jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1433536 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: security/authorization/ security/authorization/restriction/ spi/security/authorization/ spi/security/authorization/restriction/
Date Tue, 15 Jan 2013 17:24:28 GMT
Author: angela
Date: Tue Jan 15 17:24:28 2013
New Revision: 1433536

URL: http://svn.apache.org/viewvc?rev=1433536&view=rev
Log:
OAK-51 : Access Control Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/EmptyRestrictionProvider.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1433536&r1=1433535&r2=1433536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Tue Jan 15 17:24:28 2013
@@ -21,14 +21,12 @@ import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.PathNotFoundException;
-import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.query.Query;
 import javax.jcr.security.AccessControlException;
@@ -43,6 +41,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
 import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.apache.jackrabbit.oak.api.PropertyState;
@@ -56,16 +55,12 @@ import org.apache.jackrabbit.oak.api.Typ
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.memory.MemoryPropertyBuilder;
-import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
 import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
-import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionDefinitionImpl;
-import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionImpl;
-import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.ACE;
 import org.apache.jackrabbit.oak.spi.security.authorization.ImmutableACL;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.state.PropertyBuilder;
@@ -128,7 +123,7 @@ public class AccessControlManagerImpl im
     @Override
     public AccessControlPolicy[] getPolicies(String absPath) throws RepositoryException {
         Tree tree = getTree(absPath);
-        AccessControlPolicy policy = readACL(absPath, tree, false);
+        AccessControlPolicy policy = createACL(absPath, tree, false);
         if (policy != null) {
             return new AccessControlPolicy[] {policy};
         } else {
@@ -140,7 +135,7 @@ public class AccessControlManagerImpl im
     public AccessControlPolicy[] getEffectivePolicies(String absPath) throws RepositoryException
{
         Tree tree = getTree(absPath);
         List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
-        AccessControlPolicy policy = readACL(absPath, tree, true);
+        AccessControlPolicy policy = createACL(absPath, tree, true);
         if (policy != null) {
             effective.add(policy);
         }
@@ -148,7 +143,7 @@ public class AccessControlManagerImpl im
             String parentPath = Text.getRelativeParent(tree.getPath(), 1);
             while (!parentPath.isEmpty()) {
                 Tree t = root.getTree(parentPath);
-                AccessControlPolicy plc = readACL(parentPath, t, true);
+                AccessControlPolicy plc = createACL(parentPath, t, true);
                 if (plc != null) {
                     effective.add(plc);
                 }
@@ -279,7 +274,7 @@ public class AccessControlManagerImpl im
             Tree accessControlledTree = aclTree.getParent();
 
             String path = (REP_REPO_POLICY.equals(aclTree.getName())) ? null : accessControlledTree.getPath();
-            AccessControlPolicy policy = readACL(path, accessControlledTree, true);
+            AccessControlPolicy policy = createACL(path, accessControlledTree, true);
             if (policy != null) {
                 effective.add(policy);
             }
@@ -358,12 +353,37 @@ public class AccessControlManagerImpl im
     }
 
     private boolean isACE(Tree tree) throws RepositoryException {
-        return ntMgr.isNodeType(tree, namePathMapper.getJcrName(NT_REP_ACE));
+        return ntMgr.isNodeType(tree, NT_REP_ACE);
+    }
+
+    /**
+     *
+     * @param jcrPath the JCR path as specified with the ac mgr call.
+     * @param tree the access controlled node.
+     * @return the new acl tree.
+     * @throws RepositoryException if an error occurs
+     */
+    @Nonnull
+    private NodeUtil createAclTree(String jcrPath, Tree tree) throws RepositoryException
{
+        NodeUtil node = new NodeUtil(tree);
+        String mixinName = getOakMixinName(jcrPath);
+
+        if (!isAccessControlled(tree, mixinName)) {
+            PropertyState mixins = tree.getProperty(JcrConstants.JCR_MIXINTYPES);
+            if (mixins == null) {
+                tree.setProperty(JcrConstants.JCR_MIXINTYPES, Collections.singleton(mixinName),
Type.NAMES);
+            } else {
+                PropertyBuilder pb = MemoryPropertyBuilder.copy(Type.NAME, mixins);
+                pb.addValue(mixinName);
+                tree.setProperty(pb.getPropertyState());
+            }
+        }
+        return node.addChild(getAclOakName(jcrPath), namePathMapper.getJcrName(NT_REP_ACL));
     }
 
     @CheckForNull
-    private AccessControlList readACL(String jcrPath, Tree accessControlledTree,
-                        boolean isReadOnly) throws RepositoryException {
+    private AccessControlList createACL(String jcrPath, Tree accessControlledTree,
+                                        boolean isReadOnly) throws RepositoryException {
         AccessControlList acl = null;
         String aclName = getAclOakName(jcrPath);
         String mixinName = getOakMixinName(jcrPath);
@@ -373,7 +393,7 @@ public class AccessControlManagerImpl im
             List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
             for (Tree child : aclTree.getChildren()) {
                 if (isACE(child)) {
-                    entries.add(readACE(jcrPath, child, restrictionProvider));
+                    entries.add(createACE(jcrPath, child, restrictionProvider));
                 }
             }
             if (isReadOnly) {
@@ -386,24 +406,13 @@ public class AccessControlManagerImpl im
     }
 
     @Nonnull
-    private JackrabbitAccessControlEntry readACE(String jcrPath, Tree aceTree, RestrictionProvider
restrictionProvider)
-            throws RepositoryException {
-        NodeUtil aceNode = new NodeUtil(aceTree);
-        Principal principal = principalProvider.getPrincipal(aceNode.getString(REP_PRINCIPAL_NAME,
null));
-        boolean isAllow = aceNode.hasPrimaryNodeTypeName(NT_REP_GRANT_ACE);
-        Set<Restriction> restrictions = restrictionProvider.readRestrictions(jcrPath,
aceTree);
-        return new ACE(principal, getPrivileges(aceNode), isAllow, restrictions);
-    }
-
-    private JackrabbitAccessControlList createPrincipalACL(Principal principal, Result aceResult)
throws RepositoryException {
-        // TODO: specific path indicating the principal-based nature of the
-        // TODO: ACL... this could also be the path of the compiled permissions
-        // TODO: for this principal.
-        String principalBasedPath = null;
-        // TODO: specific principal based restriction provider specifying a
-        // TODO: mandatory 'path' restriction to enforce the location where
-        // TODO: the ACEs need to be stored in the content tree.
-        RestrictionProvider pbRestrictions = new PrincipalRestrictionProvider(namePathMapper);
+    private JackrabbitAccessControlList createPrincipalACL(Principal principal,
+                                                           Result aceResult) throws RepositoryException
{
+        if (!(principal instanceof ItemBasedPrincipal)) {
+            throw new IllegalArgumentException("Item based principal expected");
+        }
+        String principalPath = ((ItemBasedPrincipal) principal).getPath();
+        RestrictionProvider restrProvider = new PrincipalRestrictionProvider(restrictionProvider,
namePathMapper);
 
         List<JackrabbitAccessControlEntry> entries = null;
         if (aceResult != null) {
@@ -418,36 +427,21 @@ public class AccessControlManagerImpl im
                     } else {
                         jcrPath = Text.getRelativeParent(aclPath, 1);
                     }
-                    entries.add(readACE(jcrPath, aceTree, pbRestrictions));
+                    entries.add(createACE(jcrPath, aceTree, restrProvider));
                 }
             }
         }
-        return new PrincipalACL(principalBasedPath, entries, pbRestrictions);
+        return new PrincipalACL(principalPath, entries, restrProvider);
     }
 
-    /**
-     *
-     * @param jcrPath the JCR path as specified with the ac mgr call.
-     * @param tree the access controlled node.
-     * @return the new acl tree.
-     * @throws RepositoryException if an error occurs
-     */
     @Nonnull
-    private NodeUtil createAclTree(String jcrPath, Tree tree) throws RepositoryException
{
-        NodeUtil node = new NodeUtil(tree);
-        String mixinName = getOakMixinName(jcrPath);
-
-        if (!isAccessControlled(tree, mixinName)) {
-            PropertyState mixins = tree.getProperty(JcrConstants.JCR_MIXINTYPES);
-            if (mixins == null) {
-                tree.setProperty(JcrConstants.JCR_MIXINTYPES, Collections.singleton(mixinName),
Type.NAMES);
-            } else {
-                PropertyBuilder pb = MemoryPropertyBuilder.copy(Type.NAME, mixins);
-                pb.addValue(mixinName);
-                tree.setProperty(pb.getPropertyState());
-            }
-        }
-        return node.addChild(getAclOakName(jcrPath), namePathMapper.getJcrName(NT_REP_ACL));
+    private JackrabbitAccessControlEntry createACE(String jcrPath, Tree aceTree,
+                                                   RestrictionProvider restrictionProvider)
throws RepositoryException {
+        NodeUtil aceNode = new NodeUtil(aceTree);
+        Principal principal = principalProvider.getPrincipal(aceNode.getString(REP_PRINCIPAL_NAME,
null));
+        boolean isAllow = aceNode.hasPrimaryNodeTypeName(NT_REP_GRANT_ACE);
+        Set<Restriction> restrictions = restrictionProvider.readRestrictions(jcrPath,
aceTree);
+        return new ACE(principal, getPrivileges(aceNode), isAllow, restrictions);
     }
 
     @Nonnull
@@ -457,7 +451,7 @@ public class AccessControlManagerImpl im
         // TODO: specify sort order
         StringBuilder stmt = new StringBuilder("/jcr:root");
         stmt.append("//element(*,");
-        stmt.append(NT_REP_ACE);
+        stmt.append(namePathMapper.getJcrName(NT_REP_ACE));
         stmt.append(")[");
         int i = 0;
         for (Principal principal : principals) {
@@ -465,7 +459,7 @@ public class AccessControlManagerImpl im
                 stmt.append(" or ");
             }
             stmt.append('@');
-            stmt.append(ISO9075.encode(REP_PRINCIPAL_NAME));
+            stmt.append(ISO9075.encode(namePathMapper.getJcrName(REP_PRINCIPAL_NAME)));
             stmt.append("='");
             stmt.append(principal.getName().replaceAll("'", "''"));
             stmt.append('\'');
@@ -561,40 +555,4 @@ public class AccessControlManagerImpl im
             return restrictionProvider;
         }
     }
-
-    private class PrincipalRestrictionProvider extends RestrictionProviderImpl {
-
-        private PrincipalRestrictionProvider(NamePathMapper namePathMapper) {
-            super(namePathMapper);
-        }
-
-        @Nonnull
-        @Override
-        public Set<RestrictionDefinition> getSupportedRestrictions(String jcrPath)
{
-            Set<RestrictionDefinition> definitions = new HashSet<RestrictionDefinition>(super.getSupportedRestrictions(jcrPath));
-            definitions.add(new RestrictionDefinitionImpl(REP_NODE_PATH, PropertyType.PATH,
true, namePathMapper));
-            return definitions;
-        }
-
-        @Override
-        public Set<Restriction> readRestrictions(String jcrPath, Tree aceTree) throws
AccessControlException {
-            Set<Restriction> restrictions = super.readRestrictions(jcrPath, aceTree);
-            String value = (jcrPath == null) ? "" : jcrPath;
-            PropertyState nodePathProp = PropertyStates.createProperty(REP_NODE_PATH, value,
Type.PATH);
-            restrictions.add(new RestrictionImpl(nodePathProp, true, namePathMapper));
-            return restrictions;
-        }
-
-        @Override
-        public void writeRestrictions(String jcrPath, Tree aceTree, Set<Restriction>
restrictions) throws AccessControlException {
-            Iterator<Restriction> it = restrictions.iterator();
-            while (it.hasNext()) {
-                Restriction r = it.next();
-                if (REP_NODE_PATH.equals(r.getName())) {
-                    it.remove();
-                }
-            }
-            super.writeRestrictions(jcrPath, aceTree, restrictions);
-        }
-    }
 }
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java?rev=1433536&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
Tue Jan 15 17:24:28 2013
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.restriction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlException;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+
+/**
+ * PrincipalRestrictionProvider... TODO
+ */
+public class PrincipalRestrictionProvider implements RestrictionProvider, AccessControlConstants
{
+
+    private final RestrictionProvider base;
+    private final NamePathMapper namePathMapper;
+
+    public PrincipalRestrictionProvider(RestrictionProvider base, NamePathMapper namePathMapper)
{
+        this.base = base;
+        this.namePathMapper = namePathMapper;
+    }
+
+    @Nonnull
+    @Override
+    public Set<RestrictionDefinition> getSupportedRestrictions(String jcrPath) {
+        Set<RestrictionDefinition> definitions = new HashSet<RestrictionDefinition>(base.getSupportedRestrictions(jcrPath));
+        definitions.add(new RestrictionDefinitionImpl(REP_NODE_PATH, PropertyType.PATH, true,
namePathMapper));
+        return definitions;
+    }
+
+    @Nonnull
+    @Override
+    public Restriction createRestriction(String jcrPath, @Nonnull String jcrName, @Nonnull
Value value) throws RepositoryException {
+        return base.createRestriction(jcrPath, jcrName, value);
+    }
+
+    @Override
+    public Set<Restriction> readRestrictions(String jcrPath, Tree aceTree) throws AccessControlException
{
+        Set<Restriction> restrictions = new HashSet<Restriction>(base.readRestrictions(jcrPath,
aceTree));
+        String value = (jcrPath == null) ? "" : jcrPath;
+        PropertyState nodePathProp = PropertyStates.createProperty(REP_NODE_PATH, value,
Type.PATH);
+        restrictions.add(new RestrictionImpl(nodePathProp, true, namePathMapper));
+        return restrictions;
+    }
+
+    @Override
+    public void writeRestrictions(String jcrPath, Tree aceTree, Set<Restriction> restrictions)
throws AccessControlException {
+        Iterator<Restriction> it = restrictions.iterator();
+        while (it.hasNext()) {
+            Restriction r = it.next();
+            if (REP_NODE_PATH.equals(r.getName())) {
+                it.remove();
+            }
+        }
+        base.writeRestrictions(jcrPath, aceTree, restrictions);
+    }
+
+    @Override
+    public void validateRestrictions(String jcrPath, @Nonnull Tree aceTree) throws AccessControlException
{
+        base.validateRestrictions(jcrPath, aceTree);
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1433536&r1=1433535&r2=1433536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
Tue Jan 15 17:24:28 2013
@@ -27,6 +27,7 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlException;
 
+import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
@@ -45,15 +46,17 @@ import org.apache.jackrabbit.util.Text;
  */
 public class RestrictionProviderImpl implements RestrictionProvider, AccessControlConstants
{
 
+    private final NamePathMapper namePathMapper;
     private Map<String, RestrictionDefinition> supported;
-    private NamePathMapper namePathMapper;
 
     public RestrictionProviderImpl(NamePathMapper namePathMapper) {
-        RestrictionDefinition glob = new RestrictionDefinitionImpl(REP_GLOB, PropertyType.STRING,
false, namePathMapper);
-        this.supported = Collections.singletonMap(REP_GLOB, glob);
         this.namePathMapper = namePathMapper;
+
+        RestrictionDefinition glob = new RestrictionDefinitionImpl(REP_GLOB, PropertyType.STRING,
false, namePathMapper);
+        this.supported = ImmutableMap.of(REP_GLOB, glob);
     }
 
+    //------------------------------------------------< RestrictionProvider >---
     @Nonnull
     @Override
     public Set<RestrictionDefinition> getSupportedRestrictions(String jcrPath) {
@@ -66,8 +69,12 @@ public class RestrictionProviderImpl imp
 
     @Override
     public Restriction createRestriction(String jcrPath, String jcrName, Value value) throws
RepositoryException {
+        if (jcrPath == null) {
+            throw new AccessControlException("Unsupported restriction: " + jcrName);
+        }
+
         String oakName = namePathMapper.getOakName(jcrName);
-        RestrictionDefinition definition = (jcrPath == null) ? null : supported.get(oakName);
+        RestrictionDefinition definition = supported.get(oakName);
         if (definition == null) {
             throw new AccessControlException("Unsupported restriction: " + jcrName);
         }
@@ -76,7 +83,7 @@ public class RestrictionProviderImpl imp
             throw new AccessControlException("Unsupported restriction: Expected value of
type " + PropertyType.nameFromValue(definition.getRequiredType()));
         }
         PropertyState propertyState = PropertyStates.createProperty(oakName, value);
-        return new RestrictionImpl(propertyState, definition.isMandatory(), namePathMapper);
+        return createRestriction(propertyState, definition.isMandatory());
     }
 
     @Override
@@ -90,7 +97,7 @@ public class RestrictionProviderImpl imp
                 if (isRestrictionProperty(propName) && supported.containsKey(propName))
{
                     RestrictionDefinition def = supported.get(propName);
                     if (def.getRequiredType() == propertyState.getType().tag()) {
-                        restrictions.add(new RestrictionImpl(propertyState, def.isMandatory(),
namePathMapper));
+                        restrictions.add(createRestriction(propertyState, def.isMandatory()));
                     }
                 }
             }
@@ -130,6 +137,11 @@ public class RestrictionProviderImpl imp
 
     //------------------------------------------------------------< private >---
     @Nonnull
+    private Restriction createRestriction(PropertyState propertyState, boolean isMandatory)
{
+        return new RestrictionImpl(propertyState,  isMandatory, namePathMapper);
+    }
+
+    @Nonnull
     private Tree getRestrictionsTree(Tree aceTree) {
         Tree restrictions;
         if (aceTree.hasChild(REP_RESTRICTIONS)) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java?rev=1433536&r1=1433535&r2=1433536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
Tue Jan 15 17:24:28 2013
@@ -17,9 +17,9 @@
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
 import java.security.Principal;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
-import java.util.Set;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.PropertyType;
@@ -88,7 +88,7 @@ public abstract class AbstractAccessCont
     @Nonnull
     @Override
     public String[] getRestrictionNames() throws RepositoryException {
-        Set<RestrictionDefinition> supported = getRestrictionProvider().getSupportedRestrictions(jcrPath);
+        Collection<RestrictionDefinition> supported = getRestrictionProvider().getSupportedRestrictions(jcrPath);
         return Collections2.transform(supported, new Function<RestrictionDefinition, String>()
{
             @Override
             public String apply(RestrictionDefinition definition) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java?rev=1433536&r1=1433535&r2=1433536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
Tue Jan 15 17:24:28 2013
@@ -17,9 +17,10 @@
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
 import java.security.Principal;
-import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
@@ -28,7 +29,6 @@ import javax.jcr.security.Privilege;
 
 import com.google.common.collect.ImmutableList;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.EmptyRestrictionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 
 /**
@@ -49,14 +49,12 @@ public class ImmutableACL extends Abstra
      * @param entries The access control entries contained in this policy.
      * @param restrictionProvider The restriction provider.
      */
-    public ImmutableACL(String jcrPath, List<? extends JackrabbitAccessControlEntry>
entries,
-                        RestrictionProvider restrictionProvider) {
+    public ImmutableACL(@Nullable String jcrPath,
+                        @Nonnull List<? extends JackrabbitAccessControlEntry> entries,
+                        @Nonnull RestrictionProvider restrictionProvider) {
         super(jcrPath);
-
-        this.entries = (entries == null) ?
-                Collections.<JackrabbitAccessControlEntry>emptyList() :
-                ImmutableList.copyOf(entries);
-        this.restrictionProvider = (restrictionProvider == null) ? new EmptyRestrictionProvider()
: restrictionProvider;
+        this.entries = ImmutableList.copyOf(entries);
+        this.restrictionProvider = restrictionProvider;
     }
 
     //--------------------------------------------------< AccessControlList >---



Mime
View raw message