Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 920F4E17C for ; Fri, 1 Feb 2013 09:49:49 +0000 (UTC) Received: (qmail 48691 invoked by uid 500); 1 Feb 2013 09:49:49 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 48478 invoked by uid 500); 1 Feb 2013 09:49:47 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 48430 invoked by uid 99); 1 Feb 2013 09:49:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2013 09:49:45 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2013 09:49:43 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id B4391238897F; Fri, 1 Feb 2013 09:49:24 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1441363 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: security/authorization/ security/privilege/ spi/security/privilege/ Date: Fri, 01 Feb 2013 09:49:24 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130201094924.B4391238897F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Fri Feb 1 09:49:23 2013 New Revision: 1441363 URL: http://svn.apache.org/viewvc?rev=1441363&view=rev Log: OAK-64 : Privilege Management (simplify) Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java - copied, changed from r1440941, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java Removed: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeDefinitionReader.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java?rev=1441363&r1=1441362&r2=1441363&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java Fri Feb 1 09:49:23 2013 @@ -22,6 +22,7 @@ import java.util.Collections; import java.util.Map; import javax.jcr.RepositoryException; import javax.jcr.security.AccessControlException; +import javax.jcr.security.Privilege; import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.oak.api.CommitFailedException; @@ -30,7 +31,6 @@ import org.apache.jackrabbit.oak.api.Tre import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; import org.apache.jackrabbit.oak.spi.commit.Validator; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; -import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition; import org.apache.jackrabbit.oak.spi.state.NodeState; import org.apache.jackrabbit.oak.util.TreeUtil; import org.apache.jackrabbit.util.Text; @@ -45,16 +45,16 @@ class AccessControlValidator implements private final Tree parentBefore; private final Tree parentAfter; - private final Map privilegeDefinitions; + private final Map privileges; private final RestrictionProvider restrictionProvider; private final ReadOnlyNodeTypeManager ntMgr; AccessControlValidator(Tree parentBefore, Tree parentAfter, - Map privilegeDefinitions, + Map privileges, RestrictionProvider restrictionProvider, ReadOnlyNodeTypeManager ntMgr) { this.parentBefore = parentBefore; this.parentAfter = parentAfter; - this.privilegeDefinitions = privilegeDefinitions; + this.privileges = privileges; this.restrictionProvider = restrictionProvider; this.ntMgr = ntMgr; } @@ -90,7 +90,7 @@ class AccessControlValidator implements Tree treeAfter = checkNotNull(parentAfter.getChild(name)); checkValidTree(parentAfter, treeAfter); - return new AccessControlValidator(null, treeAfter, privilegeDefinitions, restrictionProvider, ntMgr); + return new AccessControlValidator(null, treeAfter, privileges, restrictionProvider, ntMgr); } @Override @@ -99,7 +99,7 @@ class AccessControlValidator implements Tree treeAfter = checkNotNull(parentAfter.getChild(name)); checkValidTree(parentAfter, treeAfter); - return new AccessControlValidator(treeBefore, treeAfter, privilegeDefinitions, restrictionProvider, ntMgr); + return new AccessControlValidator(treeBefore, treeAfter, privileges, restrictionProvider, ntMgr); } @Override @@ -192,12 +192,12 @@ class AccessControlValidator implements fail("Missing privileges."); } for (String privilegeName : privilegeNames) { - if (privilegeName == null || !privilegeDefinitions.containsKey(privilegeName)) { + if (privilegeName == null || !privileges.containsKey(privilegeName)) { fail("Invalid privilege " + privilegeName); } - PrivilegeDefinition def = privilegeDefinitions.get(privilegeName); - if (def.isAbstract()) { + Privilege privilege = privileges.get(privilegeName); + if (privilege.isAbstract()) { fail("Abstract privilege " + privilegeName); } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java?rev=1441363&r1=1441362&r2=1441363&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java Fri Feb 1 09:49:23 2013 @@ -18,8 +18,14 @@ package org.apache.jackrabbit.oak.securi import java.util.Map; import javax.annotation.Nonnull; +import javax.jcr.RepositoryException; +import javax.jcr.security.Privilege; +import com.google.common.collect.ImmutableMap; +import org.apache.jackrabbit.api.security.authorization.PrivilegeManager; +import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.core.ReadOnlyRoot; import org.apache.jackrabbit.oak.core.ReadOnlyTree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; @@ -28,9 +34,10 @@ import org.apache.jackrabbit.oak.spi.com import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; -import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition; -import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionReader; +import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration; import org.apache.jackrabbit.oak.spi.state.NodeState; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * {@code AccessControlValidatorProvider} aimed to provide a root validator @@ -40,6 +47,8 @@ import org.apache.jackrabbit.oak.spi.sta */ class AccessControlValidatorProvider implements ValidatorProvider { + private static final Logger log = LoggerFactory.getLogger(AccessControlValidatorProvider.class); + private SecurityProvider securityProvider; AccessControlValidatorProvider(SecurityProvider securityProvider) { @@ -53,15 +62,27 @@ class AccessControlValidatorProvider imp Tree rootBefore = new ReadOnlyTree(before); Tree rootAfter = new ReadOnlyTree(after); - PrivilegeDefinitionReader reader = securityProvider.getPrivilegeConfiguration().getPrivilegeDefinitionReader(rootBefore); - Map privilegeDefinitions = reader.readDefinitions(); - AccessControlConfiguration acConfig = securityProvider.getAccessControlConfiguration(); RestrictionProvider restrictionProvider = acConfig.getRestrictionProvider(NamePathMapper.DEFAULT); + Map privileges = getPrivileges(before, securityProvider.getPrivilegeConfiguration()); ReadOnlyNodeTypeManager ntMgr = ReadOnlyNodeTypeManager.getInstance(before); - return new AccessControlValidator(rootBefore, rootAfter, privilegeDefinitions, restrictionProvider, ntMgr); + return new AccessControlValidator(rootBefore, rootAfter, privileges, restrictionProvider, ntMgr); + } + + private static Map getPrivileges(NodeState beforeRoot, PrivilegeConfiguration config) { + Root root = new ReadOnlyRoot(beforeRoot); + PrivilegeManager pMgr = config.getPrivilegeManager(root, NamePathMapper.DEFAULT); + ImmutableMap.Builder privileges = ImmutableMap.builder(); + try { + for (Privilege privilege : pMgr.getRegisteredPrivileges()) { + privileges.put(privilege.getName(), privilege); + } + } catch (RepositoryException e) { + log.error("Unexpected error: failed to read privileges."); + } + return privileges.build(); } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1441363&r1=1441362&r2=1441363&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Fri Feb 1 09:49:23 2013 @@ -22,7 +22,6 @@ import javax.annotation.Nonnull; import org.apache.jackrabbit.api.security.authorization.PrivilegeManager; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.commit.CommitHook; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; @@ -30,7 +29,6 @@ import org.apache.jackrabbit.oak.spi.lif import org.apache.jackrabbit.oak.spi.security.Context; import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration; -import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionReader; /** * Configuration for the privilege management component. @@ -44,12 +42,6 @@ public class PrivilegeConfigurationImpl return new PrivilegeManagerImpl(root, namePathMapper); } - @Nonnull - @Override - public PrivilegeDefinitionReader getPrivilegeDefinitionReader(Tree tree) { - return new PrivilegeDefinitionReaderImpl(tree); - } - //----------------------------------------------< SecurityConfiguration >--- @Nonnull @Override Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java (from r1440941, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java&r1=1440941&r2=1441363&rev=1441363&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java Fri Feb 1 09:49:23 2013 @@ -20,47 +20,29 @@ import java.util.HashMap; import java.util.Map; import javax.annotation.Nonnull; -import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.api.TreeLocation; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition; -import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionReader; import org.apache.jackrabbit.oak.util.NodeUtil; -import static com.google.common.base.Preconditions.checkNotNull; import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.PRIVILEGES_PATH; import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_AGGREGATES; import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_IS_ABSTRACT; -import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_PRIVILEGES; /** * Reads privilege definitions from the repository content without applying * any validation. */ -class PrivilegeDefinitionReaderImpl implements PrivilegeDefinitionReader { +class PrivilegeDefinitionReader { private final Tree privilegesTree; - PrivilegeDefinitionReaderImpl(@Nonnull Tree privilegesTree) { - if (privilegesTree.isRoot()) { - TreeLocation location = privilegesTree.getLocation().getChild(JcrConstants.JCR_SYSTEM+'/'+REP_PRIVILEGES); - this.privilegesTree = checkNotNull(location.getTree()); - } else if (PRIVILEGES_PATH.equals(privilegesTree.getPath())) { - this.privilegesTree = privilegesTree; - } else { - throw new IllegalArgumentException("Illegal privilege tree " + privilegesTree); - } - } - - PrivilegeDefinitionReaderImpl(@Nonnull Root root) { - this(checkNotNull(root.getTree(PRIVILEGES_PATH))); + PrivilegeDefinitionReader(@Nonnull Root root) { + this.privilegesTree = root.getTree(PRIVILEGES_PATH); } - //------------------------------------------< PrivilegeDefinitionReader >--- - @Override - public Map readDefinitions() { + Map readDefinitions() { Map definitions = new HashMap(); if (privilegesTree != null) { for (Tree child : privilegesTree.getChildren()) { @@ -71,10 +53,13 @@ class PrivilegeDefinitionReaderImpl impl return definitions; } - @Override - public PrivilegeDefinition readDefinition(String privilegeName) { - Tree definitionTree = privilegesTree.getChild(privilegeName); - return (definitionTree == null) ? null : readDefinition(definitionTree); + PrivilegeDefinition readDefinition(String privilegeName) { + if (privilegesTree == null) { + return null; + } else { + Tree definitionTree = privilegesTree.getChild(privilegeName); + return (definitionTree == null) ? null : readDefinition(definitionTree); + } } //-----------------------------------------------------------< internal >--- Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java?rev=1441363&r1=1441362&r2=1441363&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java Fri Feb 1 09:49:23 2013 @@ -34,7 +34,6 @@ import org.apache.jackrabbit.oak.api.Roo import org.apache.jackrabbit.oak.core.RootImpl; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition; -import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionReader; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -142,10 +141,11 @@ public class PrivilegeManagerImpl implem @Nonnull private PrivilegeDefinitionReader getReader() { - return new PrivilegeDefinitionReaderImpl(root); + return new PrivilegeDefinitionReader(root); } //-------------------------------------------------------------------------- + /** * Privilege implementation based on a {@link org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition}. */ Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java?rev=1441363&r1=1441362&r2=1441363&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java Fri Feb 1 09:49:23 2013 @@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.api.Com import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; +import org.apache.jackrabbit.oak.core.ReadOnlyRoot; import org.apache.jackrabbit.oak.core.ReadOnlyTree; import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants; import org.apache.jackrabbit.oak.spi.commit.Validator; @@ -40,17 +41,10 @@ import org.apache.jackrabbit.util.Text; class PrivilegeValidator implements PrivilegeConstants, Validator { private final Map definitions; - private final PrivilegeDefinitionReaderImpl reader; PrivilegeValidator(NodeState before) { - Tree privTree = getPrivilegesTree(before); - if (privTree != null) { - reader = new PrivilegeDefinitionReaderImpl(privTree); - definitions = reader.readDefinitions(); - } else { - reader = null; - definitions = null; - } + PrivilegeDefinitionReader reader = new PrivilegeDefinitionReader(new ReadOnlyRoot(before)); + definitions = reader.readDefinitions(); } //----------------------------------------------------------< Validator >--- @@ -71,8 +65,6 @@ class PrivilegeValidator implements Priv @Override public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException { - checkInitialized(); - // the following characteristics are expected to be validated elsewhere: // - permission to allow privilege registration -> permission validator. // - name collisions (-> delegated to NodeTypeValidator since sms are not allowed) @@ -92,7 +84,7 @@ class PrivilegeValidator implements Priv } // additional validation of the definition - PrivilegeDefinition def = reader.readDefinition(tree); + PrivilegeDefinition def = PrivilegeDefinitionReader.readDefinition(tree); validateDefinition(def); // privilege definitions may not have child nodes. @@ -110,16 +102,18 @@ class PrivilegeValidator implements Priv } //------------------------------------------------------------< private >--- + /** * Validation of the privilege definition including the following steps: - * + *

* - all aggregates must have been registered before * - no existing privilege defines the same aggregation * - no cyclic aggregation * * @param definition The new privilege definition to validate. - * @throws org.apache.jackrabbit.oak.api.CommitFailedException If any of - * the checks listed above fails. + * @throws org.apache.jackrabbit.oak.api.CommitFailedException + * If any of + * the checks listed above fails. */ private void validateDefinition(PrivilegeDefinition definition) throws CommitFailedException { Set declaredNames = definition.getDeclaredAggregateNames(); @@ -134,7 +128,7 @@ class PrivilegeValidator implements Priv for (String aggrName : declaredNames) { // aggregated privilege not registered if (!definitions.containsKey(aggrName)) { - throw new CommitFailedException("Declared aggregate '"+ aggrName +"' is not a registered privilege."); + throw new CommitFailedException("Declared aggregate '" + aggrName + "' is not a registered privilege."); } // check for circular aggregation @@ -198,19 +192,4 @@ class PrivilegeValidator implements Priv } return aggregateNames; } - - private void checkInitialized() throws CommitFailedException { - if (reader == null || definitions == null) { - throw new CommitFailedException(new IllegalStateException("Mandatory privileges root is missing.")); - } - } - - private static Tree getPrivilegesTree(NodeState rootState) { - Tree root = new ReadOnlyTree(rootState); - Tree system = root.getChild(JcrConstants.JCR_SYSTEM); - if (system != null) { - return system.getChild(REP_PRIVILEGES); - } - return null; - } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java?rev=1441363&r1=1441362&r2=1441363&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java Fri Feb 1 09:49:23 2013 @@ -20,7 +20,6 @@ import javax.annotation.Nonnull; import org.apache.jackrabbit.api.security.authorization.PrivilegeManager; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; @@ -32,20 +31,10 @@ public interface PrivilegeConfiguration /** * Creates a new instance of {@link PrivilegeManager}. * - * @param root The root for which the privilege manager should be created. + * @param root The root for which the privilege manager should be created. * @param namePathMapper The name and path mapper to be used. * @return A new {@code PrivilegeManager}. */ @Nonnull PrivilegeManager getPrivilegeManager(Root root, NamePathMapper namePathMapper); - - /** - * Creates a new {@code PrivilegeDefinitionReader} instance for the - * specified {@code tree}. - * - * @param tree The {@code Tree} that is used to read the privilege definitions. - * @return A new {@code PrivilegeDefinitionReader}. - */ - @Nonnull - PrivilegeDefinitionReader getPrivilegeDefinitionReader(Tree tree); }