jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1458400 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/...
Date Tue, 19 Mar 2013 16:48:04 GMT
Author: angela
Date: Tue Mar 19 16:48:03 2013
New Revision: 1458400

URL: http://svn.apache.org/r1458400
Log:
OAK-527: permissions (wip)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
    jackrabbit/oak/trunk/oak-jcr/pom.xml
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
Tue Mar 19 16:48:03 2013
@@ -90,8 +90,8 @@ public class AccessControlConfigurationI
 
     //-----------------------------------------< AccessControlConfiguration >---
     @Override
-    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper)
{
-        return new AccessControlManagerImpl(root, namePathMapper, securityProvider);
+    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper,
PermissionProvider permissionProvider) {
+        return new AccessControlManagerImpl(root, namePathMapper, securityProvider, permissionProvider);
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
Tue Mar 19 16:48:03 2013
@@ -91,7 +91,7 @@ class AccessControlImporter implements P
             this.namePathMapper = namePathMapper;
             AccessControlConfiguration config = securityProvider.getAccessControlConfiguration();
             if (isWorkspaceImport) {
-                acMgr = config.getAccessControlManager(root, namePathMapper);
+                acMgr = config.getAccessControlManager(root, namePathMapper, null);
             } else {
                 acMgr = session.getAccessControlManager();
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Tue Mar 19 16:48:03 2013
@@ -16,7 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.authorization;
 
-import java.security.AccessController;
 import java.security.Principal;
 import java.text.ParseException;
 import java.util.ArrayList;
@@ -30,13 +29,13 @@ import javax.annotation.Nullable;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.jcr.query.Query;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.AccessControlList;
 import javax.jcr.security.AccessControlPolicy;
 import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
-import javax.security.auth.Subject;
 
 import com.google.common.base.Objects;
 import org.apache.jackrabbit.JcrConstants;
@@ -68,6 +67,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.ImmutableACL;
 import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 import org.apache.jackrabbit.oak.spi.state.PropertyBuilder;
@@ -100,9 +100,11 @@ public class AccessControlManagerImpl im
     private PermissionProvider permissionProvider;
 
     public AccessControlManagerImpl(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper,
-                                    @Nonnull SecurityProvider securityProvider) {
+                                    @Nonnull SecurityProvider securityProvider,
+                                    @Nullable PermissionProvider permissionProvider) {
         this.root = root;
         this.namePathMapper = namePathMapper;
+        this.permissionProvider = permissionProvider;
 
         privilegeManager = securityProvider.getPrivilegeConfiguration().getPrivilegeManager(root,
namePathMapper);
         principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root,
namePathMapper);
@@ -110,8 +112,6 @@ public class AccessControlManagerImpl im
         acConfig = securityProvider.getAccessControlConfiguration();
         restrictionProvider = acConfig.getRestrictionProvider(namePathMapper);
         ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper);
-
-        permissionProvider = getPermissionProvider();
     }
 
     //-----------------------------------------------< AccessControlManager >---
@@ -143,7 +143,7 @@ public class AccessControlManagerImpl im
     @Override
     public AccessControlPolicy[] getPolicies(@Nullable String absPath) throws RepositoryException
{
         String oakPath = getOakPath(absPath);
-        Tree tree = getTree(oakPath);
+        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
         AccessControlPolicy policy = createACL(oakPath, tree, false);
         if (policy != null) {
             return new AccessControlPolicy[]{policy};
@@ -156,7 +156,7 @@ public class AccessControlManagerImpl im
     @Override
     public AccessControlPolicy[] getEffectivePolicies(@Nullable String absPath) throws RepositoryException
{
         String oakPath = getOakPath(absPath);
-        Tree tree = getTree(oakPath);
+        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
         List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
         AccessControlPolicy policy = createACL(oakPath, tree, true);
         if (policy != null) {
@@ -180,7 +180,7 @@ public class AccessControlManagerImpl im
     @Override
     public AccessControlPolicyIterator getApplicablePolicies(@Nullable String absPath) throws
RepositoryException {
         String oakPath = getOakPath(absPath);
-        Tree tree = getTree(oakPath);
+        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
 
         AccessControlPolicy policy = null;
         NodeUtil aclNode = getAclNode(oakPath, tree);
@@ -216,7 +216,7 @@ public class AccessControlManagerImpl im
             // TODO
             throw new RepositoryException("not yet implemented");
         } else {
-            Tree tree = getTree(oakPath);
+            Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
             NodeUtil aclNode = getAclNode(oakPath, tree);
             if (aclNode != null) {
                 // remove all existing aces
@@ -261,7 +261,7 @@ public class AccessControlManagerImpl im
             // TODO
             throw new RepositoryException("not yet implemented");
         } else {
-            Tree tree = getTree(oakPath);
+            Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
             NodeUtil aclNode = getAclNode(oakPath, tree);
             if (aclNode != null) {
                 aclNode.getTree().remove();
@@ -345,12 +345,14 @@ public class AccessControlManagerImpl im
     }
 
     @Nonnull
-    private Tree getTree(@Nullable String oakPath) throws RepositoryException {
+    private Tree getTree(@Nullable String oakPath, long permissions) throws RepositoryException
{
         Tree tree = (oakPath == null) ? root.getTree("/") : root.getTree(oakPath);
         if (tree == null) {
             throw new PathNotFoundException("No tree at " + oakPath);
         }
-        checkPermission(tree);
+        if (permissions != Permissions.NO_PERMISSION) {
+            checkPermission(tree, permissions);
+        }
 
         // check if the tree is access controlled
         if (acConfig.getContext().definesTree(tree)) {
@@ -359,29 +361,14 @@ public class AccessControlManagerImpl im
         return tree;
     }
 
-    @Nonnull
-    private PermissionProvider getPermissionProvider() {
-        // TODO
-        if (permissionProvider == null) {
-            Subject subject = Subject.getSubject(AccessController.getContext());
-            if (subject != null && !subject.getPublicCredentials(PermissionProvider.class).isEmpty())
{
-                permissionProvider = subject.getPublicCredentials(PermissionProvider.class).iterator().next();
-            } else {
-                Set<Principal> principals = (subject != null) ? subject.getPrincipals()
: Collections.<Principal>emptySet();
-                permissionProvider = acConfig.getPermissionProvider(root, principals);
-            }
-        } else {
-            permissionProvider.refresh();
+    private void checkPermission(@Nonnull Tree tree, long permissions) throws AccessDeniedException
{
+        if (permissionProvider != null && !permissionProvider.isGranted(tree, permissions))
{
+            throw new AccessDeniedException("Access denied at " + tree);
         }
-        return permissionProvider;
-    }
-
-    private void checkPermission(@Nonnull Tree tree) throws AccessDeniedException {
-        // TODO
     }
 
     private void checkValidPath(@Nullable String jcrPath) throws RepositoryException {
-        getTree(getOakPath(jcrPath));
+        getTree(getOakPath(jcrPath), Permissions.NO_PERMISSION);
     }
 
     private static void checkValidPolicy(@Nullable String oakPath, @Nonnull AccessControlPolicy
policy) throws AccessControlException {
@@ -544,10 +531,13 @@ public class AccessControlManagerImpl im
     }
 
     @Nonnull
-    private Privilege[] getPrivileges(@Nullable String absPath, @Nonnull PermissionProvider
provider) throws RepositoryException {
+    private Privilege[] getPrivileges(@Nullable String absPath, @Nullable PermissionProvider
provider) throws RepositoryException {
         // TODO
+        if (provider == null) {
+            throw new UnsupportedRepositoryOperationException();
+        }
         String oakPath = getOakPath(absPath);
-        Tree tree = getTree(oakPath);
+        Tree tree = getTree(oakPath, Permissions.NO_PERMISSION);
         Set<String> pNames = provider.getPrivileges(tree);
         if (pNames.isEmpty()) {
             return new Privilege[0];
@@ -561,10 +551,13 @@ public class AccessControlManagerImpl im
     }
 
     private boolean hasPrivileges(@Nullable String absPath, @Nonnull Privilege[] privileges,
-                                  @Nonnull PermissionProvider provider) throws RepositoryException
{
+                                  @Nullable PermissionProvider provider) throws RepositoryException
{
         // TODO
+        if (provider == null) {
+            throw new UnsupportedRepositoryOperationException();
+        }
         String oakPath = getOakPath(absPath);
-        Tree tree = getTree(oakPath);
+        Tree tree = getTree(oakPath, Permissions.NO_PERMISSION);
         Set<String> privilegeNames = new HashSet<String>(privileges.length);
         for (Privilege privilege : privileges) {
             privilegeNames.add(namePathMapper.getOakName(privilege.getName()));

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
Tue Mar 19 16:48:03 2013
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.spi.se
 import java.security.Principal;
 import java.util.Set;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.jcr.security.AccessControlManager;
 
 import org.apache.jackrabbit.oak.api.Root;
@@ -32,11 +33,14 @@ import org.apache.jackrabbit.oak.spi.sec
 public interface AccessControlConfiguration extends SecurityConfiguration {
 
     @Nonnull
-    AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper);
+    AccessControlManager getAccessControlManager(@Nonnull Root root,
+                                                 @Nonnull NamePathMapper namePathMapper,
+                                                 @Nullable PermissionProvider permissionProvider);
 
     @Nonnull
-    RestrictionProvider getRestrictionProvider(NamePathMapper namePathMapper);
+    RestrictionProvider getRestrictionProvider(@Nonnull NamePathMapper namePathMapper);
 
     @Nonnull
-    PermissionProvider getPermissionProvider(Root root, Set<Principal> principals);
+    PermissionProvider getPermissionProvider(@Nonnull Root root,
+                                             @Nonnull Set<Principal> principals);
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
Tue Mar 19 16:48:03 2013
@@ -34,7 +34,7 @@ public class OpenAccessControlConfigurat
         implements AccessControlConfiguration {
 
     @Override
-    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper)
{
+    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper,
PermissionProvider permissionProvider) {
         throw new UnsupportedOperationException();
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
Tue Mar 19 16:48:03 2013
@@ -163,7 +163,7 @@ public class AccessControlAction extends
             return;
         }
         String path = authorizable.getPath();
-        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
namePathMapper);
+        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
namePathMapper, null);
         JackrabbitAccessControlList acl = null;
         for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext();)
{
             AccessControlPolicy plc = it.nextAccessControlPolicy();

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Tue Mar 19 16:48:03 2013
@@ -52,6 +52,7 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -119,7 +120,8 @@ public class AccessControlManagerImplTes
     }
 
     private AccessControlManagerImpl getAccessControlManager(NamePathMapper npMapper) {
-        return new AccessControlManagerImpl(root, npMapper, getSecurityProvider());
+        PermissionProvider pp = getSecurityProvider().getAccessControlConfiguration().getPermissionProvider(root,
adminSession.getAuthInfo().getPrincipals());
+        return new AccessControlManagerImpl(root, npMapper, getSecurityProvider(), pp);
     }
 
     private NamePathMapper getLocalNamePathMapper() {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
Tue Mar 19 16:48:03 2013
@@ -66,7 +66,8 @@ public abstract class AbstractAccessCont
     }
 
     protected JackrabbitAccessControlManager getAccessControlManager(Root root) {
-        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
NamePathMapper.DEFAULT);
+        PermissionProvider pp = null; // TODO
+        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
NamePathMapper.DEFAULT, pp);
         if (acMgr instanceof JackrabbitAccessControlManager) {
             return (JackrabbitAccessControlManager) acMgr;
         } else {

Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue Mar 19 16:48:03 2013
@@ -245,7 +245,6 @@
       org.apache.jackrabbit.test.api.observation.AddEventListenerTest#testUUID
       org.apache.jackrabbit.test.api.observation.LockingTest#testAddLockToNode
       org.apache.jackrabbit.test.api.observation.LockingTest#testRemoveLockFromNode
-      org.apache.jackrabbit.test.api.security.RSessionAccessControlPolicyTest           
                   <!-- OAK-527 -->
       org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testCyclicGroups2           
                   <!-- OAK-615 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLRemoveACE
<!-- OAK-414 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLUnknown
  <!-- OAK-414 -->

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java
Tue Mar 19 16:48:03 2013
@@ -16,9 +16,7 @@
  */
 package org.apache.jackrabbit.oak.jcr;
 
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import javax.annotation.CheckForNull;
@@ -34,7 +32,6 @@ import javax.jcr.nodetype.NodeTypeManage
 import javax.jcr.observation.ObservationManager;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.version.VersionManager;
-import javax.security.auth.Subject;
 
 import com.google.common.collect.Maps;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
@@ -154,15 +151,8 @@ public abstract class SessionContext imp
     @Nonnull
     public AccessControlManager getAccessControlManager() throws RepositoryException {
         if (accessControlManager == null) {
-            // TODO
-            Subject subject = new Subject(true, delegate.getAuthInfo().getPrincipals(), Collections.singleton(getPermissionProvider()),
Collections.<Object>emptySet());
-            accessControlManager = Subject.doAs(subject, new PrivilegedAction<AccessControlManager>()
{
-                @Override
-                public AccessControlManager run() {
-                    SecurityProvider securityProvider = repository.getSecurityProvider();
-                    return securityProvider.getAccessControlConfiguration().getAccessControlManager(delegate.getRoot(),
namePathMapper);
-                }
-            });
+            SecurityProvider securityProvider = repository.getSecurityProvider();
+            accessControlManager = securityProvider.getAccessControlConfiguration().getAccessControlManager(delegate.getRoot(),
namePathMapper, getPermissionProvider());
         }
         return accessControlManager;
     }
@@ -172,8 +162,6 @@ public abstract class SessionContext imp
         if (permissionProvider == null) {
             SecurityProvider securityProvider = repository.getSecurityProvider();
             permissionProvider = securityProvider.getAccessControlConfiguration().getPermissionProvider(delegate.getRoot(),
delegate.getAuthInfo().getPrincipals());
-        } else {
-            permissionProvider.refresh();
         }
         return permissionProvider;
     }



Mime
View raw message