You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by ju...@apache.org on 2009/09/08 18:09:45 UTC
svn commit: r812570 [11/24] - in /jackrabbit/sandbox/JCR-1456: ./
jackrabbit-api/ jackrabbit-api/src/main/appended-resources/
jackrabbit-api/src/main/appended-resources/META-INF/
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabb...
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ParentNodeJoin.java Tue Sep 8 16:09:28 2009
@@ -60,8 +60,7 @@
int[] docNums = new int[1];
while ((nodes = child.nextScoreNodes()) != null) {
docNums = resolver.getParents(nodes[idx].getDoc(reader), docNums);
- for (int i = 0; i < docNums.length; i++) {
- Integer parentId = new Integer(docNums[i]);
+ for (int parentId : docNums) {
childIndex.addScoreNodes(parentId, nodes);
}
}
@@ -73,6 +72,6 @@
*/
public ScoreNode[][] getMatchingScoreNodes(ScoreNode parent)
throws IOException {
- return childIndex.getScoreNodes(new Integer(parent.getDoc(reader)));
+ return childIndex.getScoreNodes(parent.getDoc(reader));
}
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/join/ScoreNodeMap.java Tue Sep 8 16:09:28 2009
@@ -32,7 +32,7 @@
/**
* The internal map.
*/
- private final Map map = new HashMap();
+ private final Map<Object, Object> map = new HashMap<Object, Object>();
/**
* Adds <code>scoreNodes</code> to this map under the given <code>key</code>.
@@ -62,8 +62,8 @@
((List) existing).add(nodes);
} else {
// ScoreNode[]
- ArrayList tmp = new ArrayList();
- tmp.add(existing);
+ List<ScoreNode[]> tmp = new ArrayList<ScoreNode[]>();
+ tmp.add((ScoreNode[]) existing);
tmp.add(nodes);
existing = tmp;
map.put(key, existing);
@@ -83,8 +83,8 @@
if (sn == null) {
return null;
} else if (sn instanceof List) {
- List list = (List) sn;
- return (ScoreNode[][]) list.toArray(new ScoreNode[list.size()][]);
+ List<ScoreNode[]> list = (List<ScoreNode[]>) sn;
+ return list.toArray(new ScoreNode[list.size()][]);
} else {
// ScoreNode[]
return new ScoreNode[][]{(ScoreNode[]) sn};
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/HoldImpl.java Tue Sep 8 16:09:28 2009
@@ -63,16 +63,16 @@
return valueFactory.createValue(str);
}
- static Hold createFromValue(Value val, NodeId nodeId, NameResolver resolver) throws RepositoryException {
+ static HoldImpl createFromValue(Value val, NodeId nodeId, NameResolver resolver) throws RepositoryException {
String str = val.getString();
Name name = NAME_FACTORY.create(str.substring(2));
boolean isDeep = str.startsWith(DEEP);
return new HoldImpl(name, isDeep, nodeId, resolver);
}
- static Hold[] createFromProperty(PropertyImpl property, NodeId nodeId) throws RepositoryException {
+ static HoldImpl[] createFromProperty(PropertyImpl property, NodeId nodeId) throws RepositoryException {
Value[] vs = property.getValues();
- Hold[] holds = new Hold[vs.length];
+ HoldImpl[] holds = new HoldImpl[vs.length];
for (int i = 0; i < vs.length; i++) {
holds[i] = createFromValue(vs[i], nodeId, (SessionImpl) property.getSession());
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/retention/RetentionRegistryImpl.java Tue Sep 8 16:09:28 2009
@@ -63,8 +63,10 @@
*/
private static final String FILE_NAME = "retention";
- private final PathMap retentionMap = new PathMap();
- private final PathMap holdMap = new PathMap();
+ private final PathMap<RetentionPolicyImpl> retentionMap =
+ new PathMap<RetentionPolicyImpl>();
+
+ private final PathMap<List<HoldImpl>> holdMap = new PathMap<List<HoldImpl>>();
private final SessionImpl session;
private final FileSystemResource retentionFile;
@@ -150,23 +152,22 @@
* present only once.
*/
private void writeRetentionFile() {
- final Set nodeIds = new HashSet();
+ final Set<NodeId> nodeIds = new HashSet<NodeId>();
// first look for nodes containing holds
- holdMap.traverse(new PathMap.ElementVisitor() {
- public void elementVisited(PathMap.Element element) {
- List holds = (List) element.get();
+ holdMap.traverse(new PathMap.ElementVisitor<List<HoldImpl>>() {
+ public void elementVisited(PathMap.Element<List<HoldImpl>> element) {
+ List<HoldImpl> holds = element.get();
if (!holds.isEmpty()) {
- nodeIds.add(((HoldImpl) holds.get(0)).getNodeId());
+ nodeIds.add(holds.get(0).getNodeId());
}
}
}, false);
// then collect ids of nodes having an retention policy
- retentionMap.traverse(new PathMap.ElementVisitor() {
- public void elementVisited(PathMap.Element element) {
- RetentionPolicyImpl rp = (RetentionPolicyImpl) element.get();
- nodeIds.add(rp.getNodeId());
+ retentionMap.traverse(new PathMap.ElementVisitor<RetentionPolicyImpl>() {
+ public void elementVisited(PathMap.Element<RetentionPolicyImpl> element) {
+ nodeIds.add(element.get().getNodeId());
}
}, false);
@@ -174,7 +175,7 @@
BufferedWriter writer = null;
try {
writer = new BufferedWriter(new OutputStreamWriter(retentionFile.getOutputStream()));
- for (Iterator it = nodeIds.iterator(); it.hasNext();) {
+ for (Iterator<NodeId> it = nodeIds.iterator(); it.hasNext();) {
writer.write(it.next().toString());
if (it.hasNext()) {
writer.newLine();
@@ -197,7 +198,7 @@
private void addHolds(Path nodePath, PropertyImpl p) throws RepositoryException {
synchronized (holdMap) {
- Hold[] holds = HoldImpl.createFromProperty(p, ((PropertyId) p.getId()).getParentId());
+ HoldImpl[] holds = HoldImpl.createFromProperty(p, ((PropertyId) p.getId()).getParentId());
holdMap.put(nodePath, Arrays.asList(holds));
holdCnt++;
}
@@ -205,7 +206,7 @@
private void removeHolds(Path nodePath) {
synchronized (holdMap) {
- PathMap.Element el = holdMap.map(nodePath, true);
+ PathMap.Element<List<HoldImpl>> el = holdMap.map(nodePath, true);
if (el != null) {
el.remove();
holdCnt--;
@@ -215,7 +216,8 @@
private void addRetentionPolicy(Path nodePath, PropertyImpl p) throws RepositoryException {
synchronized (retentionMap) {
- RetentionPolicy rp = new RetentionPolicyImpl(p.getString(), ((PropertyId) p.getId()).getParentId(), session);
+ RetentionPolicyImpl rp = new RetentionPolicyImpl(
+ p.getString(), ((PropertyId) p.getId()).getParentId(), session);
retentionMap.put(nodePath, rp);
retentionCnt++;
}
@@ -223,7 +225,8 @@
private void removeRetentionPolicy(Path nodePath) {
synchronized (retentionMap) {
- PathMap.Element el = retentionMap.map(nodePath, true);
+ PathMap.Element<RetentionPolicyImpl> el =
+ retentionMap.map(nodePath, true);
if (el != null) {
el.remove();
retentionCnt--;
@@ -242,8 +245,8 @@
if (holdCnt <= 0) {
return false;
}
- PathMap.Element element = holdMap.map(nodePath, false);
- List holds = (List) element.get();
+ PathMap.Element<List<HoldImpl>> element = holdMap.map(nodePath, false);
+ List<HoldImpl> holds = element.get();
if (holds != null) {
if (element.hasPath(nodePath)) {
// one or more holds on the specified path
@@ -257,9 +260,8 @@
// by a deep hold on any ancestor.
return true;
} else {
- for (Iterator it = holds.iterator(); it.hasNext();) {
- Hold h = (Hold) it.next();
- if (h.isDeep()) {
+ for (Hold hold : holds) {
+ if (hold.isDeep()) {
return true;
}
}
@@ -280,14 +282,14 @@
return false;
}
RetentionPolicy rp = null;
- PathMap.Element element = retentionMap.map(nodePath, true);
+ PathMap.Element<RetentionPolicyImpl> element = retentionMap.map(nodePath, true);
if (element != null) {
- rp = (RetentionPolicy) element.get();
+ rp = element.get();
}
if (rp == null && checkParent) {
element = retentionMap.map(nodePath.getAncestor(1), true);
if (element != null) {
- rp = (RetentionPolicy) element.get();
+ rp = element.get();
}
}
return rp != null;
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java Tue Sep 8 16:09:28 2009
@@ -326,7 +326,6 @@
checkInitialized();
checkPermission(absPath, Permission.READ_AC);
- // TODO: acProvider may not retrieve the correct policy in case of transient modifications
return acProvider.getEffectivePolicies(getPath(absPath));
}
@@ -395,6 +394,44 @@
}
return editor.getPolicies(principal);
}
+
+ /**
+ * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#hasPrivileges(String, Set, Privilege[])
+ */
+ public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
+ checkInitialized();
+ checkValidNodePath(absPath);
+ checkPermission(absPath, Permission.READ_AC);
+
+ if (privileges == null || privileges.length == 0) {
+ // null or empty privilege array -> return true
+ log.debug("No privileges passed -> allowed.");
+ return true;
+ } else {
+ int privs = PrivilegeRegistry.getBits(privileges);
+ Path p = resolver.getQPath(absPath);
+ return (acProvider.compilePermissions(principals).getPrivileges(p) | ~privs) == -1;
+ }
+ }
+
+ /**
+ * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getPrivileges(String, Set)
+ */
+ public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, RepositoryException {
+ checkInitialized();
+ checkValidNodePath(absPath);
+ checkPermission(absPath, Permission.READ_AC);
+ CompiledPermissions perms = acProvider.compilePermissions(principals);
+ try {
+ int bits = perms.getPrivileges(resolver.getQPath(absPath));
+ return (bits == PrivilegeRegistry.NO_PRIVILEGE) ?
+ new Privilege[0] :
+ privilegeRegistry.getPrivileges(bits);
+ } finally {
+ perms.close();
+ }
+ }
+
//---------------------------------------< AbstractAccessControlManager >---
/**
* @see AbstractAccessControlManager#checkInitialized()
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java Tue Sep 8 16:09:28 2009
@@ -16,16 +16,14 @@
*/
package org.apache.jackrabbit.core.security.authentication;
-import org.apache.commons.collections.set.ListOrderedSet;
-import javax.jcr.GuestCredentials;
-import org.apache.jackrabbit.core.config.LoginModuleConfig;
-import org.apache.jackrabbit.core.security.SecurityConstants;
-import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
-import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
import javax.jcr.Credentials;
+import javax.jcr.GuestCredentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
@@ -37,24 +35,27 @@
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import java.io.IOException;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.core.config.LoginModuleConfig;
+import org.apache.jackrabbit.core.security.SecurityConstants;
+import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* <code>AbstractLoginModule</code> provides the means for the common
* authentication tasks within the Repository.
* <p/>
- * On successfull authentication it associates the credentials to principals
+ * On successful authentication it associates the credentials to principals
* using the {@link PrincipalProvider} configured for this LoginModule<p />
* Jackrabbit distinguishes between Login and Impersonation dispatching the
* the correspoding Repository/Session methods to
* {@link #authenticate(java.security.Principal, javax.jcr.Credentials)} and
* {@link #impersonate(java.security.Principal, javax.jcr.Credentials)}, respectively.
* <br>
- * This LoginModule implements default behaviors for both methods.
+ * This LoginModule implements default behavior for either method.
*
* @see LoginModule
*/
@@ -65,23 +66,23 @@
private static final String KEY_CREDENTIALS = "org.apache.jackrabbit.credentials";
private static final String KEY_LOGIN_NAME = "javax.security.auth.login.name";
+ private String principalProviderClassName;
+ private boolean initialized;
+
protected String adminId;
protected String anonymousId;
- private String principalProviderClassName;
- private CallbackHandler callbackHandler;
- private boolean initialized;
+ protected CallbackHandler callbackHandler;
protected Principal principal;
protected SimpleCredentials credentials;
protected Subject subject;
protected PrincipalProvider principalProvider;
- private Map sharedState;
+ protected Map sharedState;
/**
- * Initialize this LoginModule.<br> This abstract implementation, initalizes
- * the following fields for later use:
+ * Initialize this LoginModule and sets the following fields for later usage:
* <ul>
* <li>{@link PrincipalProvider} for user-{@link Principal} resolution.</li>
* <li>{@link LoginModuleConfig#PARAM_ADMIN_ID} option is evaluated</li>
@@ -156,11 +157,8 @@
//log config values for debug
if (log.isDebugEnabled()) {
- Iterator itr = options.keySet().iterator();
- while (itr.hasNext()) {
- String option = (String) itr.next();
- log.debug("- Option: "+ option +" -> '"+ options.get(option) +"'");
-
+ for (String option : options.keySet()) {
+ log.debug("- Option: " + option + " -> '" + options.get(option) + "'");
}
}
initialized = (this.subject != null);
@@ -171,13 +169,12 @@
}
/**
- * Implementations may set-up their own state. E. g. a DataSource if it is
- * authorized against an external System
+ * Implementations may set-up their own state.
*
* @param callbackHandler as passed by {@link javax.security.auth.login.LoginContext}
* @param session to security-workspace of Jackrabbit
* @param options options from Logini config
- * @throws LoginException in case initializeaiton failes
+ * @throws LoginException in case initialization failes
*/
protected abstract void doInit(CallbackHandler callbackHandler,
Session session,
@@ -255,7 +252,7 @@
* @return true if the authentication succeeded, or false if this
* <code>LoginModule</code> should be ignored.
* @throws LoginException if the authentication fails
- * @see LoginModule#login()
+ * @see javax.security.auth.spi.LoginModule#login()
* @see #getCredentials()
* @see #getUserID(Credentials)
* @see #getImpersonatorSubject(Credentials)
@@ -266,7 +263,7 @@
return false;
}
- // check for availability of Credentials;
+ // check the availability of Credentials
Credentials creds = getCredentials();
if (creds == null) {
log.warn("No credentials available -> try default (anonymous) authentication.");
@@ -329,8 +326,7 @@
* @return true if this method succeeded, or false if this
* <code>LoginModule</code> should be ignored.
* @throws LoginException if the commit fails
- * @see LoginModule#commit()
- * @see AbstractLoginModule#login()
+ * @see javax.security.auth.spi.LoginModule#commit()
*/
public boolean commit() throws LoginException {
//check login-state
@@ -341,7 +337,7 @@
return false;
}
- Set principals = getPrincipals();
+ Set<Principal> principals = getPrincipals();
subject.getPrincipals().addAll(principals);
subject.getPublicCredentials().add(credentials);
return true;
@@ -363,6 +359,7 @@
* @return true if this method succeeded, or false if this
* <code>LoginModule</code> should be ignored.
* @throws LoginException if the abort fails
+ * @see javax.security.auth.spi.LoginModule#abort()
*/
public boolean abort() throws LoginException {
if (!isInitialized()) {
@@ -377,16 +374,10 @@
}
/**
- * Method which logs out a <code>Subject</code>.
- * <p/>
- * <p>An implementation of this method might remove/destroy a Subject's
- * Principals and Credentials.
- * <p/>
- * <p/>
- *
- * @return true if this method succeeded, or false if this
- * <code>LoginModule</code> should be ignored.
+ * @return <code>true</code> if this method succeeded,
+ * or <code>false</code> if this <code>LoginModule</code> should be ignored.
* @throws LoginException if the logout fails
+ * @see javax.security.auth.spi.LoginModule#logout()
*/
public boolean logout() throws LoginException {
Set thisPrincipals = subject.getPrincipals();
@@ -648,14 +639,14 @@
* @return a Collection of principals that contains the current user
* principal and all groups it is member of.
*/
- protected Set getPrincipals() {
- // use ListOrderedSet instead of Hashset in order to maintain the order
+ protected Set<Principal> getPrincipals() {
+ // use linked HashSet instead of HashSet in order to maintain the order
// of principals (as in the Subject).
- Set principals = new ListOrderedSet();
+ Set<Principal> principals = new LinkedHashSet<Principal>();
principals.add(principal);
- Iterator groups = principalProvider.getGroupMembership(principal);
+ PrincipalIterator groups = principalProvider.getGroupMembership(principal);
while (groups.hasNext()) {
- principals.add(groups.next());
+ principals.add(groups.nextPrincipal());
}
return principals;
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java Tue Sep 8 16:09:28 2009
@@ -30,13 +30,13 @@
* JAAS <code>LoginModule</code></li>
* </ul>
*/
-public abstract interface AuthContext {
+public interface AuthContext {
/**
* Perform the authentication and, if successful, associate Principals and Credentials
* with the authenticated<code>Subject</code>.
*
- * @see LoginContext#login()
+ * @see javax.security.auth.login.LoginContext#login()
* @throws LoginException if the authentication fails.
*/
void login() throws LoginException;
@@ -44,7 +44,7 @@
/**
* Return the authenticated Subject.
*
- * @see LoginContext#getSubject()
+ * @see javax.security.auth.login.LoginContext#getSubject()
* @return the authenticated Subject or <code>null</code> if authentication failed.
*/
Subject getSubject();
@@ -52,8 +52,8 @@
/**
* Logout the <code>Subject</code>.
*
- * @see LoginContext#logout()
- * @exception LoginException if the logout fails.
+ * @see javax.security.auth.login.LoginContext#logout()
+ * @throws LoginException if the logout fails.
*/
void logout() throws LoginException;
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java Tue Sep 8 16:09:28 2009
@@ -133,16 +133,16 @@
} else {
AppConfigurationEntry[] entries = getJAASConfig();
if (entries != null) {
- List tmp = new ArrayList(entries.length);
- for (int i = 0; i < entries.length; i++) {
- Map opt = entries[i].getOptions();
+ List<Properties> tmp = new ArrayList<Properties>(entries.length);
+ for (AppConfigurationEntry entry : entries) {
+ Map opt = entry.getOptions();
if (opt != null) {
Properties prop = new Properties();
prop.putAll(opt);
tmp.add(prop);
}
}
- props = (Properties[]) tmp.toArray(new Properties[tmp.size()]);
+ props = tmp.toArray(new Properties[tmp.size()]);
}
}
return props;
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java Tue Sep 8 16:09:28 2009
@@ -82,9 +82,7 @@
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- Callback callback = callbacks[i];
-
+ for (Callback callback : callbacks) {
if (callback instanceof CredentialsCallback) {
((CredentialsCallback) callback).setCredentials(credentials);
} else if (callback instanceof RepositoryCallback) {
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java Tue Sep 8 16:09:28 2009
@@ -69,8 +69,8 @@
String[] attNames = credentials.getAttributeNames();
attributes = new HashMap<String, Object>(attNames.length);
- for (int i = 0; i < attNames.length; i++) {
- attributes.put(attNames[i], credentials.getAttribute(attNames[i]));
+ for (String attName : attNames) {
+ attributes.put(attName, credentials.getAttribute(attName));
}
}
@@ -89,7 +89,7 @@
algorithm = algo;
cryptedPassword = password;
}
- attributes = Collections.EMPTY_MAP;
+ attributes = Collections.emptyMap();
}
public String getUserID() {
@@ -134,7 +134,7 @@
// uncrypted pw to match -> crypt with algorithm present here.
return crypt(toMatch, algorithm).equals(cryptedPassword);
} else if (algr != null && algorithm == null) {
- // crypted pw to match but unkown algorithm here -> crypt this pw
+ // crypted pw to match but unknown algorithm here -> crypt this pw
return crypt(algr, cryptedPassword).equals(toMatch);
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java Tue Sep 8 16:09:28 2009
@@ -105,14 +105,15 @@
return authentication;
}
}
- // no valid user or authencation could not handle the given creds.
+ // no valid user or authentication could not handle the given credentials
return null;
}
/**
* Handles the impersonation of given Credentials.<p />
* Current implementation takes {@link User} for the given Principal and
- * delegates the check to {@link Impersonation#allows(javax.security.auth.Subject)}
+ * delegates the check to
+ * {@link org.apache.jackrabbit.api.security.user.Impersonation#allows(javax.security.auth.Subject)}
*
* @param principal Principal to impersonate.
* @param credentials Credentials used to create the impersonation subject.
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java Tue Sep 8 16:09:28 2009
@@ -50,7 +50,7 @@
context = new LoginContext(appName, subject, cbHandler);
}
} catch (LoginException e) {
- //all caseses it is thrown are checked -> ignore
+ //all cases it is thrown are checked -> ignore
} finally {
current.setContextClassLoader(orig);
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java Tue Sep 8 16:09:28 2009
@@ -16,30 +16,37 @@
*/
package org.apache.jackrabbit.core.security.authorization;
+import java.security.Principal;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.observation.ObservationManager;
+import javax.jcr.security.Privilege;
+
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.SystemPrincipal;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import javax.jcr.security.Privilege;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.observation.ObservationManager;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
/**
* <code>AbstractAccessControlProvider</code>...
*/
-public abstract class AbstractAccessControlProvider implements AccessControlProvider, AccessControlUtils {
-
- private static Logger log = LoggerFactory.getLogger(AbstractAccessControlProvider.class);
+public abstract class AbstractAccessControlProvider implements AccessControlProvider,
+ AccessControlUtils {
+ /**
+ * Constant for the name of the configuration option "omit-default-permission".
+ * The option is a flag indicating whether default permissions should be
+ * created upon initialization of this provider.<p/>
+ * If this option is present in the configuration no initial ACL content
+ * is created.<br>
+ * If this configuration option is omitted the default permissions are
+ * installed. Note however, that the initialization should not overwrite
+ * previously installed AC content.
+ */
public static final String PARAM_OMIT_DEFAULT_PERMISSIONS = "omit-default-permission";
/**
@@ -131,9 +138,8 @@
/**
* @see AccessControlUtils#isAdminOrSystem(Set)
*/
- public boolean isAdminOrSystem(Set principals) {
- for (Iterator it = principals.iterator(); it.hasNext();) {
- Principal p = (Principal) it.next();
+ public boolean isAdminOrSystem(Set<Principal> principals) {
+ for (Principal p : principals) {
if (p instanceof AdminPrincipal || p instanceof SystemPrincipal) {
return true;
}
@@ -144,7 +150,7 @@
/**
* @see AccessControlUtils#isReadOnly(Set)
*/
- public boolean isReadOnly(Set principals) {
+ public boolean isReadOnly(Set<Principal> principals) {
// TODO: find ways to determine read-only status
return false;
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java Tue Sep 8 16:09:28 2009
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.core.security.authorization;
+import java.util.Map;
+
import org.apache.commons.collections.map.LRUMap;
import org.apache.jackrabbit.spi.Path;
@@ -27,8 +29,9 @@
public abstract class AbstractCompiledPermissions implements CompiledPermissions {
// cache mapping a Path to a 'Result' containing permissions and privileges.
- private final LRUMap cache;
+ private final Map<Path, Result> cache;
+ @SuppressWarnings("unchecked")
protected AbstractCompiledPermissions() {
cache = new LRUMap(1000);
}
@@ -42,7 +45,7 @@
public Result getResult(Path absPath) throws RepositoryException {
Result result;
synchronized (cache) {
- result = (Result) cache.get(absPath);
+ result = cache.get(absPath);
if (result == null) {
result = buildResult(absPath);
cache.put(absPath, result);
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java Tue Sep 8 16:09:28 2009
@@ -54,7 +54,8 @@
* <code>nodePath</code>.
* @throws RepositoryException if an error occurs
*/
- AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException;
+ AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException,
+ PathNotFoundException, RepositoryException;
/**
* Retrieves the policies that have been applied before for the given
@@ -74,7 +75,8 @@
* if same other access control related exception occurs.
* @throws RepositoryException if an error occurs
*/
- JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessControlException, RepositoryException;
+ JackrabbitAccessControlPolicy[] getPolicies(Principal principal)
+ throws AccessControlException, RepositoryException;
/**
* Retrieves the editable policies for the Node identified by the given
@@ -100,7 +102,8 @@
* <code>nodePath</code>.
* @throws RepositoryException if an error occurs
*/
- AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException;
+ AccessControlPolicy[] editAccessControlPolicies(String nodePath)
+ throws AccessControlException, PathNotFoundException, RepositoryException;
/**
* Returns an array of editable policies for the given <code>principal</code>.
@@ -115,7 +118,8 @@
* if same other access control related exception occurs.
* @throws RepositoryException if another error occurs.
*/
- JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws AccessDeniedException, AccessControlException, RepositoryException;
+ JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal)
+ throws AccessDeniedException, AccessControlException, RepositoryException;
/**
* Stores the policy template to the respective node.
@@ -129,7 +133,8 @@
* <code>nodePath</code>.
* @throws RepositoryException if an other error occurs.
*/
- void setPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException;
+ void setPolicy(String nodePath, AccessControlPolicy policy)
+ throws AccessControlException, PathNotFoundException, RepositoryException;
/**
* Removes the specified policy from the node at <code>nodePath</code>.
@@ -143,5 +148,6 @@
* <code>nodePath</code>.
* @throws RepositoryException if an other error occurs
*/
- void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException;
+ void removePolicy(String nodePath, AccessControlPolicy policy)
+ throws AccessControlException, PathNotFoundException, RepositoryException;
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryImpl.java Tue Sep 8 16:09:28 2009
@@ -16,19 +16,18 @@
*/
package org.apache.jackrabbit.core.security.authorization;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
-import org.apache.jackrabbit.value.StringValue;
-import org.apache.jackrabbit.value.ValueHelper;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.value.ValueHelper;
/**
* Simple, immutable implementation of the
@@ -62,7 +61,7 @@
* Jackrabbit specific extension: the list of additional restrictions to be
* included in the evaluation.
*/
- private final Map restrictions;
+ private final Map<String, Value> restrictions;
/**
* Value factory
@@ -100,15 +99,16 @@
* @throws AccessControlException if either principal or privileges are invalid.
*/
protected AccessControlEntryImpl(Principal principal, Privilege[] privileges,
- boolean isAllow, Map restrictions, ValueFactory valueFactory)
+ boolean isAllow, Map<String, Value> restrictions,
+ ValueFactory valueFactory)
throws AccessControlException {
if (principal == null) {
throw new IllegalArgumentException();
}
// make sure no abstract privileges are passed.
- for (int i = 0; i < privileges.length; i++) {
- if (privileges[i].isAbstract()) {
- throw new AccessControlException("Privilege " + privileges[i] + " is abstract.");
+ for (Privilege privilege : privileges) {
+ if (privilege.isAbstract()) {
+ throw new AccessControlException("Privilege " + privilege + " is abstract.");
}
}
this.principal = principal;
@@ -118,22 +118,14 @@
this.valueFactory = valueFactory;
if (restrictions == null) {
- this.restrictions = Collections.EMPTY_MAP;
+ this.restrictions = Collections.emptyMap();
} else {
- this.restrictions = new HashMap(restrictions.size());
+ this.restrictions = new HashMap<String, Value>(restrictions.size());
// validate the passed restrictions and fill the map
- for (Iterator it = restrictions.keySet().iterator(); it.hasNext();) {
- Object key = it.next();
- Object v = restrictions.get(key);
- Value value;
- if (v instanceof Value) {
- // create copy of the value
- value = ValueHelper.copy((Value) v, valueFactory);
- } else {
- // fallback
- value = new StringValue(v.toString());
- }
- this.restrictions.put(key.toString(), value);
+ for (String key : restrictions.keySet()) {
+ Value value = restrictions.get(key);
+ value = ValueHelper.copy(value, valueFactory);
+ this.restrictions.put(key, value);
}
}
}
@@ -187,7 +179,7 @@
* @see org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry#getRestrictionNames()
*/
public String[] getRestrictionNames() {
- return (String[]) restrictions.keySet().toArray(new String[restrictions.size()]);
+ return restrictions.keySet().toArray(new String[restrictions.size()]);
}
/**
@@ -195,7 +187,7 @@
*/
public Value getRestriction(String restrictionName) {
if (restrictions.containsKey(restrictionName)) {
- return ValueHelper.copy((Value) restrictions.get(restrictionName), valueFactory);
+ return ValueHelper.copy(restrictions.get(restrictionName), valueFactory);
} else {
return null;
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEntryIterator.java Tue Sep 8 16:09:28 2009
@@ -31,22 +31,20 @@
/**
* <code>AccessControlEntryIterator</code>...
*/
-public class AccessControlEntryIterator implements Iterator {
+public class AccessControlEntryIterator implements Iterator<AccessControlEntry> {
private static Logger log = LoggerFactory.getLogger(AccessControlEntryIterator.class);
- private final List acls = new ArrayList();
- private Iterator currentEntries;
- private Object next;
+ private final List<AccessControlList> acls = new ArrayList<AccessControlList>();
+ private Iterator<AccessControlEntry> currentEntries;
+ private AccessControlEntry next;
- public AccessControlEntryIterator(List aces) {
+ public AccessControlEntryIterator(List<AccessControlEntry> aces) {
this(new AccessControlList[] {new UnmodifiableAccessControlList(aces)});
}
public AccessControlEntryIterator(AccessControlList[] acls) {
- for (int i = 0; i < acls.length; i++) {
- this.acls.add(acls[i]);
- }
+ this.acls.addAll(Arrays.asList(acls));
next = seekNext();
}
@@ -58,16 +56,16 @@
return next != null;
}
- public Object next() {
+ public AccessControlEntry next() {
if (next == null) {
throw new NoSuchElementException();
}
- Object ret = next;
+ AccessControlEntry ret = next;
next = seekNext();
return ret;
}
- private Object seekNext() {
+ private AccessControlEntry seekNext() {
while (currentEntries == null || !currentEntries.hasNext()) {
if (acls.isEmpty()) {
// reached last acl -> break out of while loop
@@ -76,7 +74,7 @@
} else {
AccessControlEntry[] entries = new AccessControlEntry[0];
try {
- entries = ((AccessControlList) acls.remove(0)).getAccessControlEntries();
+ entries = (acls.remove(0)).getAccessControlEntries();
} catch (RepositoryException e) {
log.error("Unable to retrieve ACEs: " + e.getMessage() + " -> try next.");
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java Tue Sep 8 16:09:28 2009
@@ -22,9 +22,10 @@
import javax.jcr.ItemNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
+
+import java.security.Principal;
import java.util.Map;
import java.util.Set;
-import java.security.Principal;
/**
* The AccessControlProvider is used to provide access control policy and entry
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlUtils.java Tue Sep 8 16:09:28 2009
@@ -20,6 +20,8 @@
import org.apache.jackrabbit.core.ItemImpl;
import javax.jcr.RepositoryException;
+
+import java.security.Principal;
import java.util.Set;
/**
@@ -58,7 +60,7 @@
* @return true if the specified set of principals contains an
* <code>AdminPrincipal</code> or a <code>SystemPrincipal</code>.
*/
- boolean isAdminOrSystem(Set principals);
+ boolean isAdminOrSystem(Set<Principal> principals);
/**
* Test if if the specified set of principals will have read-only permissions
@@ -69,6 +71,6 @@
* @return true if the specified set of principals will only be granted
* read permission on all items.
*/
- boolean isReadOnly(Set principals);
+ boolean isReadOnly(Set<Principal> principals);
}
\ No newline at end of file
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Tue Sep 8 16:09:28 2009
@@ -16,24 +16,24 @@
*/
package org.apache.jackrabbit.core.security.authorization;
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
-import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
-import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.NameFactory;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.NamespaceException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.jcr.NamespaceException;
+import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.NameFactory;
+import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
+import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
+
/**
* The <code>PrivilegeRegistry</code> defines the set of <code>Privilege</code>s
* known to the repository.
@@ -46,8 +46,8 @@
*/
public static final String REP_WRITE = "{" + Name.NS_REP_URI + "}write";
- private static final Set REGISTERED_PRIVILEGES = new HashSet(20);
- private static final Map BITS_TO_PRIVILEGES = new HashMap();
+ private static final Set<InternalPrivilege> REGISTERED_PRIVILEGES = new HashSet<InternalPrivilege>(20);
+ private static final Map<Integer, InternalPrivilege[]> BITS_TO_PRIVILEGES = new HashMap<Integer, InternalPrivilege[]>();
private static final NameFactory NAME_FACTORY = NameFactoryImpl.getInstance();
private static final Privilege[] EMPTY_ARRAY = new Privilege[0];
@@ -123,7 +123,7 @@
* Per instance map containing the instance specific representation of
* the registered privileges.
*/
- private final Map localCache;
+ private final Map<Name, Privilege> localCache;
/**
* Create a new <code>PrivilegeRegistry</code> instance.
@@ -133,9 +133,8 @@
*/
public PrivilegeRegistry(NameResolver resolver) {
this.resolver = resolver;
- localCache = new HashMap(REGISTERED_PRIVILEGES.size());
- for (Iterator it = REGISTERED_PRIVILEGES.iterator(); it.hasNext();) {
- InternalPrivilege ip = (InternalPrivilege) it.next();
+ localCache = new HashMap<Name, Privilege>(REGISTERED_PRIVILEGES.size());
+ for (InternalPrivilege ip : REGISTERED_PRIVILEGES) {
Privilege priv = new PrivilegeImpl(ip, resolver);
localCache.put(ip.name, priv);
}
@@ -147,7 +146,7 @@
* @return all registered privileges.
*/
public Privilege[] getRegisteredPrivileges() {
- return (Privilege[]) localCache.values().toArray(new Privilege[localCache.size()]);
+ return localCache.values().toArray(new Privilege[localCache.size()]);
}
/**
@@ -161,7 +160,7 @@
public Privilege getPrivilege(String privilegeName) throws AccessControlException, RepositoryException {
Name name = resolver.getQName(privilegeName);
if (localCache.containsKey(name)) {
- return (Privilege) localCache.get(name);
+ return localCache.get(name);
} else {
throw new AccessControlException("Unknown privilege " + privilegeName);
}
@@ -187,7 +186,7 @@
InternalPrivilege[] internalPrivs = getInteralPrivileges(bits);
privs = new Privilege[internalPrivs.length];
for (int i = 0; i < internalPrivs.length; i++) {
- privs[i] = (Privilege) localCache.get(internalPrivs[i].name);
+ privs[i] = localCache.get(internalPrivs[i].name);
}
} else {
privs = new Privilege[0];
@@ -207,8 +206,7 @@
throw new AccessControlException("Privilege array is empty or null.");
}
int bits = NO_PRIVILEGE;
- for (int i = 0; i < privileges.length; i++) {
- Privilege priv = privileges[i];
+ for (Privilege priv : privileges) {
if (priv instanceof PrivilegeImpl) {
bits |= ((PrivilegeImpl) priv).internalPrivilege.getBits();
} else {
@@ -307,11 +305,10 @@
* @return InternalPrivilege that corresponds to the given bits.
*/
private static InternalPrivilege[] getInteralPrivileges(int bits) {
- Object key = new Integer(bits);
- if (BITS_TO_PRIVILEGES.containsKey(key)) {
- return (InternalPrivilege[]) BITS_TO_PRIVILEGES.get(key);
+ if (BITS_TO_PRIVILEGES.containsKey(bits)) {
+ return BITS_TO_PRIVILEGES.get(bits);
} else {
- List privileges = new ArrayList();
+ List<InternalPrivilege> privileges = new ArrayList<InternalPrivilege>();
if ((bits & READ) == READ) {
privileges.add(READ_PRIVILEGE);
}
@@ -357,8 +354,8 @@
InternalPrivilege[] privs;
if (!privileges.isEmpty()) {
- privs = (InternalPrivilege[]) privileges.toArray(new InternalPrivilege[privileges.size()]);
- BITS_TO_PRIVILEGES.put(key, privs);
+ privs = privileges.toArray(new InternalPrivilege[privileges.size()]);
+ BITS_TO_PRIVILEGES.put(bits, privs);
} else {
privs = new InternalPrivilege[0];
}
@@ -368,7 +365,7 @@
private static InternalPrivilege registerPrivilege(InternalPrivilege privilege) {
REGISTERED_PRIVILEGES.add(privilege);
- BITS_TO_PRIVILEGES.put(new Integer(privilege.getBits()), new InternalPrivilege[] {privilege});
+ BITS_TO_PRIVILEGES.put(privilege.getBits(), new InternalPrivilege[] {privilege});
return privilege;
}
@@ -383,7 +380,7 @@
private final boolean isAbstract;
private final boolean isAggregate;
private final InternalPrivilege[] declaredAggregates;
- private final Set aggregates;
+ private final Set<InternalPrivilege> aggregates;
private final int bits;
@@ -417,10 +414,9 @@
this.name = NAME_FACTORY.create(name);
this.isAbstract = false;
this.declaredAggregates = declaredAggregates;
- Set aggrgt = new HashSet();
+ Set<InternalPrivilege> aggrgt = new HashSet<InternalPrivilege>();
int bts = 0;
- for (int i = 0; i < declaredAggregates.length; i++) {
- InternalPrivilege priv = declaredAggregates[i];
+ for (InternalPrivilege priv : declaredAggregates) {
bts |= priv.getBits();
if (priv.isAggregate) {
aggrgt.addAll(priv.aggregates);
@@ -491,7 +487,7 @@
Privilege[] privs = new Privilege[len];
for (int i = 0; i < len; i++) {
InternalPrivilege ip = internalPrivilege.declaredAggregates[i];
- privs[i] = (Privilege) localCache.get(ip.name);
+ privs[i] = localCache.get(ip.name);
}
return privs;
} else {
@@ -503,9 +499,8 @@
if (internalPrivilege.isAggregate) {
Privilege[] privs = new Privilege[internalPrivilege.aggregates.size()];
int i = 0;
- for (Iterator it = internalPrivilege.aggregates.iterator(); it.hasNext();) {
- InternalPrivilege ip = (InternalPrivilege) it.next();
- privs[i++] = (Privilege) localCache.get(ip.name);
+ for (InternalPrivilege ip : internalPrivilege.aggregates) {
+ privs[i++] = localCache.get(ip.name);
}
return privs;
} else {
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/UnmodifiableAccessControlList.java Tue Sep 8 16:09:28 2009
@@ -22,8 +22,16 @@
import javax.jcr.security.Privilege;
import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.PropertyType;
+
import java.security.Principal;
import java.util.List;
+import java.util.Map;
+import java.util.Collections;
+import java.util.HashMap;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
/**
* An implementation of the <code>AccessControlList</code> interface that only
@@ -32,10 +40,14 @@
* and {@link #removeAccessControlEntry(AccessControlEntry) removeAccessControlEntry})
* throw an <code>AccessControlException</code>.
*/
-public class UnmodifiableAccessControlList implements AccessControlList {
+public class UnmodifiableAccessControlList implements JackrabbitAccessControlList {
private final AccessControlEntry[] accessControlEntries;
+ private final Map<String, Integer> restrictions;
+
+ private final String path;
+
/**
* Construct a new <code>UnmodifiableAccessControlList</code>
*
@@ -45,7 +57,20 @@
* specified <code>AccessControlList</code>.
*/
public UnmodifiableAccessControlList(AccessControlList acl) throws RepositoryException {
- accessControlEntries = acl.getAccessControlEntries();
+ if (acl instanceof JackrabbitAccessControlList) {
+ JackrabbitAccessControlList jAcl = (JackrabbitAccessControlList) acl;
+ accessControlEntries = acl.getAccessControlEntries();
+ path = jAcl.getPath();
+ Map<String, Integer> r = new HashMap<String, Integer>();
+ for (String name: jAcl.getRestrictionNames()) {
+ r.put(name, jAcl.getRestrictionType(name));
+ }
+ restrictions = Collections.unmodifiableMap(r);
+ } else {
+ accessControlEntries = acl.getAccessControlEntries();
+ path = null;
+ restrictions = Collections.emptyMap();
+ }
}
/**
@@ -53,8 +78,10 @@
*
* @param accessControlEntries A list of {@link AccessControlEntry access control entries}.
*/
- public UnmodifiableAccessControlList(List accessControlEntries) {
- this.accessControlEntries = (AccessControlEntry[]) accessControlEntries.toArray(new AccessControlEntry[accessControlEntries.size()]);
+ public UnmodifiableAccessControlList(List<AccessControlEntry> accessControlEntries) {
+ this.accessControlEntries = accessControlEntries.toArray(new AccessControlEntry[accessControlEntries.size()]);
+ path = null;
+ restrictions = Collections.emptyMap();
}
//--------------------------------------------------< AccessControlList >---
@@ -82,4 +109,36 @@
throws AccessControlException, RepositoryException {
throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL.");
}
+
+ public String[] getRestrictionNames() {
+ return restrictions.keySet().toArray(new String[restrictions.size()]);
+ }
+
+ public int getRestrictionType(String restrictionName) {
+ if (restrictions.containsKey(restrictionName)) {
+ return restrictions.get(restrictionName);
+ } else {
+ return PropertyType.UNDEFINED;
+ }
+ }
+
+ public boolean isEmpty() {
+ return accessControlEntries.length == 0;
+ }
+
+ public int size() {
+ return accessControlEntries.length;
+ }
+
+ public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow) throws AccessControlException, RepositoryException {
+ throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL.");
+ }
+
+ public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws AccessControlException, RepositoryException {
+ throw new AccessControlException("Unmodifiable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL.");
+ }
+
+ public String getPath() {
+ return path;
+ }
}
\ No newline at end of file
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java Tue Sep 8 16:09:28 2009
@@ -19,6 +19,7 @@
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import java.util.Set;
+import java.security.Principal;
/**
* The <code>WorkspaceAccessManager</code> is responsible for workspace access.
@@ -53,5 +54,6 @@
* workspace with the specified name.
* @throws RepositoryException If an error occurs.
*/
- boolean grants(Set principals, String workspaceName) throws RepositoryException;
+ boolean grants(Set<Principal> principals, String workspaceName)
+ throws RepositoryException;
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java Tue Sep 8 16:09:28 2009
@@ -83,9 +83,9 @@
/**
*
- * @param aclNode
- * @return
- * @throws RepositoryException
+ * @param aclNode the node
+ * @return the control list
+ * @throws RepositoryException if an error occurs
*/
AccessControlList getACL(NodeImpl aclNode) throws RepositoryException {
return new ACLTemplate(aclNode, privilegeRegistry);
@@ -171,8 +171,8 @@
}
AccessControlEntry[] entries = ((ACLTemplate) policy).getAccessControlEntries();
- for (int i = 0; i < entries.length; i++) {
- JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entries[i];
+ for (AccessControlEntry entry : entries) {
+ JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entry;
Name nodeName = getUniqueNodeName(aclNode, ace.isAllow() ? "allow" : "deny");
Name ntName = (ace.isAllow()) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
@@ -216,7 +216,7 @@
* defining content. It this case setting or modifying an AC-policy is
* obviously not possible.
*
- * @param nodePath
+ * @param nodePath the node path
* @throws AccessControlException If the given nodePath identifies a Node that
* represents a ACL or ACE item.
* @throws RepositoryException
@@ -231,9 +231,9 @@
/**
* Check if the specified policy can be set/removed from this editor.
*
- * @param nodePath
- * @param policy
- * @throws AccessControlException
+ * @param nodePath the node path
+ * @param policy the policy
+ * @throws AccessControlException if not allowed
*/
private static void checkValidPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException {
if (policy == null || !(policy instanceof ACLTemplate)) {
@@ -247,10 +247,10 @@
/**
*
- * @param path
- * @return
- * @throws PathNotFoundException
- * @throws RepositoryException
+ * @param path the path
+ * @return the node
+ * @throws PathNotFoundException if not found
+ * @throws RepositoryException if an error occurs
*/
private NodeImpl getNode(String path) throws PathNotFoundException, RepositoryException {
return (NodeImpl) session.getNode(path);
@@ -261,10 +261,10 @@
* path or <code>null</code> if the node is not mix:AccessControllable
* or if no policy node exists.
*
- * @param nodePath
+ * @param nodePath the node path
* @return node or <code>null</code>
- * @throws PathNotFoundException
- * @throws RepositoryException
+ * @throws PathNotFoundException if not found
+ * @throws RepositoryException if an error occurs
*/
private NodeImpl getAclNode(String nodePath) throws PathNotFoundException, RepositoryException {
NodeImpl controlledNode = getNode(nodePath);
@@ -275,9 +275,9 @@
* Returns the rep:Policy node below the given Node or <code>null</code>
* if the node is not mix:AccessControllable or if no policy node exists.
*
- * @param controlledNode
+ * @param controlledNode the controlled node
* @return node or <code>null</code>
- * @throws RepositoryException
+ * @throws RepositoryException if an error occurs
*/
private NodeImpl getAclNode(NodeImpl controlledNode) throws RepositoryException {
NodeImpl aclNode = null;
@@ -289,9 +289,9 @@
/**
*
- * @param nodePath
- * @return
- * @throws RepositoryException
+ * @param nodePath the node path
+ * @return the new node
+ * @throws RepositoryException if an error occurs
*/
private NodeImpl createAclNode(String nodePath) throws RepositoryException {
NodeImpl protectedNode = getNode(nodePath);
@@ -306,8 +306,8 @@
*
* @param node a name for the child is resolved
* @param name if missing the {@link #DEFAULT_ACE_NAME} is taken
- * @return
- * @throws RepositoryException
+ * @return the name
+ * @throws RepositoryException if an error occurs
*/
protected static Name getUniqueNodeName(Node node, String name) throws RepositoryException {
if (name == null) {
@@ -333,12 +333,13 @@
* Build an array of Value from the specified <code>privileges</code> using
* the given <code>valueFactory</code>.
*
- * @param privileges
- * @param valueFactory
+ * @param privileges the privileges
+ * @param valueFactory the value factory
* @return an array of Value.
- * @throws javax.jcr.ValueFormatException
+ * @throws ValueFormatException if an error occurs
*/
- private static Value[] getPrivilegeNames(Privilege[] privileges, ValueFactory valueFactory) throws ValueFormatException {
+ private static Value[] getPrivilegeNames(Privilege[] privileges, ValueFactory valueFactory)
+ throws ValueFormatException {
Value[] names = new Value[privileges.length];
for (int i = 0; i < privileges.length; i++) {
names[i] = valueFactory.createValue(privileges[i].getName(), PropertyType.NAME);
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java Tue Sep 8 16:09:28 2009
@@ -16,54 +16,55 @@
*/
package org.apache.jackrabbit.core.security.authorization.acl;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.Privilege;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.NodeIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.observation.Event;
+import javax.jcr.observation.EventIterator;
+import javax.jcr.query.Query;
+import javax.jcr.query.QueryManager;
+import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.Privilege;
+
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.PropertyImpl;
-import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.id.NodeId;
import org.apache.jackrabbit.core.observation.SynchronousEventListener;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
+import org.apache.jackrabbit.core.security.authorization.AccessControlEntryIterator;
import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.core.security.authorization.Permission;
import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
import org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList;
-import org.apache.jackrabbit.core.security.authorization.AccessControlEntryIterator;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.name.PathFactoryImpl;
import org.apache.jackrabbit.util.Text;
-import org.apache.commons.collections.map.ListOrderedMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.NodeIterator;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.Value;
-import javax.jcr.observation.Event;
-import javax.jcr.observation.EventIterator;
-import javax.jcr.query.Query;
-import javax.jcr.query.QueryManager;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Arrays;
-
/**
* The ACLProvider generates access control policies out of the items stored
* in the workspace applying the following rules:
@@ -114,8 +115,8 @@
*/
public boolean isAcItem(Path absPath) throws RepositoryException {
Path.Element[] elems = absPath.getElements();
- for (int i = 0; i < elems.length; i++) {
- if (N_POLICY.equals(elems[i].getName())) {
+ for (Path.Element elem : elems) {
+ if (N_POLICY.equals(elem.getName())) {
return true;
}
}
@@ -151,14 +152,14 @@
/**
* @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(Path)
- * @param absPath
+ * @param absPath absolute path
*/
public AccessControlPolicy[] getEffectivePolicies(Path absPath) throws ItemNotFoundException, RepositoryException {
checkInitialized();
NodeImpl targetNode = (NodeImpl) session.getNode(session.getJCRPath(absPath));
NodeImpl node = getNode(targetNode);
- List acls = new ArrayList();
+ List<AccessControlList> acls = new ArrayList<AccessControlList>();
// collect all ACLs effective at node
collectAcls(node, acls);
@@ -169,7 +170,7 @@
// controlled.
log.warn("No access controlled node present in item hierarchy starting from " + targetNode.getPath());
}
- return (AccessControlList[]) acls.toArray(new AccessControlList[acls.size()]);
+ return acls.toArray(new AccessControlList[acls.size()]);
}
/**
@@ -215,8 +216,8 @@
* searched and returned.
*
* @param targetNode The node for which AC information needs to be retrieved.
- * @return
- * @throws RepositoryException
+ * @return the node
+ * @throws RepositoryException if an error occurs
*/
private NodeImpl getNode(NodeImpl targetNode) throws RepositoryException {
NodeImpl node;
@@ -238,9 +239,9 @@
* @param node the Node to collect the ACLs for, which must NOT be part of the
* structure defined by mix:AccessControllable.
* @param acls List used to collect the effective acls.
- * @throws RepositoryException
+ * @throws RepositoryException if an error occurs
*/
- private void collectAcls(NodeImpl node, List acls) throws RepositoryException {
+ private void collectAcls(NodeImpl node, List<AccessControlList> acls) throws RepositoryException {
// if the given node is access-controlled, construct a new ACL and add
// it to the list
if (isAccessControlled(node)) {
@@ -314,10 +315,10 @@
* and if it has a child node named
* {@link AccessControlConstants#N_POLICY "rep:ACL"}.
*
- * @param node
+ * @param node hte node
* @return <code>true</code> if the node is access controlled;
* <code>false</code> otherwise.
- * @throws RepositoryException
+ * @throws RepositoryException if an error occurs
*/
static boolean isAccessControlled(NodeImpl node) throws RepositoryException {
return node.isNodeType(NT_REP_ACCESS_CONTROLLABLE) && node.hasNode(N_POLICY);
@@ -329,7 +330,7 @@
*/
private class AclPermissions extends AbstractCompiledPermissions implements SynchronousEventListener {
- private final List principalNames;
+ private final List<String> principalNames;
private final String jcrReadPrivilegeName;
/**
@@ -343,7 +344,7 @@
}
private AclPermissions(Set<Principal> principals, boolean listenToEvents) throws RepositoryException {
- principalNames = new ArrayList(principals.size());
+ principalNames = new ArrayList<String>(principals.size());
for (Principal princ : principals) {
principalNames.add(princ.getName());
}
@@ -381,7 +382,7 @@
* permissions for any of the principals AND denies-READ. Otherwise
* this shortcut is not possible.
*
- * @param principalnames
+ * @param principalnames names of the principals
* @return true if read is allowed everywhere.
*/
private boolean isReadAllowed(Collection<String> principalnames) {
@@ -397,10 +398,9 @@
// where the rep:principalName property exactly matches any of
// the given principalsNames
int i = 0;
- Iterator itr = principalnames.iterator();
- while (itr.hasNext()) {
+ for (String principalname : principalnames) {
stmt.append("@").append(resolver.getJCRName(P_PRINCIPAL_NAME)).append(" eq ");
- stmt.append("'").append(itr.next().toString()).append("'");
+ stmt.append("'").append(principalname).append("'");
if (++i < principalnames.size()) {
stmt.append(" or ");
}
@@ -522,9 +522,9 @@
/**
*
- * @param absPath
- * @param permissions
- * @return
+ * @param absPath absolute path
+ * @param permissions permission bits
+ * @return <code>true</code> if the permissions are granted
* @throws RepositoryException
* @see CompiledPermissions#grants(Path, int)
*/
@@ -560,8 +560,8 @@
// ACE denies READ.
if (readAllowed && n.isNodeType(NT_REP_DENY_ACE)) {
Value[] vs = n.getProperty(P_PRIVILEGES).getValues();
- for (int i = 0; i < vs.length; i++) {
- if (jcrReadPrivilegeName.equals(vs[i].getString())) {
+ for (Value v : vs) {
+ if (jcrReadPrivilegeName.equals(v.getString())) {
readAllowed = false;
}
}
@@ -624,12 +624,12 @@
*/
private class Entries {
- private final ListOrderedMap principalNamesToEntries;
+ private final Map<String, List<AccessControlEntry>> principalNamesToEntries;
- private Entries(NodeImpl node, Collection principalNames) throws RepositoryException {
- principalNamesToEntries = new ListOrderedMap();
- for (Iterator it = principalNames.iterator(); it.hasNext();) {
- principalNamesToEntries.put(it.next(), new ArrayList());
+ private Entries(NodeImpl node, Collection<String> principalNames) throws RepositoryException {
+ principalNamesToEntries = new LinkedHashMap<String, List<AccessControlEntry>>();
+ for (String name : principalNames) {
+ principalNamesToEntries.put(name, new ArrayList<AccessControlEntry>());
}
collectEntries(node);
}
@@ -650,11 +650,9 @@
}
private AccessControlEntryIterator iterator() {
- List entries = new ArrayList();
- for (Iterator it =
- principalNamesToEntries.asList().iterator(); it.hasNext();) {
- Object key = it.next();
- entries.addAll((List) principalNamesToEntries.get(key));
+ List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();
+ for (List<AccessControlEntry> list: principalNamesToEntries.values()) {
+ entries.addAll(list);
}
return new AccessControlEntryIterator(entries);
}