You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2008/08/27 17:12:07 UTC
svn commit: r689499 [2/11] - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/retention/
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/sec...
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlManager.java Wed Aug 27 08:12:04 2008
@@ -19,10 +19,8 @@
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
-import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.lock.LockException;
import javax.jcr.version.VersionException;
-import java.security.Principal;
/**
* The <code>AccessControlManager</code> object is accessed via
@@ -30,10 +28,6 @@
* <ul>
* <li>Access control discovery</li>
* <li>Assigning access control policies</li>
- * <li>Assigning access control entries</li>
- * <li>Retention and hold discovery</li>
- * <li>Adding hold(s) to existing nodes and removing them</li>
- * <li>Adding retention policies to existing nodes and removing them.</li>
* </ul>
*
* @since JCR 2.0
@@ -64,6 +58,22 @@
throws PathNotFoundException, RepositoryException;
/**
+ * Returns the privilege with the specified <code>privilegeName</code>.
+ * <p/>
+ * A <code>AccessControlException</code> is thrown if no privilege with
+ * the specified name exists.
+ * <p/>
+ * A <code>RepositoryException</code> is thrown if another error occurs.
+ *
+ * @param privilegeName the name of an existing privilege.
+ * @return the <code>Privilege</code> with the specified <code>privilegeName</code>.
+ * @throws AccessControlException if no privilege with the specified name exists.
+ * @throws RepositoryException if another error occurs.
+ */
+ public Privilege privilegeFromName(String privilegeName)
+ throws AccessControlException, RepositoryException;
+
+ /**
* Returns whether the session has the specified privileges for absolute
* path <code>absPath</code>, which must be an existing node.
* <p/>
@@ -127,12 +137,12 @@
throws PathNotFoundException, RepositoryException;
/**
- * Returns the <code>AccessControlPolicy</code> that has been set to
- * the node at <code>absPath</code> or <code>null</code> if no
- * policy has been set. This method reflects the binding state, including
- * transient policy modifications.
+ * Returns the <code>AccessControlPolicy</code> objects that have been set to
+ * the node at <code>absPath</code> or an empty array if no policy has been
+ * set. This method reflects the binding state, including transient policy
+ * modifications.
* <p/>
- * Use {@link #getEffectivePolicy(String)} in order to determine the
+ * Use {@link #getEffectivePolicies(String)} in order to determine the
* policy that effectively applies at <code>absPath</code>.
* <p/>
* A <code>PathNotFoundException</code> is thrown if no node at
@@ -145,7 +155,8 @@
* A <code>RepositoryException</code> is thrown if another error occurs.
*
* @param absPath an absolute path.
- * @return an <code>AccessControlPolicy</code> object or <code>null</code>.
+ * @return an array of <code>AccessControlPolicy</code> objects or an empty
+ * array if no policy has been set.
* @throws PathNotFoundException if no node at <code>absPath</code> exists
* or the session does not have privilege to
* retrieve the node.
@@ -154,14 +165,13 @@
* for the <code>absPath</code> node.
* @throws RepositoryException if another error occurs.
*/
- public AccessControlPolicy getPolicy(String absPath)
+ public AccessControlPolicy[] getPolicies(String absPath)
throws PathNotFoundException, AccessDeniedException, RepositoryException;
/**
- * Returns the <code>AccessControlPolicy</code> that currently is in effect
- * at the node at <code>absPath</code>. This may be an
- * <code>AccessControlPolicy</code> set through this API or some
- * implementation specific (default) policy.
+ * Returns the <code>AccessControlPolicy</code> objects that currently are
+ * in effect at the node at <code>absPath</code>. This may be policies
+ * set through this API or some implementation specific (default) policies.
* <p/>
* A <code>PathNotFoundException</code> is thrown if no node at
* <code>absPath</code> exists or the session does not have privilege to
@@ -173,7 +183,7 @@
* A <code>RepositoryException</code> is thrown if another error occurs.
*
* @param absPath an absolute path.
- * @return an <code>AccessControlPolicy</code> object.
+ * @return an array of <code>AccessControlPolicy</code> objects.
* @throws PathNotFoundException if no node at <code>absPath</code> exists
* or the session does not have privilege to
* retrieve the node.
@@ -182,7 +192,7 @@
* for the <code>absPath</code> node.
* @throws RepositoryException if another error occurs.
*/
- public AccessControlPolicy getEffectivePolicy(String absPath)
+ public AccessControlPolicy[] getEffectivePolicies(String absPath)
throws PathNotFoundException, AccessDeniedException, RepositoryException;
/**
@@ -216,17 +226,12 @@
/**
* Binds the <code>policy</code> to the node at <code>absPath</code>.
* <p/>
- * Only one policy may be bound at a time. If more than one policy per node
- * is required, the implementation should provide an appropriate aggregate
- * policy among those returned by <code>getApplicablePolicies(absPath)</code>.
- * The access control policy does not take effect until a <code>save</code>
- * is performed.
- * <p/>
- * If the node has access control entries that were bound to it through the
- * JCR API prior to the <code>setPolicy</code> call, then these entries may
- * be deleted. Any implementation-specific (non-JCR) access control
- * settings may be changed in response to a successful call to
- * <code>setPolicy</code>.
+ * Only policies obtained through <code>getApplicablePolicies(absPath)</code>
+ * can be set. The access control policy does not take effect until a
+ * <code>save</code> is performed.
+ * <p/>
+ * Any implementation-specific (non-JCR) access control settings may be
+ * changed in response to a successful call to <code>setPolicy</code>.
* <p/>
* A <code>PathNotFoundException</code> is thrown if no node at
* <code>absPath</code> exists or the session does not have privilege to
@@ -275,13 +280,12 @@
AccessDeniedException, LockException, VersionException, RepositoryException;
/**
- * Removes the <code>AccessControlPolicy</code> from the node at absPath and
- * returns it.
+ * Removes the specified <code>AccessControlPolicy</code> from the node at
+ * <code>absPath</code>.
* <p/>
* An <code>AccessControlPolicy</code> can only be removed if it was
* bound to the specified node through this API before. The effect of the
- * removal only takes place upon <code>Session.save()</code>. Whichever
- * defaults the implementation applies now take effect.
+ * removal only takes place upon <code>Session.save()</code>.
* Note, that an implementation default or any other effective
* <code>AccessControlPolicy</code> that has not been applied to the node
* before may never be removed using this method.
@@ -290,7 +294,8 @@
* <code>absPath</code> exists or the session does not have privilege to
* retrieve the node.
* <p/>
- * An <code>AccessControlException</code> is thrown if no policy exists.
+ * An <code>AccessControlException</code> is thrown if the policy to remove
+ * does not exist at the node at <code>absPath</code>.
* <p/>
* An <code>AccessDeniedException</code> is thrown if the session lacks
* <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
@@ -308,7 +313,7 @@
* A <code>RepositoryException</code> is thrown if another error occurs.
*
* @param absPath an absolute path.
- * @return the removed <code>AccessControlPolicy</code>.
+ * @param policy the policy to be removed.
* @throws PathNotFoundException if no node at <code>absPath</code> exists
* or the session does not have privilege to
* retrieve the node.
@@ -328,540 +333,7 @@
* waiting until <code>save</code>.
* @throws RepositoryException if another error occurs.
*/
- public AccessControlPolicy removePolicy(String absPath)
+ public void removePolicy(String absPath, AccessControlPolicy policy)
throws PathNotFoundException, AccessControlException,
AccessDeniedException, LockException, VersionException, RepositoryException;
-
- /**
- * Returns all access control entries assigned to the node at <code>absPath</code>
- * including transient modifications made to the entries at <code>absPath</code>.
- * <p/>
- * This method is only guaranteed to return an <code>AccessControlEntry</code>
- * if that <code>AccessControlEntry</code> has been assigned <i>through this API</i>.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the session lacks
- * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * access control entries are not supported.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path
- * @return all access control entries assigned at to specified node.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessDeniedException if the session lacks
- * <code>READ_ACCESS_CONTROL</code> privilege
- * for the <code>absPath</code> node.
- * @throws UnsupportedRepositoryOperationException
- * if access control entries
- * are not supported.
- * @throws RepositoryException if another error occurs.
- */
- public AccessControlEntry[] getAccessControlEntries(String absPath)
- throws PathNotFoundException, AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
-
- /**
- * Returns the access control entries that are effective at the node at
- * <code>absPath</code>.
- * <p/>
- * This method performs a best-effort search for all access control entries in
- * effect on the node at <code>absPath</code>.
- * </p>
- * If an implementation is not able to determine the effective entries
- * present at the given node it returns <code>null</code>. If the implementation
- * positively determines that no entries present at the given node then an empty
- * array is returned.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the session lacks
- * <code>READ_ACCESS_CONTROL</code> privilege for the <code>absPath</code> node.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * access control entries are not supported.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path
- * @return the access control entries that are currently effective at the
- * node at <code>absPath</code> or <code>null</code> if the
- * implementation is not able to determine the effective entries.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to retrieve the node.
- * @throws AccessDeniedException if the session lacks
- * <code>READ_ACCESS_CONTROL</code> privilege for the
- * <code>absPath</code> node.
- * @throws UnsupportedRepositoryOperationException
- * if access control entries
- * are not supported.
- * @throws RepositoryException if another error occurs.
- */
- public AccessControlEntry[] getEffectiveAccessControlEntries(String absPath)
- throws PathNotFoundException, AccessDeniedException,
- UnsupportedRepositoryOperationException, RepositoryException;
-
-
- /**
- * Adds the access control entry consisting of the specified
- * <code>principal</code> and the specified <code>privileges</code> to the
- * node at <code>absPath</code>.
- * <p/>
- * This method returns the <code>AccessControlEntry</code> object constructed from the
- * specified <code>principal</code> and contains at least the given <code>privileges</code>.
- * An implementation may return a resulting ACE that combines the given <code>privileges</code>
- * with those added by a previous call to <code>addAccessControlEntry</code> for the same
- * <code>Principal</code>. However, a call to <code>addAccessControlEntry</code> for a given
- * <code>Principal</code> can never remove a <code>Privilege</code> added by a previous call
- * to <code>addAccessControlEntry</code>.
- * <p/>
- * The access control entry does not take effect until a <code>save</code>
- * is performed.
- * <p/>
- * This method is guaranteed to affect only the privileges of the specified
- * <code>principal</code>.
- * <p/>
- * This method <i>may</i> affect the privileges granted to that principal with
- * respect to nodes other than that specified. However, if it does, it is
- * guaranteed to only affect the privileges of those other nodes in the
- * same way as it affects the privileges of the specified node.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessControlException</code> is thrown if the specified principal
- * does not exist, if any of the specified privileges is not supported at
- * <code>absPath</code> or if some other access control related exception occurs.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the session lacks
- * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
- * node.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * access control entries are not supported.
- * <p/>
- * An <code>LockException</code> is thrown if the node at <code>absPath</code>
- * is locked and this implementation performs this validation immediately
- * instead of waiting until <code>save</code>.
- * <p/>
- * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
- * is versionable and checked-in or is non-versionable but its nearest
- * versionable ancestor is checked-in and this implementation performs this
- * validation immediately instead of waiting until <code>save</code>.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path.
- * @param principal a <code>Principal</code>.
- * @param privileges an array of <code>Privilege</code>s.
- * @return the <code>AccessControlEntry</code> object constructed from the
- * specified <code>principal</code> and <code>privileges</code>.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessControlException if the specified principal does not exist,
- * if any of the specified privileges is not supported at
- * <code>absPath</code> or if some other access control related
- * exception occurs.
- * @throws AccessDeniedException if the session lacks
- * <code>MODIFY_ACCESS_CONTROL</code> privilege for the
- * <code>absPath</code> node.
- * @throws UnsupportedRepositoryOperationException
- * if access control entries
- * are not supported.
- * @throws LockException if a lock applies at the node at
- * <code>absPath</code> and this implementation
- * performs this validation immediately instead
- * of waiting until <code>save</code>.
- * @throws VersionException if the node at <code>absPath</code> is
- * versionable and checked-in or is non-versionable
- * but its nearest versionable ancestor is
- * checked-in and this implementation performs
- * this validation immediately instead of
- * waiting until <code>save</code>.
- * @throws RepositoryException if another error occurs.
- */
- public AccessControlEntry addAccessControlEntry(String absPath,
- Principal principal,
- Privilege[] privileges)
- throws PathNotFoundException, AccessControlException,
- AccessDeniedException, UnsupportedRepositoryOperationException,
- LockException, VersionException, RepositoryException;
-
- /**
- * Removes the specified <code>AccessControlEntry</code> from the node at
- * <code>absPath</code>.
- * <p/>
- * This method is guaranteed to affect only the privileges of the principal
- * defined within the passed <code>AccessControlEntry</code>.
- * <p/>
- * This method <i>may</i> affect the privileges granted to that principal
- * with respect to nodes other than that specified. However, if it does,
- * it is guaranteed to only affect the privileges of those other nodes in
- * the same way as it affects the privileges of the specified node.
- * <p/>
- * Only exactly those entries obtained through
- * <code>getAccessControlEntries<code> can be removed. The effect of the
- * removal only takes effect upon <code>Session.save()</code>.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessControlException</code> is thrown if the specified entry
- * is not present on the specified node.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the session lacks
- * <code>MODIFY_ACCESS_CONTROL</code> privilege for the <code>absPath</code>
- * node.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * access control entries are not supported.
- * <p/>
- * An <code>LockException</code> is thrown if the node at <code>absPath</code>
- * is locked and this implementation performs this validation immediately
- * instead of waiting until <code>save</code>.
- * <p/>
- * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
- * is versionable and checked-in or is non-versionable but its nearest
- * versionable ancestor is checked-in and this implementation performs this
- * validation immediately instead of waiting until <code>save</code>.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path.
- * @param ace the access control entry to be removed.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessControlException if the specified entry is not
- * present on the specified node.
- * @throws AccessDeniedException if the session lacks
- * <code>MODIFY_ACCESS_CONTROL</code> privilege
- * for the <code>absPath</code> node.
- * @throws UnsupportedRepositoryOperationException
- * if access control entries
- * are not supported.
- * @throws LockException if a lock applies at the node at
- * <code>absPath</code> and this implementation
- * performs this validation immediately instead
- * of waiting until <code>save</code>.
- * @throws VersionException if the node at <code>absPath</code> is
- * versionable and checked-in or is non-versionable
- * but its nearest versionable ancestor is
- * checked-in and this implementation performs
- * this validation immediately instead of
- * waiting until <code>save</code>.
- * @throws RepositoryException if another error occurs.
- */
- public void removeAccessControlEntry(String absPath, AccessControlEntry ace)
- throws PathNotFoundException, AccessControlException,
- AccessDeniedException, UnsupportedRepositoryOperationException,
- LockException, VersionException, RepositoryException;
-
- /**
- * Returns all hold objects that have been added through this API to the
- * existing node at <code>absPath</code>. If no hold has been set before,
- * this method returns an empty array.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the current session
- * does not have sufficient rights to retrieve the holds.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * retention and hold are not supported.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path.
- * @return All hold objects that have been added to the existing node at
- * <code>absPath</code> through this API or an empty array if no
- * hold has been set.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessDeniedException if the current session does not have
- * sufficient rights to retrieve the holds.
- * @throws UnsupportedRepositoryOperationException
- * if retention and hold are not supported.
- * @throws RepositoryException if another error occurs.
- */
- public Hold[] getHolds(String absPath) throws PathNotFoundException,
- AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
-
- /**
- * Places a hold on the existing node at <code>absPath</code>. If
- * <code>isDeep</code> is <code>true</code>) the hold applies to this node
- * and its subtree. The hold does not take effect until a <code>save</code>
- * is performed. A node may have more than one hold.
- * <p/>
- * The format and interpretation of the <code>name</code> are not specified.
- * They are application-dependent.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessControlException</code> is thrown if the
- * node at <code>absPath</code> cannot have a hold set.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the current session
- * does not have sufficient rights to perform the operation.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * retention and hold are not supported.
- * <p/>
- * An <code>LockException</code> is thrown if the node at <code>absPath</code>
- * is locked and this implementation performs this validation immediately
- * instead of waiting until <code>save</code>.
- * <p/>
- * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
- * is versionable and checked-in or is non-versionable but its nearest
- * versionable ancestor is checked-in and this implementation performs this
- * validation immediately instead of waiting until <code>save</code>.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path.
- * @param name an application-dependent string.
- * @param isDeep a boolean indicating if the hold applies to the subtree.
- * @return The <code>Hold</code> applied.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessControlException if the node at
- * <code>absPath</code> cannot have a hold set.
- * @throws AccessDeniedException if the current session does not have
- * sufficient rights to perform the operation.
- * @throws UnsupportedRepositoryOperationException
- * if retention and hold are not supported.
- * @throws LockException if a lock applies at the node at
- * <code>absPath</code> and this implementation
- * performs this validation immediately instead
- * of waiting until <code>save</code>.
- * @throws VersionException if the node at <code>absPath</code> is
- * versionable and checked-in or is non-versionable
- * but its nearest versionable ancestor is
- * checked-in and this implementation performs
- * this validation immediately instead of
- * waiting until <code>save</code>.
- * @throws RepositoryException if another error occurs.
- */
- public Hold addHold(String absPath, String name, boolean isDeep)
- throws PathNotFoundException, AccessControlException, AccessDeniedException,
- UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException;
-
- /**
- * Removes the specified <code>hold</code> from the node at
- * <code>absPath</code>. The removal does not take effect until a
- * <code>save</code> is performed.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessControlException</code> is thrown if the specified
- * <code>hold</code> does not apply to the node at <code>absPath</code>.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the current session
- * does not have sufficient rights to perform the operation.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * retention and hold are not supported.
- * <p/>
- * An <code>LockException</code> is thrown if the node at <code>absPath</code>
- * is locked and this implementation performs this validation immediately
- * instead of waiting until <code>save</code>.
- * <p/>
- * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
- * is versionable and checked-in or is non-versionable but its nearest
- * versionable ancestor is checked-in and this implementation performs this
- * validation immediately instead of waiting until <code>save</code>.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path.
- * @param hold the hold to be removed.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessControlException if the specified <code>hold</code> is not
- * present at the node at <code>absPath</code>.
- * @throws AccessDeniedException if the current session does not have
- * sufficient rights to perform the operation.
- * @throws UnsupportedRepositoryOperationException
- * if retention and hold are not supported.
- * @throws LockException if a lock applies at the node at
- * <code>absPath</code> and this implementation
- * performs this validation immediately instead
- * of waiting until <code>save</code>.
- * @throws VersionException if the node at <code>absPath</code> is
- * versionable and checked-in or is non-versionable
- * but its nearest versionable ancestor is
- * checked-in and this implementation performs
- * this validation immediately instead of
- * waiting until <code>save</code>.
- * @throws RepositoryException if another error occurs.
- */
- public void removeHold(String absPath, Hold hold)
- throws PathNotFoundException, AccessControlException, AccessDeniedException,
- UnsupportedRepositoryOperationException, LockException, VersionException,
- RepositoryException;
-
- /**
- * Returns the retention policy that has been set using {@link #setRetentionPolicy}
- * on the node at <code>absPath</code> or <code>null</code> if no policy has been set.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the current session
- * does not have sufficient rights to retrieve the retention policy.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * retention and hold are not supported.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path to an existing node.
- * @return The retention policy that applies to the existing node at
- * <code>absPath</code> or <code>null</code> if no policy applies.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessDeniedException if the current session does not have
- * sufficient rights to retrieve the policy.
- * @throws UnsupportedRepositoryOperationException
- * if retention and hold are not supported.
- * @throws RepositoryException if another error occurs.
- */
- public RetentionPolicy getRetentionPolicy(String absPath)
- throws PathNotFoundException, AccessDeniedException,
- UnsupportedRepositoryOperationException, RepositoryException;
-
- /**
- * Sets the retention policy of the node at <code>absPath</code> to
- * that defined in the specified policy node. Interpretation and enforcement
- * of this policy is an implementation issue. In any case the policy does
- * does not take effect until a <code>save</code> is performed.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessControlException</code> is thrown if the specified
- * node is not a valid retention policy node.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the current session
- * does not have sufficient rights to perform the operation.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * retention and hold are not supported.
- * <p/>
- * An <code>LockException</code> is thrown if the node at <code>absPath</code>
- * is locked and this implementation performs this validation immediately
- * instead of waiting until <code>save</code>.
- * <p/>
- * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
- * is versionable and checked-in or is non-versionable but its nearest
- * versionable ancestor is checked-in and this implementation performs this
- * validation immediately instead of waiting until <code>save</code>.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path to an existing node.
- * @param retentionPolicy a retention policy.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessControlException if the specified retention policy is not
- * valid on the specified node.
- * @throws AccessDeniedException if the current session does not have
- * sufficient rights to perform the operation.
- * @throws UnsupportedRepositoryOperationException
- * if retention and hold are not supported.
- * @throws LockException if a lock applies at the node at
- * <code>absPath</code> and this implementation
- * performs this validation immediately instead
- * of waiting until <code>save</code>.
- * @throws VersionException if the node at <code>absPath</code> is
- * versionable and checked-in or is non-versionable
- * but its nearest versionable ancestor is
- * checked-in and this implementation performs
- * this validation immediately instead of
- * waiting until <code>save</code>.
- * @throws RepositoryException if another error occurs.
- */
- public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy)
- throws PathNotFoundException, AccessControlException, AccessDeniedException,
- UnsupportedRepositoryOperationException, LockException, VersionException,
- RepositoryException;
-
- /**
- * Causes the current retention policy on the node at
- * <code>absPath</code> to no longer apply. The removal does not take effect
- * until a <code>save</code> is performed.
- * <p/>
- * A <code>PathNotFoundException</code> is thrown if no node at
- * <code>absPath</code> exists or the session does not have privilege to
- * retrieve the node.
- * <p/>
- * An <code>AccessControlException</code> is thrown if this node does
- * not have a retention policy currently assigned.
- * <p/>
- * An <code>AccessDeniedException</code> is thrown if the current session
- * does not have sufficient rights to perform the operation.
- * <p/>
- * An <code>UnsupportedRepositoryOperationException</code> is thrown if
- * retention and hold are not supported.
- * <p/>
- * An <code>LockException</code> is thrown if the node at <code>absPath</code>
- * is locked and this implementation performs this validation immediately
- * instead of waiting until <code>save</code>.
- * <p/>
- * An <code>VersionException</code> is thrown if the node at <code>absPath</code>
- * is versionable and checked-in or is non-versionable but its nearest
- * versionable ancestor is checked-in and this implementation performs this
- * validation immediately instead of waiting until <code>save</code>.
- * <p/>
- * A <code>RepositoryException</code> is thrown if another error occurs.
- *
- * @param absPath an absolute path to an existing node.
- * @throws PathNotFoundException if no node at <code>absPath</code> exists
- * or the session does not have privilege to
- * retrieve the node.
- * @throws AccessControlException if this node does not have a
- * retention policy currently assigned.
- * @throws AccessDeniedException if the current session does not have
- * sufficient rights to perform the operation.
- * @throws UnsupportedRepositoryOperationException
- * if retention and hold are not supported.
- * @throws LockException if a lock applies at the node at
- * <code>absPath</code> and this implementation
- * performs this validation immediately instead
- * of waiting until <code>save</code>.
- * @throws VersionException if the node at <code>absPath</code> is
- * versionable and checked-in or is non-versionable
- * but its nearest versionable ancestor is
- * checked-in and this implementation performs
- * this validation immediately instead of
- * waiting until <code>save</code>.
- * @throws RepositoryException if another error occurs.
- */
- public void removeRetentionPolicy(String absPath)
- throws PathNotFoundException, AccessControlException, AccessDeniedException,
- UnsupportedRepositoryOperationException, LockException, VersionException, RepositoryException;
}
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicy.java Wed Aug 27 08:12:04 2008
@@ -16,31 +16,15 @@
*/
package org.apache.jackrabbit.api.jsr283.security;
-import javax.jcr.RepositoryException;
-
/**
- * An <code>AccessControlPolicy</code> is an object with a name and an optional
- * description. Examples of possible <code>AccessControlPolicy</code>
- * implementations include access control lists or role-responsibility
- * assignments.
+ * The <code>AccessControlPolicy</code> is a marker interface for all kind
+ * of access control policies. This API defines two subinterfaces:
+ * <ul>
+ * <li>{@link NamedAccessControlPolicy},</li>
+ * <li>{@link AccessControlList}.</li>
+ * </ul>
*
* @since JCR 2.0
*/
public interface AccessControlPolicy {
- /**
- * Returns the name of the access control policy, which should be unique
- * among the choices applicable to any particular node.
- *
- * @return the name of the access control policy.
- * @throws RepositoryException if an error occurs.
- */
- public String getName() throws RepositoryException;
-
- /**
- * Returns a human readable description of the access control policy.
- *
- * @return a human readable description of the access control policy.
- * @throws RepositoryException if an error occurs.
- */
- public String getDescription() throws RepositoryException;
}
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.jsr283.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * An <code>NamedAccessControlPolicy</code> is an opaque access control policy
+ * that is described by a JCR name and optionally a description.
+ * <code>NamedAccessControlPolicy</code> are immutable and can therefore be
+ * directly applied to a node without additional configuration step.
+ *
+ * @since JCR 2.0
+ */
+public interface NamedAccessControlPolicy extends AccessControlPolicy {
+
+ /**
+ * Returns the name of the access control policy, which is JCR name and
+ * should be unique among the choices applicable to any particular node.
+ *
+ * @return the name of the access control policy. A JCR name.
+ * @throws RepositoryException if an error occurs.
+ */
+ public String getName() throws RepositoryException;
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/NamedAccessControlPolicy.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/Privilege.java Wed Aug 27 08:12:04 2008
@@ -19,8 +19,7 @@
/**
* A privilege represents the capability of performing a particular set
* of operations on items in the JCR repository. Each privilege is identified
- * by a NAME that is unique across the set of privileges supported by a
- * repository. JCR defines a set of standard privileges in the <code>jcr</code>
+ * by a JCR name. JCR defines a set of standard privileges in the <code>jcr</code>
* namespace. Implementations may add additional privileges in namespaces other
* than <code>jcr</code>.
* <p/>
@@ -41,63 +40,84 @@
public interface Privilege {
/**
- * A constant representing <code>READ</code>, the privilege to retrieve
+ * A constant representing <code>jcr:read</code> (in extended form), the privilege to retrieve
* a node and get its properties and their values.
*/
- public static final String READ = "javax.jcr.security.Privilege.READ";
+ public static final String JCR_READ = "{http://www.jcp.org/jcr/1.0}read";
/**
- * A constant representing <code>MODIFY_PROPERTIES</code>, the privilege
+ * A constant representing <code>jcr:modifyProperties</code> (in extended form), the privilege
* to create, modify and remove the properties of a node.
*/
- public static final String MODIFY_PROPERTIES = "javax.jcr.security.Privilege.MODIFY_PROPERTIES";
+ public static final String JCR_MODIFY_PROPERTIES = "{http://www.jcp.org/jcr/1.0}modifyProperties";
/**
- * A constant representing <code>ADD_CHILD_NODES</code>, the privilege
+ * A constant representing <code>jcr:addChildNodes</code> (in extended form), the privilege
* to create child nodes of a node.
*/
- public static final String ADD_CHILD_NODES = "javax.jcr.security.Privilege.ADD_CHILD_NODES";
+ public static final String JCR_ADD_CHILD_NODES = "{http://www.jcp.org/jcr/1.0}addChildNodes";
/**
- * A constant representing <code>REMOVE_CHILD_NODES</code>, the privilege
- * to remove child nodes of a node.
+ * A constant representing <code>jcr:removeNode</code> (in extended form), the privilege
+ * to remove a node.
+ * <p>
+ * In order to actually remove a node requires <code>jcr:removeNode</code> on that node
+ * and <code>jcr:removeChildNodes</code> on the parent node.
+ * <p>
+ * The distinction is provided in order to reflect implementations that internally model "remove"
+ * as a "delete" instead of a "unlink". A repository that uses the "delete" model
+ * can have <code>jcr:removeChildNodes</code> in every access control policy, so that removal
+ * is effectively controlled by <code>jcr:removeNode</code>.
*/
- public static final String REMOVE_CHILD_NODES = "javax.jcr.security.Privilege.REMOVE_CHILD_NODES";
+ public static final String JCR_REMOVE_NODE = "{http://www.jcp.org/jcr/1.0}removeNode";
/**
- * A constant representing <code>WRITE</code>, an aggregate privilege that contains:
- *<ul>
- * <li>MODIFY_PROPERTIES</li>
- * <li>ADD_CHILD_NODES</li>
- * <li>REMOVE_CHILD_NODES</li>
+ * A constant representing <code>jcr:removeChildNodes</code> (in extended form), the privilege
+ * to remove child nodes of a node. In order to actually remove a node requires <code>jcr:removeNode</code> on that node
+ * and <code>jcr:removeChildNodes</code> on the parent node.
+ * <p>
+ * The distinction is provided in order to reflect implementations that internally model "remove"
+ * as a "unlink" instead of a "delete". A repository that uses the "unlink" model
+ * can have <code>jcr:removeNode</code> in every access control policy, so that removal
+ * is effectively controlled by <code>jcr:removeChildNodes</code>.
+ */
+ public static final String JCR_REMOVE_CHILD_NODES = "{http://www.jcp.org/jcr/1.0}removeChildNodes";
+
+ /**
+ * A constant representing <code>jcr:write</code> (in extended form), an aggregate privilege that contains:
+ * <ul>
+ * <li><code>jcr:modifyProperties</code></li>
+ * <li><code>jcr:addChildNodes</code></li>
+ * <li><code>jcr:removeNode</code></li>
+ * <li><code>jcr:removeChildNodes</code></li>
* </ul>
*/
- public static final String WRITE = "javax.jcr.security.Privilege.WRITE";
+ public static final String JCR_WRITE = "{http://www.jcp.org/jcr/1.0}write";
/**
- * A constant representing <code>READ_ACCESS_CONTROL</code>, the privilege
+ * A constant representing <code>jcr:readAccessControl</code> (in extended form), the privilege
* to get the access control policy of a node.
*/
- public static final String READ_ACCESS_CONTROL = "javax.jcr.security.Privilege.READ_ACCESS_CONTROL";
+ public static final String JCR_READ_ACCESS_CONTROL = "{http://www.jcp.org/jcr/1.0}readAccessControl";
/**
- * A constant representing <code>MODIFY_ACCESS_CONTROL</code>, the privilege
+ * A constant representing <code>jcr:modifyAccessControl</code> (in extended form), the privilege
* to modify the access control policies of a node.
*/
- public static final String MODIFY_ACCESS_CONTROL = "javax.jcr.security.Privilege.MODIFY_ACCESS_CONTROL";
+ public static final String JCR_MODIFY_ACCESS_CONTROL = "{http://www.jcp.org/jcr/1.0}modifyAccessControl";
/**
- * A constant representing <code>ALL</code>, an aggregate privilege that contains
+ * A constant representing <code>jcr:all</code> (in extended form), an aggregate privilege that contains
* all predefined privileges:
* <ul>
- * <li>READ</li>
- * <li>WRITE</li>
- * <li>READ_ACCESS_CONTROL</li>
- * <li>MODIFY_ACCESS_CONTROL</li>
+ * <li><code>jcr:read</code></li>
+ * <li><code>jcr:write</code></li>
+ * <li><code>jcr:readAccessControl</code></li>
+ * <li><code>jcr:modifyAccessControl</code></li>
* </ul>
- * It should in addition include all implementation-defined privileges.
+ * It should, in addition, include all implementation-defined privileges.
*/
- public static final String ALL = "javax.jcr.security.Privilege.ALL";
+ public static final String JCR_ALL = "{http://www.jcp.org/jcr/1.0}all";
/**
* Returns the name of this privilege.
@@ -107,13 +127,6 @@
public String getName();
/**
- * Returns a description of this privilege.
- *
- * @return a description of this privilege.
- */
- public String getDescription();
-
- /**
* Returns whether this privilege is an abstract privilege.
* @return <code>true</code> if this privilege is an abstract privilege;
* <code>false</code> otherwise.
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java Wed Aug 27 08:12:04 2008
@@ -16,9 +16,6 @@
*/
package org.apache.jackrabbit.api.security.principal;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
-import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
-
import java.security.Principal;
import java.security.acl.Group;
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java Wed Aug 27 08:12:04 2008
@@ -31,10 +31,7 @@
* @see User#getImpersonation()
*/
public interface Impersonation {
-
- // TODO: ev. add method that allows to display principals/users that are allowed to impersonate.
- // TODO: ev. grantImpersonation/revokeImpersonation should take User
-
+
/**
* @return An iterator over the <code>Principal</code>s that are allowed
* to impersonate the <code>User</code> this <code>Impersonation</code>
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java Wed Aug 27 08:12:04 2008
@@ -28,7 +28,7 @@
public interface User extends Authorizable {
/**
- * @return true if the current Authorizable is has all Privileges
+ * @return true if the current user represents the administrator.
*/
boolean isAdmin();
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java Wed Aug 27 08:12:04 2008
@@ -29,6 +29,24 @@
public interface UserManager {
/**
+ * Filter flag indicating that only <code>User</code>s should be searched
+ * and returned.
+ */
+ int SEARCH_TYPE_USER = 1;
+
+ /**
+ * Filter flag indicating that only <code>Group</code>s should be searched
+ * and returned.
+ */
+ int SEARCH_TYPE_GROUP = 2;
+
+ /**
+ * Filter flag indicating that all <code>Authorizable</code>s should be
+ * searched.
+ */
+ int SEARCH_TYPE_AUTHORIZABLE = 3;
+
+ /**
* Get the Authorizable by its id.
*
* @param id
@@ -59,7 +77,27 @@
* @throws RepositoryException
* @see Authorizable#getProperty(String)
*/
- Iterator findAuthorizable(String propertyName, String value) throws RepositoryException;
+ Iterator findAuthorizables(String propertyName, String value) throws RepositoryException;
+
+ /**
+ * Returns all <code>Authorizable</code>s that have
+ * {@link Authorizable#getProperty(String) property} with the given name and
+ * that Property equals the given value. In contrast to
+ * {@link #findAuthorizables(String, String)} the type of authorizable is
+ * respected while executing the search.
+ *
+ * @param propertyName
+ * @param value
+ * @param searchType Any of the following constants:
+ * <ul>
+ * <li>{@link #SEARCH_TYPE_AUTHORIZABLE}</li>
+ * <li>{@link #SEARCH_TYPE_GROUP}</li>
+ * <li>{@link #SEARCH_TYPE_USER}</li>
+ * </ul>
+ * @return
+ * @throws RepositoryException
+ */
+ Iterator findAuthorizables(String propertyName, String value, int searchType) throws RepositoryException;
/**
* Creates an User for the given userID / password pair; neither of the
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java Wed Aug 27 08:12:04 2008
@@ -18,8 +18,6 @@
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
-import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator;
-import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
import javax.jcr.RangeIterator;
import java.util.Collection;
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java Wed Aug 27 08:12:04 2008
@@ -111,11 +111,17 @@
* The user id of the administrator. The value is retrieved from
* configuration. If the config entry is missing a default id is used (see
* {@link SecurityConstants#ADMIN_ID}).
- *
*/
private String adminId;
/**
+ * The user id of the anonymous user. The value is retrieved from
+ * configuration. If the config entry is missing a default id is used (see
+ * {@link SecurityConstants#ANONYMOUS_ID}).
+ */
+ private String anonymousId;
+
+ /**
* Contains the access control providers per workspace.
* key = name of the workspace,
* value = {@link AccessControlProvider}
@@ -178,13 +184,12 @@
Properties[] moduleConfig = authContextProvider.getModuleConfig();
// retrieve default-ids (admin and anomymous) from login-module-configuration.
- String anonymousId = null;
for (int i = 0; i < moduleConfig.length; i++) {
if (moduleConfig[i].containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
adminId = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
}
if (moduleConfig[i].containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
- anonymousId = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID, null);
+ anonymousId = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
}
}
// fallback:
@@ -193,7 +198,8 @@
adminId = SecurityConstants.ADMIN_ID;
}
if (anonymousId == null) {
- log.debug("No anonymousID defined in LoginModule/JAAS config -> anonymous not defined..");
+ log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
+ anonymousId = SecurityConstants.ANONYMOUS_ID;
}
// create the system userManager and make sure the system-users exist.
@@ -373,7 +379,8 @@
public AuthContext getAuthContext(Credentials creds, Subject subject)
throws RepositoryException {
checkInitialized();
- return authContextProvider.getAuthContext(creds, subject, securitySession, principalProviderRegistry);
+ return authContextProvider.getAuthContext(creds, subject, securitySession,
+ principalProviderRegistry, adminId, anonymousId);
}
//--------------------------------------------------------------------------
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java Wed Aug 27 08:12:04 2008
@@ -795,8 +795,6 @@
* shareable, there might be more than one cache entry for this item.
*
* @param id id of the items to remove from the cache
- * @return <code>true</code> if the item was contained in this cache,
- * <code>false</code> otherwise.
*/
private void evictItems(ItemId id) {
if (log.isDebugEnabled()) {
@@ -1105,7 +1103,7 @@
/**
* Cache some node.
*
- * @param node node to cache
+ * @param data data to cache
*/
public void cache(AbstractNodeData data) {
NodeId id = data.getNodeState().getNodeId();
@@ -1123,7 +1121,7 @@
/**
* Evict some node from the cache.
*
- * @param node node to evict
+ * @param data data to evict
*/
public void evict(AbstractNodeData data) {
ReferenceMap map = (ReferenceMap) cache.get(data.getId());
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/PropertyImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/PropertyImpl.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/PropertyImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/PropertyImpl.java Wed Aug 27 08:12:04 2008
@@ -19,7 +19,6 @@
import org.apache.jackrabbit.core.state.ItemState;
import org.apache.jackrabbit.core.state.ItemStateException;
import org.apache.jackrabbit.core.state.PropertyState;
-import org.apache.jackrabbit.core.state.NodeState;
import org.apache.jackrabbit.core.value.BLOBFileValue;
import org.apache.jackrabbit.core.value.InternalValue;
import org.apache.jackrabbit.core.nodetype.PropDefId;
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java Wed Aug 27 08:12:04 2008
@@ -16,27 +16,25 @@
*/
package org.apache.jackrabbit.core;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
import org.apache.jackrabbit.core.nodetype.NodeDefinitionImpl;
-import org.apache.jackrabbit.core.value.InternalValue;
-import org.apache.jackrabbit.core.state.NodeState;
-import org.apache.jackrabbit.core.state.ChildNodeEntry;
-import org.apache.jackrabbit.core.security.user.UserManagerImpl;
+import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
import org.apache.jackrabbit.core.security.authorization.acl.ACLEditor;
+import org.apache.jackrabbit.core.security.user.UserManagerImpl;
+import org.apache.jackrabbit.core.state.ChildNodeEntry;
+import org.apache.jackrabbit.core.state.NodeState;
+import org.apache.jackrabbit.core.value.InternalValue;
+import org.apache.jackrabbit.spi.Name;
-import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.PathNotFoundException;
+import javax.jcr.AccessDeniedException;
import javax.jcr.ItemExistsException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
-import javax.jcr.Property;
-import javax.jcr.AccessDeniedException;
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.version.VersionException;
import javax.jcr.lock.LockException;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.version.VersionException;
/**
* <code>SecurityItemModifier</code>: An abstract helper class to allow classes
@@ -48,13 +46,11 @@
*/
public abstract class SecurityItemModifier {
- private static Logger log = LoggerFactory.getLogger(SecurityItemModifier.class);
-
protected SecurityItemModifier() {
Class cl = getClass();
if (!(cl.equals(UserManagerImpl.class) ||
cl.equals(ACLEditor.class) ||
- cl.getSuperclass().equals(ACLEditor.class))) {
+ cl.equals(org.apache.jackrabbit.core.security.authorization.principalbased.ACLEditor.class))) {
throw new IllegalArgumentException("Only UserManagerImpl and ACLEditor may extend from the SecurityItemModifier");
}
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java Wed Aug 27 08:12:04 2008
@@ -36,6 +36,7 @@
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.retention.RetentionManager;
import org.apache.jackrabbit.core.security.authentication.AuthContext;
import org.apache.jackrabbit.core.state.ItemStateException;
import org.apache.jackrabbit.core.state.LocalItemStateManager;
@@ -47,6 +48,7 @@
import org.apache.jackrabbit.core.version.VersionManagerImpl;
import org.apache.jackrabbit.core.xml.ImportHandler;
import org.apache.jackrabbit.core.xml.SessionImporter;
+import org.apache.jackrabbit.core.retention.RetentionManagerImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.DefaultNamePathResolver;
@@ -226,6 +228,11 @@
private UserManager userManager;
/**
+ * Retention and Hold Manager
+ */
+ private RetentionManager retentionManager;
+
+ /**
* Protected constructor.
*
* @param rep
@@ -1343,7 +1350,7 @@
/**
* @see Session#getAccessControlManager()
- * @since 2.0
+ * @since JCR 2.0
*/
public AccessControlManager getAccessControlManager()
throws UnsupportedRepositoryOperationException, RepositoryException {
@@ -1354,6 +1361,18 @@
}
}
+ /**
+ * @see Session#getRetentionManager()
+ * @since JCR 2.0
+ */
+ public synchronized RetentionManager getRetentionManager()
+ throws UnsupportedRepositoryOperationException, RepositoryException {
+ if (retentionManager == null) {
+ retentionManager = new RetentionManagerImpl(this);
+ }
+ return retentionManager;
+ }
+
//-----------------------------------< Session methods changed in JSR 283 >
/**
* Moves the node at <code>srcAbsPath</code> (and its entire subtree) to the
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java Wed Aug 27 08:12:04 2008
@@ -20,15 +20,21 @@
import org.apache.jackrabbit.core.security.AMContext;
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.SystemPrincipal;
+import org.apache.jackrabbit.core.security.AbstractAccessControlManager;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.RepositoryException;
+import javax.jcr.PathNotFoundException;
import javax.security.auth.Subject;
import java.util.Collections;
import java.util.HashSet;
@@ -100,9 +106,12 @@
}
//--------------------------------------------------------< inner classes >
- private class SystemAccessManager implements AccessManager {
+ private class SystemAccessManager extends AbstractAccessControlManager implements AccessManager {
+
+ private final PrivilegeRegistry privilegeRegistry;
SystemAccessManager() {
+ privilegeRegistry = new PrivilegeRegistry(SystemSession.this);
}
//----------------------------------------------------< AccessManager >
@@ -192,5 +201,72 @@
public boolean canAccess(String workspaceName) throws RepositoryException {
return true;
}
+
+ //-----------------------------------< AbstractAccessControlManager >---
+ /**
+ * @see AbstractAccessControlManager#checkInitialized()
+ */
+ protected void checkInitialized() throws IllegalStateException {
+ // nop
+ }
+
+ /**
+ * @see AbstractAccessControlManager#checkPrivileges(String, int)
+ */
+ protected void checkPrivileges(String absPath, int privileges) throws
+ AccessDeniedException, PathNotFoundException, RepositoryException {
+ // allow everything
+ }
+
+ /**
+ * @see AbstractAccessControlManager#getPrivilegeRegistry()
+ */
+ protected PrivilegeRegistry getPrivilegeRegistry()
+ throws RepositoryException {
+ return privilegeRegistry;
+ }
+
+ /**
+ * @see AbstractAccessControlManager#checkValidNodePath(String)
+ */
+ protected void checkValidNodePath(String absPath)
+ throws PathNotFoundException, RepositoryException {
+ Path p = getQPath(absPath);
+ if (!p.isAbsolute()) {
+ throw new RepositoryException("Absolute path expected.");
+ }
+ if (hierMgr.resolveNodePath(p) == null) {
+ throw new PathNotFoundException("No such node " + absPath);
+ }
+ }
+
+ //-------------------------------------------< AccessControlManager >---
+ /**
+ * @see AccessControlManager#hasPrivileges(String, Privilege[])
+ */
+ public boolean hasPrivileges(String absPath, Privilege[] privileges)
+ throws PathNotFoundException, RepositoryException {
+ checkValidNodePath(absPath);
+ // allow everything
+ return true;
+ }
+
+ /**
+ * @see AccessControlManager#getPrivileges(String)
+ */
+ public Privilege[] getPrivileges(String absPath)
+ throws PathNotFoundException, RepositoryException {
+ checkValidNodePath(absPath);
+ return getPrivilegeRegistry().getPrivileges(PrivilegeRegistry.ALL);
+ }
+
+ /**
+ * @see AccessControlManager#getEffectivePolicies(String)
+ */
+ public AccessControlPolicy[] getEffectivePolicies(String absPath) throws
+ PathNotFoundException, AccessDeniedException, RepositoryException {
+ // TODO
+ throw new UnsupportedOperationException();
+ }
}
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java Wed Aug 27 08:12:04 2008
@@ -29,22 +29,24 @@
*/
public class LoginModuleConfig extends BeanConfig {
+ /**
+ * UserId of the anonymous user. Optional parameter in the LoginModule
+ * configuration.
+ */
public static final String PARAM_ANONYMOUS_ID = "anonymousId";
- public static final String PARAM_ADMIN_ID = "adminId";
-
+
/**
- * Name of the default user id to be used upon Repository.login with
- * <code>null</code> credentials. Optional parameter in the LoginModule
+ * UserId of the administrator. Optional parameter in the LoginModule
* configuration.
*/
- public static final String PARAM_DEFAULT_USERID = "defaultUserId";
+ public static final String PARAM_ADMIN_ID = "adminId";
/**
* Property-Key for the fully qualified class name of the implementation of
* {@link org.apache.jackrabbit.core.security.principal.PrincipalProvider}
* to be used with the LoginModule.
*/
- public static final String PARAM_PRINCIPAL_PROVIDER_CLASS = "principalprovider";
+ public static final String PARAM_PRINCIPAL_PROVIDER_CLASS = "principalProvider";
/**
* Creates an access manager configuration object from the
Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.retention;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.api.jsr283.retention.RetentionManager;
+import org.apache.jackrabbit.api.jsr283.retention.Hold;
+import org.apache.jackrabbit.api.jsr283.retention.RetentionPolicy;
+
+import javax.jcr.PathNotFoundException;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.version.VersionException;
+import javax.jcr.lock.LockException;
+
+/**
+ * <code>RetentionManagerImpl</code>...
+ */
+public class RetentionManagerImpl implements RetentionManager {
+
+ private static Logger log = LoggerFactory.getLogger(RetentionManagerImpl.class);
+
+ private final Session session;
+
+ public RetentionManagerImpl(Session session) {
+ this.session = session;
+ }
+
+ public Hold[] getHolds(String absPath) throws PathNotFoundException,
+ AccessDeniedException, RepositoryException {
+ //TODO
+ return new Hold[0];
+ }
+
+ public Hold addHold(String absPath, String name, boolean isDeep) throws
+ PathNotFoundException, AccessDeniedException, LockException,
+ VersionException, RepositoryException {
+ //TODO
+ throw new UnsupportedOperationException("Not yet implemented");
+ }
+
+ public void removeHold(String absPath, Hold hold) throws
+ PathNotFoundException, AccessDeniedException, LockException,
+ VersionException, RepositoryException {
+ //TODO
+ throw new UnsupportedOperationException("Not yet implemented");
+ }
+
+ public RetentionPolicy getRetentionPolicy(String absPath) throws
+ PathNotFoundException, AccessDeniedException, RepositoryException {
+ // TODO
+ return null;
+ }
+
+ public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy)
+ throws PathNotFoundException, AccessDeniedException, LockException,
+ VersionException, RepositoryException {
+ //TODO
+ throw new UnsupportedOperationException("Not yet implemented");
+ }
+
+ public void removeRetentionPolicy(String absPath) throws
+ PathNotFoundException, AccessDeniedException, LockException,
+ VersionException, RepositoryException {
+ //TODO
+ throw new UnsupportedOperationException("Not yet implemented");
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionManagerImpl.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url