConfig getUserConfig() {
-                return new UserConfig();
+            public ConfigurationParameters getConfigurationParameters() {
+                return new ConfigurationParameters();
             }
 
             @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java Tue Oct 16 10:57:10 2012
@@ -23,7 +23,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
@@ -41,7 +41,7 @@ public interface SecurityProvider {
     TokenProvider getTokenProvider(Root root, ConfigurationParameters options);
 
     @Nonnull
-    UserContext getUserContext(); // TODO review naming consistency
+    UserConfiguration getUserConfiguration();
 
     @Nonnull
     PrincipalConfiguration getPrincipalConfiguration();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Tue Oct 16 10:57:10 2012
@@ -322,7 +322,7 @@ public abstract class AbstractLoginModul
         SecurityProvider sp = getSecurityProvider();
         Root root = getRoot();
         if (root != null && sp != null) {
-            userProvider = sp.getUserContext().getUserProvider(root);
+            userProvider = sp.getUserConfiguration().getUserProvider(root);
         }
 
         if (userProvider == null && callbackHandler != null) {

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java (from r1398672, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java&r1=1398672&r2=1398729&rev=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java Tue Oct 16 10:57:10 2012
@@ -23,15 +23,16 @@ import javax.jcr.Session;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 
 /**
  * UserContext... TODO
  */
-public interface UserContext {
+public interface UserConfiguration {
 
     @Nonnull
-    UserConfig getUserConfig();
+    ConfigurationParameters getConfigurationParameters();
 
     @Nonnull
     UserProvider getUserProvider(Root root);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java Tue Oct 16 10:57:10 2012
@@ -33,10 +33,93 @@ public interface UserConstants {
     String REP_MEMBERS = "rep:members";
     String REP_IMPERSONATORS = "rep:impersonators";
 
+    /**
+     * Configuration option defining the ID of the administrator user.
+     */
+    String PARAM_ADMIN_ID = "adminId";
+
+    /**
+     * Default value for {@link #PARAM_ADMIN_ID}
+     */
+    String DEFAULT_ADMIN_ID = "admin";
+
+    /**
+     * Configuration option defining the ID of the anonymous user. The ID
+     * might be {@code null} of no anonymous user exists. In this case
+     * Session#getUserID() may return {@code null} if it has been obtained
+     * using {@link javax.jcr.GuestCredentials}.
+     */
+    String PARAM_ANONYMOUS_ID = "anonymousId";
+
+    /**
+     * Default value for {@link #PARAM_ANONYMOUS_ID}
+     */
+    String DEFAULT_ANONYMOUS_ID = "anonymous";
+
+    /**
+     * Configuration option to define the path underneath which user nodes
+     * are being created.
+     */
+    String PARAM_USER_PATH = "usersPath";
+
+    /**
+     * Default value for {@link #PARAM_USER_PATH}
+     */
     String DEFAULT_USER_PATH = "/rep:security/rep:authorizables/rep:users";
+
+    /**
+     * Configuration option to define the path underneath which group nodes
+     * are being created.
+     */
+    String PARAM_GROUP_PATH = "groupsPath";
+
+    /**
+     * Default value for {@link #PARAM_GROUP_PATH}
+     */
     String DEFAULT_GROUP_PATH = "/rep:security/rep:authorizables/rep:groups";
+
+    /**
+     * Parameter used to change the number of levels that are used by default
+     * store authorizable nodes.<br>The default number of levels is 2.
+     */
+    String PARAM_DEFAULT_DEPTH = "defaultDepth";
+
+    /**
+     * Default value for {@link #PARAM_DEFAULT_DEPTH}
+     */
     int DEFAULT_DEPTH = 2;
 
-    String DEFAULT_ADMIN_ID = "admin";
-    String DEFAULT_ANONYMOUS_ID = "anonymous";
+    /**
+     * Its value determines the maximum number of members within a given
+     * content structure until additional intermediate structuring is being
+     * added. This may for example be used to
+     * <ul>
+     *     <li>switch storing group members in JCR properties or nodes</li>
+     *     <li>define maximum number of members is a multivalued property</li>
+     *     <li>define maximum number of member properties within a given
+     *     node structure</li>
+     * </ul>
+     */
+    String PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE = "groupMembershipSplitSize";
+    /**
+     * Configuration parameter to change the default algorithm used to generate
+     * password hashes.
+     */
+    String PARAM_PASSWORD_HASH_ALGORITHM = "passwordHashAlgorithm";
+    /**
+     * Configuration parameter to change the number of iterations used for
+     * password hash generation.
+     */
+    String PARAM_PASSWORD_HASH_ITERATIONS = "passwordHashIterations";
+    /**
+     * Configuration parameter to change the number of iterations used for
+     * password hash generation.
+     */
+    String PARAM_PASSWORD_SALT_SIZE = "passwordSaltSize";
+    /**
+     * Configuration parameter to set the authorizable actions.
+     *
+     * @see org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction
+     */
+    String PARAM_AUTHORIZABLE_ACTIONS = "authorizableActions";
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java Tue Oct 16 10:57:10 2012
@@ -34,7 +34,7 @@ import org.apache.jackrabbit.api.securit
  * <li>{@link #onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session) User password modification}.</li>
  * </ul>
  *
- * @see org.apache.jackrabbit.oak.spi.security.user.UserConfig
+ * @see org.apache.jackrabbit.oak.spi.security.ConfigurationParameters
  */
 public interface AuthorizableAction {
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java Tue Oct 16 10:57:10 2012
@@ -23,7 +23,7 @@ import javax.jcr.Session;
 import javax.jcr.nodetype.ConstraintViolationException;
 
 import org.apache.jackrabbit.api.security.user.User;
-import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java (from r1398672, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java&r1=1398672&r2=1398729&rev=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java Tue Oct 16 10:57:10 2012
@@ -14,15 +14,16 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.spi.security.user;
+package org.apache.jackrabbit.oak.spi.security.user.util;
 
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
-
 import javax.annotation.Nullable;
 
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -100,13 +101,13 @@ public class PasswordUtility {
      * @throws NoSuchAlgorithmException If the specified algorithm is not supported.
      * @throws UnsupportedEncodingException If utf-8 is not supported.
      */
-    public static String buildPasswordHash(String password, UserConfig config) throws NoSuchAlgorithmException, UnsupportedEncodingException {
+    public static String buildPasswordHash(String password, ConfigurationParameters config) throws NoSuchAlgorithmException, UnsupportedEncodingException {
         if (config == null) {
             throw new IllegalArgumentException("UserConfig must not be null");
         }
-        String algorithm = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ALGORITHM, DEFAULT_ALGORITHM);
-        int iterations = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ITERATIONS, DEFAULT_ITERATIONS);
-        int saltSize = config.getConfigValue(UserConfig.PARAM_PASSWORD_SALT_SIZE, DEFAULT_SALT_SIZE);
+        String algorithm = config.getConfigValue(UserConstants.PARAM_PASSWORD_HASH_ALGORITHM, DEFAULT_ALGORITHM);
+        int iterations = config.getConfigValue(UserConstants.PARAM_PASSWORD_HASH_ITERATIONS, DEFAULT_ITERATIONS);
+        int saltSize = config.getConfigValue(UserConstants.PARAM_PASSWORD_SALT_SIZE, DEFAULT_SALT_SIZE);
 
         return buildPasswordHash(password, algorithm, saltSize, iterations);
     }

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java?rev=1398729&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java Tue Oct 16 10:57:10 2012
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.user.util;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+
+import static org.apache.jackrabbit.oak.api.Type.STRING;
+
+/**
+ * UserUtils... TODO
+ */
+public final class UserUtility implements UserConstants{
+
+    @Nonnull
+    public static String getAdminId(ConfigurationParameters parameters) {
+        return parameters.getConfigValue(PARAM_ADMIN_ID, DEFAULT_ADMIN_ID);
+    }
+
+    @Nonnull
+    public static String getAnonymousId(ConfigurationParameters parameters) {
+        return parameters.getConfigValue(PARAM_ANONYMOUS_ID, DEFAULT_ANONYMOUS_ID);
+    }
+
+    public static boolean isAuthorizableTree(Tree authorizableTree) {
+        return isAuthorizableTree(authorizableTree, AuthorizableType.AUTHORIZABLE);
+    }
+
+    public static boolean isAuthorizableTree(Tree authorizableTree, AuthorizableType type) {
+        // FIXME: check for node type according to the specified type constraint
+        if (authorizableTree != null && authorizableTree.hasProperty(JcrConstants.JCR_PRIMARYTYPE)) {
+            String ntName = authorizableTree.getProperty(JcrConstants.JCR_PRIMARYTYPE).getValue(STRING);
+            switch (type) {
+                case GROUP:
+                    return NT_REP_GROUP.equals(ntName);
+                case USER:
+                    return NT_REP_USER.equals(ntName);
+                default:
+                    return NT_REP_USER.equals(ntName) || NT_REP_GROUP.equals(ntName);
+            }
+        }
+        return false;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java Tue Oct 16 10:57:10 2012
@@ -16,6 +16,7 @@
  */
 package org.apache.jackrabbit.oak.security;
 
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -52,6 +53,23 @@ public class ConfigurationParametersTest
     }
 
     @Test
+    public void testArrayDefaultValue() {
+        TestObject[] testArray = new TestObject[] {new TestObject("t")};
+
+        ConfigurationParameters options = new ConfigurationParameters();
+        TestObject[] result = options.getConfigValue("test", new TestObject[0]);
+        assertNotNull(result);
+        assertEquals(0, result.length);
+
+        result = options.getConfigValue("test", testArray);
+        assertEquals(result, testArray);
+
+        options = new ConfigurationParameters(Collections.singletonMap("test", testArray));
+        result = options.getConfigValue("test", null);
+        assertEquals(result, testArray);
+    }
+
+    @Test
     public void testConversion() {
         TestObject testObject = new TestObject("t");
         Integer int1000 = new Integer(1000);

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java Tue Oct 16 10:57:10 2012
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.oak.security.user;
 
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -31,13 +30,13 @@ import org.apache.jackrabbit.oak.api.Con
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexHook;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
-import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.util.Text;
 import org.junit.After;
 import org.junit.Before;
@@ -62,7 +61,7 @@ public class UserProviderImplTest extend
     private ContentSession contentSession;
     private Root root;
 
-    private UserConfig defaultConfig;
+    private ConfigurationParameters defaultConfig;
     private String defaultUserPath;
     private String defaultGroupPath;
     
@@ -77,13 +76,13 @@ public class UserProviderImplTest extend
         contentSession = createAdminSession();
         root = contentSession.getLatestRoot();
 
-        defaultConfig = new UserConfig();
-        defaultUserPath = defaultConfig.getConfigValue(UserConfig.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
-        defaultGroupPath = defaultConfig.getConfigValue(UserConfig.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
+        defaultConfig = new ConfigurationParameters();
+        defaultUserPath = defaultConfig.getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
+        defaultGroupPath = defaultConfig.getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
 
         customOptions = new HashMap<String, Object>();
-        customOptions.put(UserConfig.PARAM_GROUP_PATH, customGroupPath);
-        customOptions.put(UserConfig.PARAM_USER_PATH, customUserPath);
+        customOptions.put(UserConstants.PARAM_GROUP_PATH, customGroupPath);
+        customOptions.put(UserConstants.PARAM_USER_PATH, customUserPath);
 
         cleanupPaths.add(defaultUserPath);
         cleanupPaths.add(defaultGroupPath);
@@ -113,8 +112,8 @@ public class UserProviderImplTest extend
 
     private UserProvider createUserProvider(int defaultDepth) {
         Map<String, Object> options = new HashMap<String, Object>(customOptions);
-        options.put(UserConfig.PARAM_DEFAULT_DEPTH, defaultDepth);
-        return new UserProviderImpl(root, new UserConfig(options, Collections.<AuthorizableAction>emptySet()));
+        options.put(UserConstants.PARAM_DEFAULT_DEPTH, defaultDepth);
+        return new UserProviderImpl(root, new ConfigurationParameters(options));
     }
 
     @Test
@@ -126,7 +125,7 @@ public class UserProviderImplTest extend
 
         assertNotNull(userTree);
         assertTrue(Text.isDescendant(defaultUserPath, userTree.getPath()));
-        int level = defaultConfig.getConfigValue(UserConfig.PARAM_DEFAULT_DEPTH, UserConstants.DEFAULT_DEPTH) + 1;
+        int level = defaultConfig.getConfigValue(UserConstants.PARAM_DEFAULT_DEPTH, UserConstants.DEFAULT_DEPTH) + 1;
         assertEquals(defaultUserPath, Text.getRelativeParent(userTree.getPath(), level));
         
         // make sure all users are created in a structure with default depth
@@ -169,7 +168,7 @@ public class UserProviderImplTest extend
         assertNotNull(groupTree);
         assertTrue(Text.isDescendant(defaultGroupPath, groupTree.getPath()));
 
-        int level = defaultConfig.getConfigValue(UserConfig.PARAM_DEFAULT_DEPTH, UserConstants.DEFAULT_DEPTH) + 1;
+        int level = defaultConfig.getConfigValue(UserConstants.PARAM_DEFAULT_DEPTH, UserConstants.DEFAULT_DEPTH) + 1;
         assertEquals(defaultGroupPath, Text.getRelativeParent(groupTree.getPath(), level));
     }
 
@@ -328,10 +327,10 @@ public class UserProviderImplTest extend
     public void testIsAdminUser() throws Exception {
         UserProvider userProvider = createUserProvider();
 
-        String adminId = defaultConfig.getAdminId();
+        String adminId = UserUtility.getAdminId(defaultConfig);
         Tree adminTree = userProvider.getAuthorizable(adminId, AuthorizableType.USER);
         if (adminTree == null) {
-            adminTree = userProvider.createUser(defaultConfig.getAdminId(), null);
+            adminTree = userProvider.createUser(adminId, null);
         }
         assertTrue(userProvider.isAdminUser(adminTree));
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtilityTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtilityTest.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtilityTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtilityTest.java Tue Oct 16 10:57:10 2012
@@ -16,6 +16,7 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user;
 
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.junit.Test;
 
 import java.security.NoSuchAlgorithmException;

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1398729&r1=1398728&r2=1398729&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Tue Oct 16 10:57:10 2012
@@ -487,7 +487,7 @@ public class SessionDelegate {
     @Nonnull
     UserManager getUserManager() throws UnsupportedRepositoryOperationException {
         if (securityProvider != null) {
-            return securityProvider.getUserContext().getUserManager(session, root, getNamePathMapper());
+            return securityProvider.getUserConfiguration().getUserManager(session, root, getNamePathMapper());
         } else {
             throw new UnsupportedRepositoryOperationException("User management not supported.");
         }



Mime
View raw message