You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/20 19:49:47 UTC
svn commit: r1448349 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization:
./ permission/
Author: angela
Date: Wed Feb 20 18:49:46 2013
New Revision: 1448349
URL: http://svn.apache.org/r1448349
Log:
OAK-527: permissions (wip)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
- copied, changed from r1448268, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionHook.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
- copied, changed from r1448234, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImpl.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionHook.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImpl.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/TmpPermissionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1448349&r1=1448348&r2=1448349&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java Wed Feb 20 18:49:46 2013
@@ -70,7 +70,9 @@ public class AccessControlConfigurationI
return new CommitHookProvider() {
@Override
public CommitHook getCommitHook(String workspaceName) {
- //FIXME return new CompositeHook(new PermissionHook(workspaceName), new VersionablePathHook(workspaceName));
+// return new CompositeHook(
+// new PermissionHook(workspaceName, getRestrictionProvider(NamePathMapper.DEFAULT)),
+// new VersionablePathHook(workspaceName));
return new CompositeHook(new VersionablePathHook(workspaceName));
}
};
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java?rev=1448349&r1=1448348&r2=1448349&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java Wed Feb 20 18:49:46 2013
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.securi
import java.util.Collection;
import com.google.common.collect.ImmutableSet;
-import org.apache.jackrabbit.JcrConstants;
/**
* AccessControlConstants... TODO
@@ -51,23 +50,6 @@ public interface AccessControlConstants
*/
String NT_REP_RESTRICTIONS = "rep:Restrictions";
- /**
- * @since OAK 1.0
- */
- String NT_REP_PERMISSIONS = "rep:Permissions";
- /**
- * @since OAK 1.0
- */
- String NT_REP_PERMISSION_STORE = "rep:PermissionStore";
- /**
- * @since OAK 1.0
- */
- String REP_PERMISSION_STORE = "rep:permissionStore";
- /**
- * @since OAK 1.0
- */
- String PERMISSIONS_STORE_PATH = JcrConstants.JCR_SYSTEM + '/' + REP_PERMISSION_STORE;
-
Collection<String> POLICY_NODE_NAMES = ImmutableSet.of(REP_POLICY, REP_REPO_POLICY);
Collection<String> ACE_PROPERTY_NAMES = ImmutableSet.of(REP_PRINCIPAL_NAME, REP_PRIVILEGES);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/TmpPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/TmpPermissionProvider.java?rev=1448349&r1=1448348&r2=1448349&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/TmpPermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/TmpPermissionProvider.java Wed Feb 20 18:49:46 2013
@@ -23,6 +23,7 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.security.authorization.permission.PermissionProviderImpl;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1448349&r1=1448348&r2=1448349&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java Wed Feb 20 18:49:46 2013
@@ -40,7 +40,7 @@ import static com.google.common.base.Pre
/**
* TODO
*/
-public class CompiledPermissionImpl implements CompiledPermissions, AccessControlConstants {
+class CompiledPermissionImpl implements CompiledPermissions, AccessControlConstants {
private final Set<Principal> principals;
private final PrivilegeBitsProvider bitsProvider;
@@ -48,9 +48,9 @@ public class CompiledPermissionImpl impl
private final Map<Key, Entry> userEntries;
private final Map<Key, Entry> groupEntries;
- public CompiledPermissionImpl(@Nonnull Set<Principal> principals,
- @Nonnull PrivilegeBitsProvider bitsProvider,
- @Nonnull ReadOnlyTree permissionsTree) {
+ CompiledPermissionImpl(@Nonnull Set<Principal> principals,
+ @Nonnull PrivilegeBitsProvider bitsProvider,
+ @Nonnull ReadOnlyTree permissionsTree) {
this.principals = checkNotNull(principals);
this.bitsProvider = bitsProvider;
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java?rev=1448349&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java Wed Feb 20 18:49:46 2013
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.permission;
+
+import org.apache.jackrabbit.JcrConstants;
+
+/**
+ * PermissionConstants... TODO
+ */
+interface PermissionConstants {
+
+ /**
+ * @since OAK 1.0
+ */
+ String NT_REP_PERMISSIONS = "rep:Permissions";
+ /**
+ * @since OAK 1.0
+ */
+ String NT_REP_PERMISSION_STORE = "rep:PermissionStore";
+ /**
+ * @since OAK 1.0
+ */
+ String REP_PERMISSION_STORE = "rep:permissionStore";
+ /**
+ * @since OAK 1.0
+ */
+ String PERMISSIONS_STORE_PATH = JcrConstants.JCR_SYSTEM + '/' + REP_PERMISSION_STORE;
+
+ String REP_ACCESS_CONTROLLED_PATH = "rep:accessControlledPath";
+ String REP_INDEX = "rep:index";
+ char PREFIX_ALLOW = 'a';
+ char PREFIX_DENY = 'd';
+
+}
\ No newline at end of file
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java (from r1448268, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionHook.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionHook.java&r1=1448268&r2=1448349&rev=1448349&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionHook.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java Wed Feb 20 18:49:46 2013
@@ -14,12 +14,14 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization;
+package org.apache.jackrabbit.oak.security.authorization.permission;
import java.util.Collections;
+import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
+import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.CommitFailedException;
@@ -34,9 +36,12 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.memory.MemoryPropertyBuilder;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStateDiff;
@@ -54,14 +59,20 @@ import static org.apache.jackrabbit.JcrC
* access control content and updates persisted permission caches associated
* with access control related data stored in the repository.
*/
-public class PermissionHook implements CommitHook, AccessControlConstants {
+public class PermissionHook implements CommitHook, AccessControlConstants, PermissionConstants {
private static final Logger log = LoggerFactory.getLogger(PermissionHook.class);
+ private final RestrictionProvider restrictionProvider;
private final String workspaceName;
- PermissionHook(String workspaceName) {
+ private NodeBuilder permissionRoot;
+ private ReadOnlyNodeTypeManager ntMgr;
+ private PrivilegeBitsProvider bitsProvider;
+
+ public PermissionHook(String workspaceName, RestrictionProvider restrictionProvider) {
this.workspaceName = workspaceName;
+ this.restrictionProvider = restrictionProvider;
}
@Nonnull
@@ -69,11 +80,11 @@ public class PermissionHook implements C
public NodeState processCommit(final NodeState before, NodeState after) throws CommitFailedException {
NodeBuilder rootAfter = after.builder();
- NodeBuilder permissionRoot = getPermissionRoot(rootAfter, workspaceName);
- ReadOnlyNodeTypeManager ntMgr = ReadOnlyNodeTypeManager.getInstance(before);
- PrivilegeBitsProvider bitsProvider = new PrivilegeBitsProvider(new ReadOnlyRoot(before));
+ permissionRoot = getPermissionRoot(rootAfter, workspaceName);
+ ntMgr = ReadOnlyNodeTypeManager.getInstance(before);
+ bitsProvider = new PrivilegeBitsProvider(new ReadOnlyRoot(before));
- after.compareAgainstBaseState(before, new Diff(new BeforeNode(before), new Node(rootAfter), permissionRoot, bitsProvider, ntMgr));
+ after.compareAgainstBaseState(before, new Diff(new BeforeNode(before), new Node(rootAfter)));
return rootAfter.getNodeState();
}
@@ -98,6 +109,14 @@ public class PermissionHook implements C
return new ReadOnlyTree(null, name, nodeState);
}
+ private static String getAccessControlledPath(BaseNode aclNode) {
+ if (REP_REPO_POLICY.equals(aclNode.getName())) {
+ return "";
+ } else {
+ return Text.getRelativeParent(aclNode.getPath(), 1);
+ }
+ }
+
private static int getAceIndex(BaseNode aclNode, String aceName) {
PropertyState ordering = checkNotNull(aclNode.getNodeState().getProperty(TreeImpl.OAK_CHILD_ORDER));
return Lists.newArrayList(ordering.getValue(Type.STRINGS)).indexOf(aceName);
@@ -105,27 +124,22 @@ public class PermissionHook implements C
private static String generateName(NodeBuilder principalRoot, Entry entry) {
StringBuilder name = new StringBuilder();
- name.append((entry.isAllow) ? 'a' : 'd').append('-').append(principalRoot.getChildNodeCount());
+ name.append((entry.isAllow) ? PREFIX_ALLOW : PREFIX_DENY).append('-').append(principalRoot.getChildNodeCount());
return name.toString();
}
- private static class Diff implements NodeStateDiff {
+ private Set<Restriction> getRestrictions(String accessControlledPath, Tree aceTree) {
+ return restrictionProvider.readRestrictions(Strings.emptyToNull(accessControlledPath), aceTree);
+ }
+
+ private class Diff implements NodeStateDiff {
private final BeforeNode parentBefore;
private final Node parentAfter;
- private final NodeBuilder permissionRoot;
- private final PrivilegeBitsProvider bitsProvider;
- private final ReadOnlyNodeTypeManager ntMgr;
-
- private Diff(@Nonnull BeforeNode parentBefore, @Nonnull Node parentAfter,
- @Nonnull NodeBuilder permissionRoot,
- @Nonnull PrivilegeBitsProvider bitsProvider,
- @Nonnull ReadOnlyNodeTypeManager ntMgr) {
+
+ private Diff(@Nonnull BeforeNode parentBefore, @Nonnull Node parentAfter) {
this.parentBefore = parentBefore;
this.parentAfter = parentAfter;
- this.permissionRoot = permissionRoot;
- this.bitsProvider = bitsProvider;
- this.ntMgr = ntMgr;
}
@Override
@@ -152,7 +166,7 @@ public class PermissionHook implements C
} else {
BeforeNode before = new BeforeNode(parentBefore.getPath(), name, MemoryNodeState.EMPTY_NODE);
Node node = new Node(parentAfter, name);
- after.compareAgainstBaseState(before.getNodeState(), new Diff(before, node, permissionRoot, bitsProvider, ntMgr));
+ after.compareAgainstBaseState(before.getNodeState(), new Diff(before, node));
}
}
@@ -165,7 +179,7 @@ public class PermissionHook implements C
} else {
BeforeNode nodeBefore = new BeforeNode(parentBefore.getPath(), name, before);
Node nodeAfter = new Node(parentAfter, name);
- after.compareAgainstBaseState(before, new Diff(nodeBefore, nodeAfter, permissionRoot, bitsProvider, ntMgr));
+ after.compareAgainstBaseState(before, new Diff(nodeBefore, nodeAfter));
}
}
@@ -176,7 +190,7 @@ public class PermissionHook implements C
} else {
BeforeNode nodeBefore = new BeforeNode(parentBefore.getPath(), name, before);
Node after = new Node(parentAfter.getPath(), name, MemoryNodeState.EMPTY_NODE);
- after.getNodeState().compareAgainstBaseState(before, new Diff(nodeBefore, after, permissionRoot, bitsProvider, ntMgr));
+ after.getNodeState().compareAgainstBaseState(before, new Diff(nodeBefore, after));
}
}
@@ -189,14 +203,6 @@ public class PermissionHook implements C
return ntMgr.isNodeType(getTree(name, nodeState), NT_REP_ACE);
}
- private static String getAccessControlledPath(BaseNode aclNode) {
- if (REP_REPO_POLICY.equals(aclNode.getName())) {
- return "";
- } else {
- return Text.getRelativeParent(aclNode.getPath(), 1);
- }
- }
-
private void addEntry(String name, NodeState ace) {
Entry entry = createEntry(name, ace, parentAfter);
entry.writeTo(permissionRoot.child(entry.principalName));
@@ -240,12 +246,10 @@ public class PermissionHook implements C
String principalName = checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
PrivilegeBits privilegeBits = bitsProvider.getBits(TreeUtil.getStrings(aceTree, REP_PRIVILEGES));
boolean isAllow = NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));
- // TODO: respect restrictions
-
String accessControlledPath = getAccessControlledPath(acl);
- int index = getAceIndex(acl, name);
- return new Entry(accessControlledPath, index, principalName, privilegeBits, isAllow);
+ return new Entry(accessControlledPath, getAceIndex(acl, name), principalName,
+ privilegeBits, isAllow, getRestrictions(accessControlledPath, aceTree));
}
}
@@ -317,7 +321,7 @@ public class PermissionHook implements C
}
}
- private static final class Entry {
+ private final class Entry {
private final String accessControlledPath;
private final int index;
@@ -325,27 +329,32 @@ public class PermissionHook implements C
private final String principalName;
private final PrivilegeBits privilegeBits;
private final boolean isAllow;
+ private final Set<Restriction> restrictions;
private Entry(@Nonnull String accessControlledPath,
int index,
@Nonnull String principalName,
@Nonnull PrivilegeBits privilegeBits,
- boolean isAllow) {
+ boolean isAllow, Set<Restriction> restrictions) {
this.accessControlledPath = accessControlledPath;
this.index = index;
this.principalName = principalName;
this.privilegeBits = privilegeBits;
this.isAllow = isAllow;
+ this.restrictions = restrictions;
}
private void writeTo(NodeBuilder principalRoot) {
String entryName = generateName(principalRoot, this);
- principalRoot.child(entryName)
- .setProperty("rep:accessControlledPath", accessControlledPath)
- .setProperty("rep:index", index)
- .setProperty(privilegeBits.asPropertyState("rep:privileges"));
- // TODO: append restrictions
+ NodeBuilder entry = principalRoot.child(entryName)
+ .setProperty(JCR_PRIMARYTYPE, NT_REP_PERMISSIONS)
+ .setProperty(REP_ACCESS_CONTROLLED_PATH, accessControlledPath)
+ .setProperty(REP_INDEX, index)
+ .setProperty(privilegeBits.asPropertyState(REP_PRIVILEGES));
+ for (Restriction restriction : restrictions) {
+ entry.setProperty(restriction.getProperty());
+ }
PropertyState ordering = principalRoot.getProperty(TreeImpl.OAK_CHILD_ORDER);
if (ordering == null) {
@@ -362,7 +371,7 @@ public class PermissionHook implements C
private boolean isSame(String name, NodeState node) {
Tree entry = getTree(name, node);
- if (isAllow == (name.charAt(0) == 'a')) {
+ if (isAllow == (name.charAt(0) == PREFIX_ALLOW)) {
return false;
}
if (!privilegeBits.equals(PrivilegeBits.getInstance(node.getProperty(REP_PRIVILEGES)))) {
@@ -371,15 +380,13 @@ public class PermissionHook implements C
if (!principalName.equals(TreeUtil.getString(entry, REP_PRINCIPAL_NAME))) {
return false;
}
- if (index != entry.getProperty("rep:index").getValue(Type.LONG)) {
+ if (index != entry.getProperty(REP_INDEX).getValue(Type.LONG)) {
return false;
}
- if (!accessControlledPath.equals(TreeUtil.getString(entry, "rep:accessControlledPath"))) {
+ if (!accessControlledPath.equals(TreeUtil.getString(entry, REP_ACCESS_CONTROLLED_PATH))) {
return false;
}
- // TODO: respect restrictions
-
- return true;
+ return restrictions.equals(getRestrictions(accessControlledPath, getTree(name, node)));
}
public String toString() {
@@ -388,6 +395,7 @@ public class PermissionHook implements C
sb.append(';').append(principalName);
sb.append(';').append(isAllow ? "allow" : "deny");
sb.append(';').append(privilegeBits);
+ sb.append(';').append(restrictions);
return sb.toString();
}
}
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java (from r1448234, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImpl.java&r1=1448234&r2=1448349&rev=1448349&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java Wed Feb 20 18:49:46 2013
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization;
+package org.apache.jackrabbit.oak.security.authorization.permission;
import java.security.Principal;
import java.util.Set;
@@ -33,10 +33,7 @@ import org.apache.jackrabbit.oak.commons
import org.apache.jackrabbit.oak.core.ReadOnlyRoot;
import org.apache.jackrabbit.oak.core.ReadOnlyTree;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
-import org.apache.jackrabbit.oak.security.authorization.permission.AllPermissions;
-import org.apache.jackrabbit.oak.security.authorization.permission.CompiledPermissionImpl;
-import org.apache.jackrabbit.oak.security.authorization.permission.CompiledPermissions;
-import org.apache.jackrabbit.oak.security.authorization.permission.NoPermissions;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
@@ -56,7 +53,7 @@ import org.slf4j.LoggerFactory;
* FIXME: define read/write access patterns on version-store content
* FIXME: proper access permissions on activity-store and configuration-store
*/
-public class PermissionProviderImpl implements PermissionProvider, AccessControlConstants {
+public class PermissionProviderImpl implements PermissionProvider, AccessControlConstants, PermissionConstants {
private static final Logger log = LoggerFactory.getLogger(PermissionProviderImpl.class);