Author: angela Date: Wed Mar 6 18:50:26 2013 New Revision: 1453475 URL: http://svn.apache.org/r1453475 Log: OAK-51 : Access Control Management (WIP)
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java - copied, changed from r1453455, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java - copied, changed from r1453455, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java - copied, changed from r1453455, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java - copied, changed from r1453455, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java Removed: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java jackrabbit/oak/trunk/pom.xml Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java?rev=1453475&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java Wed Mar 6 18:50:26 2013 @@ -0,0 +1,262 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authorization.restriction; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import com.google.common.base.Objects; +import org.apache.jackrabbit.oak.api.PropertyState; +import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.commons.PathUtils; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern; +import org.apache.jackrabbit.util.Text; + +import static com.google.common.base.Preconditions.checkNotNull; + +/** + * {@code GlobPattern} defines a simplistic pattern matching. It consists + * of a mandatory (leading) path and an optional "glob" that may contain one or + * more wildcard characters ("{@code *}") according to the glob matching + * defined by {@link javax.jcr.Node#getNodes(String[])}. In contrast to that + * method the {@code GlobPattern} operates on path (not only names). + * <p/> + * + * <p> + * Please note the following special cases: + * <pre> + * NodePath | Restriction | Matches + * ----------------------------------------------------------------------------- + * /foo | null | matches /foo and all children of /foo + * /foo | "" | matches /foo only + * </pre> + * </p> + * + * <p> + * Examples including wildcard char: + * <pre> + * NodePath = "/foo" + * Restriction | Matches + * ----------------------------------------------------------------------------- + * * | all siblings of foo and foo's and the siblings' descendants + * /*cat | all children of /foo whose path ends with "cat" + * /*/cat | all non-direct descendants of /foo named "cat" + * /cat* | all descendant path of /foo that have the direct foo-descendant segment starting with "cat" + * *cat | all siblings and descendants of foo that have a name ending with cat + * */cat | all descendants of /foo and foo's siblings that have a name segment "cat" + * cat/* | all descendants of '/foocat' + * /cat/* | all descendants of '/foo/cat' + * *cat/* | all descendants of /foo that have an intermediate segment ending with 'cat' + * </pre> + * </p> + */ +public final class GlobPattern implements RestrictionPattern { + + private static final char WILDCARD_CHAR = '*'; + + private final String path; + private final String restriction; + + private final Pattern pattern; + + private GlobPattern(@Nonnull String path, @Nonnull String restriction) { + this.path = checkNotNull(path); + this.restriction = restriction; + + if (restriction.length() > 0) { + StringBuilder b = new StringBuilder(path); + b.append(restriction); + + int lastPos = restriction.lastIndexOf(WILDCARD_CHAR); + if (lastPos >= 0) { + String end; + if (lastPos != restriction.length()-1) { + end = restriction.substring(lastPos + 1); + } else { + end = null; + } + pattern = new WildcardPattern(b.toString(), end); + } else { + pattern = new PathPattern(b.toString()); + } + } else { + pattern = new PathPattern(restriction); + } + } + + public static GlobPattern create(@Nonnull String nodePath, @Nonnull String restrictions) { + return new GlobPattern(nodePath, restrictions); + } + + //-------------------------------------------------< RestrictionPattern >--- + @Override + public boolean matches(@Nonnull Tree tree, @Nullable PropertyState property) { + // TODO + String path = (property == null) ? tree.getPath() : PathUtils.concat(tree.getPath(), property.getName()); + return matches(path); + } + + @Override + public boolean matches(@Nonnull String path) { + return pattern.matches(path); + } + + //-------------------------------------------------------------< Object >--- + /** + * @see Object#hashCode() + */ + @Override + public int hashCode() { + return Objects.hashCode(path, restriction); + } + + /** + * @see Object#toString() + */ + @Override + public String toString() { + return path + " : " + restriction; + } + + /** + * @see Object#equals(Object) + */ + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + if (obj instanceof GlobPattern) { + GlobPattern other = (GlobPattern) obj; + return path.equals(other.path) && restriction.equals(other.restriction); + } + return false; + } + + //------------------------------------------------------< inner classes >--- + /** + * Base for PathPattern and WildcardPattern + */ + private abstract class Pattern { + abstract boolean matches(@Nonnull String toMatch); + } + + /** + * Path pattern: The restriction is missing or doesn't contain any wildcard character. + */ + private final class PathPattern extends Pattern { + + private final String patternStr; + + private PathPattern(@Nonnull String patternStr) { + this.patternStr = patternStr; + } + + @Override + boolean matches(String toMatch) { + if (patternStr.isEmpty()) { + return path.equals(toMatch); + } else { + // no wildcard contained in restriction: use path defined + // by path + restriction to calculate the match + return Text.isDescendantOrEqual(patternStr, toMatch); + } + } + } + + /** + * Wildcard pattern: The specified restriction contains one or more wildcard character(s). + */ + private final class WildcardPattern extends Pattern { + + private final String patternEnd; + private final char[] patternChars; + + private WildcardPattern(@Nonnull String patternStr, @Nullable String patternEnd) { + patternChars = patternStr.toCharArray(); + this.patternEnd = patternEnd; + } + + @Override + boolean matches(String toMatch) { + if (patternEnd != null && !toMatch.endsWith(patternEnd)) { + // shortcut: verify if end of pattern matches end of toMatch + return false; + } + char[] tm = (toMatch.endsWith("/")) ? toMatch.substring(0, toMatch.length()-1).toCharArray() : toMatch.toCharArray(); + // shortcut didn't reveal mismatch -> need to process the internal match method. + return matches(patternChars, 0, tm, 0); + } + + /** + * + * @param pattern The pattern + * @param pOff + * @param s + * @param sOff + * @return {@code true} if matches, {@code false} otherwise + */ + private boolean matches(char[] pattern, int pOff, + char[] s, int sOff) { + int pLength = pattern.length; + int sLength = s.length; + + while (true) { + // end of pattern reached: matches only if sOff points at the end + // of the string to match. + if (pOff >= pLength) { + return sOff >= sLength; + } + + // the end of the string to match has been reached but pattern + // doesn't have '*' at patternIndex -> no match + if (sOff >= sLength && pattern[pOff] != WILDCARD_CHAR) { + return false; + } + + // the next character of the pattern is '*' + // -> recursively test if the rest of the specified string matches + if (pattern[pOff] == WILDCARD_CHAR) { + if (++pOff >= pLength) { + return true; + } + + while (true) { + if (matches(pattern, pOff, s, sOff)) { + return true; + } + if (sOff >= sLength) { + return false; + } + sOff++; + } + } + + // not yet reached end of patter nor string and not wildcard character. + // the 2 strings don't match in case the characters at the current + // position are not the same. + if (pOff < pLength && sOff < sLength) { + if (pattern[pOff] != s[sOff]) { + return false; + } + } + pOff++; + sOff++; + } + } + } +} Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java?rev=1453475&r1=1453474&r2=1453475&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java Wed Mar 6 18:50:26 2013 @@ -34,6 +34,9 @@ import org.apache.jackrabbit.oak.plugins import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; /** @@ -88,4 +91,10 @@ public class PrincipalRestrictionProvide public void validateRestrictions(String oakPath, @Nonnull Tree aceTree) throws AccessControlException { base.validateRestrictions(oakPath, aceTree); } + + @Nonnull + @Override + public RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Tree tree) { + return base.getPattern(oakPath, tree); + } } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1453475&r1=1453474&r2=1453475&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java Wed Mar 6 18:50:26 2013 @@ -32,11 +32,15 @@ import com.google.common.collect.Immutab import com.google.common.collect.ImmutableSet; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; import org.apache.jackrabbit.oak.util.NodeUtil; import org.apache.jackrabbit.util.Text; @@ -83,7 +87,7 @@ public class RestrictionProviderImpl imp throw new AccessControlException("Unsupported restriction: Expected value of type " + PropertyType.nameFromValue(definition.getRequiredType())); } PropertyState propertyState = PropertyStates.createProperty(oakName, value); - return createRestriction(propertyState, definition.isMandatory()); + return createRestriction(propertyState, definition); } @Override @@ -97,7 +101,7 @@ public class RestrictionProviderImpl imp if (isRestrictionProperty(propName) && supported.containsKey(propName)) { RestrictionDefinition def = supported.get(propName); if (def.getRequiredType() == propertyState.getType().tag()) { - restrictions.add(createRestriction(propertyState, def.isMandatory())); + restrictions.add(createRestriction(propertyState, def)); } } } @@ -119,7 +123,7 @@ public class RestrictionProviderImpl imp } @Override - public void validateRestrictions(String oakPath, Tree aceTree) throws javax.jcr.security.AccessControlException { + public void validateRestrictions(String oakPath, Tree aceTree) throws AccessControlException { Map<String, PropertyState> restrictionProperties = getRestrictionProperties(aceTree); if (isUnsupportedPath(oakPath) && !restrictionProperties.isEmpty()) { throw new AccessControlException("Restrictions not supported with 'null' path."); @@ -142,10 +146,21 @@ public class RestrictionProviderImpl imp } } + @Override + public RestrictionPattern getPattern(String oakPath, Tree tree) { + if (oakPath != null) { + PropertyState glob = tree.getProperty(REP_GLOB); + if (glob != null) { + return GlobPattern.create(oakPath, glob.getValue(Type.STRING)); + } + } + return RestrictionPattern.EMPTY; + } + //------------------------------------------------------------< private >--- @Nonnull - private Restriction createRestriction(PropertyState propertyState, boolean isMandatory) { - return new RestrictionImpl(propertyState, isMandatory, namePathMapper); + private Restriction createRestriction(PropertyState propertyState, RestrictionDefinition definition) { + return new RestrictionImpl(propertyState, definition.isMandatory(), namePathMapper); } @Nonnull Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java (from r1453455, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java&r1=1453455&r2=1453475&rev=1453475&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java Wed Mar 6 18:50:26 2013 @@ -14,21 +14,20 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.security.authorization.restriction; +package org.apache.jackrabbit.oak.spi.security.authorization.restriction; import javax.annotation.Nonnull; import javax.jcr.PropertyType; import com.google.common.base.Objects; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition; import static com.google.common.base.Preconditions.checkNotNull; /** * RestrictionDefinitionImpl... TODO */ -class RestrictionDefinitionImpl implements RestrictionDefinition { +public class RestrictionDefinitionImpl implements RestrictionDefinition { private final String name; private final int type; @@ -45,8 +44,8 @@ class RestrictionDefinitionImpl implemen * @param isMandatory A boolean indicating if the restriction is mandatory. * @param namePathMapper The name path mapper used to calculate the JCR name. */ - RestrictionDefinitionImpl(@Nonnull String name, int type, boolean isMandatory, - @Nonnull NamePathMapper namePathMapper) { + public RestrictionDefinitionImpl(@Nonnull String name, int type, boolean isMandatory, + @Nonnull NamePathMapper namePathMapper) { this.name = checkNotNull(name); if (type == PropertyType.UNDEFINED) { throw new IllegalArgumentException("'undefined' is not a valid required definition type."); @@ -56,7 +55,7 @@ class RestrictionDefinitionImpl implemen this.namePathMapper = checkNotNull(namePathMapper); } - NamePathMapper getNamePathMapper() { + protected NamePathMapper getNamePathMapper() { return namePathMapper; } Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java (from r1453455, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java&r1=1453455&r2=1453475&rev=1453475&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java Wed Mar 6 18:50:26 2013 @@ -14,11 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.security.authorization.restriction; - -/** - * {@code RestrictionImpl} - */ +package org.apache.jackrabbit.oak.spi.security.authorization.restriction; import javax.annotation.Nonnull; import javax.jcr.Value; @@ -27,14 +23,16 @@ import com.google.common.base.Objects; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl; -import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; -class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction { +/** + * {@code RestrictionImpl} + */ +public class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction { private final PropertyState property; - RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory, - @Nonnull NamePathMapper namePathMapper) { + public RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory, + @Nonnull NamePathMapper namePathMapper) { super(property.getName(), property.getType().tag(), isMandatory, namePathMapper); this.property = property; } Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java?rev=1453475&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java Wed Mar 6 18:50:26 2013 @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.authorization.restriction; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import org.apache.jackrabbit.oak.api.PropertyState; +import org.apache.jackrabbit.oak.api.Tree; + +/** + * RestrictionPattern... TODO + */ +public interface RestrictionPattern { + + boolean matches(@Nonnull Tree tree, @Nullable PropertyState property); + + boolean matches(@Nonnull String path); + + RestrictionPattern EMPTY = new RestrictionPattern() { + @Override + public boolean matches(@Nonnull Tree tree, @Nullable PropertyState property) { + return true; + } + + @Override + public boolean matches(@Nonnull String path) { + return true; + } + }; +} Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java?rev=1453475&r1=1453474&r2=1453475&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java Wed Mar 6 18:50:26 2013 @@ -43,4 +43,7 @@ public interface RestrictionProvider { void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) throws AccessControlException; void validateRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) throws AccessControlException; + + @Nonnull + RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Tree tree); } Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java (from r1453455, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java&r1=1453455&r2=1453475&rev=1453475&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java Wed Mar 6 18:50:26 2013 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.security.authorization.restriction; +package org.apache.jackrabbit.oak.spi.security.authorization.restriction; import java.util.ArrayList; import java.util.List; @@ -25,7 +25,6 @@ import org.apache.jackrabbit.oak.namepat import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl; import org.apache.jackrabbit.oak.plugins.name.Namespaces; import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest; -import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition; import org.junit.Before; import org.junit.Test; @@ -141,4 +140,4 @@ public class RestrictionDefinitionImplTe assertFalse(definition.equals(rd)); } } -} \ No newline at end of file +} Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java (from r1453455, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java&r1=1453455&r2=1453475&rev=1453475&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java Wed Mar 6 18:50:26 2013 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.security.authorization.restriction; +package org.apache.jackrabbit.oak.spi.security.authorization.restriction; import java.util.ArrayList; import java.util.List; @@ -31,7 +31,6 @@ import org.apache.jackrabbit.oak.plugins import org.apache.jackrabbit.oak.plugins.name.Namespaces; import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl; import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest; -import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; import org.junit.Before; import org.junit.Test; @@ -155,4 +154,4 @@ public class RestrictionImplTest extends assertFalse(restriction.equals(r)); } } -} \ No newline at end of file +} Modified: jackrabbit/oak/trunk/pom.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/pom.xml?rev=1453475&r1=1453474&r2=1453475&view=diff ============================================================================== --- jackrabbit/oak/trunk/pom.xml (original) +++ jackrabbit/oak/trunk/pom.xml Wed Mar 6 18:50:26 2013 @@ -41,18 +41,18 @@ <module>oak-mk-api</module> <module>oak-mk</module> <module>oak-mk-remote</module> - <module>oak-mongomk</module> + <!--module>oak-mongomk</module--> <module>oak-core</module> <module>oak-jcr</module> <module>oak-sling</module> <module>oak-http</module> <module>oak-lucene</module> - <module>oak-solr-core</module> + <!--module>oak-solr-core</module> <module>oak-solr-remote</module> - <module>oak-solr-embedded</module> + <module>oak-solr-embedded</module--> <module>oak-run</module> <module>oak-it</module> - <module>oak-mk-perf</module> + <!--module>oak-mk-perf</module--> </modules> <scm>