jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1406225 [1/2] - in /jackrabbit/oak/trunk: oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ oak...
Date Tue, 06 Nov 2012 17:12:35 GMT
Author: angela
Date: Tue Nov  6 17:12:34 2012
New Revision: 1406225

URL: http://svn.apache.org/viewvc?rev=1406225&view=rev
Log:
OAK-50 : Implement User Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/LocationUtil.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/OakAuthorizablePropertyTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizablePropertyTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/FindAuthorizablesTest.java
Modified:
    jackrabbit/oak/trunk/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/PathUtils.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java
    jackrabbit/oak/trunk/oak-jcr/pom.xml
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java

Modified: jackrabbit/oak/trunk/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/PathUtils.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/PathUtils.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/PathUtils.java (original)
+++ jackrabbit/oak/trunk/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/PathUtils.java Tue Nov  6 17:12:34 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.common
 
 import java.util.Iterator;
 import java.util.NoSuchElementException;
-
 import javax.annotation.Nonnull;
 
 /**
@@ -52,6 +51,22 @@ public class PathUtils {
     }
 
     /**
+     * @param element The path segment to check for being the current element
+     * @return {@code true} if the specified element equals "."; {@code false} otherwise.
+     */
+    public static boolean denotesCurrent(String element) {
+        return ".".equals(element);
+    }
+
+    /**
+     * @param element The path segment to check for being the parent element
+     * @return {@code true} if the specified element equals ".."; {@code false} otherwise.
+     */
+    public static boolean denotesParent(String element) {
+        return "..".equals(element);
+    }
+
+    /**
      * Whether the path is absolute (starts with a slash) or not.
      *
      * @param path the path

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalImpl.java?rev=1406225&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalImpl.java Tue Nov  6 17:12:34 2012
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.principal;
+
+import java.security.Principal;
+
+import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+/**
+ * PrincipalImpl TODO
+ */
+public class PrincipalImpl implements JackrabbitPrincipal {
+
+    private final String name;
+
+    public PrincipalImpl(String name) {
+        checkNotNull(name);
+        this.name = name;
+    }
+
+    //----------------------------------------------------------< Principal >---
+    @Override
+    public String getName() {
+        return name;
+    }
+
+    //-------------------------------------------------------------< Object >---
+    /**
+     * Two principals are equal, if their names are.
+     * @see Object#equals(Object)
+     */
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof JackrabbitPrincipal) {
+            return name.equals(((Principal) obj).getName());
+        }
+        return false;
+    }
+
+    /**
+     * @return the hash code of the principals name.
+     * @see Object#hashCode()
+     */
+    @Override
+    public int hashCode() {
+        return name.hashCode();
+    }
+
+    /**
+     * @see Object#toString()
+     */
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder();
+        sb.append(getClass().getName()).append(':').append(name);
+        return sb.toString();
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Tue Nov  6 17:12:34 2012
@@ -60,13 +60,8 @@ public class PrincipalProviderImpl imple
 
     //--------------------------------------------------< PrincipalProvider >---
     @Override
-    public Principal getPrincipal(final String principalName) {
-        Authorizable authorizable = getAuthorizable(new Principal() {
-            @Override
-            public String getName() {
-                return principalName;
-            }
-        });
+    public Principal getPrincipal(String principalName) {
+        Authorizable authorizable = getAuthorizable(new PrincipalImpl(principalName));
         if (authorizable != null) {
             try {
                 return authorizable.getPrincipal();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java Tue Nov  6 17:12:34 2012
@@ -30,6 +30,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalIteratorAdapter;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
@@ -72,12 +73,7 @@ class ImpersonationImpl implements Imper
                 Principal p = principalProvider.getPrincipal(pName);
                 if (p == null) {
                     log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
-                    p = new Principal() {
-                        @Override
-                        public String getName() {
-                            return pName;
-                        }
-                    };
+                    p = new PrincipalImpl(pName);
                 }
                 s.add(p);
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java Tue Nov  6 17:12:34 2012
@@ -182,14 +182,14 @@ class MembershipProvider extends Authori
     }
 
     boolean addMember(Tree groupTree, Tree newMemberTree) {
-        return addMember(groupTree, getContentID(newMemberTree));
+        return addMember(groupTree, newMemberTree.getName(), getContentID(newMemberTree));
     }
 
-    boolean addMember(Tree groupTree, String memberContentId) {
+    boolean addMember(Tree groupTree, String treeName, String memberContentId) {
         if (useMemberNode(groupTree)) {
             NodeUtil groupNode = new NodeUtil(groupTree);
             NodeUtil membersNode = groupNode.getOrAddChild(REP_MEMBERS, NT_REP_MEMBERS);
-            // TODO: add implementation
+            // TODO: add implementation that allows to index group members
             throw new UnsupportedOperationException("not implemented: addMember with member-node hierarchy");
         } else {
             PropertyState property = groupTree.getProperty(REP_MEMBERS);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java Tue Nov  6 17:12:34 2012
@@ -17,6 +17,7 @@
 package org.apache.jackrabbit.oak.security.user;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Iterator;
 import java.util.List;
 import javax.annotation.Nonnull;
@@ -28,6 +29,7 @@ import org.apache.jackrabbit.oak.api.Pro
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.TreeLocation;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.util.LocationUtil;
 import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
 import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
 import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
@@ -58,8 +60,10 @@ class OakAuthorizableProperties implemen
 
     @Override
     public Iterator<String> getNames(String relPath) throws RepositoryException {
+        checkRelativePath(relPath);
+
         Tree tree = getTree();
-        Tree n = tree.getLocation().getChild(relPath).getTree();
+        Tree n = getLocation(tree, relPath).getTree();
         if (n != null && Text.isDescendantOrEqual(tree.getPath(), n.getPath())) {
             List<String> l = new ArrayList<String>();
             for (PropertyState property : n.getProperties()) {
@@ -78,8 +82,10 @@ class OakAuthorizableProperties implemen
      */
     @Override
     public boolean hasProperty(String relPath) throws RepositoryException {
+        checkRelativePath(relPath);
+
         Tree tree = getTree();
-        TreeLocation propertyLocation = getPropertyLocation(tree, relPath);
+        TreeLocation propertyLocation = getLocation(tree, relPath);
         return propertyLocation.getProperty() != null && isAuthorizableProperty(tree, propertyLocation, true);
     }
 
@@ -88,9 +94,11 @@ class OakAuthorizableProperties implemen
      */
     @Override
     public Value[] getProperty(String relPath) throws RepositoryException {
+        checkRelativePath(relPath);
+
         Tree tree = getTree();
         Value[] values = null;
-        TreeLocation propertyLocation = getPropertyLocation(tree, relPath);
+        TreeLocation propertyLocation = getLocation(tree, relPath);
         PropertyState property = propertyLocation.getProperty();
         if (property != null) {
             if (isAuthorizableProperty(tree, propertyLocation, true)) {
@@ -110,9 +118,14 @@ class OakAuthorizableProperties implemen
      */
     @Override
     public void setProperty(String relPath, Value value) throws RepositoryException {
+        checkRelativePath(relPath);
+
         String name = Text.getName(relPath);
-        String intermediate = (relPath.equals(name)) ? null : Text.getRelativeParent(relPath, 1);
+        if (!isAuthorizableProperty(name)) {
+            throw new RepositoryException("Attempt to set an protected property " + name);
+        }
 
+        String intermediate = (relPath.equals(name)) ? null : Text.getRelativeParent(relPath, 1);
         Tree n = getOrCreateTargetTree(intermediate);
         // check if the property has already been created as multi valued
         // property before -> in this case remove in order to avoid
@@ -132,9 +145,14 @@ class OakAuthorizableProperties implemen
      */
     @Override
     public void setProperty(String relPath, Value[] values) throws RepositoryException {
+        checkRelativePath(relPath);
+
         String name = Text.getName(relPath);
-        String intermediate = (relPath.equals(name)) ? null : Text.getRelativeParent(relPath, 1);
+        if (!isAuthorizableProperty(name)) {
+            throw new RepositoryException("Attempt to set an protected property " + name);
+        }
 
+        String intermediate = (relPath.equals(name)) ? null : Text.getRelativeParent(relPath, 1);
         Tree n = getOrCreateTargetTree(intermediate);
         // check if the property has already been created as single valued
         // property before -> in this case remove in order to avoid
@@ -145,7 +163,7 @@ class OakAuthorizableProperties implemen
                 n.removeProperty(name);
             }
         }
-        PropertyState propertyState = PropertyStates.createProperty(name, values);
+        PropertyState propertyState = PropertyStates.createProperty(name, Arrays.asList(values));
         n.setProperty(propertyState);
     }
 
@@ -154,6 +172,8 @@ class OakAuthorizableProperties implemen
      */
     @Override
     public boolean removeProperty(String relPath) throws RepositoryException {
+        checkRelativePath(relPath);
+
         Tree node = getTree();
         TreeLocation propertyLocation = node.getLocation().getChild(relPath);
         PropertyState property = propertyLocation.getProperty();
@@ -172,10 +192,6 @@ class OakAuthorizableProperties implemen
         return userProvider.getAuthorizable(id);
     }
 
-    private String getJcrName(String oakName) {
-        return namePathMapper.getJcrName(oakName);
-    }
-
     /**
      * Returns true if the given property of the authorizable node is one of the
      * non-protected properties defined by the rep:Authorizable node type or a
@@ -204,7 +220,11 @@ class OakAuthorizableProperties implemen
     private boolean isAuthorizableProperty(Tree authorizableTree, PropertyState property) throws RepositoryException {
         // FIXME: add proper check for protection and declaring nt of the
         // FIXME: property using nt functionality provided by nt-plugins
-        String prefix = Text.getNamespacePrefix(property.getName());
+        return isAuthorizableProperty(property.getName());
+    }
+
+    private boolean isAuthorizableProperty(String propertyName) {
+        String prefix = Text.getNamespacePrefix(propertyName);
         return !NamespaceConstants.RESERVED_PREFIXES.contains(prefix);
     }
 
@@ -220,38 +240,39 @@ class OakAuthorizableProperties implemen
      */
     @Nonnull
     private Tree getOrCreateTargetTree(String relPath) throws RepositoryException {
-        Tree n;
-        Tree node = getTree();
+        Tree targetTree;
+        Tree userTree = getTree();
         if (relPath != null) {
-            String userPath = node.getPath();
-            n = node.getLocation().getChild(relPath).getTree();
-            if (n != null) {
-                if (!Text.isDescendantOrEqual(userPath, n.getPath())) {
+            String userPath = userTree.getPath();
+            targetTree = getLocation(userTree, relPath).getTree();
+            if (targetTree != null) {
+                if (!Text.isDescendantOrEqual(userPath, targetTree.getPath())) {
                     throw new RepositoryException("Relative path " + relPath + " outside of scope of " + this);
                 }
             } else {
-                n = node;
-                for (String segment : Text.explode(relPath, '/')) {
-                    if (n.hasChild(segment)) {
-                        n = n.getChild(segment);
-                    } else {
-                        if (Text.isDescendantOrEqual(userPath, n.getPath())) {
-                            NodeUtil util = new NodeUtil(n, namePathMapper);
-                            n = util.addChild(segment, JcrConstants.NT_UNSTRUCTURED).getTree();
-                        } else {
-                            throw new RepositoryException("Relative path " + relPath + " outside of scope of " + this);
-                        }
-                    }
+                targetTree = new NodeUtil(userTree).getOrAddTree(relPath, JcrConstants.NT_UNSTRUCTURED).getTree();
+                if (!Text.isDescendantOrEqual(userPath, targetTree.getPath())) {
+                    throw new RepositoryException("Relative path " + relPath + " outside of scope of " + this);
                 }
             }
         } else {
-            n = node;
+            targetTree = userTree;
         }
-        return n;
+        return targetTree;
     }
 
     @Nonnull
-    private TreeLocation getPropertyLocation(Tree tree, String relativePath) {
-        return tree.getLocation().getChild(relativePath);
+    private TreeLocation getLocation(Tree tree, String relativePath) {
+        TreeLocation target = LocationUtil.getTreeLocation(tree.getLocation(), relativePath);
+        return target;
+    }
+
+    private static void checkRelativePath(String relativePath) throws RepositoryException {
+        if (relativePath == null) {
+            throw new RepositoryException("Relative path expected. Found null.");
+        }
+        if ('/' == relativePath.charAt(0)) {
+            throw new RepositoryException("Relative path expected. Found " + relativePath);
+        }
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Tue Nov  6 17:12:34 2012
@@ -29,7 +29,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
+import org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider;
 import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
 
 /**
@@ -68,9 +69,9 @@ public class UserConfigurationImpl exten
     //--------------------------------------------------< UserConfiguration >---
     @Nonnull
     @Override
-    public List<AuthorizableAction> getAuthorizableActions() {
+    public AuthorizableActionProvider getAuthorizableActionProvider() {
         // TODO: create authorizable actions from configuration
-        return Collections.emptyList();
+        return DefaultAuthorizableActionProvider.INSTANCE;
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java Tue Nov  6 17:12:34 2012
@@ -40,12 +40,15 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.xml.NodeInfo;
@@ -59,6 +62,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.oak.api.Type.STRINGS;
 
 /**
  * {@code UserImporter} implements both {@code ode>ProtectedPropertyImporter}
@@ -389,6 +393,11 @@ public class UserImporter implements Pro
         return identifierManager;
     }
 
+    @Nonnull
+    private PrincipalProvider getPrincipalProvider() throws RepositoryException {
+        return userManager.getPrincipalProvider();
+    }
+
     private void checkInitialized() {
         if (!initialized) {
             throw new IllegalStateException("Not initialized");
@@ -421,9 +430,10 @@ public class UserImporter implements Pro
     /**
      * Handling the import behavior
      *
-     * @param msg
-     * @throws RepositoryException
-     * @throws javax.jcr.nodetype.ConstraintViolationException
+     * @param msg The message to log a warning in case of {@link ImportBehavior#IGNORE}
+     * or {@link ImportBehavior#BESTEFFORT}
+     * @throws javax.jcr.nodetype.ConstraintViolationException If the import
+     * behavior is {@link ImportBehavior#ABORT}.
      */
     private void handleFailure(String msg) throws ConstraintViolationException{
         switch(importBehavior){
@@ -527,7 +537,7 @@ public class UserImporter implements Pro
 
                 MembershipProvider membershipProvider = userManager.getMembershipProvider();
                 for (Membership.Member member : nonExisting) {
-                    membershipProvider.addMember(groupTree, member.contentId);
+                    membershipProvider.addMember(groupTree, member.name, member.contentId);
                 }
             }
         }
@@ -578,36 +588,43 @@ public class UserImporter implements Pro
                 toRemove.put(princ.getName(), princ);
             }
 
-            List<Principal> toAdd = new ArrayList<Principal>();
+            List<String> toAdd = new ArrayList<String>();
             for (final String principalName : principalNames) {
                 if (toRemove.remove(principalName) == null) {
                     // add it to the list of new impersonators to be added.
-                    toAdd.add(new Principal() {
-                        public String getName() {
-                            return principalName;
-                        }
-                    });
+                    toAdd.add(principalName);
                 } // else: no need to revoke impersonation for the given principal.
             }
 
             // 2. adjust set of impersonators
-            boolean bestEffort = false;
-            for (Principal princ : toRemove.values()) {
-                if (!imp.revokeImpersonation(princ)) {
-                    handleFailure("Failed to revoke impersonation for " + princ.getName() + " on " + a);
-                    bestEffort = true;
+            for (Principal princicpal : toRemove.values()) {
+                if (!imp.revokeImpersonation(princicpal)) {
+                    String principalName = princicpal.getName();
+                    handleFailure("Failed to revoke impersonation for " + principalName + " on " + a);
                 }
             }
-            for (Principal princ : toAdd) {
-                if (!imp.grantImpersonation(princ)) {
-                    handleFailure("Failed to grant impersonation for " + princ.getName() + " on " + a);
-                    bestEffort = true;
+            List<String> nonExisting = new ArrayList<String>();
+            for (String principalName : toAdd) {
+                if (!imp.grantImpersonation(new PrincipalImpl(principalName))) {
+                    handleFailure("Failed to grant impersonation for " + principalName + " on " + a);
+                    if (importBehavior == ImportBehavior.BESTEFFORT &&
+                            getPrincipalProvider().getPrincipal(principalName) == null) {
+                        log.info("ImportBehavior.BESTEFFORT: Remember non-existing impersonator for special processing.");
+                        nonExisting.add(principalName);
+                    }
                 }
             }
 
-            if (bestEffort) {
+            if (!nonExisting.isEmpty()) {
                 Tree userTree = root.getTree(a.getPath());
-                userTree.setProperty(UserConstants.REP_PRINCIPAL_NAME, principalNames, Type.STRINGS);
+                // copy over all existing impersonators to the nonExisting list
+                PropertyState impersonators = userTree.getProperty(UserConstants.REP_PRINCIPAL_NAME);
+                for (String existing : impersonators.getValue(STRINGS)) {
+                    nonExisting.add(existing);
+                }
+                // and write back the complete list including those principal
+                // names that are unknown to principal provider.
+                userTree.setProperty(UserConstants.REP_PRINCIPAL_NAME, nonExisting, Type.STRINGS);
             }
         }
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Tue Nov  6 17:12:34 2012
@@ -37,6 +37,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
@@ -82,7 +83,7 @@ public class UserManagerImpl implements 
         this.config = uc.getConfigurationParameters();
         this.userProvider = new UserProvider(root, config);
         this.membershipProvider = new MembershipProvider(root, config);
-        this.authorizableActions = uc.getAuthorizableActions();
+        this.authorizableActions = uc.getAuthorizableActionProvider().getAuthorizableActions();
     }
 
     //--------------------------------------------------------< UserManager >---
@@ -131,14 +132,9 @@ public class UserManagerImpl implements 
     }
 
     @Override
-    public User createUser(final String userID, String password) throws RepositoryException {
-        Principal principal = new Principal() {
-            @Override
-            public String getName() {
-                return userID;
-            }
-        };
-        return createUser(userID, password, principal, null);
+    public User createUser(final String userId, String password) throws RepositoryException {
+        Principal principal = new PrincipalImpl(userId);
+        return createUser(userId, password, principal, null);
     }
 
     @Override
@@ -164,14 +160,9 @@ public class UserManagerImpl implements 
     }
 
     @Override
-    public Group createGroup(final String groupID) throws RepositoryException {
-        Principal principal = new Principal() {
-            @Override
-            public String getName() {
-                return groupID;
-            }
-        };
-        return createGroup(groupID, principal, null);
+    public Group createGroup(String groupId) throws RepositoryException {
+        Principal principal = new PrincipalImpl(groupId);
+        return createGroup(groupId, principal, null);
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java Tue Nov  6 17:12:34 2012
@@ -270,16 +270,7 @@ class UserProvider extends AuthorizableB
 
         // verification of hierarchy and node types is delegated to UserValidator upon commit
         String folderPath = getFolderPath(authorizableId, intermediatePath, authRoot);
-        String[] segmts = Text.explode(folderPath, '/', false);
-        for (String segment : segmts) {
-            if (".".equals(segment)) {
-                // nothing to do
-            } else if ("..".equals(segment)) {
-                folder = folder.getParent();
-            } else {
-                folder = folder.getOrAddChild(segment, NT_REP_AUTHORIZABLE_FOLDER);
-            }
-        }
+        folder = folder.getOrAddTree(folderPath, NT_REP_AUTHORIZABLE_FOLDER);
 
         // test for colliding folder child node.
         while (folder.hasChild(nodeName)) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java Tue Nov  6 17:12:34 2012
@@ -17,9 +17,7 @@
 package org.apache.jackrabbit.oak.security.user;
 
 import java.text.ParseException;
-import java.util.Collections;
 import java.util.Iterator;
-import java.util.Map;
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 
@@ -28,14 +26,12 @@ import com.google.common.base.Predicates
 import com.google.common.collect.Iterators;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Query;
-import org.apache.jackrabbit.oak.api.PropertyValue;
 import org.apache.jackrabbit.oak.api.Result;
 import org.apache.jackrabbit.oak.api.ResultRow;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.SessionQueryEngine;
 import org.apache.jackrabbit.oak.security.user.query.XPathQueryBuilder;
 import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
-import org.apache.jackrabbit.oak.spi.query.PropertyValues;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.util.ISO9075;
@@ -110,11 +106,11 @@ class UserQueryManager {
     @Nonnull
     Iterator<Authorizable> findAuthorizables(String relPath, String value,
                                              boolean exact, AuthorizableType type) throws RepositoryException {
+        // TODO: replace XPATH
         String statement = buildXPathStatement(relPath, value, exact, type);
         SessionQueryEngine queryEngine = root.getQueryEngine();
         try {
-            Map<String,PropertyValue> bindings = (value != null) ? Collections.singletonMap("propValue", PropertyValues.newString(value)) : null;
-            Result result = queryEngine.executeQuery(statement, javax.jcr.query.Query.XPATH, Long.MAX_VALUE, 0, bindings, userManager.getNamePathMapper());
+            Result result = queryEngine.executeQuery(statement, javax.jcr.query.Query.XPATH, Long.MAX_VALUE, 0, null, userManager.getNamePathMapper());
             return Iterators.filter(Iterators.transform(result.getRows().iterator(), new ResultRowToAuthorizable()), Predicates.<Object>notNull());
         } catch (ParseException e) {
             throw new RepositoryException(e);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java Tue Nov  6 17:12:34 2012
@@ -16,39 +16,25 @@
  */
 package org.apache.jackrabbit.oak.spi.security.principal;
 
-import java.security.Principal;
-
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
-import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.PathMapper;
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import static org.apache.jackrabbit.oak.api.Type.STRING;
 
 /**
  * TreeBasedPrincipal...
  */
-public class TreeBasedPrincipal implements ItemBasedPrincipal {
-
-    /**
-     * logger instance
-     */
-    private static final Logger log = LoggerFactory.getLogger(TreeBasedPrincipal.class);
+public class TreeBasedPrincipal extends PrincipalImpl implements ItemBasedPrincipal {
 
-    private final String principalName;
     private final String path;
     private final PathMapper pathMapper;
 
     public TreeBasedPrincipal(Tree tree, PathMapper pathMapper) {
-        PropertyState prop = tree.getProperty(UserConstants.REP_PRINCIPAL_NAME);
-        if (prop == null) {
-            throw new IllegalArgumentException("Tree doesn't have rep:principalName property");
-        }
-        this.principalName = prop.getValue(STRING);
+        super(getPrincipalName(tree));
         this.pathMapper = pathMapper;
         this.path = tree.getPath();
     }
@@ -58,7 +44,7 @@ public class TreeBasedPrincipal implemen
     }
 
     public TreeBasedPrincipal(String principalName, String oakPath, PathMapper pathMapper) {
-        this.principalName = principalName;
+        super(principalName);
         this.pathMapper = pathMapper;
         this.path = oakPath;
     }
@@ -73,44 +59,12 @@ public class TreeBasedPrincipal implemen
         return pathMapper.getJcrPath(path);
     }
 
-    //----------------------------------------------------------< Principal >---
-    @Override
-    public String getName() {
-        return principalName;
-    }
-
-    //-------------------------------------------------------------< Object >---
-    /**
-     * Two principals are equal, if their names are.
-     * @see Object#equals(Object)
-     */
-    @Override
-    public boolean equals(Object obj) {
-        if (this == obj) {
-            return true;
-        }
-        if (obj instanceof JackrabbitPrincipal) {
-            return principalName.equals(((Principal) obj).getName());
+    //--------------------------------------------------------------------------
+    private static String getPrincipalName(Tree tree) {
+        PropertyState prop = tree.getProperty(UserConstants.REP_PRINCIPAL_NAME);
+        if (prop == null) {
+            throw new IllegalArgumentException("Tree doesn't have rep:principalName property");
         }
-        return false;
-    }
-
-    /**
-     * @return the hash code of the principals name.
-     * @see Object#hashCode()
-     */
-    @Override
-    public int hashCode() {
-        return principalName.hashCode();
-    }
-
-    /**
-     * @see Object#toString()
-     */
-    @Override
-    public String toString() {
-        StringBuilder sb = new StringBuilder();
-        sb.append(getClass().getName()).append(':').append(principalName);
-        return sb.toString();
+        return prop.getValue(STRING);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java Tue Nov  6 17:12:34 2012
@@ -16,7 +16,6 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user;
 
-import java.util.List;
 import javax.annotation.Nonnull;
 import javax.jcr.Session;
 
@@ -24,7 +23,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
 
 /**
  * UserContext... TODO
@@ -32,7 +31,7 @@ import org.apache.jackrabbit.oak.spi.sec
 public interface UserConfiguration extends SecurityConfiguration {
 
     @Nonnull
-    List<AuthorizableAction> getAuthorizableActions();
+    AuthorizableActionProvider getAuthorizableActionProvider();
 
     @Nonnull
     UserManager getUserManager(Root root, NamePathMapper namePathMapper, Session session);

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java?rev=1406225&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java Tue Nov  6 17:12:34 2012
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.user.action;
+
+import java.util.List;
+
+/**
+ * {@code AuthorizableActionProvider} is used to provide {@code AuthorizableAction}s
+ * for each instance of {@code UserManager}.
+ */
+public interface AuthorizableActionProvider {
+
+    List<AuthorizableAction> getAuthorizableActions();
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java?rev=1406225&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java Tue Nov  6 17:12:34 2012
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.user.action;
+
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * DefaultAuthorizableActionProvider... TODO
+ */
+public class DefaultAuthorizableActionProvider implements AuthorizableActionProvider {
+
+    public static final AuthorizableActionProvider INSTANCE = new DefaultAuthorizableActionProvider();
+
+    private DefaultAuthorizableActionProvider() {}
+
+    @Override
+    public List<AuthorizableAction> getAuthorizableActions() {
+        return Collections.emptyList();
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/LocationUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/LocationUtil.java?rev=1406225&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/LocationUtil.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/LocationUtil.java Tue Nov  6 17:12:34 2012
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.util;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.api.TreeLocation;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.core.TreeImpl;
+import org.apache.jackrabbit.util.Text;
+
+/**
+ * LocationUtil... FIXME: workaround for OAK-426
+ */
+public class LocationUtil {
+
+    @Nonnull
+    public static TreeLocation getTreeLocation(TreeLocation parentLocation, String relativePath) {
+        TreeLocation targetLocation = parentLocation;
+        String[] segments = Text.explode(relativePath, '/', false);
+        for (int i = 0; i < segments.length && targetLocation != TreeImpl.NullLocation.INSTANCE; i++) {
+            String segment = segments[i];
+            if (PathUtils.denotesCurrent(segment)) {
+                continue;
+            } else if (PathUtils.denotesParent(segment)) {
+                targetLocation = targetLocation.getParent();
+            } else {
+                targetLocation = targetLocation.getChild(segment);
+            }
+        }
+        return targetLocation;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java Tue Nov  6 17:12:34 2012
@@ -20,7 +20,6 @@ import java.util.Arrays;
 import java.util.Calendar;
 import java.util.GregorianCalendar;
 import java.util.List;
-
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
@@ -32,11 +31,14 @@ import com.google.common.collect.Lists;
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.api.TreeLocation;
 import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.namepath.NameMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
 import org.apache.jackrabbit.oak.plugins.value.Conversions;
+import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -112,6 +114,32 @@ public class NodeUtil {
         return (child != null) ? child : addChild(name, primaryTypeName);
     }
 
+    @Nonnull
+    public NodeUtil getOrAddTree(String relativePath, String primaryTypeName) {
+        if (relativePath.indexOf('/') == -1) {
+            return getOrAddChild(relativePath, primaryTypeName);
+        } else {
+            TreeLocation location = LocationUtil.getTreeLocation(tree.getLocation(), relativePath);
+            if (location.getTree() == null) {
+                NodeUtil target = this;
+                for (String segment : Text.explode(relativePath, '/')) {
+                    if (PathUtils.denotesCurrent(segment)) {
+                        continue;
+                    } else if (PathUtils.denotesParent(segment)) {
+                        target = target.getParent();
+                    } else if (target.hasChild(segment)) {
+                        target = target.getChild(segment);
+                    } else {
+                        target = target.addChild(segment, primaryTypeName);
+                    }
+                }
+                return target;
+            } else {
+                return new NodeUtil(location.getTree());
+            }
+        }
+    }
+
     public boolean hasPrimaryNodeTypeName(String ntName) {
         return ntName.equals(getString(JcrConstants.JCR_PRIMARYTYPE, null));
     }

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/OakAuthorizablePropertyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/OakAuthorizablePropertyTest.java?rev=1406225&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/OakAuthorizablePropertyTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/OakAuthorizablePropertyTest.java Tue Nov  6 17:12:34 2012
@@ -0,0 +1,476 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.ValueFactory;
+
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
+import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.util.Text;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * OakAuthorizablePropertyTest: oak-level equivalent to AuthorizablePropertyTest.
+ */
+public class OakAuthorizablePropertyTest extends AbstractSecurityTest {
+
+    private Root root;    
+    private UserManager userMgr;
+    private User user;
+    private Group group;
+
+    private Map<String, Boolean> protectedUserProps = new HashMap<String, Boolean>();
+    private Map<String, Boolean> protectedGroupProps = new HashMap<String, Boolean>();
+    
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        root = admin.getLatestRoot();
+        userMgr = new UserManagerImpl(null, root, NamePathMapper.DEFAULT, getSecurityProvider());
+
+        user = userMgr.createUser("testuser", "pw");
+        group = userMgr.createGroup("testgroup");
+        root.commit();
+
+        protectedUserProps.put(UserConstants.REP_PASSWORD, false);
+        protectedUserProps.put(UserConstants.REP_IMPERSONATORS, true);
+        protectedUserProps.put(UserConstants.REP_PRINCIPAL_NAME, false);
+
+        protectedGroupProps.put(UserConstants.REP_MEMBERS, true);
+        protectedGroupProps.put(UserConstants.REP_PRINCIPAL_NAME, false);
+    }
+
+    @After
+    public void after() throws Exception {
+        try {
+            userMgr.getAuthorizable("testuser").remove();
+            userMgr.getAuthorizable("testgroup").remove();
+            root.commit();
+        } finally {
+            super.after();
+        }
+    }
+ 
+    private ValueFactory getValueFactory() {
+        return new ValueFactoryImpl(root.getBlobFactory(), NamePathMapper.DEFAULT);
+    }
+    
+    @Test
+    public void testSetProperty() throws Exception {
+        String propName = "Fullname";
+        Value v = getValueFactory().createValue("Super User");
+
+        user.setProperty(propName, v);
+        root.commit();
+
+        try {
+            boolean found = false;
+            for (Iterator<String> it = user.getPropertyNames(); it.hasNext() && !found;) {
+                found = propName.equals(it.next());
+            }
+            assertTrue(found);
+
+            found = false;
+            for (Iterator<String> it = user.getPropertyNames("."); it.hasNext() && !found;) {
+                found = propName.equals(it.next());
+            }
+            assertTrue(found);
+
+            assertTrue(user.hasProperty(propName));
+            assertTrue(user.hasProperty("./" + propName));
+
+            assertTrue(user.getProperty(propName).length == 1);
+
+            assertEquals(v, user.getProperty(propName)[0]);
+            assertEquals(v, user.getProperty("./" + propName)[0]);
+
+            assertTrue(user.removeProperty(propName));
+            assertFalse(user.hasProperty(propName));
+
+            root.commit();
+        } finally {
+            // try to remove the property again even if previous calls failed.
+            user.removeProperty(propName);
+            root.commit();
+        }
+    }
+
+    @Test
+    public void testSetMultiValueProperty() throws Exception {
+        String propName = "Fullname";
+        Value[] v = new Value[] {getValueFactory().createValue("Super User")};
+        user.setProperty(propName, v);
+        root.commit();
+
+        try {
+            boolean found = false;
+            for (Iterator<String> it = user.getPropertyNames(); it.hasNext() && !found;) {
+                found = propName.equals(it.next());
+            }
+            assertTrue(found);
+
+            found = false;
+            for (Iterator<String> it = user.getPropertyNames("."); it.hasNext() && !found;) {
+                found = propName.equals(it.next());
+            }
+            assertTrue(found);
+            
+            assertTrue(user.hasProperty(propName));
+            assertTrue(user.hasProperty("./" + propName));
+            
+            assertEquals(Arrays.asList(v), Arrays.asList(user.getProperty(propName)));
+            assertEquals(Arrays.asList(v), Arrays.asList(user.getProperty("./" + propName)));
+
+            assertTrue(user.removeProperty(propName));
+            assertFalse(user.hasProperty(propName));
+            
+            root.commit();
+        } finally {
+            // try to remove the property again even if previous calls failed.
+            user.removeProperty(propName);
+            root.commit();
+        }
+    }
+
+    @Test
+    public void testSetPropertyByRelPath() throws Exception {
+        Value[] v = new Value[] {getValueFactory().createValue("Super User")};
+
+        List<String> relPaths = new ArrayList<String>();
+        relPaths.add("testing/Fullname");
+        relPaths.add("testing/Email");
+        relPaths.add("testing/testing/testing/Fullname");
+        relPaths.add("testing/testing/testing/Email");
+
+        for (String relPath : relPaths) {
+            try {
+                user.setProperty(relPath, v);
+                root.commit();
+
+                assertTrue(user.hasProperty(relPath));
+                String propName = Text.getName(relPath);
+                assertFalse(user.hasProperty(propName));
+            } finally {
+                // try to remove the property even if previous calls failed.
+                user.removeProperty(relPath);
+                root.commit();
+            }
+        }
+    }
+
+    @Test
+    public void testSetPropertyInvalidRelativePath() throws Exception {
+        Value[] v = new Value[] {getValueFactory().createValue("Super User")};
+
+        List<String> invalidPaths = new ArrayList<String>();
+        // try setting outside of tree defined by the user.
+        invalidPaths.add("../testing/Fullname");
+        invalidPaths.add("../../testing/Fullname");
+        invalidPaths.add("testing/testing/../../../Fullname");
+        // try absolute path -> must fail
+        invalidPaths.add("/testing/Fullname");
+
+        for (String invalidRelPath : invalidPaths) {
+            try {
+                user.setProperty(invalidRelPath, v);
+                fail("Modifications outside of the scope of the authorizable must fail. Path was: " + invalidRelPath);
+            } catch (Exception e) {
+                // success.
+            } finally {
+                root.refresh();
+            }
+        }
+    }
+
+    @Test
+    public void testGetPropertyByInvalidRelativePath() throws Exception {
+        List<String> wrongPaths = new ArrayList<String>();
+        wrongPaths.add("../jcr:primaryType");
+        wrongPaths.add("../../jcr:primaryType");
+        wrongPaths.add("../testing/jcr:primaryType");
+        for (String path : wrongPaths) {
+            assertNull(user.getProperty(path));
+        }
+
+        List<String> invalidPaths = new ArrayList<String>();
+        invalidPaths.add("/testing/jcr:primaryType");
+        invalidPaths.add("..");
+        invalidPaths.add(".");
+        invalidPaths.add(null);
+        for (String invalidPath : invalidPaths) {
+            try {
+                assertNull(user.getProperty(invalidPath));
+            } catch (Exception e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testHasPropertyByInvalidRelativePath() throws Exception {
+        List<String> wrongPaths = new ArrayList<String>();
+        wrongPaths.add("../jcr:primaryType");
+        wrongPaths.add("../../jcr:primaryType");
+        wrongPaths.add("../testing/jcr:primaryType");
+        for (String path : wrongPaths) {
+            assertFalse(user.hasProperty(path));
+        }
+
+
+        List<String> invalidPaths = new ArrayList<String>();
+        invalidPaths.add("..");
+        invalidPaths.add(".");
+        invalidPaths.add(null);
+
+        for (String invalidPath : invalidPaths) {
+            try {
+                assertFalse(user.hasProperty(invalidPath));
+            } catch (Exception e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testGetPropertyNames() throws Exception {
+        String propName = "Fullname";
+        Value v = getValueFactory().createValue("Super User");
+        user.setProperty(propName, v);
+        root.commit();
+
+        try {
+            for (Iterator<String> it = user.getPropertyNames(); it.hasNext();) {
+                String name = it.next();
+                assertTrue(user.hasProperty(name));
+                assertNotNull(user.getProperty(name));
+            }
+        } finally {
+            // try to remove the property again even if previous calls failed.
+            user.removeProperty(propName);
+            root.commit();
+        }
+    }
+
+    @Test
+    public void testGetPropertyNamesByRelPath() throws Exception {
+        String relPath = "testing/Fullname";
+        Value v = getValueFactory().createValue("Super User");
+        user.setProperty(relPath, v);
+        root.commit();
+
+        try {
+            for (Iterator<String> it = user.getPropertyNames(); it.hasNext();) {
+                String name = it.next();
+                assertFalse("Fullname".equals(name));
+            }
+
+            for (Iterator<String> it = user.getPropertyNames("testing"); it.hasNext();) {
+                String name = it.next();
+                String rp = "testing/" + name;
+                
+                assertFalse(user.hasProperty(name));
+                assertNull(user.getProperty(name));
+
+                assertTrue(user.hasProperty(rp));
+                assertNotNull(user.getProperty(rp));
+            }
+            for (Iterator<String> it = user.getPropertyNames("./testing"); it.hasNext();) {
+                String name = it.next();
+                String rp = "testing/" + name;
+
+                assertFalse(user.hasProperty(name));
+                assertNull(user.getProperty(name));
+
+                assertTrue(user.hasProperty(rp));
+                assertNotNull(user.getProperty(rp));
+            }
+        } finally {
+            // try to remove the property again even if previous calls failed.
+            user.removeProperty(relPath);
+            root.commit();
+        }
+    }
+
+    @Test
+    public void testGetPropertyNamesByInvalidRelPath() throws Exception {
+        List<String> invalidPaths = new ArrayList<String>();
+        invalidPaths.add("../");
+        invalidPaths.add("../../");
+        invalidPaths.add("../testing");
+        invalidPaths.add("/testing");
+        invalidPaths.add(null);
+
+        for (String invalidRelPath : invalidPaths) {
+            try {
+                user.getPropertyNames(invalidRelPath);
+                fail("Calling Authorizable#getPropertyNames with " + invalidRelPath + " must fail.");
+            } catch (Exception e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testGetNotExistingProperty() throws Exception {
+        String hint = "Fullname";
+        String propName = hint;
+        int i = 0;
+        while (user.hasProperty(propName)) {
+            propName = hint + i;
+            i++;
+        }
+        assertNull(user.getProperty(propName));
+        assertFalse(user.hasProperty(propName));
+    }
+
+    @Test
+    public void testRemoveNotExistingProperty() throws Exception {
+        String hint = "Fullname";
+        String propName = hint;
+        int i = 0;
+        while (user.hasProperty(propName)) {
+            propName = hint + i;
+            i++;
+        }
+        assertFalse(user.removeProperty(propName));
+        root.commit();
+    }
+
+    @Test
+    public void testSetSpecialProperties() throws Exception {
+        Value v = getValueFactory().createValue("any_value");
+        for (String pName : protectedUserProps.keySet()) {
+            try {
+                boolean isMultiValued = protectedUserProps.get(pName);
+                if (isMultiValued) {
+                    user.setProperty(pName, new Value[] {v});
+                } else {
+                    user.setProperty(pName, v);
+                }
+                root.commit();
+                fail("changing the '" + pName + "' property on a User should fail.");
+            } catch (RepositoryException e) {
+                // success
+            } finally {
+                root.refresh();
+            }
+        }
+
+        for (String pName : protectedGroupProps.keySet()) {
+            try {
+                boolean isMultiValued = protectedGroupProps.get(pName);
+                if (isMultiValued) {
+                    group.setProperty(pName, new Value[] {v});
+                } else {
+                    group.setProperty(pName, v);
+                }
+                root.commit();
+                fail("changing the '" + pName + "' property on a Group should fail.");
+            } catch (RepositoryException e) {
+                // success
+            } finally {
+                root.refresh();
+            }
+        }
+    }
+
+    @Test
+    public void testRemoveSpecialProperties() throws Exception {
+        for (String pName : protectedUserProps.keySet()) {
+            try {
+                if (user.removeProperty(pName)) {
+                    root.commit();
+                    fail("removing the '" + pName + "' property on a User should fail.");
+                } // else: property not present: fine as well.
+            } catch (RepositoryException e) {
+                // success
+            } finally {
+                root.refresh();
+            }
+        }
+        for (String pName : protectedGroupProps.keySet()) {
+            try {
+                if (group.removeProperty(pName)) {
+                    root.commit();
+                    fail("removing the '" + pName + "' property on a Group should fail.");
+                } // else: property not present. fine as well.
+            } catch (RepositoryException e) {
+                // success
+            } finally {
+                root.refresh();
+            }
+        }
+    }
+
+    @Test
+    public void testSingleToMultiValued() throws Exception {
+        try {
+            Value v = getValueFactory().createValue("anyValue");
+            user.setProperty("someProp", v);
+            root.commit();
+
+            Value[] vs = new Value[] {v, v};
+            user.setProperty("someProp", vs);
+            root.commit();
+        } finally {
+            if (user.removeProperty("someProp")) {
+                root.commit();
+            }
+        }
+    }
+
+    @Test
+    public void testMultiValuedToSingle() throws Exception {
+        try {
+            Value v = getValueFactory().createValue("anyValue");
+            Value[] vs = new Value[] {v, v};
+            user.setProperty("someProp", vs);
+            root.commit();
+
+            user.setProperty("someProp", v);
+            root.commit();
+        } finally {
+            if (user.removeProperty("someProp")) {
+                root.commit();
+            }
+        }
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java Tue Nov  6 17:12:34 2012
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -148,7 +149,7 @@ public class UserManagerImplTest extends
         try {
             // authNode - authFolder -> create User
             try {
-                Principal p = new TestPrincipal("test2");
+                Principal p = new PrincipalImpl("test2");
                 Authorizable a = userMgr.createUser(p.getName(), p.getName(), p, path);
                 root.commit();
 
@@ -174,7 +175,7 @@ public class UserManagerImplTest extends
         try {
             // authNode - anyNode -> create User
             try {
-                Principal p = new TestPrincipal("test3");
+                Principal p = new PrincipalImpl("test3");
                 userMgr.createUser(p.getName(), p.getName(), p, path);
                 root.commit();
 
@@ -194,7 +195,7 @@ public class UserManagerImplTest extends
             folder = someContent.addChild("folder", UserConstants.NT_REP_AUTHORIZABLE_FOLDER);
             root.commit(); // this time save node structure
             try {
-                Principal p = new TestPrincipal("test4");
+                Principal p = new PrincipalImpl("test4");
                 userMgr.createUser(p.getName(), p.getName(), p, folder.getTree().getPath());
                 root.commit();
 
@@ -218,17 +219,4 @@ public class UserManagerImplTest extends
             }
         }
     }
-
-    private class TestPrincipal implements Principal {
-
-        private final String name;
-
-        private TestPrincipal(String name) {
-            this.name = name;
-        }
-        @Override
-        public String getName() {
-            return name;
-        }
-    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestLoginModule.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestLoginModule.java Tue Nov  6 17:12:34 2012
@@ -26,6 +26,8 @@ import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.login.LoginException;
 
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
+
 /**
  * ExternalLoginModuleImpl... TODO
  */
@@ -100,12 +102,7 @@ public class TestLoginModule extends Ext
 
         @Override
         public Principal getPrincipal() {
-            return new Principal() {
-                @Override
-                public String getName() {
-                    return userId;
-                }
-            };
+            return new PrincipalImpl(userId);
         }
 
         @Override

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java Tue Nov  6 17:12:34 2012
@@ -191,8 +191,13 @@ public class PasswordValidationActionTes
 
                 @Nonnull
                 @Override
-                public List<AuthorizableAction> getAuthorizableActions() {
-                    return Arrays.asList(actions);
+                public AuthorizableActionProvider getAuthorizableActionProvider() {
+                    return new AuthorizableActionProvider() {
+                        @Override
+                        public List<AuthorizableAction> getAuthorizableActions() {
+                            return Arrays.asList(actions);
+                        }
+                    };
                 }
             };
         }

Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue Nov  6 17:12:34 2012
@@ -243,10 +243,11 @@
       org.apache.jackrabbit.test.api.observation.LockingTest#testAddLockToNode
       org.apache.jackrabbit.test.api.observation.LockingTest#testRemoveLockFromNode
       org.apache.jackrabbit.oak.jcr.security.user.EveryoneGroupTest#testMembers                    <!-- findAuthorizables not yet implemented -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testFindAuthorizableByAddedProperty    <!-- OAK-343 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testFindAuthorizableByRelativePath     <!-- OAK-343 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testFindUser                     <!-- findAuthorizables not yet implemented -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testFindGroup                    <!-- findAuthorizables not yet implemented -->
+      org.apache.jackrabbit.oak.jcr.security.user.FindAuthorizablesTest#testFindAuthorizableByAddedProperty    <!-- OAK-343 -->
+      org.apache.jackrabbit.oak.jcr.security.user.FindAuthorizablesTest#testFindAuthorizableByRelativePath     <!-- OAK-343 -->
+      org.apache.jackrabbit.oak.jcr.security.user.FindAuthorizablesTest#testFindUser                     <!-- findAuthorizables not yet implemented -->
+      org.apache.jackrabbit.oak.jcr.security.user.FindAuthorizablesTest#testFindGroup                    <!-- findAuthorizables not yet implemented -->
+      org.apache.jackrabbit.oak.jcr.security.user.FindAuthorizablesTest#testFindAuthorizable             <!-- findAuthorizables not yet implemented -->
       org.apache.jackrabbit.oak.jcr.security.user.UserQueryTest                                          <!-- OAK-343 -->
       org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testGetNewAuthorizable                 <!-- OAK-343 -->
       org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testCreateGroupWithExistingPrincipal2  <!-- OAK-343 -->
@@ -257,7 +258,7 @@
       org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testInheritedMembers                         <!-- OAK-343 -->
       org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testCyclicGroups                             <!-- OAK-343 -->
       org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testRemoveListedAuthorizable          <!-- OAK-343 -->
-      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testSetPropertyInvalidRelativePath    <!-- OAK-369 -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizablePropertyTest#testSetPropertyInvalidRelativePath    <!-- OAK-369 -->
       org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGetPrincipals            <!-- principal search missing -->
       org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGetGroupPrincipals       <!-- principal search missing -->
       org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGetAllPrincipals         <!-- principal search missing -->

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java?rev=1406225&r1=1406224&r2=1406225&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java Tue Nov  6 17:12:34 2012
@@ -30,6 +30,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.test.AbstractJCRTest;
 import org.apache.jackrabbit.test.NotExecutableException;
 import org.junit.After;
@@ -113,14 +114,8 @@ public abstract class AbstractUserTest e
         return getTestPrincipal(pn);
     }
 
-    protected Principal getTestPrincipal(final String name) throws RepositoryException {
-        return new Principal() {
-
-            @Override
-            public String getName() {
-                return name;
-            }
-        };
+    protected Principal getTestPrincipal(String name) throws RepositoryException {
+        return new PrincipalImpl(name);
     }
 
     protected User getTestUser(Session session) throws NotExecutableException, RepositoryException {



Mime
View raw message