You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2008/03/19 14:57:11 UTC
svn commit: r638834 [1/14] - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/
jackr...
Author: angela
Date: Wed Mar 19 06:56:13 2008
New Revision: 638834
URL: http://svn.apache.org/viewvc?rev=638834&view=rev
Log:
JCR-1104 : JSR 283 support
JCR-1171 : Contribute Pluggable Permission and User Management to Jackrabbit
Added:
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java (with props)
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SecurityItemModifier.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/SecurityManagerConfig.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/WorkspaceSecurityConfig.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AbstractAccessControlManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContext.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AuthContextProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/Authentication.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CallbackHandlerImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CredentialsCallback.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/ImpersonationCallback.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/JAASAuthContext.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/LocalAuthContext.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/RepositoryCallback.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/SimpleCredentialsAuthentication.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlConstants.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactory.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlProviderFactoryImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/GlobPattern.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/Permission.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PolicyEntry.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplate.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/WorkspaceAccessManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLCache.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/DefaultACL.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/ACLImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedEditor.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/CombinedProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyEntryImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/combined/PolicyTemplateImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntry.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlException.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicy.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIterator.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/jsr283/security/Privilege.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/AbstractPrincipalIterator.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/AbstractPrincipalProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/AdminPrincipal.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/EveryonePrincipal.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ItemBasedPrincipal.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/JackrabbitPrincipal.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalIteratorAdapter.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalProviderRegistry.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleAccessManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleLoginModule.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserConstants.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AuthorizableTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/GroupTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/NestedGroupTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateGroupTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/AccessManagerTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/TestPrincipal.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/EntryTemplateTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AbstractAccessControlTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlDiscoveryTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntryTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIteratorTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlDiscoveryTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlEntryTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlPolicyTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java (with props)
jackrabbit/trunk/jackrabbit-core/src/test/repository/workspaces/security/
jackrabbit/trunk/jackrabbit-core/src/test/repository/workspaces/security/workspace.xml (with props)
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SystemSession.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/XASessionImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/AccessManagerConfig.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfig.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/RepositoryConfigurationParser.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/SecurityConfig.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/WorkspaceConfig.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AMContext.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AccessManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AnonymousPrincipal.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/AuthContext.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/CredentialsCallback.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/CredentialsCallbackHandler.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SecurityConstants.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleAccessManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SystemPrincipal.java
jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml
jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/repository.xml
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/RepositoryConfigTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/WorkspaceConfigTest.java
jackrabbit/trunk/jackrabbit-core/src/test/repository/jaas.config
jackrabbit/trunk/jackrabbit-core/src/test/repository/repository.xml
jackrabbit/trunk/jackrabbit-core/src/test/resources/repositoryStubImpl.properties
jackrabbit/trunk/jackrabbit-jcr2spi/src/test/resources/jaas.config
jackrabbit/trunk/jackrabbit-jcr2spi/src/test/resources/repository.xml
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api;
+
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+
+import javax.jcr.Session;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+
+/**
+ * <code>JackrabbitSession</code>...
+ */
+public interface JackrabbitSession extends Session {
+
+ /**
+ * Returns the <code>PrincipalManager</code> for the current <code>Session</code>.
+ *
+ * @return this sessions principal manager.
+ *
+ * @throws AccessDeniedException
+ * @throws UnsupportedRepositoryOperationException If principal management
+ * is not supported.
+ * @throws RepositoryException
+ * @see PrincipalManager
+ */
+ PrincipalManager getPrincipalManager() throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
+
+ /**
+ * Returns the <code>UserManager</code> for the current <code>Session</code>.
+ *
+ * @throws javax.jcr.AccessDeniedException If this session is not allowed to
+ * to access user data.
+ * @throws UnsupportedRepositoryOperationException If user management is
+ * not supported.
+ * @throws javax.jcr.RepositoryException If another error occurs.
+ * @see UserManager
+ */
+ UserManager getUserManager() throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException;
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.principal;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * Exception used to indicate that a <code>Principal</code> is not known to
+ * the system.
+ */
+public class NoSuchPrincipalException extends RepositoryException {
+
+ public NoSuchPrincipalException(String message) {
+ super(message);
+ }
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.principal;
+
+import javax.jcr.RangeIterator;
+import java.security.Principal;
+
+/**
+ * A {@link RangeIterator} iterating over <code>Principal</code>s.<br>
+ */
+public interface PrincipalIterator extends RangeIterator {
+
+ /**
+ * Returns the next principal.
+ *
+ * @return the next principal
+ */
+ Principal nextPrincipal();
+
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalIterator.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.principal;
+
+import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
+import java.security.Principal;
+import java.security.acl.Group;
+
+/**
+ * This interface defines the principal manager which is the clients view on
+ * all principals known to the repository. Each principal manager is bound to
+ * a session and is restricted by the respective access control. The principal
+ * manager in addition provides basic search facilities.
+ * <p/>
+ * A <strong>{@link Principal}</strong> is an object used to connect
+ * to any kind of security mechanism. Example for this are the
+ * {@link javax.security.auth.spi.LoginModule login modules} that use principals
+ * to process the login procedure. <br/>
+ * A principal can be a member of a <strong>{@link Group}</strong>. A
+ * group is a principal itself and can therefore be a member of a group again.
+ * <p/>
+ * Please note the following security considerations that need to be respected
+ * when implementing the PrincipalManager: All principals returned by this
+ * manager as well as {@link Group#members()} must respect access restrictions
+ * that may be present for the <code>Session</code> this manager has been built
+ * for. The same applies for {@link #getGroupMembership(Principal)}.
+ */
+public interface PrincipalManager {
+
+ /**
+ * Filter flag indicating that only <code>Principal</code>s that do NOT
+ * represent a {@link java.security.acl.Group group} should be searched
+ * and returned.
+ */
+ int SEARCH_TYPE_NOT_GROUP = 1;
+
+ /**
+ * Filter flag indicating that only <code>Principal</code>s that represent
+ * a {@link java.security.acl.Group group} of Principals should be searched
+ * and returned.
+ */
+ int SEARCH_TYPE_GROUP = 2;
+
+ /**
+ * Filter flag indicating that all <code>Principal</code>s should be search
+ * irrespective whether they represent a group of Principals or not.
+ */
+ int SEARCH_TYPE_ALL = 3;
+
+ /**
+ * Checks if the principal with the given name is known to this manager
+ * (in respect to the sessions access rights). If this method returns
+ * <code>true</code> then the following expression evaluates to <code>true</code>
+ * as well: <code>PrincipalManager.getPrincipal(name).getName().equals(name)</code>
+ *
+ * @param principalName the name of the principal to check
+ * @return return <code>true</code> if the principal with this name is known
+ * to this manager; <code>false</code> otherwise.
+ */
+ boolean hasPrincipal(String principalName);
+
+ /**
+ * Returns the principal with the given name if is known to this manager
+ * (with respect to the sessions access rights).
+ * Please note that due to security reasons Group principals will only
+ * reveal those members that are visible to the Session this
+ * <code>PrincipalManager</code> has been built for.
+ *
+ * @param principalName the name of the principal to retrieve
+ * @return return the requested principal.
+ * @throws NoSuchPrincipalException If no principal with the given name exists.
+ */
+ Principal getPrincipal(String principalName) throws NoSuchPrincipalException;
+
+ /**
+ * Gets the principals matching a simple filter expression applied against
+ * the {@link Principal#getName() principal name}.
+ * TODO: define the filter expression.<br>
+ * An implementation may limit the number of principals returned.
+ * If there are no matching principals, an empty iterator is returned.
+ *
+ * @param simpleFilter
+ * @return a <code>PrincipalIterator</code> over the <code>Principal</code>s
+ * matching the given filter.
+ */
+ PrincipalIterator findPrincipals(String simpleFilter);
+
+ /**
+ * Gets the principals matching a simple filter expression applied against
+ * the {@link Principal#getName() principal name} AND the specified search
+ * type.
+ * TODO: define the filter expression.<br>
+ * An implementation may limit the number of principals returned.
+ * If there are no matching principals, an empty iterator is returned.
+ *
+ * @param simpleFilter
+ * @param searchType Any of the following constants:
+ * <ul>
+ * <li>{@link PrincipalManager#SEARCH_TYPE_ALL}</li>
+ * <li>{@link PrincipalManager#SEARCH_TYPE_GROUP}</li>
+ * <li>{@link PrincipalManager#SEARCH_TYPE_NOT_GROUP}</li>
+ * </ul>
+ * @return a <code>PrincipalIterator</code> over the <code>Principal</code>s
+ * matching the given filter and search type.
+ */
+ PrincipalIterator findPrincipals(String simpleFilter, int searchType);
+
+ /**
+ * Returns all <code>Principal</code>s matching the specified search type.
+ *
+ * @param searchType Any of the following constants:
+ * <ul>
+ * <li>{@link PrincipalManager#SEARCH_TYPE_ALL}</li>
+ * <li>{@link PrincipalManager#SEARCH_TYPE_GROUP}</li>
+ * <li>{@link PrincipalManager#SEARCH_TYPE_NOT_GROUP}</li>
+ * </ul>
+ * @return a <code>PrincipalIterator</code> over all the <code>Principal</code>s
+ * matching the given search type.
+ */
+ PrincipalIterator getPrincipals(int searchType);
+
+ /**
+ * Returns an iterator over all group principals for which the given
+ * principal is either direct or indirect member of.
+ * <p/>
+ * Example:<br>
+ * If Principal P is member of Group A, and Group A is member of
+ * Group B, this method will return Principal A and Principal B.
+ *
+ * @param principal the principal to return it's membership from.
+ * @return an iterator returning all groups the given principal is member of.
+ */
+ PrincipalIterator getGroupMembership(Principal principal);
+
+ /**
+ * Returns the <code>Principal</code> which is implicitely is applied to
+ * every subject.
+ *
+ * @return the 'everyone' principal
+ */
+ Principal getEveryone();
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * The Authorizable is the common base interface for {@link User} and
+ * {@link Group}. It provides access to the <code>Principal</code>s associated
+ * with an <code>Authorizable</code> (see below) and allow to access and
+ * modify additional properties such as e.g. full name, e-mail or address.
+ * <p/>
+ *
+ * Please note the difference between <code>Authorizable</code> and
+ * {@link java.security.Principal Principal}:<br>
+ * An <code>Authorizable</code> is repository object that is neither associated
+ * with nor depending from a particular <code>Session</code> and thus independant
+ * of the login mechanisms creating <code>Session</code>s.<br>
+ *
+ * On the other hand <code>Principal</code>s are representations of user
+ * identities. In other words: each <code>Principal</code> within the set
+ * associated with the Session's Subject upon login represents an identity for
+ * that user. An the set of <code>Principal</code>s may differ between different
+ * login mechanisms.<br>
+ *
+ * Consequently an one-to-many relationship exists between Authorizable
+ * and Principal (see also {@link #getPrincipal()} and {@link #getPrincipals()}).
+ * <p />
+ *
+ * The interfaces derived from Authorizable are defined as follows:
+ * <ul>
+ * <li>{@link User}: defined to be an authorizable that can be authenticated
+ * (by using Credentials) and impersonated.</li>
+ * <li>{@link Group}: defined to be a collection of other
+ * <code>Authorizable</code>s.</li>
+ * </ul>
+ *
+ * @see User
+ * @see Group
+ */
+public interface Authorizable {
+
+ /**
+ * Return the implementation specific identifer for this
+ * <code>Authorizable</code>. It could e.g. be a UserID or simply the
+ * principal name.
+ *
+ * @return Name of this <code>Authorizable</code>.
+ */
+ String getID() throws RepositoryException;
+
+ /**
+ * @return if the current Authorizable is a {@link Group}
+ */
+ boolean isGroup();
+
+ /**
+ * @return a representation as Principal.
+ * @throws RepositoryException If an error occurs.
+ */
+ Principal getPrincipal() throws RepositoryException;
+
+ /**
+ * Add the given Principal to this Authorizable.
+ * Note, that a Principal can only be refered by a single Authorizable in
+ * the Repository. If another User or Group already refers to the given
+ * Principal a <code>AuthorizableExistsException</code> is thrown.
+ *
+ * @param principal
+ * @return true if added, false if this Authorizable already represents
+ * the given Principal.
+ * @return AuthorizableExistsException If the given principal is already refered
+ * to by another Authorizable.
+ * @throws RepositoryException
+ */
+ boolean addReferee(Principal principal) throws AuthorizableExistsException, RepositoryException;
+
+ /**
+ * Remove the specified Principal for the referees of this Authorizable.
+ *
+ * @param principal
+ * @return true if principal has been referee before. False otherwise.
+ * @throws RepositoryException
+ */
+ boolean removeReferee(Principal principal) throws RepositoryException;
+
+ /**
+ * @return Iterator of all Principal related to this authentication Object
+ * including the main principal, (see {@link #getPrincipal()}).
+ * @throws RepositoryException
+ */
+ PrincipalIterator getPrincipals() throws RepositoryException;
+
+ /**
+ * @return all {@link Group}s, this Authorizable is member of
+ * @throws RepositoryException
+ */
+ Iterator memberOf() throws RepositoryException;
+
+ /**
+ * Removes this <code>Authorizable</code>, if the session has sufficient
+ * permissions. Note, that removing an <code>Authorizable</code> even
+ * if it listed as member of a Group or if still has members (this is
+ * a Group itself).
+ *
+ * @throws RepositoryException If an error occured and the
+ * <code>Authorizable</code> could not be removed.
+ */
+ void remove() throws RepositoryException;
+
+ /**
+ * Tests if a the property with specified name exists.
+ *
+ * @param name
+ * @return
+ * @throws RepositoryException
+ * @see #getProperty(String)
+ */
+ boolean hasProperty(String name) throws RepositoryException;
+
+ /**
+ * Set an arbitrary property to this <code>Authorizable</code>.
+ *
+ * @param name
+ * @param value
+ * @throws RepositoryException If the specified property could not be set.
+ */
+ void setProperty(String name, Value value) throws RepositoryException;
+
+ /**
+ * Set an arbitrary property to this <code>Authorizable</code>.
+ *
+ * @param name
+ * @param value multiple values
+ * @throws RepositoryException If the specified property could not be set.
+ */
+ void setProperty(String name, Value[] value) throws RepositoryException;
+
+ /**
+ * Returns the values for the properties with the specified name or
+ * <code>null</code>.
+ *
+ * @param name
+ * @return value of the property with the given name or <code>null</code>
+ * if no such property exists.
+ * @throws RepositoryException If an error occurs.
+ */
+ Value[] getProperty(String name) throws RepositoryException;
+
+ /**
+ * Removes the property with the given name.
+ *
+ * @param name
+ * @return true If the property with the specified name was successfully
+ * removed; false if no such property was present.
+ * @throws RepositoryException If an error occurs.
+ */
+ boolean removeProperty(String name) throws RepositoryException;
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * AuthorizableExistsException
+ */
+public class AuthorizableExistsException extends RepositoryException {
+
+ public AuthorizableExistsException(String msg) {
+ super(msg);
+ }
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableExistsException.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+
+import javax.jcr.RepositoryException;
+import java.util.Iterator;
+
+/**
+ * A Group is a collection of {@link #getMembers() Authorizable}s.
+ */
+public interface Group extends Authorizable {
+
+ /**
+ * @return Iterator of <code>Authorizable</code>s which are getMembers of
+ * this Group.
+ * @throws RepositoryException
+ */
+ Iterator getMembers() throws RepositoryException;
+
+ /**
+ * @return true if the Authorizable to test is a member of this Group.
+ * @throws RepositoryException
+ */
+ boolean isMember(Authorizable authorizable) throws RepositoryException;
+
+ /**
+ * Add a member to this Group.<br>
+ * Changes will be persisted immediately.
+ *
+ * @return true if the <code>Authorizable</code> has successfully been added
+ * to this Group, false otherwise (e.g. unknown implemention
+ * or if it already is a member or if the passed authorizable is the
+ * group itself or for some implementation specific constraint).
+ * @throws RepositoryException If an error occurs.
+ */
+ boolean addMember(Authorizable authorizable) throws RepositoryException;
+
+ /**
+ * Remove a member to this Group.<br>
+ * Changes will be persisted immediately.
+ *
+ * @return true if the Authorizable was successfully removed. False otherwise.
+ * @throws RepositoryException
+ */
+ boolean removeMember(Authorizable authorizable) throws RepositoryException;
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
+import javax.jcr.RepositoryException;
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+/**
+ * The <code>Impersonation</code> maintains Principals that are allowed to
+ * impersonate. Principals can be added or removed using
+ * {@link #grantImpersonation(Principal)} and
+ * {@link #revokeImpersonation(Principal)}, respectively.
+ *
+ * @see User#getImpersonation()
+ */
+public interface Impersonation {
+
+ // TODO: ev. add method that allows to display principals/users that are allowed to impersonate.
+ // TODO: ev. grantImpersonation/revokeImpersonation should take User
+
+ /**
+ * @return An iterator over the <code>Principal</code>s that are allowed
+ * to impersonate the <code>User</code> this <code>Impersonation</code>
+ * object has been created for.
+ * @throws RepositoryException
+ */
+ PrincipalIterator getImpersonators() throws RepositoryException;
+
+ /**
+ * @param principal The principal that should be allowed to impersonate
+ * the <code>User</code> this <code>Impersonation</code> has been built for.
+ * @return true if the specified <code>Principal</code> has not been allowed
+ * to impersonate before and if impersonation has been successfully
+ * granted to it, false otherwise.
+ * @throws RepositoryException
+ */
+ boolean grantImpersonation(Principal principal) throws RepositoryException;
+
+ /**
+ * @param principal
+ * @return If the granted impersonation has been successfully revoked for
+ * the given principal; false otherwise.
+ * @throws RepositoryException
+ */
+ boolean revokeImpersonation(Principal principal) throws RepositoryException;
+
+ /**
+ * Test if the given subject (i.e. any of the principals it contains) is
+ * allowed to impersonate.
+ *
+ * @param subject to impersonate.
+ * @return true if this <code>Impersonation</code> allows the specified
+ * Subject to impersonate.
+ * @throws RepositoryException
+ */
+ boolean allows(Subject subject) throws RepositoryException;
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Impersonation.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Impersonation;
+
+import javax.jcr.RepositoryException;
+import java.util.Iterator;
+
+/**
+ * User is a special {@link Authorizable} that can be authenticated and
+ * impersonated.
+ *
+ * @see #getCredentials()
+ * @see #getImpersonation()
+ */
+public interface User extends Authorizable {
+
+ /**
+ * @return true if the current Authorizable is has all Privileges
+ */
+ boolean isAdmin();
+
+ /**
+ * Returns an iterator of <code>Credentials</code> object that belong
+ * to this user. The iterator's size must be greater than zero.
+ *
+ * @return an iterator over <code>Credentials</code> that contains
+ * at least a single <code>Credentials</code> object.
+ */
+ Iterator getCredentials() throws RepositoryException;
+
+ /**
+ * @return <code>Impersonation</code> for this <code>User</code>.
+ */
+ Impersonation getImpersonation() throws RepositoryException;
+
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java (added)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Credentials;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * The <code>UserManager</code> provides access to and means to maintain
+ * {@link Authorizable authoriable objects} i.e. {@link User users} and
+ * {@link Group groups}. The <code>UserManager</code> is bound to a particular
+ * <code>Session</code>.
+ */
+public interface UserManager {
+
+ /**
+ * Get the Authorizable by its id.
+ *
+ * @param id
+ * @return Authorizable or <code>null</code>, if not present.
+ * @throws RepositoryException
+ * @see Authorizable#getID()
+ */
+ Authorizable getAuthorizable(String id) throws RepositoryException;
+
+ /**
+ * Get the Authorizable by its main Principal.
+ *
+ * @param principal
+ * @return Authorizable or <code>null</code>, if not present.
+ * @throws RepositoryException
+ */
+ Authorizable getAuthorizable(Principal principal) throws RepositoryException;
+
+ /**
+ * Returns all <code>Authorizable</code>s that have
+ * {@link Authorizable#getProperty(String) property} with the given name and
+ * that Property equals the given value.
+ *
+ * @param propertyName
+ * @param value
+ * @return All <code>Authorizable</code>s that have a property with the given
+ * name exactly matching the given value.
+ * @throws RepositoryException
+ * @see Authorizable#getProperty(String)
+ */
+ Iterator findAuthorizable(String propertyName, String value) throws RepositoryException;
+
+ /**
+ * Creates an User for the given userID that authenitcates with the given
+ * {@link javax.jcr.Credentials Credentials}.<br>
+ * Neither of the specified parameters can be <code>null</code>.
+ *
+ * @param userID
+ * @param credentials
+ * @param principal
+ * @return The new <code>User</code>.
+ * @throws AuthorizableExistsException in case the given userID is already
+ * in use or another Authorizable with the same principal name exists.
+ * @throws RepositoryException If another error occurs.
+ */
+ User createUser(String userID, Credentials credentials, Principal principal) throws AuthorizableExistsException, RepositoryException;
+
+ /**
+ * Creates an User for the given userID that authenitcates with the given
+ * {@link javax.jcr.Credentials Credentials} and returns the specified
+ * Principal upon {@link User#getPrincipal()}. If the implementation is not
+ * able to deal with the <code>itermediatePath</code> that parameter should
+ * be ignored.
+ * Except for the <code>itermediatePath</code>, neither of the specified
+ * parameters can be <code>null</code>.
+ *
+ * @param userID
+ * @param credentials
+ * @param principal
+ * @param intermediatePath
+ * @return The new <code>User</code>.
+ * @throws AuthorizableExistsException in case the given userID is already
+ * in use or another Authorizable with the same principal name exists.
+ * @throws RepositoryException If the current Session is
+ * not allowed to create users or some another error occurs.
+ */
+ User createUser(String userID, Credentials credentials, Principal principal,
+ String intermediatePath) throws AuthorizableExistsException, RepositoryException;
+
+ /**
+ * Creates a new <code>Group</code> that is based on the given principal.
+ *
+ * @param principal A non-null <code>Principal</code>
+ * @return The new <code>Group</code>.
+ * @throws AuthorizableExistsException in case the given groupID is already
+ * in use or another Authorizable with the same principal name exists.
+ * @throws RepositoryException If another error occurs.
+ */
+ Group createGroup(Principal principal) throws AuthorizableExistsException, RepositoryException;
+
+ /**
+ * Creates a new <code>Group</code> that is based on the given principal
+ * and the specified <code>itermediatePath</code> hint. If the implementation is not
+ * able to deal with the <code>itermediatePath</code> that parameter should
+ * be ignored.
+ *
+ * @param principal
+ * @param intermediatePath
+ * @return The new <code>Group</code>.
+ * @throws AuthorizableExistsException in case the given groupID is already
+ * in use or another Authorizable with the same principal name exists.
+ * @throws RepositoryException If another error occurs.
+ */
+ Group createGroup(Principal principal, String intermediatePath) throws AuthorizableExistsException, RepositoryException;
+}
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.commons.iterator;
+
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicyIterator;
+import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator;
+import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
+
+import javax.jcr.RangeIterator;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+/**
+ * Adapter class for turning {@link RangeIterator}s or {@link Iterator}s
+ * into {@link AccessControlPolicyIteratorAdapter}s.
+ *
+ * TODO: move to jackrabbit-jcr-commons project as soon as jsr 283 is released.
+ */
+public class AccessControlPolicyIteratorAdapter extends RangeIteratorDecorator
+ implements AccessControlPolicyIterator {
+
+ /**
+ * Static instance of an empty {@link AccessControlPolicyIteratorAdapter}.
+ */
+ public static final AccessControlPolicyIterator EMPTY =
+ new AccessControlPolicyIteratorAdapter(RangeIteratorAdapter.EMPTY);
+
+ /**
+ * Creates an adapter for the given {@link RangeIterator}.
+ *
+ * @param iterator iterator of {@link AccessControlPolicy access control policies}.
+ */
+ public AccessControlPolicyIteratorAdapter(RangeIterator iterator) {
+ super(iterator);
+ }
+
+ /**
+ * Creates an adapter for the given {@link Iterator}.
+ *
+ * @param iterator iterator of {@link AccessControlPolicy access control policies}.
+ */
+ public AccessControlPolicyIteratorAdapter(Iterator iterator) {
+ super(new RangeIteratorAdapter(iterator));
+ }
+
+ /**
+ * Creates an iterator for the given collection.
+ *
+ * @param collection collection of {@link AccessControlPolicy} objects.
+ */
+ public AccessControlPolicyIteratorAdapter(Collection collection) {
+ super(new RangeIteratorAdapter(collection));
+ }
+
+ //----------------------------------------< AccessControlPolicyIterator >---
+ /**
+ * Returns the next policy.
+ *
+ * @return next policy.
+ * @throws NoSuchElementException if there is no next policy.
+ */
+ public AccessControlPolicy nextAccessControlPolicy() throws NoSuchElementException {
+ return (AccessControlPolicy) next();
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java?rev=638834&r1=638833&r2=638834&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/BatchedItemOperations.java Wed Mar 19 06:56:13 2008
@@ -24,6 +24,7 @@
import org.apache.jackrabbit.core.nodetype.PropDef;
import org.apache.jackrabbit.core.nodetype.PropDefId;
import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.security.authorization.Permission;
import org.apache.jackrabbit.core.state.ItemState;
import org.apache.jackrabbit.core.state.ItemStateException;
import org.apache.jackrabbit.core.state.ItemStateManager;
@@ -40,6 +41,7 @@
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.MalformedPathException;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
+import org.apache.jackrabbit.spi.commons.name.PathFactoryImpl;
import org.apache.jackrabbit.uuid.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -386,7 +388,7 @@
| CHECK_VERSIONING | CHECK_CONSTRAINTS);
// check read access right on source node using source access manager
try {
- if (!srcAccessMgr.isGranted(srcState.getNodeId(), AccessManager.READ)) {
+ if (!srcAccessMgr.isGranted(srcPath, Permission.READ)) {
throw new PathNotFoundException(safeGetJCRPath(srcPath));
}
} catch (ItemNotFoundException infe) {
@@ -401,7 +403,7 @@
ReferenceChangeTracker refTracker = new ReferenceChangeTracker();
// create deep copy of source node state
- NodeState newState = copyNodeState(srcState, srcStateMgr, srcAccessMgr,
+ NodeState newState = copyNodeState(srcState, srcPath, srcStateMgr, srcAccessMgr,
destParentState.getNodeId(), flag, refTracker);
// add to new parent
@@ -664,11 +666,11 @@
if ((options & CHECK_ACCESS) == CHECK_ACCESS) {
AccessManager accessMgr = session.getAccessManager();
// make sure current session is granted read access on parent node
- if (!accessMgr.isGranted(parentState.getNodeId(), AccessManager.READ)) {
+ if (!accessMgr.isGranted(parentPath, Permission.READ)) {
throw new ItemNotFoundException(safeGetJCRPath(parentState.getNodeId()));
}
// make sure current session is granted write access on parent node
- if (!accessMgr.isGranted(parentState.getNodeId(), AccessManager.WRITE)) {
+ if (!accessMgr.isGranted(parentPath, nodeName, Permission.ADD_NODE)) {
throw new AccessDeniedException(safeGetJCRPath(parentState.getNodeId())
+ ": not allowed to add child node");
}
@@ -793,7 +795,7 @@
// root or orphaned node
throw new ConstraintViolationException("cannot remove root node");
}
- NodeId targetId = targetState.getNodeId();
+ Path targetPath = hierMgr.getPath(targetState.getNodeId());
NodeState parentState = getNodeState(parentId);
Path parentPath = hierMgr.getPath(parentId);
@@ -817,17 +819,17 @@
AccessManager accessMgr = session.getAccessManager();
try {
// make sure current session is granted read access on parent node
- if (!accessMgr.isGranted(targetId, AccessManager.READ)) {
- throw new PathNotFoundException(safeGetJCRPath(targetId));
+ if (!accessMgr.isGranted(targetPath, Permission.READ)) {
+ throw new PathNotFoundException(safeGetJCRPath(targetPath));
}
// make sure current session is allowed to remove target node
- if (!accessMgr.isGranted(targetId, AccessManager.REMOVE)) {
- throw new AccessDeniedException(safeGetJCRPath(targetId)
+ if (!accessMgr.isGranted(targetPath, Permission.REMOVE_NODE)) {
+ throw new AccessDeniedException(safeGetJCRPath(targetPath)
+ ": not allowed to remove node");
}
} catch (ItemNotFoundException infe) {
String msg = "internal error: failed to check access rights for "
- + safeGetJCRPath(targetId);
+ + safeGetJCRPath(targetPath);
log.debug(msg);
throw new RepositoryException(msg, infe);
}
@@ -843,11 +845,11 @@
}
NodeDef targetDef = ntReg.getNodeDef(targetState.getDefinitionId());
if (targetDef.isMandatory()) {
- throw new ConstraintViolationException(safeGetJCRPath(targetId)
+ throw new ConstraintViolationException(safeGetJCRPath(targetPath)
+ ": cannot remove mandatory node");
}
if (targetDef.isProtected()) {
- throw new ConstraintViolationException(safeGetJCRPath(targetId)
+ throw new ConstraintViolationException(safeGetJCRPath(targetPath)
+ ": cannot remove protected node");
}
}
@@ -862,12 +864,12 @@
try {
NodeReferences refs = stateMgr.getNodeReferences(refsId);
if (refs.hasReferences()) {
- throw new ReferentialIntegrityException(safeGetJCRPath(targetId)
+ throw new ReferentialIntegrityException(safeGetJCRPath(targetPath)
+ ": cannot remove node with references");
}
} catch (ItemStateException ise) {
String msg = "internal error: failed to check references on "
- + safeGetJCRPath(targetId);
+ + safeGetJCRPath(targetPath);
log.error(msg, ise);
throw new RepositoryException(msg, ise);
}
@@ -912,14 +914,14 @@
// access rights
AccessManager accessMgr = session.getAccessManager();
// make sure current session is granted read access on node
- if (!accessMgr.isGranted(node.getNodeId(), AccessManager.READ)) {
+ if (!accessMgr.isGranted(nodePath, Permission.READ)) {
throw new PathNotFoundException(safeGetJCRPath(node.getNodeId()));
}
- // make sure current session is granted write access on node
- if (!accessMgr.isGranted(node.getNodeId(), AccessManager.WRITE)) {
- throw new AccessDeniedException(safeGetJCRPath(node.getNodeId())
- + ": not allowed to modify node");
- }
+ // TODO: removed check for 'WRITE' permission on node due to the fact,
+ // TODO: that add_node and set_property permission are granted on the
+ // TODO: items to be create/modified and not on their parent.
+ // in any case, the ability to add child-nodes and properties is checked
+ // while executing the corresponding operation.
// locking status
verifyUnlocked(nodePath);
@@ -948,13 +950,11 @@
*/
public void verifyCanRead(Path nodePath)
throws PathNotFoundException, RepositoryException {
- NodeState node = getNodeState(nodePath);
-
// access rights
AccessManager accessMgr = session.getAccessManager();
// make sure current session is granted read access on node
- if (!accessMgr.isGranted(node.getNodeId(), AccessManager.READ)) {
- throw new PathNotFoundException(safeGetJCRPath(node.getNodeId()));
+ if (!accessMgr.isGranted(nodePath, Permission.READ)) {
+ throw new PathNotFoundException(safeGetJCRPath(nodePath));
}
}
@@ -1647,6 +1647,7 @@
* child nodes.
*
* @param srcState
+ * @param srcPath
* @param srcStateMgr
* @param srcAccessMgr
* @param destParentId
@@ -1661,6 +1662,7 @@
* @throws RepositoryException if an error occurs
*/
private NodeState copyNodeState(NodeState srcState,
+ Path srcPath,
ItemStateManager srcStateMgr,
AccessManager srcAccessMgr,
NodeId destParentId,
@@ -1738,10 +1740,11 @@
Iterator iter = srcState.getChildNodeEntries().iterator();
while (iter.hasNext()) {
NodeState.ChildNodeEntry entry = (NodeState.ChildNodeEntry) iter.next();
- NodeId nodeId = entry.getId();
- if (!srcAccessMgr.isGranted(nodeId, AccessManager.READ)) {
+ Path srcChildPath = PathFactoryImpl.getInstance().create(srcPath, entry.getName(), true);
+ if (!srcAccessMgr.isGranted(srcChildPath, Permission.READ)) {
continue;
}
+ NodeId nodeId = entry.getId();
NodeState srcChildState = (NodeState) srcStateMgr.getItemState(nodeId);
/**
@@ -1752,7 +1755,7 @@
*/
// recursive copying of child node
- NodeState newChildState = copyNodeState(srcChildState,
+ NodeState newChildState = copyNodeState(srcChildState, srcChildPath,
srcStateMgr, srcAccessMgr, id, flag, refTracker);
// store new child node
stateMgr.store(newChildState);
@@ -1763,10 +1766,10 @@
iter = srcState.getPropertyNames().iterator();
while (iter.hasNext()) {
Name propName = (Name) iter.next();
- PropertyId propId = new PropertyId(srcState.getNodeId(), propName);
- if (!srcAccessMgr.isGranted(propId, AccessManager.READ)) {
+ if (!srcAccessMgr.isGranted(srcPath, propName, Permission.READ)) {
continue;
}
+ PropertyId propId = new PropertyId(srcState.getNodeId(), propName);
PropertyState srcChildState =
(PropertyState) srcStateMgr.getItemState(propId);