jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1433969 [1/2] - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/ main/java/org/apache/jackrabbit/oak/security/authorization/restriction/ main/java/org/apache/jackrabbit/oak/spi/security/aut...
Date Wed, 16 Jan 2013 14:59:02 GMT
Author: angela
Date: Wed Jan 16 14:59:01 2013
New Revision: 1433969

URL: http://svn.apache.org/viewvc?rev=1433969&view=rev
Log:
OAK-51 : Access Control Management (WIP)

in addition:
- move AbstractSecurityTest to oak/security to oak package
- simplify security tests by moving common code to the AbstractSecurityTest

Added:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java   (contents, props changed)
      - copied, changed from r1433512, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/AbstractSecurityTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/TestACL.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/AbstractSecurityTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/GuestDefaultLoginModuleTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ACETest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipalTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java Wed Jan 16 14:59:01 2013
@@ -31,6 +31,7 @@ import javax.jcr.security.AccessControlE
 import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlList;
 import org.apache.jackrabbit.oak.spi.security.authorization.ACE;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
@@ -46,12 +47,12 @@ abstract class ACL extends AbstractAcces
 
     private final List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
 
-    ACL(String jcrPath) {
-        this(jcrPath, null);
+    ACL(String oakPath, NamePathMapper namePathMapper) {
+        this(oakPath, null, namePathMapper);
     }
 
-    ACL(String jcrPath, List<JackrabbitAccessControlEntry> entries) {
-        super(jcrPath);
+    ACL(String oakPath, List<JackrabbitAccessControlEntry> entries, NamePathMapper namePathMapper) {
+        super(oakPath, namePathMapper);
         if (entries != null) {
             this.entries.addAll(entries);
         }
@@ -86,7 +87,7 @@ abstract class ACL extends AbstractAcces
         } else {
             rs = new HashSet<Restriction>(restrictions.size());
             for (String name : restrictions.keySet()) {
-                rs.add(getRestrictionProvider().createRestriction(getPath(), name, restrictions.get(name)));
+                rs.add(getRestrictionProvider().createRestriction(getOakPath(), name, restrictions.get(name)));
             }
         }
         JackrabbitAccessControlEntry entry = new ACE(principal, privileges, isAllow, rs);
@@ -147,8 +148,9 @@ abstract class ACL extends AbstractAcces
         }
         if (obj instanceof ACL) {
             ACL acl = (ACL) obj;
-            String path = getPath();
-            return ((path == null) ? acl.getPath() == null : path.equals(acl.getPath()))
+            String path = getOakPath();
+            String otherPath = acl.getOakPath();
+            return ((path == null) ? otherPath == null : path.equals(otherPath))
                     && entries.equals(acl.entries);
         }
         return false;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java Wed Jan 16 14:59:01 2013
@@ -52,5 +52,4 @@ public interface AccessControlConstants 
     Collection<String> AC_PROPERTY_NAMES = ImmutableSet.of(REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_GLOB);
     Collection<String> AC_NODE_NAMES = ImmutableSet.of(REP_POLICY, REP_REPO_POLICY);
     Collection<String> AC_NODE_TYPE_NAMES = ImmutableSet.of(NT_REP_POLICY, NT_REP_ACL, NT_REP_ACE, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_RESTRICTIONS);
-
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Wed Jan 16 14:59:01 2013
@@ -122,8 +122,9 @@ public class AccessControlManagerImpl im
 
     @Override
     public AccessControlPolicy[] getPolicies(String absPath) throws RepositoryException {
-        Tree tree = getTree(absPath);
-        AccessControlPolicy policy = createACL(absPath, tree, false);
+        String oakPath = getOakPath(absPath);
+        Tree tree = getTree(oakPath);
+        AccessControlPolicy policy = createACL(oakPath, tree, false);
         if (policy != null) {
             return new AccessControlPolicy[] {policy};
         } else {
@@ -133,14 +134,15 @@ public class AccessControlManagerImpl im
 
     @Override
     public AccessControlPolicy[] getEffectivePolicies(String absPath) throws RepositoryException {
-        Tree tree = getTree(absPath);
+        String oakPath = getOakPath(absPath);
+        Tree tree = getTree(oakPath);
         List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
-        AccessControlPolicy policy = createACL(absPath, tree, true);
+        AccessControlPolicy policy = createACL(oakPath, tree, true);
         if (policy != null) {
             effective.add(policy);
         }
-        if (absPath != null) {
-            String parentPath = Text.getRelativeParent(tree.getPath(), 1);
+        if (oakPath != null) {
+            String parentPath = Text.getRelativeParent(oakPath, 1);
             while (!parentPath.isEmpty()) {
                 Tree t = root.getTree(parentPath);
                 AccessControlPolicy plc = createACL(parentPath, t, true);
@@ -155,24 +157,18 @@ public class AccessControlManagerImpl im
 
     @Override
     public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws RepositoryException {
-        Tree tree = getTree(absPath);
+        String oakPath = getOakPath(absPath);
+        Tree tree = getTree(oakPath);
         AccessControlPolicy policy = null;
-        NodeUtil aclNode = getAclNode(absPath, tree);
+        NodeUtil aclNode = getAclNode(oakPath, tree);
         if (aclNode == null) {
             // create an empty acl unless the node is protected or cannot have
-            // mixin set (e.g. due to a lock) or
-            // has colliding rep:policy or rep:repoPolicy child node set.
-            String aclName = getAclOakName(absPath);
-            if (tree.hasChild(aclName)) {
-                // policy child node without node being access controlled
-                log.warn("Colliding policy child without node being access controllable ({}).", absPath);
+            // mixin set (e.g. due to a lock)
+            String mixinName = getMixinName(oakPath);
+            if (ntMgr.isNodeType(tree, mixinName) || ntMgr.getEffectiveNodeType(tree).supportsMixin(mixinName)) {
+                policy = new NodeACL(oakPath);
             } else {
-                String mixinName = getOakMixinName(absPath);
-                if (ntMgr.isNodeType(tree, mixinName) || ntMgr.getEffectiveNodeType(tree).supportsMixin(mixinName)) {
-                    policy = new NodeACL(absPath);
-                } else {
-                    log.warn("Node {} cannot be made access controllable.", absPath);
-                }
+                log.warn("Node {} cannot be made access controllable.", absPath);
             }
         } // else: acl already present -> getPolicies must be used.
 
@@ -185,21 +181,22 @@ public class AccessControlManagerImpl im
 
     @Override
     public void setPolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
-        checkValidPolicy(absPath, policy);
+        String oakPath = getOakPath(absPath);
+        checkValidPolicy(oakPath, policy);
 
         if (policy instanceof PrincipalACL) {
             // TODO
             throw new RepositoryException("not yet implemented");
         } else {
-            Tree tree = getTree(absPath);
-            NodeUtil aclNode = getAclNode(absPath, tree);
+            Tree tree = getTree(oakPath);
+            NodeUtil aclNode = getAclNode(oakPath, tree);
             if (aclNode != null) {
                 // remove all existing aces
                 for (Tree aceTree : aclNode.getTree().getChildren()) {
                     aceTree.remove();
                 }
             } else {
-                aclNode = createAclTree(absPath, tree);
+                aclNode = createAclTree(oakPath, tree);
             }
 
             ACL acl = (ACL) policy;
@@ -218,24 +215,25 @@ public class AccessControlManagerImpl im
                     String[] rNames = ace.getRestrictionNames();
                     restrictions = new HashSet<Restriction>(rNames.length);
                     for (String rName : rNames) {
-                        restrictions.add(restrictionProvider.createRestriction(acl.getPath(), rName, ace.getRestriction(rName)));
+                        restrictions.add(restrictionProvider.createRestriction(oakPath, rName, ace.getRestriction(rName)));
                     }
                 }
-                restrictionProvider.writeRestrictions(absPath, aceNode.getTree(), restrictions);
+                restrictionProvider.writeRestrictions(oakPath, aceNode.getTree(), restrictions);
             }
         }
     }
 
     @Override
     public void removePolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
-        checkValidPolicy(absPath, policy);
+        String oakPath = getOakPath(absPath);
+        checkValidPolicy(oakPath, policy);
 
         if (policy instanceof PrincipalACL) {
             // TODO
             throw new RepositoryException("not yet implemented");
         } else {
-            Tree tree = getTree(absPath);
-            NodeUtil aclNode = getAclNode(absPath, tree);
+            Tree tree = getTree(oakPath);
+            NodeUtil aclNode = getAclNode(oakPath, tree);
             if (aclNode != null) {
                 aclNode.getTree().remove();
             } else {
@@ -295,20 +293,24 @@ public class AccessControlManagerImpl im
     }
 
     //------------------------------------------------------------< private >---
-    @Nonnull
-    private Tree getTree(String jcrPath) throws RepositoryException {
-        Tree tree;
+    @CheckForNull
+    private String getOakPath(String jcrPath) throws RepositoryException {
         if (jcrPath == null) {
-            tree = root.getTree("/");
+            return "/";
         } else {
             String oakPath = namePathMapper.getOakPathKeepIndex(jcrPath);
             if (oakPath == null) {
                 throw new RepositoryException("Failed to resolve JCR path " + jcrPath);
             }
-            tree = root.getTree(oakPath);
+            return oakPath;
         }
+    }
+
+    @Nonnull
+    private Tree getTree(String oakPath) throws RepositoryException {
+        Tree tree = root.getTree(oakPath);
         if (tree == null) {
-            throw new PathNotFoundException("No tree at " +jcrPath);
+            throw new PathNotFoundException("No tree at " +oakPath);
         }
         checkPermission(tree);
         checkIsAccessControlContent(tree);
@@ -337,11 +339,11 @@ public class AccessControlManagerImpl im
         }
     }
 
-    private static void checkValidPolicy(String jcrPath, AccessControlPolicy policy) throws AccessControlException {
+    private static void checkValidPolicy(String oakPath, AccessControlPolicy policy) throws AccessControlException {
         if (policy instanceof ACL) {
-            String path = ((ACL) policy).getPath();
-            if ((path == null && jcrPath != null) || (path != null && !path.equals(jcrPath))) {
-                throw new AccessControlException("Invalid access control policy " + policy + ": path mismatch " + jcrPath);
+            String path = ((ACL) policy).getOakPath();
+            if ((path == null && oakPath != null) || (path != null && !path.equals(oakPath))) {
+                throw new AccessControlException("Invalid access control policy " + policy + ": path mismatch " + oakPath);
             }
         } else {
             throw new AccessControlException("Invalid access control policy " + policy);
@@ -358,15 +360,15 @@ public class AccessControlManagerImpl im
 
     /**
      *
-     * @param jcrPath the JCR path as specified with the ac mgr call.
+     * @param oakPath the Oak path as specified with the ac mgr call.
      * @param tree the access controlled node.
      * @return the new acl tree.
      * @throws RepositoryException if an error occurs
      */
     @Nonnull
-    private NodeUtil createAclTree(String jcrPath, Tree tree) throws RepositoryException {
+    private NodeUtil createAclTree(String oakPath, Tree tree) throws RepositoryException {
         NodeUtil node = new NodeUtil(tree);
-        String mixinName = getOakMixinName(jcrPath);
+        String mixinName = getMixinName(oakPath);
 
         if (!isAccessControlled(tree, mixinName)) {
             PropertyState mixins = tree.getProperty(JcrConstants.JCR_MIXINTYPES);
@@ -378,28 +380,28 @@ public class AccessControlManagerImpl im
                 tree.setProperty(pb.getPropertyState());
             }
         }
-        return node.addChild(getAclOakName(jcrPath), namePathMapper.getJcrName(NT_REP_ACL));
+        return node.addChild(getAclName(oakPath), namePathMapper.getJcrName(NT_REP_ACL));
     }
 
     @CheckForNull
-    private AccessControlList createACL(String jcrPath, Tree accessControlledTree,
+    private AccessControlList createACL(String oakPath, Tree accessControlledTree,
                                         boolean isReadOnly) throws RepositoryException {
         AccessControlList acl = null;
-        String aclName = getAclOakName(jcrPath);
-        String mixinName = getOakMixinName(jcrPath);
+        String aclName = getAclName(oakPath);
+        String mixinName = getMixinName(oakPath);
 
         if (isAccessControlled(accessControlledTree, mixinName) && accessControlledTree.hasChild(aclName)) {
             Tree aclTree = accessControlledTree.getChild(aclName);
             List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
             for (Tree child : aclTree.getChildren()) {
                 if (isACE(child)) {
-                    entries.add(createACE(jcrPath, child, restrictionProvider));
+                    entries.add(createACE(oakPath, child, restrictionProvider));
                 }
             }
             if (isReadOnly) {
-                acl = new ImmutableACL(jcrPath, entries, restrictionProvider);
+                acl = new ImmutableACL(oakPath, entries, restrictionProvider, namePathMapper);
             } else {
-                acl = new NodeACL(jcrPath, entries);
+                acl = new NodeACL(oakPath, entries);
             }
         }
         return acl;
@@ -421,13 +423,13 @@ public class AccessControlManagerImpl im
                 Tree aceTree = root.getTree(row.getPath());
                 if (isACE(aceTree)) {
                     String aclPath = Text.getRelativeParent(aceTree.getPath(), 1);
-                    String jcrPath;
+                    String path;
                     if (aclPath.endsWith(REP_REPO_POLICY)) {
-                        jcrPath = null;
+                        path = null;
                     } else {
-                        jcrPath = Text.getRelativeParent(aclPath, 1);
+                        path = Text.getRelativeParent(aclPath, 1);
                     }
-                    entries.add(createACE(jcrPath, aceTree, restrProvider));
+                    entries.add(createACE(path, aceTree, restrProvider));
                 }
             }
         }
@@ -435,12 +437,12 @@ public class AccessControlManagerImpl im
     }
 
     @Nonnull
-    private JackrabbitAccessControlEntry createACE(String jcrPath, Tree aceTree,
+    private JackrabbitAccessControlEntry createACE(String oakPath, Tree aceTree,
                                                    RestrictionProvider restrictionProvider) throws RepositoryException {
         NodeUtil aceNode = new NodeUtil(aceTree);
         Principal principal = principalProvider.getPrincipal(aceNode.getString(REP_PRINCIPAL_NAME, null));
         boolean isAllow = aceNode.hasPrimaryNodeTypeName(NT_REP_GRANT_ACE);
-        Set<Restriction> restrictions = restrictionProvider.readRestrictions(jcrPath, aceTree);
+        Set<Restriction> restrictions = restrictionProvider.readRestrictions(oakPath, aceTree);
         return new ACE(principal, getPrivileges(aceNode), isAllow, restrictions);
     }
 
@@ -488,19 +490,19 @@ public class AccessControlManagerImpl im
     }
 
     @CheckForNull
-    private static NodeUtil getAclNode(String jcrPath, Tree accessControlledTree) {
-        Tree policyTree = accessControlledTree.getChild(getAclOakName(jcrPath));
+    private static NodeUtil getAclNode(String oakPath, Tree accessControlledTree) {
+        Tree policyTree = accessControlledTree.getChild(getAclName(oakPath));
         return (policyTree == null) ? null : new NodeUtil(policyTree);
     }
 
     @Nonnull
-    private static String getOakMixinName(String jcrPath) {
-        return (jcrPath == null) ? MIX_REP_REPO_ACCESS_CONTROLLABLE : MIX_REP_ACCESS_CONTROLLABLE;
+    private static String getMixinName(String oakPath) {
+        return (oakPath == null) ? MIX_REP_REPO_ACCESS_CONTROLLABLE : MIX_REP_ACCESS_CONTROLLABLE;
     }
 
     @Nonnull
-    private static String getAclOakName(String jcrPath) {
-        return (jcrPath == null) ? REP_REPO_POLICY : REP_POLICY;
+    private static String getAclName(String oakPath) {
+        return (oakPath == null) ? REP_REPO_POLICY : REP_POLICY;
     }
 
     /**
@@ -526,12 +528,12 @@ public class AccessControlManagerImpl im
     // TODO review again
     private class NodeACL extends ACL {
 
-        NodeACL(String jcrPath) {
-            super(jcrPath);
+        NodeACL(String oakPath) {
+            super(oakPath, namePathMapper);
         }
 
-        NodeACL(String jcrPath, List<JackrabbitAccessControlEntry> entries) {
-            super(jcrPath, entries);
+        NodeACL(String oakPath, List<JackrabbitAccessControlEntry> entries) {
+            super(oakPath, entries, namePathMapper);
         }
 
         @Nonnull
@@ -544,8 +546,8 @@ public class AccessControlManagerImpl im
     private class PrincipalACL extends ACL {
 
         private final RestrictionProvider restrictionProvider;
-        private PrincipalACL(String jcrPath, List<JackrabbitAccessControlEntry> entries, RestrictionProvider restrictionProvider) {
-            super(jcrPath, entries);
+        private PrincipalACL(String oakPath, List<JackrabbitAccessControlEntry> entries, RestrictionProvider restrictionProvider) {
+            super(oakPath, entries, namePathMapper);
             this.restrictionProvider = restrictionProvider;
         }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java Wed Jan 16 14:59:01 2013
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.apache.jackrabbit.util.Text;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
@@ -142,7 +143,13 @@ class AccessControlValidator implements 
 
     private void checkValidRestrictions(NodeUtil aceNode) throws CommitFailedException {
         try {
-            String path = null; // TODO
+            String path;
+            String aclPath = parentAfter.getTree().getPath();
+            if (REP_REPO_POLICY.equals(Text.getName(aclPath))) {
+                path = null;
+            } else {
+                path = Text.getRelativeParent(aclPath, 1);
+            }
             restrictionProvider.validateRestrictions(path, aceNode.getTree());
         } catch (AccessControlException e) {
             throw new CommitFailedException(e);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java Wed Jan 16 14:59:01 2013
@@ -50,29 +50,29 @@ public class PrincipalRestrictionProvide
 
     @Nonnull
     @Override
-    public Set<RestrictionDefinition> getSupportedRestrictions(String jcrPath) {
-        Set<RestrictionDefinition> definitions = new HashSet<RestrictionDefinition>(base.getSupportedRestrictions(jcrPath));
+    public Set<RestrictionDefinition> getSupportedRestrictions(String oakPath) {
+        Set<RestrictionDefinition> definitions = new HashSet<RestrictionDefinition>(base.getSupportedRestrictions(oakPath));
         definitions.add(new RestrictionDefinitionImpl(REP_NODE_PATH, PropertyType.PATH, true, namePathMapper));
         return definitions;
     }
 
     @Nonnull
     @Override
-    public Restriction createRestriction(String jcrPath, @Nonnull String jcrName, @Nonnull Value value) throws RepositoryException {
-        return base.createRestriction(jcrPath, jcrName, value);
+    public Restriction createRestriction(String oakPath, @Nonnull String jcrName, @Nonnull Value value) throws RepositoryException {
+        return base.createRestriction(oakPath, jcrName, value);
     }
 
     @Override
-    public Set<Restriction> readRestrictions(String jcrPath, Tree aceTree) throws AccessControlException {
-        Set<Restriction> restrictions = new HashSet<Restriction>(base.readRestrictions(jcrPath, aceTree));
-        String value = (jcrPath == null) ? "" : jcrPath;
+    public Set<Restriction> readRestrictions(String oakPath, Tree aceTree) throws AccessControlException {
+        Set<Restriction> restrictions = new HashSet<Restriction>(base.readRestrictions(oakPath, aceTree));
+        String value = (oakPath == null) ? "" : oakPath;
         PropertyState nodePathProp = PropertyStates.createProperty(REP_NODE_PATH, value, Type.PATH);
         restrictions.add(new RestrictionImpl(nodePathProp, true, namePathMapper));
         return restrictions;
     }
 
     @Override
-    public void writeRestrictions(String jcrPath, Tree aceTree, Set<Restriction> restrictions) throws AccessControlException {
+    public void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) throws AccessControlException {
         Iterator<Restriction> it = restrictions.iterator();
         while (it.hasNext()) {
             Restriction r = it.next();
@@ -80,11 +80,11 @@ public class PrincipalRestrictionProvide
                 it.remove();
             }
         }
-        base.writeRestrictions(jcrPath, aceTree, restrictions);
+        base.writeRestrictions(oakPath, aceTree, restrictions);
     }
 
     @Override
-    public void validateRestrictions(String jcrPath, @Nonnull Tree aceTree) throws AccessControlException {
-        base.validateRestrictions(jcrPath, aceTree);
+    public void validateRestrictions(String oakPath, @Nonnull Tree aceTree) throws AccessControlException {
+        base.validateRestrictions(oakPath, aceTree);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java Wed Jan 16 14:59:01 2013
@@ -59,8 +59,8 @@ public class RestrictionProviderImpl imp
     //------------------------------------------------< RestrictionProvider >---
     @Nonnull
     @Override
-    public Set<RestrictionDefinition> getSupportedRestrictions(String jcrPath) {
-        if (jcrPath == null) {
+    public Set<RestrictionDefinition> getSupportedRestrictions(String oakPath) {
+        if (oakPath == null) {
             return Collections.emptySet();
         } else {
             return ImmutableSet.copyOf(supported.values());
@@ -68,15 +68,15 @@ public class RestrictionProviderImpl imp
     }
 
     @Override
-    public Restriction createRestriction(String jcrPath, String jcrName, Value value) throws RepositoryException {
-        if (jcrPath == null) {
-            throw new AccessControlException("Unsupported restriction: " + jcrName);
+    public Restriction createRestriction(String oakPath, String jcrName, Value value) throws RepositoryException {
+        if (oakPath == null) {
+            throw new AccessControlException("Unsupported restriction: " + oakPath);
         }
 
         String oakName = namePathMapper.getOakName(jcrName);
         RestrictionDefinition definition = supported.get(oakName);
         if (definition == null) {
-            throw new AccessControlException("Unsupported restriction: " + jcrName);
+            throw new AccessControlException("Unsupported restriction: " + oakPath);
         }
         int requiredType = definition.getRequiredType();
         if (requiredType != PropertyType.UNDEFINED && requiredType != value.getType()) {
@@ -87,8 +87,8 @@ public class RestrictionProviderImpl imp
     }
 
     @Override
-    public Set<Restriction> readRestrictions(String jcrPath, Tree aceTree) throws AccessControlException {
-        if (jcrPath == null) {
+    public Set<Restriction> readRestrictions(String oakPath, Tree aceTree) throws AccessControlException {
+        if (oakPath == null) {
             return Collections.emptySet();
         } else {
             Set<Restriction> restrictions = new HashSet<Restriction>();
@@ -106,7 +106,7 @@ public class RestrictionProviderImpl imp
     }
 
     @Override
-    public void writeRestrictions(String jcrPath, Tree aceTree, Set<Restriction> restrictions) throws AccessControlException {
+    public void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) throws AccessControlException {
         // validation of the restrictions is delegated to the commit hook
         // see #validateRestrictions below
         NodeUtil aceNode = new NodeUtil(aceTree);
@@ -117,9 +117,9 @@ public class RestrictionProviderImpl imp
     }
 
     @Override
-    public void validateRestrictions(String jcrPath, Tree aceTree) throws javax.jcr.security.AccessControlException {
+    public void validateRestrictions(String oakPath, Tree aceTree) throws javax.jcr.security.AccessControlException {
         Map<String,PropertyState> restrictionProperties = getRestrictionProperties(aceTree);
-        if (jcrPath == null && !restrictionProperties.isEmpty()) {
+        if (oakPath == null && !restrictionProperties.isEmpty()) {
             throw new AccessControlException("Restrictions not supported with 'null' path.");
         }
         for (String restrName : restrictionProperties.keySet()) {
@@ -143,11 +143,9 @@ public class RestrictionProviderImpl imp
 
     @Nonnull
     private Tree getRestrictionsTree(Tree aceTree) {
-        Tree restrictions;
-        if (aceTree.hasChild(REP_RESTRICTIONS)) {
-            restrictions = aceTree.getChild(REP_RESTRICTIONS);
-        } else {
-            // backwards compatibility
+        Tree restrictions = aceTree.getChild(REP_RESTRICTIONS);
+        if (restrictions == null) {
+            // no rep: restrictions tree -> read from aceTree for backwards compatibility
             restrictions = aceTree;
         }
         return restrictions;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java Wed Jan 16 14:59:01 2013
@@ -22,6 +22,7 @@ import java.util.Collections;
 import java.util.List;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
@@ -32,6 +33,7 @@ import com.google.common.base.Function;
 import com.google.common.collect.Collections2;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 
@@ -40,13 +42,21 @@ import org.apache.jackrabbit.oak.spi.sec
  */
 public abstract class AbstractAccessControlList implements JackrabbitAccessControlList {
 
-    private final String jcrPath;
+    private final String oakPath;
+    private final NamePathMapper namePathMapper;
 
-    public AbstractAccessControlList(String jcrPath) {
-        this.jcrPath = jcrPath;
+    public AbstractAccessControlList(@Nullable String oakPath,
+                                     @Nonnull NamePathMapper namePathMapper) {
+        this.oakPath = oakPath;
+        this.namePathMapper = namePathMapper;
     }
 
     //------------------------------------------< AbstractAccessControlList >---
+    @CheckForNull
+    public String getOakPath() {
+        return oakPath;
+    }
+
     @Nonnull
     public abstract List<JackrabbitAccessControlEntry> getEntries();
 
@@ -57,7 +67,7 @@ public abstract class AbstractAccessCont
     @CheckForNull
     @Override
     public String getPath() {
-        return jcrPath;
+        return (oakPath == null) ? null : namePathMapper.getJcrPath(oakPath);
     }
 
     //--------------------------------------------------< AccessControlList >---
@@ -88,7 +98,7 @@ public abstract class AbstractAccessCont
     @Nonnull
     @Override
     public String[] getRestrictionNames() throws RepositoryException {
-        Collection<RestrictionDefinition> supported = getRestrictionProvider().getSupportedRestrictions(jcrPath);
+        Collection<RestrictionDefinition> supported = getRestrictionProvider().getSupportedRestrictions(getOakPath());
         return Collections2.transform(supported, new Function<RestrictionDefinition, String>() {
             @Override
             public String apply(RestrictionDefinition definition) {
@@ -100,7 +110,7 @@ public abstract class AbstractAccessCont
 
     @Override
     public int getRestrictionType(String restrictionName) throws RepositoryException {
-        for (RestrictionDefinition definition : getRestrictionProvider().getSupportedRestrictions(jcrPath)) {
+        for (RestrictionDefinition definition : getRestrictionProvider().getSupportedRestrictions(getOakPath())) {
             if (definition.getJcrName().equals(restrictionName)) {
                 return definition.getRequiredType();
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java Wed Jan 16 14:59:01 2013
@@ -29,6 +29,7 @@ import javax.jcr.security.Privilege;
 
 import com.google.common.collect.ImmutableList;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 
 /**
@@ -45,14 +46,15 @@ public class ImmutableACL extends Abstra
     /**
      * Construct a new {@code UnmodifiableAccessControlList}
      *
-     * @param jcrPath The JCR path of this policy.
+     * @param oakPath The Oak path of this policy or {@code null}.
      * @param entries The access control entries contained in this policy.
      * @param restrictionProvider The restriction provider.
      */
-    public ImmutableACL(@Nullable String jcrPath,
+    public ImmutableACL(@Nullable String oakPath,
                         @Nonnull List<? extends JackrabbitAccessControlEntry> entries,
-                        @Nonnull RestrictionProvider restrictionProvider) {
-        super(jcrPath);
+                        @Nonnull RestrictionProvider restrictionProvider,
+                        @Nonnull NamePathMapper namePathMapper) {
+        super(oakPath, namePathMapper);
         this.entries = ImmutableList.copyOf(entries);
         this.restrictionProvider = restrictionProvider;
     }
@@ -94,7 +96,7 @@ public class ImmutableACL extends Abstra
     public int hashCode() {
         if (hashCode == 0) {
             int result = 17;
-            result = 37 * result + (getPath() != null ? getPath().hashCode() : 0);
+            result = 37 * result + (getOakPath() != null ? getOakPath().hashCode() : 0);
             for (AccessControlEntry entry : entries) {
                 result = 37 * result + entry.hashCode();
             }
@@ -110,8 +112,9 @@ public class ImmutableACL extends Abstra
         }
         if (obj instanceof ImmutableACL) {
             ImmutableACL other = (ImmutableACL) obj;
-            String path = getPath();
-            return ((path == null) ? other.getPath() == null : path.equals(other.getPath()))
+            String path = getOakPath();
+            String otherPath = other.getOakPath();
+            return ((path == null) ? otherPath == null : path.equals(otherPath))
                     && entries.equals(other.entries);
         }
         return false;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java Wed Jan 16 14:59:01 2013
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.spi.se
 
 import java.util.Set;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlException;
@@ -30,15 +31,16 @@ import org.apache.jackrabbit.oak.api.Tre
 public interface RestrictionProvider {
 
     @Nonnull
-    Set<RestrictionDefinition> getSupportedRestrictions(String jcrPath);
+    Set<RestrictionDefinition> getSupportedRestrictions(@Nullable String oakPath);
 
     @Nonnull
-    Restriction createRestriction(String jcrPath, @Nonnull String jcrName, @Nonnull Value value) throws RepositoryException;
+    Restriction createRestriction(@Nullable String oakPath,
+                                  @Nonnull String jcrName, @Nonnull Value value) throws RepositoryException;
 
     @Nonnull
-    Set<Restriction> readRestrictions(String jcrPath, @Nonnull Tree aceTree) throws AccessControlException;
+    Set<Restriction> readRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) throws AccessControlException;
 
-    void writeRestrictions(String jcrPath, Tree aceTree, Set<Restriction> restrictions) throws AccessControlException;
+    void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) throws AccessControlException;
 
-    void validateRestrictions(String jcrPath, @Nonnull Tree aceTree) throws AccessControlException;
+    void validateRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) throws AccessControlException;
 }

Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java (from r1433512, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/AbstractSecurityTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/AbstractSecurityTest.java&r1=1433512&r2=1433969&rev=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/AbstractSecurityTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java Wed Jan 16 14:59:01 2013
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.security;
+package org.apache.jackrabbit.oak;
 
 import javax.jcr.Credentials;
 import javax.jcr.NoSuchWorkspaceException;
@@ -22,11 +22,16 @@ import javax.jcr.SimpleCredentials;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginException;
 
-import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.nodetype.InitialContent;
+import org.apache.jackrabbit.oak.security.OakConfiguration;
+import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.junit.After;
 import org.junit.Before;
 
@@ -36,9 +41,12 @@ import org.junit.Before;
 public abstract class AbstractSecurityTest {
 
     private ContentRepository contentRepository;
+    private UserManager userManager;
 
+    protected NamePathMapper namePathMapper = NamePathMapper.DEFAULT;
     protected SecurityProvider securityProvider;
     protected ContentSession adminSession;
+    protected Root root;
 
     @Before
     public void before() throws Exception {
@@ -48,6 +56,7 @@ public abstract class AbstractSecurityTe
                 .createContentRepository();
 
         adminSession = login(getAdminCredentials());
+        root = adminSession.getLatestRoot();
 
         Configuration.setConfiguration(getConfiguration());
     }
@@ -79,4 +88,15 @@ public abstract class AbstractSecurityTe
         return new SimpleCredentials("admin", "admin".toCharArray());
     }
 
+
+    protected UserConfiguration getUserConfiguration() {
+        return getSecurityProvider().getUserConfiguration();
+    }
+
+    protected UserManager getUserManager() {
+        if (userManager == null) {
+            userManager = getUserConfiguration().getUserManager(root, namePathMapper);
+        }
+        return userManager;
+    }
 }

Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java Wed Jan 16 14:59:01 2013
@@ -26,17 +26,13 @@ import javax.security.auth.login.LoginEx
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.ContentSession;
-import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
-import org.junit.Before;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
@@ -49,15 +45,6 @@ import static org.junit.Assert.fail;
  */
 public class DefaultLoginModuleTest extends AbstractSecurityTest {
 
-    private UserConfiguration uc;
-
-    @Before
-    public void before() throws Exception {
-        super.before();
-
-        uc = getSecurityProvider().getUserConfiguration();
-    }
-
     @Override
     protected Configuration getConfiguration() {
         return new Configuration() {
@@ -93,7 +80,7 @@ public class DefaultLoginModuleTest exte
         ContentSession cs = login(new GuestCredentials());
         try {
             AuthInfo authInfo = cs.getAuthInfo();
-            String anonymousID = UserUtility.getAnonymousId(uc.getConfigurationParameters());
+            String anonymousID = UserUtility.getAnonymousId(getUserConfiguration().getConfigurationParameters());
             assertEquals(anonymousID, authInfo.getUserID());
         } finally {
             cs.close();
@@ -102,10 +89,9 @@ public class DefaultLoginModuleTest exte
 
     @Test
     public void testAnonymousLogin() throws Exception {
-        String anonymousID = UserUtility.getAnonymousId(uc.getConfigurationParameters());
+        String anonymousID = UserUtility.getAnonymousId(getUserConfiguration().getConfigurationParameters());
 
-        Root root = adminSession.getLatestRoot();
-        UserManager userMgr = uc.getUserManager(root, NamePathMapper.DEFAULT);
+        UserManager userMgr = getUserManager();
 
         // verify initial user-content looks like expected
         Authorizable anonymous = userMgr.getAuthorizable(anonymousID);
@@ -127,9 +113,7 @@ public class DefaultLoginModuleTest exte
 
     @Test
     public void testUserLogin() throws Exception {
-        Root root = adminSession.getLatestRoot();
-        UserManager userManager = uc.getUserManager(root, NamePathMapper.DEFAULT);
-
+        UserManager userManager = getUserManager();
         ContentSession cs = null;
         User user = null;
         try {
@@ -152,9 +136,7 @@ public class DefaultLoginModuleTest exte
 
     @Test
     public void testSelfImpersonation() throws Exception {
-        Root root = adminSession.getLatestRoot();
-        UserManager userManager = uc.getUserManager(root, NamePathMapper.DEFAULT);
-
+        UserManager userManager = getUserManager();
         ContentSession cs = null;
         User user = null;
         try {
@@ -188,9 +170,7 @@ public class DefaultLoginModuleTest exte
 
     @Test
     public void testInvalidImpersonation() throws Exception {
-        Root root = adminSession.getLatestRoot();
-        UserManager userManager = uc.getUserManager(root, NamePathMapper.DEFAULT);
-
+        UserManager userManager = getUserManager();
         ContentSession cs = null;
         User user = null;
         try {
@@ -226,5 +206,4 @@ public class DefaultLoginModuleTest exte
             }
         }
     }
-
 }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/GuestDefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/GuestDefaultLoginModuleTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/GuestDefaultLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/GuestDefaultLoginModuleTest.java Wed Jan 16 14:59:01 2013
@@ -21,9 +21,9 @@ import javax.jcr.GuestCredentials;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
 
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.ContentSession;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
@@ -61,7 +61,7 @@ public class GuestDefaultLoginModuleTest
         ContentSession cs = login(null);
         try {
             AuthInfo authInfo = cs.getAuthInfo();
-            String anonymousID = UserUtility.getAnonymousId(getSecurityProvider().getUserConfiguration().getConfigurationParameters());
+            String anonymousID = UserUtility.getAnonymousId(getUserConfiguration().getConfigurationParameters());
             assertEquals(anonymousID, authInfo.getUserID());
         } finally {
             cs.close();
@@ -73,7 +73,7 @@ public class GuestDefaultLoginModuleTest
         ContentSession cs = login(new GuestCredentials());
         try {
             AuthInfo authInfo = cs.getAuthInfo();
-            String anonymousID = UserUtility.getAnonymousId(getSecurityProvider().getUserConfiguration().getConfigurationParameters());
+            String anonymousID = UserUtility.getAnonymousId(getUserConfiguration().getConfigurationParameters());
             assertEquals(anonymousID, authInfo.getUserID());
         } finally {
             cs.close();

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java Wed Jan 16 14:59:01 2013
@@ -24,9 +24,9 @@ import javax.security.auth.login.Configu
 import javax.security.auth.login.LoginException;
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule;
 import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java Wed Jan 16 14:59:01 2013
@@ -24,9 +24,9 @@ import javax.security.auth.login.Configu
 import javax.security.auth.login.LoginException;
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java Wed Jan 16 14:59:01 2013
@@ -17,10 +17,7 @@
 package org.apache.jackrabbit.oak.security.authentication.token;
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
-import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.junit.After;
 import org.junit.Before;
@@ -30,11 +27,8 @@ import org.junit.Before;
  */
 public abstract class AbstractTokenTest extends AbstractSecurityTest {
 
-    Root root;
     TokenProviderImpl tokenProvider;
-
     String userId;
-    UserManager userManager;
 
     @Before
     public void before() throws Exception {
@@ -43,19 +37,17 @@ public abstract class AbstractTokenTest 
         root = adminSession.getLatestRoot();
         tokenProvider = new TokenProviderImpl(root,
                 ConfigurationParameters.EMPTY,
-                getSecurityProvider().getUserConfiguration());
+                getUserConfiguration());
 
         userId = "testUser";
-        userManager = getSecurityProvider().getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
-
-        userManager.createUser(userId, "pw");
+        getUserManager().createUser(userId, "pw");
         root.commit();
     }
 
     @After
     public void after() throws Exception {
         try {
-            Authorizable a = userManager.getAuthorizable(userId);
+            Authorizable a = getUserManager().getAuthorizable(userId);
             if (a != null) {
                 a.remove();
                 root.commit();

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java Wed Jan 16 14:59:01 2013
@@ -130,7 +130,7 @@ public class TokenProviderImplTest exten
 
         TokenInfo info = tokenProvider.createToken(userId, attributes);
 
-        Tree userTree = root.getTree(userManager.getAuthorizable(userId).getPath());
+        Tree userTree = root.getTree(getUserManager().getAuthorizable(userId).getPath());
         Tree tokens = userTree.getChild(".tokens");
         assertNotNull(tokens);
         assertEquals(1, tokens.getChildrenCount());
@@ -201,7 +201,7 @@ public class TokenProviderImplTest exten
     public void testRemoveTokenRemovesNode() throws Exception {
         TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
 
-        Tree userTree = root.getTree(userManager.getAuthorizable(userId).getPath());
+        Tree userTree = root.getTree(getUserManager().getAuthorizable(userId).getPath());
         Tree tokens = userTree.getChild(".tokens");
         String tokenNodePath = tokens.getChildren().iterator().next().getPath();
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java Wed Jan 16 14:59:01 2013
@@ -29,10 +29,8 @@ import javax.security.auth.login.LoginEx
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.AuthInfo;
-import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.junit.After;
 import org.junit.Before;
@@ -47,11 +45,7 @@ import static org.junit.Assert.fail;
  */
 public class UserAuthenticationTest extends AbstractSecurityTest {
 
-    private Root root;
-
-    private String userId;
-    private UserManager userManager;
-
+    private final String userId = "testUser";
     private UserAuthentication authentication;
 
     @Before
@@ -60,9 +54,7 @@ public class UserAuthenticationTest exte
 
         root = adminSession.getLatestRoot();
 
-        userId = "testUser";
-        userManager = getSecurityProvider().getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
-
+        UserManager userManager = getUserManager();
         userManager.createUser(userId, "pw");
         root.commit();
 
@@ -72,7 +64,7 @@ public class UserAuthenticationTest exte
     @After
     public void after() throws Exception {
         try {
-            Authorizable a = userManager.getAuthorizable(userId);
+            Authorizable a = getUserManager().getAuthorizable(userId);
             if (a != null) {
                 a.remove();
                 root.commit();
@@ -90,7 +82,7 @@ public class UserAuthenticationTest exte
 
     @Test
     public void testAuthenticateWithoutUserId() throws Exception {
-        UserAuthentication authentication = new UserAuthentication(null, userManager);
+        UserAuthentication authentication = new UserAuthentication(null, getUserManager());
         assertFalse(authentication.authenticate(new SimpleCredentials(userId, "pw".toCharArray())));
     }
 

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java?rev=1433969&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java Wed Jan 16 14:59:01 2013
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import java.util.List;
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlList;
+import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlListTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+
+/**
+ * ACLTest... TODO
+ */
+public class ACLTest extends AbstractAccessControlListTest{
+
+    @Override
+    protected AbstractAccessControlList createACL(String jcrPath, List<JackrabbitAccessControlEntry> entries, NamePathMapper namePathMapper) {
+        String path = (jcrPath == null) ? null : namePathMapper.getOakPathKeepIndex(jcrPath);
+        final RestrictionProvider rp = getRestrictionProvider();
+        return new ACL(path, entries, namePathMapper) {
+            @Nonnull
+            @Override
+            public RestrictionProvider getRestrictionProvider() {
+                return rp;
+            }
+        };
+    }
+
+    // TODO add test
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1433969&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Wed Jan 16 14:59:01 2013
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.junit.Before;
+
+/**
+ * AccessControlManagerImplTest... TODO
+ */
+public class AccessControlManagerImplTest extends AbstractSecurityTest {
+
+    @Override
+    @Before
+    public void before() throws Exception {
+        super.before();
+    }
+
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImplTest.java?rev=1433969&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImplTest.java Wed Jan 16 14:59:01 2013
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import java.security.Principal;
+import java.util.Collections;
+
+import org.apache.jackrabbit.oak.spi.security.authorization.AllPermissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.junit.Test;
+
+import static org.junit.Assert.assertTrue;
+
+/**
+ * PermissionProviderImplTest... TODO
+ */
+public class PermissionProviderImplTest {
+
+    private PermissionProvider pp = new PermissionProviderImpl();
+    private NodeStore nodeStore = null; // TODO
+
+    @Test
+    public void testGetPermissions() {
+        // TODO
+    }
+
+    @Test
+    public void testGetCompilePermissions() {
+        // TODO
+    }
+
+    @Test
+    public void testGetSystemPermissions() {
+        CompiledPermissions cp = pp.getCompiledPermissions(nodeStore,
+                Collections.<Principal>singleton(SystemPrincipal.INSTANCE));
+        assertTrue(cp instanceof AllPermissions);
+    }
+
+    @Test
+    public void testGetAdminPermissions() {
+        CompiledPermissions cp = pp.getCompiledPermissions(nodeStore,
+                Collections.<Principal>singleton(new AdminPrincipal() {
+                    @Override
+                    public String getName() {
+                        return "someAdminName";
+                    }
+                }));
+        assertTrue(cp instanceof AllPermissions);
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java Wed Jan 16 14:59:01 2013
@@ -29,13 +29,10 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
@@ -48,17 +45,13 @@ import static org.junit.Assert.assertTru
  */
 public class PrincipalProviderImplTest extends AbstractSecurityTest {
 
-    private Root root;
-    private UserConfiguration userConfig;
     private PrincipalProvider principalProvider;
 
     @Override
     public void before() throws Exception {
         super.before();
 
-        root = adminSession.getLatestRoot();
-        userConfig = getSecurityProvider().getUserConfiguration();
-        principalProvider = new PrincipalProviderImpl(root, userConfig, NamePathMapper.DEFAULT);
+        principalProvider = new PrincipalProviderImpl(root, getUserConfiguration(), namePathMapper);
     }
 
     @Test
@@ -87,7 +80,7 @@ public class PrincipalProviderImplTest e
 
         Group everyoneGroup = null;
         try {
-            UserManager userMgr = userConfig.getUserManager(root, NamePathMapper.DEFAULT);
+            UserManager userMgr = getUserManager();
             everyoneGroup = userMgr.createGroup(EveryonePrincipal.NAME);
             root.commit();
 
@@ -105,7 +98,7 @@ public class PrincipalProviderImplTest e
     public void testFindUserPrincipal() throws Exception {
         User testUser = null;
         try {
-            UserManager userMgr = userConfig.getUserManager(root, NamePathMapper.DEFAULT);
+            UserManager userMgr = getUserManager();
             testUser = userMgr.createUser("TestUser", "pw");
             root.commit();
 
@@ -133,7 +126,7 @@ public class PrincipalProviderImplTest e
     public void testFindGroupPrincipal() throws Exception {
         Group testGroup = null;
         try {
-            UserManager userMgr = userConfig.getUserManager(root, NamePathMapper.DEFAULT);
+            UserManager userMgr = getUserManager();
             testGroup = userMgr.createGroup("TestGroup");
             root.commit();
 
@@ -201,7 +194,7 @@ public class PrincipalProviderImplTest e
         User testUser = null;
         Group testGroup = null;
         try {
-            UserManager userMgr = userConfig.getUserManager(root, NamePathMapper.DEFAULT);
+            UserManager userMgr = getUserManager();
             testUser = userMgr.createUser("TestUser", "pw");
             testGroup = userMgr.createGroup("TestGroup");
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java Wed Jan 16 14:59:01 2013
@@ -26,16 +26,15 @@ import javax.jcr.UnsupportedRepositoryOp
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
-import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
 import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -51,20 +50,32 @@ import static org.junit.Assert.fail;
  */
 public class UserManagerImplTest extends AbstractSecurityTest {
 
-    private Root root;
     private UserManagerImpl userMgr;
+    private String testUserId = "testUser";
 
     @Before
     public void before() throws Exception {
         super.before();
 
-        root = adminSession.getLatestRoot();
-        userMgr = new UserManagerImpl(root, NamePathMapper.DEFAULT, getSecurityProvider());
+        userMgr = new UserManagerImpl(root, namePathMapper, getSecurityProvider());
+    }
+
+    @After
+    public void after() throws Exception {
+        try {
+            Authorizable testUser = userMgr.getAuthorizable(testUserId);
+            if (testUser != null) {
+                testUser.remove();
+                root.commit();
+            }
+        } finally {
+            super.after();
+        }
     }
 
     @Test
     public void testSetPassword() throws Exception {
-        User user = userMgr.createUser("a", "pw");
+        User user = userMgr.createUser(testUserId, "pw");
         root.commit();
 
         List<String> pwds = new ArrayList<String>();
@@ -95,7 +106,7 @@ public class UserManagerImplTest extends
 
     @Test
     public void setPasswordNull() throws Exception {
-        User user = userMgr.createUser("a", null);
+        User user = userMgr.createUser(testUserId, null);
         root.commit();
 
         Tree userTree = root.getTree(user.getPath());
@@ -116,7 +127,7 @@ public class UserManagerImplTest extends
 
     @Test
     public void testGetPasswordHash() throws Exception {
-        User user = userMgr.createUser("a", null);
+        User user = userMgr.createUser(testUserId, null);
         root.commit();
 
         Tree userTree = root.getTree(user.getPath());
@@ -140,7 +151,7 @@ public class UserManagerImplTest extends
 
     @Test
     public void testEnforceAuthorizableFolderHierarchy() throws RepositoryException, CommitFailedException {
-        User user = userMgr.createUser("testUser", null);
+        User user = userMgr.createUser(testUserId, null);
         root.commit();
 
         NodeUtil userNode = new NodeUtil(root.getTree(user.getPath()));

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java Wed Jan 16 14:59:01 2013
@@ -24,11 +24,11 @@ import javax.jcr.RepositoryException;
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
-import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.util.Text;
 import org.junit.After;
@@ -42,24 +42,20 @@ import static org.junit.Assert.fail;
  */
 public class UserValidatorTest extends AbstractSecurityTest {
 
-    private Root root;
-    private UserManagerImpl userMgr;
     private User user;
 
     @Before
     public void before() throws Exception {
         super.before();
 
-        root = adminSession.getLatestRoot();
-        userMgr = new UserManagerImpl(root, NamePathMapper.DEFAULT, getSecurityProvider());
-        user = userMgr.createUser("test", "pw");
+        user = getUserManager().createUser("test", "pw");
         root.commit();
     }
 
     @After
     public void after() throws Exception {
         try {
-            Authorizable a = userMgr.getAuthorizable("test");
+            Authorizable a = getUserManager().getAuthorizable("test");
             if (a != null) {
                 a.remove();
                 root.commit();
@@ -114,7 +110,7 @@ public class UserValidatorTest extends A
     @Test
     public void createWithoutPrincipalName() throws Exception {
         try {
-            User user = userMgr.createUser("withoutPrincipalName", "pw");
+            User user = getUserManager().createUser("withoutPrincipalName", "pw");
             // FIXME: use user.getPath instead (blocked by OAK-343)
             Tree tree = root.getTree("/rep:security/rep:authorizables/rep:users/t/te/test");
             tree.removeProperty(UserConstants.REP_PRINCIPAL_NAME);
@@ -131,7 +127,7 @@ public class UserValidatorTest extends A
     @Test
     public void createWithInvalidUUID() throws Exception {
         try {
-            User user = userMgr.createUser("withInvalidUUID", "pw");
+            User user = getUserManager().createUser("withInvalidUUID", "pw");
             // FIXME: use user.getPath instead (blocked by OAK-343)
             Tree tree = root.getTree("/rep:security/rep:authorizables/rep:users/t/te/test");
             tree.setProperty(JcrConstants.JCR_UUID, UUID.randomUUID().toString());
@@ -204,7 +200,8 @@ public class UserValidatorTest extends A
     @Test
     public void testRemoveAdminUser() throws Exception {
         try {
-            String adminId = userMgr.getConfig().getConfigValue(UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
+            String adminId = getConfig().getConfigValue(UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
+            UserManager userMgr = getUserManager();
             Authorizable admin = userMgr.getAuthorizable(adminId);
             if (admin == null) {
                 admin = userMgr.createUser(adminId, adminId);
@@ -224,7 +221,8 @@ public class UserValidatorTest extends A
     @Test
     public void testDisableAdminUser() throws Exception {
         try {
-            String adminId = userMgr.getConfig().getConfigValue(UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
+            String adminId = getConfig().getConfigValue(UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
+            UserManager userMgr =  getUserManager();
             Authorizable admin = userMgr.getAuthorizable(adminId);
             if (admin == null) {
                 admin = userMgr.createUser(adminId, adminId);
@@ -246,9 +244,9 @@ public class UserValidatorTest extends A
         List<String> invalid = new ArrayList<String>();
         invalid.add("/");
         invalid.add("/jcr:system");
-        String groupPath = userMgr.getConfig().getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
+        String groupPath = getConfig().getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
         invalid.add(groupPath);
-        String userPath = userMgr.getConfig().getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
+        String userPath = getConfig().getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
         invalid.add(Text.getRelativeParent(userPath, 1));
         invalid.add(user.getPath());
         invalid.add(user.getPath() + "/folder");
@@ -283,4 +281,7 @@ public class UserValidatorTest extends A
         }
     }
 
+    private ConfigurationParameters getConfig() {
+        return getUserConfiguration().getConfigurationParameters();
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java Wed Jan 16 14:59:01 2013
@@ -23,12 +23,9 @@ import javax.jcr.ValueFactory;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -43,7 +40,6 @@ import static org.junit.Assert.assertTru
  */
 public class UserQueryManagerTest extends AbstractSecurityTest {
 
-    private Root root;
     private ValueFactory valueFactory;
     private UserQueryManager queryMgr;
     private User user;
@@ -53,18 +49,13 @@ public class UserQueryManagerTest extend
     public void before() throws Exception {
         super.before();
 
-        UserConfiguration uc = securityProvider.getUserConfiguration();
-        NamePathMapper npMapper = NamePathMapper.DEFAULT;
-
-        root = adminSession.getLatestRoot();
-
-        UserManager userMgr = uc.getUserManager(root, npMapper);
+        UserManager userMgr = getUserManager();
         user = userMgr.createUser("testUser", "pw");
         root.commit();
 
-        queryMgr = new UserQueryManager(userMgr, npMapper, uc.getConfigurationParameters(), root.getQueryEngine());
+        queryMgr = new UserQueryManager(userMgr, namePathMapper, getUserConfiguration().getConfigurationParameters(), root.getQueryEngine());
 
-        valueFactory = new ValueFactoryImpl(root.getBlobFactory(), npMapper);
+        valueFactory = new ValueFactoryImpl(root.getBlobFactory(), namePathMapper);
         propertyName = "testProperty";
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java?rev=1433969&r1=1433968&r2=1433969&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java Wed Jan 16 14:59:01 2013
@@ -26,10 +26,10 @@ import javax.security.auth.login.LoginEx
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;



Mime
View raw message