jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1399780 [2/2] - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/...
Date Thu, 18 Oct 2012 18:51:20 GMT
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Thu Oct 18 18:51:18 2012
@@ -26,9 +26,8 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 
 /**
  * UserConfigurationImpl... TODO
@@ -36,9 +35,11 @@ import org.apache.jackrabbit.oak.spi.sec
 public class UserConfigurationImpl implements UserConfiguration {
 
     private final ConfigurationParameters config;
+    private final SecurityProvider securityProvider;
 
-    public UserConfigurationImpl(ConfigurationParameters config) {
+    public UserConfigurationImpl(ConfigurationParameters config, SecurityProvider securityProvider) {
         this.config = config;
+        this.securityProvider = securityProvider;
     }
 
     @Nonnull
@@ -48,25 +49,18 @@ public class UserConfigurationImpl imple
     }
 
     @Override
-    public UserProvider getUserProvider(Root root) {
-        return new UserProviderImpl(root, config);
-    }
-
-    @Override
-    public MembershipProvider getMembershipProvider(Root root) {
-        return new MembershipProviderImpl(root, config);
-    }
-
-    @Override
     public List<ValidatorProvider> getValidatorProviders() {
         ValidatorProvider vp = new UserValidatorProvider(getConfigurationParameters());
         return Collections.singletonList(vp);
     }
 
     @Override
-    public UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper) {
-        UserProvider up = getUserProvider(root);
-        MembershipProvider mp = getMembershipProvider(root);
-        return new UserManagerImpl(session, namePathMapper, up, mp, config);
+    public UserManager getUserManager(Root root, NamePathMapper namePathMapper, Session session) {
+        return new UserManagerImpl(session, root, namePathMapper, securityProvider);
+    }
+
+    @Override
+    public UserManager getUserManager(Root root, NamePathMapper namePathMapper) {
+        return new UserManagerImpl(null, root, namePathMapper, securityProvider);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Thu Oct 18 18:51:18 2012
@@ -17,20 +17,26 @@
 package org.apache.jackrabbit.oak.security.user;
 
 import java.security.Principal;
+import javax.annotation.CheckForNull;
 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
-import javax.jcr.UnsupportedRepositoryOperationException;
 
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.security.principal.AdminPrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
+import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static org.apache.jackrabbit.oak.api.Type.STRING;
+
 /**
  * UserImpl...
  */
@@ -45,11 +51,12 @@ class UserImpl extends AuthorizableImpl 
 
     UserImpl(String id, Tree tree, UserManagerImpl userManager) throws RepositoryException {
         super(id, tree, userManager);
-        isAdmin = userManager.getUserProvider().isAdminUser(tree);
+
+        isAdmin = UserUtility.getAdminId(userManager.getConfig()).equals(id);
     }
 
     void checkValidTree(Tree tree) throws RepositoryException {
-        if (tree == null || !getUserProvider().isAuthorizableType(tree, AuthorizableType.USER)) {
+        if (tree == null || !UserUtility.isType(tree, AuthorizableType.USER)) {
             throw new IllegalArgumentException("Invalid user node: node type rep:User expected.");
         }
     }
@@ -69,7 +76,7 @@ class UserImpl extends AuthorizableImpl 
     @Override
     public Principal getPrincipal() throws RepositoryException {
         Tree userTree = getTree();
-        String principalName = getUserProvider().getPrincipalName(userTree);
+        String principalName = getPrincipalName(userTree);
         if (isAdmin()) {
             return new AdminPrincipalImpl(principalName, userTree, getUserManager().getNamePathMapper());
         } else {
@@ -92,8 +99,8 @@ class UserImpl extends AuthorizableImpl 
      * @see org.apache.jackrabbit.api.security.user.User#getCredentials()
      */
     @Override
-    public Credentials getCredentials() throws RepositoryException {
-        throw new UnsupportedRepositoryOperationException("Not implemented.");
+    public Credentials getCredentials() {
+        return new CredentialsImpl(getID(), getPasswordHash());
     }
 
     /**
@@ -101,7 +108,7 @@ class UserImpl extends AuthorizableImpl 
      */
     @Override
     public Impersonation getImpersonation() throws RepositoryException {
-        return getUserProvider().getImpersonation(getTree(), getUserManager().getPrincipalProvider());
+        return new ImpersonationImpl(this);
     }
 
     /**
@@ -114,7 +121,7 @@ class UserImpl extends AuthorizableImpl 
         }
         UserManagerImpl userManager = getUserManager();
         userManager.onPasswordChange(this, password);
-        getUserProvider().setPassword(getTree(), password, true);
+        userManager.setPassword(getTree(), password, true);
     }
 
     /**
@@ -123,7 +130,7 @@ class UserImpl extends AuthorizableImpl 
     @Override
     public void changePassword(String password, String oldPassword) throws RepositoryException {
         // make sure the old password matches.
-        String pwHash = getUserProvider().getPasswordHash(getTree());
+        String pwHash = getPasswordHash();
         if (!PasswordUtility.isSame(pwHash, oldPassword)) {
             throw new RepositoryException("Failed to change password: Old password does not match.");
         }
@@ -135,7 +142,18 @@ class UserImpl extends AuthorizableImpl 
      */
     @Override
     public void disable(String reason) throws RepositoryException {
-        getUserProvider().disable(getTree(), reason);
+        if (isAdmin) {
+            throw new RepositoryException("The administrator user cannot be disabled.");
+        }
+        Tree tree = getTree();
+        if (reason == null) {
+            if (tree.hasProperty(REP_DISABLED)) {
+                // enable the user again.
+                tree.removeProperty(REP_DISABLED);
+            } // else: not disabled -> nothing to
+        } else {
+            tree.setProperty(REP_DISABLED, reason);
+        }
     }
 
     /**
@@ -143,7 +161,7 @@ class UserImpl extends AuthorizableImpl 
      */
     @Override
     public boolean isDisabled() throws RepositoryException {
-        return getUserProvider().isDisabled(getTree());
+        return getTree().hasProperty(REP_DISABLED);
     }
 
     /**
@@ -151,6 +169,18 @@ class UserImpl extends AuthorizableImpl 
      */
     @Override
     public String getDisabledReason() throws RepositoryException {
-        return getUserProvider().getDisableReason(getTree());
+        PropertyState disabled = getTree().getProperty(REP_DISABLED);
+        if (disabled != null) {
+            return disabled.getValue(STRING);
+        } else {
+            return null;
+        }
+    }
+
+    //--------------------------------------------------------------------------
+    @CheckForNull
+    private String getPasswordHash() {
+        NodeUtil n = new NodeUtil(getTree());
+        return n.getString(UserConstants.REP_PASSWORD, null);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Thu Oct 18 18:51:18 2012
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
+import java.io.UnsupportedEncodingException;
+import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.util.Iterator;
 import javax.annotation.CheckForNull;
@@ -24,29 +26,32 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.UnsupportedRepositoryOperationException;
 
-import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.Query;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
 import org.apache.jackrabbit.oak.security.user.query.XPathQueryBuilder;
 import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * UserManagerImpl...
  */
@@ -55,20 +60,27 @@ public class UserManagerImpl implements 
     private static final Logger log = LoggerFactory.getLogger(UserManagerImpl.class);
 
     private final Session session;
+    private final Root root;
     private final NamePathMapper namePathMapper;
+    private final SecurityProvider securityProvider;
 
     private final UserProvider userProvider;
     private final MembershipProvider membershipProvider;
     private final ConfigurationParameters config;
+    private final AuthorizableAction[] authorizableActions;
 
-    public UserManagerImpl(Session session, NamePathMapper namePathMapper,
-                           UserProvider userProvider, MembershipProvider membershipProvider,
-                           ConfigurationParameters config) {
+    public UserManagerImpl(Session session, Root root, NamePathMapper namePathMapper,
+                           SecurityProvider securityProvider) {
         this.session = session;
+        this.root = root;
         this.namePathMapper = namePathMapper;
-        this.userProvider = userProvider;
-        this.membershipProvider = membershipProvider;
-        this.config = config;
+        this.securityProvider = securityProvider;
+
+        UserConfiguration uc = securityProvider.getUserConfiguration();
+        this.config = uc.getConfigurationParameters();
+        this.userProvider = new UserProvider(root, config);
+        this.membershipProvider = new MembershipProvider(root, config);
+        this.authorizableActions = config.getConfigValue(UserConstants.PARAM_AUTHORIZABLE_ACTIONS, new AuthorizableAction[0]);
     }
 
     //--------------------------------------------------------< UserManager >---
@@ -126,9 +138,14 @@ public class UserManagerImpl implements 
     @Override
     public Iterator<Authorizable> findAuthorizables(Query query) throws RepositoryException {
         checkIsLive();
-        XPathQueryBuilder builder = new XPathQueryBuilder();
-        query.build(builder);
-        return new XPathQueryEvaluator(builder, this, session.getWorkspace().getQueryManager(), namePathMapper).eval();
+        if (session != null) {
+            XPathQueryBuilder builder = new XPathQueryBuilder();
+            query.build(builder);
+            return new XPathQueryEvaluator(builder, this, session.getWorkspace().getQueryManager(), namePathMapper).eval();
+        } else {
+            // TODO: implement
+            throw new UnsupportedOperationException("not implemented");
+        }
     }
 
     @Override
@@ -154,7 +171,7 @@ public class UserManagerImpl implements 
         Tree userTree = userProvider.createUser(userID, intermediatePath);
         setPrincipal(userTree, principal);
         if (password != null) {
-            userProvider.setPassword(userTree, password, true);
+            setPassword(userTree, password, true);
         }
 
         User user = new UserImpl(userID, userTree, this);
@@ -239,7 +256,8 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onCreate(User user, String password) throws RepositoryException {
-        for (AuthorizableAction action : getAuthorizableActions()) {
+        // TODO
+        for (AuthorizableAction action : authorizableActions) {
             action.onCreate(user, password, session);
         }
     }
@@ -253,7 +271,8 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onCreate(Group group) throws RepositoryException {
-        for (AuthorizableAction action : getAuthorizableActions()) {
+        // TODO
+        for (AuthorizableAction action : authorizableActions) {
             action.onCreate(group, session);
         }
     }
@@ -267,7 +286,8 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onRemove(Authorizable authorizable) throws RepositoryException {
-        for (AuthorizableAction action : getAuthorizableActions()) {
+        // TODO
+        for (AuthorizableAction action : authorizableActions) {
             action.onRemove(authorizable, session);
         }
     }
@@ -282,22 +302,35 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onPasswordChange(User user, String password) throws RepositoryException {
-        for (AuthorizableAction action : getAuthorizableActions()) {
+        // TODO
+        for (AuthorizableAction action : authorizableActions) {
             action.onPasswordChange(user, password, session);
         }
     }
 
-    private AuthorizableAction[] getAuthorizableActions() {
-        return config.getConfigValue(UserConstants.PARAM_AUTHORIZABLE_ACTIONS, new AuthorizableAction[0]);
-    }
-
     //--------------------------------------------------------------------------
+    @CheckForNull
+    Node getAuthorizableNode(String id) throws RepositoryException {
+        if (session == null) {
+            return null;
+        }
 
-    Node getAuthorizableNode(String oakPath) throws RepositoryException {
-        String jcrPath = getNamePathMapper().getJcrPath(oakPath);
+        Tree tree = userProvider.getAuthorizable(id);
+        if (tree == null) {
+            throw new RepositoryException("Authorizable not associated with an existing tree");
+        }
+        String jcrPath = getNamePathMapper().getJcrPath(tree.getPath());
         return session.getNode(jcrPath);
     }
 
+    AuthorizableProperties getAuthorizableProperties(String id) throws RepositoryException {
+        if (session != null) {
+            return new JcrAuthorizableProperties(getAuthorizableNode(id), namePathMapper);
+        } else {
+            return new OakAuthorizableProperties(userProvider, id, namePathMapper);
+        }
+    }
+
     NamePathMapper getNamePathMapper() {
         return namePathMapper;
     }
@@ -311,11 +344,11 @@ public class UserManagerImpl implements 
     }
 
     PrincipalProvider getPrincipalProvider() throws RepositoryException {
-        if (!(session instanceof JackrabbitSession)) {
-            throw new UnsupportedRepositoryOperationException("Principal management not supported");
-        }
-        JackrabbitSession js = (JackrabbitSession) session;
-        return ((PrincipalManagerImpl) js.getPrincipalManager()).getPrincipalProvider();
+        return securityProvider.getPrincipalConfiguration().getPrincipalProvider(root, namePathMapper);
+    }
+
+    ConfigurationParameters getConfig() {
+        return config;
     }
 
     @CheckForNull
@@ -331,9 +364,9 @@ public class UserManagerImpl implements 
         if (id == null || tree == null) {
             return null;
         }
-        if (userProvider.isAuthorizableType(tree, AuthorizableType.USER)) {
+        if (UserUtility.isType(tree, AuthorizableType.USER)) {
             return new UserImpl(userProvider.getAuthorizableId(tree), tree, this);
-        } else if (userProvider.isAuthorizableType(tree, AuthorizableType.GROUP)) {
+        } else if (UserUtility.isType(tree, AuthorizableType.GROUP)) {
             return new GroupImpl(userProvider.getAuthorizableId(tree), tree, this);
         } else {
             throw new RepositoryException("Not a user or group tree " + tree.getPath() + '.');
@@ -357,12 +390,29 @@ public class UserManagerImpl implements 
         }
     }
 
-    private void setPrincipal(Tree userTree, Principal principal) throws RepositoryException {
-        getUserProvider().setPrincipalName(userTree, principal.getName());
+    void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException {
+        String pwHash;
+        if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
+            try {
+                pwHash = PasswordUtility.buildPasswordHash(password, config);
+            } catch (NoSuchAlgorithmException e) {
+                throw new RepositoryException(e);
+            } catch (UnsupportedEncodingException e) {
+                throw new RepositoryException(e);
+            }
+        } else {
+            pwHash = password;
+        }
+        userTree.setProperty(UserConstants.REP_PASSWORD, pwHash);
+    }
+
+    private void setPrincipal(Tree authorizableTree, Principal principal) {
+        checkNotNull(principal);
+        authorizableTree.setProperty(UserConstants.REP_PRINCIPAL_NAME, principal.getName());
     }
 
     private void checkIsLive() throws RepositoryException {
-        if (!session.isLive()) {
+        if (session != null && !session.isLive()) {
             throw new RepositoryException("UserManager has been closed.");
         }
     }

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (from r1399538, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java&r1=1399538&r2=1399780&rev=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java Thu Oct 18 18:51:18 2012
@@ -16,18 +16,17 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.text.ParseException;
 import java.util.Collections;
 import java.util.Iterator;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.query.Query;
 
 import org.apache.jackrabbit.JcrConstants;
-import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Result;
 import org.apache.jackrabbit.oak.api.ResultRow;
@@ -36,12 +35,9 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.query.PropertyValues;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.util.Text;
@@ -145,12 +141,12 @@ import static org.apache.jackrabbit.oak.
  *
  * TODO
  */
-class UserProviderImpl extends AuthorizableBaseProvider implements UserProvider {
+class UserProvider extends AuthorizableBaseProvider {
 
     /**
      * logger instance
      */
-    private static final Logger log = LoggerFactory.getLogger(UserProviderImpl.class);
+    private static final Logger log = LoggerFactory.getLogger(UserProvider.class);
 
     private static final String DELIMITER = "/";
 
@@ -159,7 +155,7 @@ class UserProviderImpl extends Authoriza
     private final String groupPath;
     private final String userPath;
 
-    UserProviderImpl(Root root, ConfigurationParameters config) {
+    UserProvider(Root root, ConfigurationParameters config) {
         super(root, config);
 
         defaultDepth = config.getConfigValue(PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH);
@@ -169,32 +165,27 @@ class UserProviderImpl extends Authoriza
     }
 
     //-------------------------------------------------------< UserProvider >---
-    @Override
+    @Nonnull
     public Tree createUser(String userID, String intermediateJcrPath) throws RepositoryException {
         return createAuthorizableNode(userID, false, intermediateJcrPath);
     }
 
-    @Override
+    @Nonnull
     public Tree createGroup(String groupID, String intermediateJcrPath) throws RepositoryException {
         return createAuthorizableNode(groupID, true, intermediateJcrPath);
     }
 
-    @Override
+    @CheckForNull
     public Tree getAuthorizable(String authorizableId) {
         return getByID(authorizableId, AuthorizableType.AUTHORIZABLE);
     }
 
-    @Override
-    public Tree getAuthorizable(String authorizableId, AuthorizableType authorizableType) {
-        return getByID(authorizableId, authorizableType);
-    }
-
-    @Override()
+    @CheckForNull
     public Tree getAuthorizableByPath(String authorizableOakPath) {
         return getByPath(authorizableOakPath);
     }
 
-    @Override
+    @CheckForNull
     public Tree getAuthorizableByPrincipal(Principal principal) {
         if (principal instanceof TreeBasedPrincipal) {
             return root.getTree(((TreeBasedPrincipal) principal).getOakPath());
@@ -225,10 +216,10 @@ class UserProviderImpl extends Authoriza
         return null;
     }
 
-    @Override
+    @CheckForNull
     public String getAuthorizableId(Tree authorizableTree) {
         checkNotNull(authorizableTree);
-        if (UserUtility.isAuthorizableTree(authorizableTree, AuthorizableType.AUTHORIZABLE)) {
+        if (UserUtility.isType(authorizableTree, AuthorizableType.AUTHORIZABLE)) {
             PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID);
             if (idProp != null) {
                 return idProp.getValue(STRING);
@@ -239,112 +230,37 @@ class UserProviderImpl extends Authoriza
         return null;
     }
 
-    @Override
+    /**
+     * Find the authorizable trees matching the following search parameters within
+     * the sub-tree defined by an authorizable tree:
+     *
+     * @param propertyRelPaths An array of property names or relative paths
+     * pointing to properties within the tree defined by a given authorizable node.
+     * @param value The property value to look for.
+     * @param ntNames An array of node type names to restrict the search within
+     * the authorizable tree to a subset of nodes that match any of the node
+     * type names; {@code null} indicates that no filtering by node type is
+     * desired. Specifying a node type name that defines an authorizable node
+     * )e.g. {@link UserConstants#NT_REP_USER rep:User} will limit the search to
+     * properties defined with the authorizable node itself instead of searching
+     * the complete sub-tree.
+     * @param exact A boolean flag indicating if the value must match exactly or not.s
+     * @param maxSize The maximal number of search results to look for.
+     * @param authorizableType Filter the search results to only return authorizable
+     * trees of a given type. Passing {@link AuthorizableType#AUTHORIZABLE} indicates that
+     * no filtering for a specific authorizable type is desired. However, properties
+     * might still be search in the complete sub-tree of authorizables depending
+     * on the other query parameters.
+     * @return An iterator of authorizable trees that match the specified
+     * search parameters and filters or an empty iterator if no result can be
+     * found.
+     */
+    @Nonnull
     public Iterator<Tree> findAuthorizables(String[] propertyRelPaths, String value, String[] ntNames, boolean exact, long maxSize, AuthorizableType authorizableType) {
         // TODO
         throw new UnsupportedOperationException("not yet implemented");
     }
 
-    @Override
-    public boolean isAuthorizableType(Tree authorizableTree, AuthorizableType authorizableType) {
-        return UserUtility.isAuthorizableTree(authorizableTree, authorizableType);
-    }
-
-    @Override
-    public boolean isAdminUser(Tree userTree) {
-        checkNotNull(userTree);
-        return isAuthorizableType(userTree, AuthorizableType.USER) && UserUtility.getAdminId(config).equals(getAuthorizableId(userTree));
-    }
-
-    @Override
-    public String getPasswordHash(Tree userTree) {
-        checkNotNull(userTree);
-
-        NodeUtil n = new NodeUtil(userTree);
-        return n.getString(UserConstants.REP_PASSWORD, null);
-    }
-
-    @Override
-    public void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException {
-        String pwHash;
-        if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
-            try {
-                pwHash = PasswordUtility.buildPasswordHash(password, config);
-            } catch (NoSuchAlgorithmException e) {
-                throw new RepositoryException(e);
-            } catch (UnsupportedEncodingException e) {
-                throw new RepositoryException(e);
-            }
-        } else {
-            pwHash = password;
-        }
-        setProtectedProperty(userTree, UserConstants.REP_PASSWORD, pwHash);
-    }
-
-    @Override
-    public String getPrincipalName(Tree authorizableTree) throws RepositoryException {
-        checkNotNull(authorizableTree);
-
-        String principalName;
-        if (authorizableTree.hasProperty(REP_PRINCIPAL_NAME)) {
-            return authorizableTree.getProperty(REP_PRINCIPAL_NAME).getValue(STRING);
-        } else {
-            String msg = "Authorizable without principal name " + getAuthorizableId(authorizableTree);
-            log.warn(msg);
-            throw new RepositoryException(msg);
-        }
-    }
-
-    @Override
-    public void setPrincipalName(Tree authorizableTree, String principalName) throws RepositoryException {
-        checkNotNull(authorizableTree);
-        checkNotNull(principalName);
-
-        setProtectedProperty(authorizableTree, UserConstants.REP_PRINCIPAL_NAME, principalName);
-    }
-
-    @Override
-    public Impersonation getImpersonation(Tree userTree, PrincipalProvider principalProvider) {
-        // FIXME: for login the impersonation could be based on the tree directly -> improve
-        return new ImpersonationImpl(getAuthorizableId(userTree), this, principalProvider);
-    }
-
-    @Override
-    public boolean isDisabled(Tree userTree) {
-        checkNotNull(userTree);
-
-        return userTree.hasProperty(REP_DISABLED);
-    }
-
-    @Override
-    public String getDisableReason(Tree userTree) {
-        checkNotNull(userTree);
-
-        PropertyState disabled = userTree.getProperty(REP_DISABLED);
-        if (disabled != null) {
-            return disabled.getValue(STRING);
-        } else {
-            return null;
-        }
-    }
-
-    @Override
-    public void disable(Tree userTree, String reason) throws RepositoryException {
-        checkNotNull(userTree);
-
-        if (isAdminUser(userTree)) {
-            throw new RepositoryException("The administrator user cannot be disabled.");
-        }
-        if (reason == null) {
-            if (isDisabled(userTree)) {
-                // enable the user again.
-                setProtectedProperty(userTree, REP_DISABLED, null);
-            } // else: not disabled -> nothing to
-        } else {
-            setProtectedProperty(userTree, REP_DISABLED, reason);
-        }
-    }
-
     //------------------------------------------------------------< private >---
 
     private Tree createAuthorizableNode(String authorizableId, boolean isGroup, String intermediatePath) throws RepositoryException {
@@ -445,12 +361,4 @@ class UserProviderImpl extends Authoriza
         }
         return sb.toString();
     }
-
-    private void setProtectedProperty(Tree authorizableTree, String propertyName, String value) {
-        if (value == null) {
-            authorizableTree.removeProperty(propertyName);
-        } else {
-            authorizableTree.setProperty(propertyName, value);
-        }
-    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java Thu Oct 18 18:51:18 2012
@@ -67,7 +67,7 @@ class UserValidator extends DefaultValid
             fail(msg);
         }
 
-        if (UserUtility.isAuthorizableTree(parentBefore.getTree(), AuthorizableType.USER)
+        if (UserUtility.isType(parentBefore.getTree(), AuthorizableType.USER)
                 && REP_PASSWORD.equals(name)
                 && PasswordUtility.isPlainTextPassword(after.getValue(Type.STRING))) {
             String msg = "Password may not be plain text.";
@@ -146,7 +146,7 @@ class UserValidator extends DefaultValid
     // FIXME: copied from UserProvider#isAdminUser
     private boolean isAdminUser(NodeUtil userNode) {
         String id = (userNode.getString(REP_AUTHORIZABLE_ID, Text.unescapeIllegalJcrChars(userNode.getName())));
-        return UserUtility.isAuthorizableTree(userNode.getTree(), AuthorizableType.USER) &&
+        return UserUtility.isType(userNode.getTree(), AuthorizableType.USER) &&
                UserUtility.getAdminId(provider.getConfig()).equals(id);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java Thu Oct 18 18:51:18 2012
@@ -22,7 +22,6 @@ import org.apache.jackrabbit.oak.core.Re
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 
@@ -34,7 +33,6 @@ import static com.google.common.base.Pre
 class UserValidatorProvider implements ValidatorProvider {
 
     private final ConfigurationParameters config;
-    private UserProvider userProvider;
 
     UserValidatorProvider(ConfigurationParameters config) {
         this.config = checkNotNull(config);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Thu Oct 18 18:51:18 2012
@@ -31,6 +31,7 @@ import javax.security.auth.callback.Unsu
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
+import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -39,9 +40,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback;
-import org.apache.jackrabbit.oak.spi.security.authentication.callback.UserProviderCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -115,8 +115,8 @@ import org.slf4j.LoggerFactory;
  *     authenticate the subject as well as to write back information during
  *     {@link #commit()}.</li>
  *
- *     <li>{@link #getUserProvider()}: Returns an instance of the configured
- *     {@link UserProvider} or {@code null}.</li>
+ *     <li>{@link #getUserManager()}: Returns an instance of the configured
+ *     {@link UserManager} or {@code null}.</li>
  *
  *     <li>{@link #getPrincipalProvider()}: Returns an instance of the configured
  *     principal provider or {@code null}.</li>
@@ -317,19 +317,19 @@ public abstract class AbstractLoginModul
     }
 
     @CheckForNull
-    protected UserProvider getUserProvider() {
-        UserProvider userProvider = null;
+    protected UserManager getUserManager() {
+        UserManager userManager = null;
         SecurityProvider sp = getSecurityProvider();
         Root root = getRoot();
         if (root != null && sp != null) {
-            userProvider = sp.getUserConfiguration().getUserProvider(root);
+            userManager = sp.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
         }
 
-        if (userProvider == null && callbackHandler != null) {
+        if (userManager == null && callbackHandler != null) {
             try {
-                UserProviderCallback userCallBack = new UserProviderCallback();
+                UserManagerCallback userCallBack = new UserManagerCallback();
                 callbackHandler.handle(new Callback[] {userCallBack});
-                userProvider = userCallBack.getUserProvider();
+                userManager = userCallBack.getUserManager();
             } catch (IOException e) {
                 log.debug(e.getMessage());
             } catch (UnsupportedCallbackException e) {
@@ -337,7 +337,7 @@ public abstract class AbstractLoginModul
             }
         }
 
-        return userProvider;
+        return userManager;
     }
 
     @CheckForNull

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserManagerCallback.java (from r1399538, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserManagerCallback.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserManagerCallback.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java&r1=1399538&r2=1399780&rev=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserManagerCallback.java Thu Oct 18 18:51:18 2012
@@ -18,36 +18,36 @@ package org.apache.jackrabbit.oak.spi.se
 
 import javax.security.auth.callback.Callback;
 
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.api.security.user.UserManager;
 
 /**
- * Callback implementation used to pass a {@link UserProvider} to the
+ * Callback implementation used to pass a {@link UserManager} to the
  * login module.
  */
-public class UserProviderCallback implements Callback {
+public class UserManagerCallback implements Callback {
 
-    private UserProvider userProvider;
+    private UserManager userManager;
 
     /**
      * Returns the user provider as set using
-     * {@link #setUserProvider(org.apache.jackrabbit.oak.spi.security.user.UserProvider)}
+     * {@link #setUserManager(org.apache.jackrabbit.api.security.user.UserManager)}
      * or {@code null}.
      *
-     * @return an instance of {@code UserProvider} or {@code null} if no
+     * @return an instance of {@code UserManager} or {@code null} if no
      * provider has been set before.
      */
-    public UserProvider getUserProvider() {
-        return userProvider;
+    public UserManager getUserManager() {
+        return userManager;
     }
 
     /**
-     * Sets the {@code UserProvider} that is being used during the
+     * Sets the {@code UserManager} that is being used during the
      * authentication process.
      *
-     * @param userProvider The user provider to use during the
+     * @param userManager The user provider to use during the
      * authentication process.
      */
-    public void setUserProvider(UserProvider userProvider) {
-        this.userProvider = userProvider;
+    public void setUserManager(UserManager userManager) {
+        this.userManager = userManager;
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java Thu Oct 18 18:51:18 2012
@@ -35,14 +35,11 @@ public interface UserConfiguration {
     ConfigurationParameters getConfigurationParameters();
 
     @Nonnull
-    UserProvider getUserProvider(Root root);
-
-    @Nonnull
-    MembershipProvider getMembershipProvider(Root root);
+    List<ValidatorProvider> getValidatorProviders();
 
     @Nonnull
-    List<ValidatorProvider> getValidatorProviders();
+    UserManager getUserManager(Root root, NamePathMapper namePathMapper, Session session);
 
     @Nonnull
-    UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper);
+    UserManager getUserManager(Root root, NamePathMapper namePathMapper);
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java Thu Oct 18 18:51:18 2012
@@ -42,10 +42,10 @@ public final class UserUtility implement
     }
 
     public static boolean isAuthorizableTree(Tree authorizableTree) {
-        return isAuthorizableTree(authorizableTree, AuthorizableType.AUTHORIZABLE);
+        return isType(authorizableTree, AuthorizableType.AUTHORIZABLE);
     }
 
-    public static boolean isAuthorizableTree(Tree authorizableTree, AuthorizableType type) {
+    public static boolean isType(Tree authorizableTree, AuthorizableType type) {
         // FIXME: check for node type according to the specified type constraint
         if (authorizableTree != null && authorizableTree.hasProperty(JcrConstants.JCR_PRIMARYTYPE)) {
             String ntName = authorizableTree.getProperty(JcrConstants.JCR_PRIMARYTYPE).getValue(STRING);

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java Thu Oct 18 18:51:18 2012
@@ -23,25 +23,28 @@ import javax.security.auth.login.AppConf
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginException;
 
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.AbstractOakTest;
 import org.apache.jackrabbit.oak.Oak;
 import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
 import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
 /**
@@ -105,12 +108,13 @@ public class DefaultLoginModuleTest exte
     public void testAnonymousLogin() throws Exception {
         String anonymousID = UserUtility.getAnonymousId(securityProvider.getUserConfiguration().getConfigurationParameters());
 
-        UserProvider up = securityProvider.getUserConfiguration().getUserProvider(admin.getLatestRoot());
+        Root root = admin.getLatestRoot();
+        UserManager userMgr = securityProvider.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
 
         // verify initial user-content looks like expected
-        Tree anonymous = up.getAuthorizable(anonymousID);
+        Authorizable anonymous = userMgr.getAuthorizable(anonymousID);
         assertNotNull(anonymous);
-        assertNull(up.getPasswordHash(anonymous));
+        assertFalse(root.getTree(anonymous.getPath()).hasProperty(UserConstants.REP_PASSWORD));
 
         ContentSession cs = null;
         try {
@@ -130,24 +134,25 @@ public class DefaultLoginModuleTest exte
         String anonymousID = UserUtility.getAnonymousId(securityProvider.getUserConfiguration().getConfigurationParameters());
 
         Root root = admin.getLatestRoot();
-        UserProvider up = securityProvider.getUserConfiguration().getUserProvider(root);
+        UserManager userManager = securityProvider.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
 
         ContentSession cs = null;
+        User user = null;
         try {
-            Tree userTree = up.createUser("test", null);
-            up.setPassword(userTree, "pw", true);
-            up.setPrincipalName(userTree, "test");
+            user = userManager.createUser("test", "pw");
             root.commit();
 
             cs = getContentRepository().login(new SimpleCredentials("test", "pw".toCharArray()), null);
             AuthInfo authInfo = cs.getAuthInfo();
             assertEquals("test", authInfo.getUserID());
         } finally {
+            if (user != null) {
+                user.remove();
+                root.commit();
+            }
             if (cs != null) {
                 cs.close();
             }
-            up.getAuthorizable("test").remove();
-            root.commit();
         }
     }
 

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java?rev=1399780&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java Thu Oct 18 18:51:18 2012
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.AbstractOakTest;
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
+import org.junit.Test;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertNotNull;
+import static junit.framework.Assert.assertNull;
+import static junit.framework.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * UserManagerImplTest...
+ */
+public class UserManagerImplTest extends AbstractOakTest {
+
+     @Override
+    protected ContentRepository createRepository() {
+        // TODO
+        return null;
+    }
+
+//    @Test
+//    public void testSetPassword() throws Exception {
+//        UserManagerImpl userMgr = createUserManager();
+//        User user = userMgr.createUser("a", "pw");
+//
+//        List<String> pwds = new ArrayList<String>();
+//        pwds.add("pw");
+//        pwds.add("");
+//        pwds.add("{sha1}pw");
+//
+//        for (String pw : pwds) {
+//            user.setPassword(user, pw, true);
+//            String pwHash = up.getPasswordHash(user);
+//            assertNotNull(pwHash);
+//            assertTrue(PasswordUtility.isSame(pwHash, pw));
+//        }
+//
+//        for (String pw : pwds) {
+//            up.setPassword(user, pw, false);
+//            String pwHash = up.getPasswordHash(user);
+//            assertNotNull(pwHash);
+//            if (!pw.startsWith("{")) {
+//                assertTrue(PasswordUtility.isSame(pwHash, pw));
+//            } else {
+//                assertFalse(PasswordUtility.isSame(pwHash, pw));
+//                assertEquals(pw, pwHash);
+//            }
+//        }
+//    }
+//
+//    @Test
+//    public void setPasswordNull() throws Exception {
+//        UserProviderImpl up = createUserProvider();
+//        Tree user = up.createUser("a", null);
+//
+//        try {
+//            up.setPassword(user, null, true);
+//            fail("setting null password should fail");
+//        } catch (IllegalArgumentException e) {
+//            // expected
+//        }
+//
+//        try {
+//            up.setPassword(user, null, false);
+//            fail("setting null password should fail");
+//        } catch (IllegalArgumentException e) {
+//            // expected
+//        }
+//    }
+
+
+//
+//    @Test
+//    public void testGetPasswordHash() throws Exception {
+//        UserProviderImpl up = createUserProvider();
+//        Tree user = up.createUser("a", null);
+//
+//        assertNull(up.getPasswordHash(user));
+//    }
+
+}
\ No newline at end of file

Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java (from r1399538, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java&r1=1399538&r2=1399780&rev=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java Thu Oct 18 18:51:18 2012
@@ -32,20 +32,14 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexHook;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
-import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.util.Text;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
 import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertFalse;
 import static junit.framework.Assert.assertNotNull;
-import static junit.framework.Assert.assertNull;
 import static junit.framework.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -56,7 +50,7 @@ import static org.junit.Assert.fail;
  * TODO: add tests for setProtectedProperty (might still be refactored...)
  * TODO: add tests for findAuthorizables once implementation is ready
  */
-public class UserProviderImplTest extends AbstractOakTest {
+public class UserProviderTest extends AbstractOakTest {
 
     private ContentSession contentSession;
     private Root root;
@@ -88,7 +82,6 @@ public class UserProviderImplTest extend
         cleanupPaths.add(defaultGroupPath);
         cleanupPaths.add(customUserPath);
         cleanupPaths.add(customGroupPath);
-
     }
 
     @After
@@ -107,13 +100,13 @@ public class UserProviderImplTest extend
     }
 
     private UserProvider createUserProvider() {
-        return new UserProviderImpl(root, defaultConfig);
+        return new UserProvider(root, defaultConfig);
     }
 
     private UserProvider createUserProvider(int defaultDepth) {
         Map<String, Object> options = new HashMap<String, Object>(customOptions);
         options.put(UserConstants.PARAM_DEFAULT_DEPTH, defaultDepth);
-        return new UserProviderImpl(root, new ConfigurationParameters(options));
+        return new UserProvider(root, new ConfigurationParameters(options));
     }
 
     @Test
@@ -282,33 +275,6 @@ public class UserProviderImplTest extend
     }
 
     @Test
-    public void testGetAuthorizableWithType() throws Exception {
-        UserProvider up = createUserProvider();
-
-        String userID = "thabit";
-        Tree user = up.createUser(userID, null);
-        root.commit();
-
-        Tree a = up.getAuthorizable(userID, AuthorizableType.USER);
-        assertNotNull(a);
-        assertEquals(user.getPath(), a.getPath());
-
-        assertNotNull(up.getAuthorizable(userID, AuthorizableType.AUTHORIZABLE));
-        assertNull(up.getAuthorizable(userID, AuthorizableType.GROUP));
-
-        String groupID = "hr";
-        Tree group = up.createGroup(groupID, null);
-        root.commit();
-
-        Tree g = up.getAuthorizable(groupID, AuthorizableType.GROUP);
-        assertNotNull(a);
-        assertEquals(user.getPath(), a.getPath());
-
-        assertNotNull(up.getAuthorizable(groupID, AuthorizableType.AUTHORIZABLE));
-        assertNull(up.getAuthorizable(groupID, AuthorizableType.USER));
-    }
-
-    @Test
     public void testGetAuthorizableByPath() throws Exception {
         UserProvider up = createUserProvider();
 
@@ -324,26 +290,6 @@ public class UserProviderImplTest extend
     }
 
     @Test
-    public void testIsAdminUser() throws Exception {
-        UserProvider userProvider = createUserProvider();
-
-        String adminId = UserUtility.getAdminId(defaultConfig);
-        Tree adminTree = userProvider.getAuthorizable(adminId, AuthorizableType.USER);
-        if (adminTree == null) {
-            adminTree = userProvider.createUser(adminId, null);
-        }
-        assertTrue(userProvider.isAdminUser(adminTree));
-
-        List<Tree> others = new ArrayList<Tree>();
-        others.add(userProvider.createUser("laura", null));
-        others.add(userProvider.createGroup("administrators", null));
-
-        for (Tree other : others) {
-            assertFalse(userProvider.isAdminUser(other));
-        }
-    }
-
-    @Test
     public void testGetAuthorizableId() throws Exception {
         UserProvider up = createUserProvider();
 
@@ -373,62 +319,4 @@ public class UserProviderImplTest extend
             u2.remove();
         }
     }
-
-    @Test
-    public void testGetPasswordHash() throws Exception {
-        UserProvider up = createUserProvider();
-        Tree user = up.createUser("a", null);
-
-        assertNull(up.getPasswordHash(user));
-    }
-
-    @Test
-    public void testSetPassword() throws Exception {
-        UserProvider up = createUserProvider();
-        Tree user = up.createUser("a", null);
-
-        List<String> pwds = new ArrayList<String>();
-        pwds.add("pw");
-        pwds.add("");
-        pwds.add("{sha1}pw");
-
-        for (String pw : pwds) {
-            up.setPassword(user, pw, true);
-            String pwHash = up.getPasswordHash(user);
-            assertNotNull(pwHash);
-            assertTrue(PasswordUtility.isSame(pwHash, pw));
-        }
-
-        for (String pw : pwds) {
-            up.setPassword(user, pw, false);
-            String pwHash = up.getPasswordHash(user);
-            assertNotNull(pwHash);
-            if (!pw.startsWith("{")) {
-                assertTrue(PasswordUtility.isSame(pwHash, pw));
-            } else {
-                assertFalse(PasswordUtility.isSame(pwHash, pw));
-                assertEquals(pw, pwHash);
-            }
-        }
-    }
-
-    @Test
-    public void setPasswordNull() throws Exception {
-        UserProvider up = createUserProvider();
-        Tree user = up.createUser("a", null);
-
-        try {
-            up.setPassword(user, null, true);
-            fail("setting null password should fail");
-        } catch (IllegalArgumentException e) {
-            // expected
-        }
-
-        try {
-            up.setPassword(user, null, false);
-            fail("setting null password should fail");
-        } catch (IllegalArgumentException e) {
-            // expected
-        }
-    }
 }

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Thu Oct 18 18:51:18 2012
@@ -493,7 +493,7 @@ public class SessionDelegate {
     UserManager getUserManager() throws UnsupportedRepositoryOperationException {
         if (userManager == null) {
             if (securityProvider != null) {
-                userManager = securityProvider.getUserConfiguration().getUserManager(session, root, getNamePathMapper());
+                userManager = securityProvider.getUserConfiguration().getUserManager(root, getNamePathMapper(), session);
             } else {
                 throw new UnsupportedRepositoryOperationException("User management not supported.");
             }

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java Thu Oct 18 18:51:18 2012
@@ -266,15 +266,6 @@ public class UserTest extends AbstractUs
         }
     }
 
-    public void testUserGetCredentials() throws RepositoryException, NotExecutableException {
-        try {
-            Credentials creds = user.getCredentials();
-            fail("getCredentials is not yet implemented");
-        } catch (UnsupportedRepositoryOperationException e) {
-            // expected
-        }
-    }
-
     public void testLoginWithGetCredentials() throws RepositoryException, NotExecutableException {
         try {
             Credentials creds = user.getCredentials();



Mime
View raw message