You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/01 10:49:24 UTC
svn commit: r1441363 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
security/authorization/ security/privilege/ spi/security/privilege/
Author: angela
Date: Fri Feb 1 09:49:23 2013
New Revision: 1441363
URL: http://svn.apache.org/viewvc?rev=1441363&view=rev
Log:
OAK-64 : Privilege Management (simplify)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
- copied, changed from r1440941, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeDefinitionReader.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java?rev=1441363&r1=1441362&r2=1441363&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java Fri Feb 1 09:49:23 2013
@@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.CommitFailedException;
@@ -30,7 +31,6 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.apache.jackrabbit.util.Text;
@@ -45,16 +45,16 @@ class AccessControlValidator implements
private final Tree parentBefore;
private final Tree parentAfter;
- private final Map<String, PrivilegeDefinition> privilegeDefinitions;
+ private final Map<String, Privilege> privileges;
private final RestrictionProvider restrictionProvider;
private final ReadOnlyNodeTypeManager ntMgr;
AccessControlValidator(Tree parentBefore, Tree parentAfter,
- Map<String, PrivilegeDefinition> privilegeDefinitions,
+ Map<String, Privilege> privileges,
RestrictionProvider restrictionProvider, ReadOnlyNodeTypeManager ntMgr) {
this.parentBefore = parentBefore;
this.parentAfter = parentAfter;
- this.privilegeDefinitions = privilegeDefinitions;
+ this.privileges = privileges;
this.restrictionProvider = restrictionProvider;
this.ntMgr = ntMgr;
}
@@ -90,7 +90,7 @@ class AccessControlValidator implements
Tree treeAfter = checkNotNull(parentAfter.getChild(name));
checkValidTree(parentAfter, treeAfter);
- return new AccessControlValidator(null, treeAfter, privilegeDefinitions, restrictionProvider, ntMgr);
+ return new AccessControlValidator(null, treeAfter, privileges, restrictionProvider, ntMgr);
}
@Override
@@ -99,7 +99,7 @@ class AccessControlValidator implements
Tree treeAfter = checkNotNull(parentAfter.getChild(name));
checkValidTree(parentAfter, treeAfter);
- return new AccessControlValidator(treeBefore, treeAfter, privilegeDefinitions, restrictionProvider, ntMgr);
+ return new AccessControlValidator(treeBefore, treeAfter, privileges, restrictionProvider, ntMgr);
}
@Override
@@ -192,12 +192,12 @@ class AccessControlValidator implements
fail("Missing privileges.");
}
for (String privilegeName : privilegeNames) {
- if (privilegeName == null || !privilegeDefinitions.containsKey(privilegeName)) {
+ if (privilegeName == null || !privileges.containsKey(privilegeName)) {
fail("Invalid privilege " + privilegeName);
}
- PrivilegeDefinition def = privilegeDefinitions.get(privilegeName);
- if (def.isAbstract()) {
+ Privilege privilege = privileges.get(privilegeName);
+ if (privilege.isAbstract()) {
fail("Abstract privilege " + privilegeName);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java?rev=1441363&r1=1441362&r2=1441363&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java Fri Feb 1 09:49:23 2013
@@ -18,8 +18,14 @@ package org.apache.jackrabbit.oak.securi
import java.util.Map;
import javax.annotation.Nonnull;
+import javax.jcr.RepositoryException;
+import javax.jcr.security.Privilege;
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.ReadOnlyRoot;
import org.apache.jackrabbit.oak.core.ReadOnlyTree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
@@ -28,9 +34,10 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionReader;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* {@code AccessControlValidatorProvider} aimed to provide a root validator
@@ -40,6 +47,8 @@ import org.apache.jackrabbit.oak.spi.sta
*/
class AccessControlValidatorProvider implements ValidatorProvider {
+ private static final Logger log = LoggerFactory.getLogger(AccessControlValidatorProvider.class);
+
private SecurityProvider securityProvider;
AccessControlValidatorProvider(SecurityProvider securityProvider) {
@@ -53,15 +62,27 @@ class AccessControlValidatorProvider imp
Tree rootBefore = new ReadOnlyTree(before);
Tree rootAfter = new ReadOnlyTree(after);
- PrivilegeDefinitionReader reader = securityProvider.getPrivilegeConfiguration().getPrivilegeDefinitionReader(rootBefore);
- Map<String, PrivilegeDefinition> privilegeDefinitions = reader.readDefinitions();
-
AccessControlConfiguration acConfig = securityProvider.getAccessControlConfiguration();
RestrictionProvider restrictionProvider = acConfig.getRestrictionProvider(NamePathMapper.DEFAULT);
+ Map<String, Privilege> privileges = getPrivileges(before, securityProvider.getPrivilegeConfiguration());
ReadOnlyNodeTypeManager ntMgr = ReadOnlyNodeTypeManager.getInstance(before);
- return new AccessControlValidator(rootBefore, rootAfter, privilegeDefinitions, restrictionProvider, ntMgr);
+ return new AccessControlValidator(rootBefore, rootAfter, privileges, restrictionProvider, ntMgr);
+ }
+
+ private static Map<String, Privilege> getPrivileges(NodeState beforeRoot, PrivilegeConfiguration config) {
+ Root root = new ReadOnlyRoot(beforeRoot);
+ PrivilegeManager pMgr = config.getPrivilegeManager(root, NamePathMapper.DEFAULT);
+ ImmutableMap.Builder privileges = ImmutableMap.builder();
+ try {
+ for (Privilege privilege : pMgr.getRegisteredPrivileges()) {
+ privileges.put(privilege.getName(), privilege);
+ }
+ } catch (RepositoryException e) {
+ log.error("Unexpected error: failed to read privileges.");
+ }
+ return privileges.build();
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1441363&r1=1441362&r2=1441363&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Fri Feb 1 09:49:23 2013
@@ -22,7 +22,6 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -30,7 +29,6 @@ import org.apache.jackrabbit.oak.spi.lif
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionReader;
/**
* Configuration for the privilege management component.
@@ -44,12 +42,6 @@ public class PrivilegeConfigurationImpl
return new PrivilegeManagerImpl(root, namePathMapper);
}
- @Nonnull
- @Override
- public PrivilegeDefinitionReader getPrivilegeDefinitionReader(Tree tree) {
- return new PrivilegeDefinitionReaderImpl(tree);
- }
-
//----------------------------------------------< SecurityConfiguration >---
@Nonnull
@Override
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java (from r1440941, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java&r1=1440941&r2=1441363&rev=1441363&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java Fri Feb 1 09:49:23 2013
@@ -20,47 +20,29 @@ import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nonnull;
-import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.api.TreeLocation;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionReader;
import org.apache.jackrabbit.oak.util.NodeUtil;
-import static com.google.common.base.Preconditions.checkNotNull;
import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.PRIVILEGES_PATH;
import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_AGGREGATES;
import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_IS_ABSTRACT;
-import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_PRIVILEGES;
/**
* Reads privilege definitions from the repository content without applying
* any validation.
*/
-class PrivilegeDefinitionReaderImpl implements PrivilegeDefinitionReader {
+class PrivilegeDefinitionReader {
private final Tree privilegesTree;
- PrivilegeDefinitionReaderImpl(@Nonnull Tree privilegesTree) {
- if (privilegesTree.isRoot()) {
- TreeLocation location = privilegesTree.getLocation().getChild(JcrConstants.JCR_SYSTEM+'/'+REP_PRIVILEGES);
- this.privilegesTree = checkNotNull(location.getTree());
- } else if (PRIVILEGES_PATH.equals(privilegesTree.getPath())) {
- this.privilegesTree = privilegesTree;
- } else {
- throw new IllegalArgumentException("Illegal privilege tree " + privilegesTree);
- }
- }
-
- PrivilegeDefinitionReaderImpl(@Nonnull Root root) {
- this(checkNotNull(root.getTree(PRIVILEGES_PATH)));
+ PrivilegeDefinitionReader(@Nonnull Root root) {
+ this.privilegesTree = root.getTree(PRIVILEGES_PATH);
}
- //------------------------------------------< PrivilegeDefinitionReader >---
- @Override
- public Map<String, PrivilegeDefinition> readDefinitions() {
+ Map<String, PrivilegeDefinition> readDefinitions() {
Map<String, PrivilegeDefinition> definitions = new HashMap<String, PrivilegeDefinition>();
if (privilegesTree != null) {
for (Tree child : privilegesTree.getChildren()) {
@@ -71,10 +53,13 @@ class PrivilegeDefinitionReaderImpl impl
return definitions;
}
- @Override
- public PrivilegeDefinition readDefinition(String privilegeName) {
- Tree definitionTree = privilegesTree.getChild(privilegeName);
- return (definitionTree == null) ? null : readDefinition(definitionTree);
+ PrivilegeDefinition readDefinition(String privilegeName) {
+ if (privilegesTree == null) {
+ return null;
+ } else {
+ Tree definitionTree = privilegesTree.getChild(privilegeName);
+ return (definitionTree == null) ? null : readDefinition(definitionTree);
+ }
}
//-----------------------------------------------------------< internal >---
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java?rev=1441363&r1=1441362&r2=1441363&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java Fri Feb 1 09:49:23 2013
@@ -34,7 +34,6 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.core.RootImpl;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -142,10 +141,11 @@ public class PrivilegeManagerImpl implem
@Nonnull
private PrivilegeDefinitionReader getReader() {
- return new PrivilegeDefinitionReaderImpl(root);
+ return new PrivilegeDefinitionReader(root);
}
//--------------------------------------------------------------------------
+
/**
* Privilege implementation based on a {@link org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition}.
*/
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java?rev=1441363&r1=1441362&r2=1441363&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java Fri Feb 1 09:49:23 2013
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.api.Com
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.core.ReadOnlyRoot;
import org.apache.jackrabbit.oak.core.ReadOnlyTree;
import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
import org.apache.jackrabbit.oak.spi.commit.Validator;
@@ -40,17 +41,10 @@ import org.apache.jackrabbit.util.Text;
class PrivilegeValidator implements PrivilegeConstants, Validator {
private final Map<String, PrivilegeDefinition> definitions;
- private final PrivilegeDefinitionReaderImpl reader;
PrivilegeValidator(NodeState before) {
- Tree privTree = getPrivilegesTree(before);
- if (privTree != null) {
- reader = new PrivilegeDefinitionReaderImpl(privTree);
- definitions = reader.readDefinitions();
- } else {
- reader = null;
- definitions = null;
- }
+ PrivilegeDefinitionReader reader = new PrivilegeDefinitionReader(new ReadOnlyRoot(before));
+ definitions = reader.readDefinitions();
}
//----------------------------------------------------------< Validator >---
@@ -71,8 +65,6 @@ class PrivilegeValidator implements Priv
@Override
public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException {
- checkInitialized();
-
// the following characteristics are expected to be validated elsewhere:
// - permission to allow privilege registration -> permission validator.
// - name collisions (-> delegated to NodeTypeValidator since sms are not allowed)
@@ -92,7 +84,7 @@ class PrivilegeValidator implements Priv
}
// additional validation of the definition
- PrivilegeDefinition def = reader.readDefinition(tree);
+ PrivilegeDefinition def = PrivilegeDefinitionReader.readDefinition(tree);
validateDefinition(def);
// privilege definitions may not have child nodes.
@@ -110,16 +102,18 @@ class PrivilegeValidator implements Priv
}
//------------------------------------------------------------< private >---
+
/**
* Validation of the privilege definition including the following steps:
- *
+ * <p/>
* - all aggregates must have been registered before
* - no existing privilege defines the same aggregation
* - no cyclic aggregation
*
* @param definition The new privilege definition to validate.
- * @throws org.apache.jackrabbit.oak.api.CommitFailedException If any of
- * the checks listed above fails.
+ * @throws org.apache.jackrabbit.oak.api.CommitFailedException
+ * If any of
+ * the checks listed above fails.
*/
private void validateDefinition(PrivilegeDefinition definition) throws CommitFailedException {
Set<String> declaredNames = definition.getDeclaredAggregateNames();
@@ -134,7 +128,7 @@ class PrivilegeValidator implements Priv
for (String aggrName : declaredNames) {
// aggregated privilege not registered
if (!definitions.containsKey(aggrName)) {
- throw new CommitFailedException("Declared aggregate '"+ aggrName +"' is not a registered privilege.");
+ throw new CommitFailedException("Declared aggregate '" + aggrName + "' is not a registered privilege.");
}
// check for circular aggregation
@@ -198,19 +192,4 @@ class PrivilegeValidator implements Priv
}
return aggregateNames;
}
-
- private void checkInitialized() throws CommitFailedException {
- if (reader == null || definitions == null) {
- throw new CommitFailedException(new IllegalStateException("Mandatory privileges root is missing."));
- }
- }
-
- private static Tree getPrivilegesTree(NodeState rootState) {
- Tree root = new ReadOnlyTree(rootState);
- Tree system = root.getChild(JcrConstants.JCR_SYSTEM);
- if (system != null) {
- return system.getChild(REP_PRIVILEGES);
- }
- return null;
- }
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java?rev=1441363&r1=1441362&r2=1441363&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java Fri Feb 1 09:49:23 2013
@@ -20,7 +20,6 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
@@ -32,20 +31,10 @@ public interface PrivilegeConfiguration
/**
* Creates a new instance of {@link PrivilegeManager}.
*
- * @param root The root for which the privilege manager should be created.
+ * @param root The root for which the privilege manager should be created.
* @param namePathMapper The name and path mapper to be used.
* @return A new {@code PrivilegeManager}.
*/
@Nonnull
PrivilegeManager getPrivilegeManager(Root root, NamePathMapper namePathMapper);
-
- /**
- * Creates a new {@code PrivilegeDefinitionReader} instance for the
- * specified {@code tree}.
- *
- * @param tree The {@code Tree} that is used to read the privilege definitions.
- * @return A new {@code PrivilegeDefinitionReader}.
- */
- @Nonnull
- PrivilegeDefinitionReader getPrivilegeDefinitionReader(Tree tree);
}