jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ste...@apache.org
Subject svn commit: r155344 - in incubator/jackrabbit/trunk: ./ applications/test/ src/conf/ src/java/org/apache/jackrabbit/core/ src/java/org/apache/jackrabbit/core/jaas/ src/java/org/apache/jackrabbit/core/observation/ src/java/org/apache/jackrabbit/core/search/lucene/
Date Fri, 25 Feb 2005 16:48:08 GMT
Author: stefan
Date: Fri Feb 25 08:48:02 2005
New Revision: 155344

URL: http://svn.apache.org/viewcvs?view=rev&rev=155344
Log:
JAAS support 

Added:
    incubator/jackrabbit/trunk/applications/test/jaas.config
    incubator/jackrabbit/trunk/src/conf/jaas.config
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AccessManager.java   (with props)
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AnonymousPrincipal.java   (with props)
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallback.java   (with props)
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallbackHandler.java   (with props)
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleAccessManager.java   (with props)
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleLoginModule.java   (with props)
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SystemPrincipal.java   (with props)
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/UserPrincipal.java   (with props)
Removed:
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/AccessManager.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/AccessManagerImpl.java
Modified:
    incubator/jackrabbit/trunk/project.properties
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/HierarchyManagerImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemManager.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/NodeImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SystemSession.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/WorkspaceImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/observation/EventConsumer.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/search/lucene/QueryImpl.java

Added: incubator/jackrabbit/trunk/applications/test/jaas.config
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/applications/test/jaas.config?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/applications/test/jaas.config (added)
+++ incubator/jackrabbit/trunk/applications/test/jaas.config Fri Feb 25 08:48:02 2005
@@ -0,0 +1,3 @@
+Jackrabbit {
+  org.apache.jackrabbit.core.security.SimpleLoginModule required;
+};
\ No newline at end of file

Modified: incubator/jackrabbit/trunk/project.properties
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/project.properties?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/project.properties (original)
+++ incubator/jackrabbit/trunk/project.properties Fri Feb 25 08:48:02 2005
@@ -26,8 +26,10 @@
 ######################################################################
 maven.test.failure = false
 maven.junit.fork=true
-maven.junit.sysproperties=org.xml.sax.driver
+maven.junit.sysproperties=org.xml.sax.driver java.security.auth.login.config
 org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
+java.security.auth.login.config=applications/test/jaas.config
+
 
 #If you wish to skip tests when doing builds, uncomment
 #maven.test.skip = true

Added: incubator/jackrabbit/trunk/src/conf/jaas.config
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/conf/jaas.config?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/conf/jaas.config (added)
+++ incubator/jackrabbit/trunk/src/conf/jaas.config Fri Feb 25 08:48:02 2005
@@ -0,0 +1,3 @@
+Jackrabbit {
+  org.apache.jackrabbit.core.security.SimpleLoginModule required;
+};
\ No newline at end of file

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/HierarchyManagerImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/HierarchyManagerImpl.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/HierarchyManagerImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/HierarchyManagerImpl.java Fri Feb 25 08:48:02 2005
@@ -16,13 +16,22 @@
  */
 package org.apache.jackrabbit.core;
 
-import org.apache.jackrabbit.core.state.*;
+import org.apache.jackrabbit.core.state.ItemState;
+import org.apache.jackrabbit.core.state.ItemStateException;
+import org.apache.jackrabbit.core.state.ItemStateManager;
+import org.apache.jackrabbit.core.state.NoSuchItemStateException;
+import org.apache.jackrabbit.core.state.NodeState;
+import org.apache.jackrabbit.core.state.PropertyState;
 import org.apache.log4j.Logger;
 
 import javax.jcr.ItemNotFoundException;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
 
 /**
  * <code>HierarchyManagerImpl</code> ...
@@ -40,7 +49,6 @@
     public HierarchyManagerImpl(String rootNodeUUID,
                                 ItemStateManager provider,
                                 NamespaceResolver nsResolver) {
-
         this(rootNodeUUID, provider, nsResolver, null);
     }
 
@@ -48,7 +56,6 @@
                                 ItemStateManager provider,
                                 NamespaceResolver nsResolver,
                                 ItemStateManager attic) {
-
         this.rootNodeId = new NodeId(rootNodeUUID);
         this.provider = provider;
         this.attic = attic;

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemImpl.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemImpl.java Fri Feb 25 08:48:02 2005
@@ -22,11 +22,29 @@
 import org.apache.jackrabbit.core.nodetype.PropertyDefImpl;
 import org.apache.jackrabbit.core.observation.EventStateCollection;
 import org.apache.jackrabbit.core.observation.ObservationManagerFactory;
-import org.apache.jackrabbit.core.state.*;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.state.ItemState;
+import org.apache.jackrabbit.core.state.ItemStateException;
+import org.apache.jackrabbit.core.state.ItemStateListener;
+import org.apache.jackrabbit.core.state.NodeReferences;
+import org.apache.jackrabbit.core.state.NodeReferencesId;
+import org.apache.jackrabbit.core.state.NodeState;
+import org.apache.jackrabbit.core.state.PropertyState;
+import org.apache.jackrabbit.core.state.SessionItemStateManager;
 import org.apache.jackrabbit.core.util.uuid.UUID;
 import org.apache.log4j.Logger;
 
-import javax.jcr.*;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.InvalidItemStateException;
+import javax.jcr.Item;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.ItemVisitor;
+import javax.jcr.Node;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.PropertyType;
+import javax.jcr.ReferentialIntegrityException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
 import javax.jcr.lock.LockException;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.nodetype.NodeDef;
@@ -34,7 +52,12 @@
 import javax.jcr.nodetype.PropertyDef;
 import javax.jcr.version.VersionException;
 import javax.jcr.version.VersionHistory;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
 
 /**
  * <code>ItemImpl</code> implements the <code>Item</code> interface.
@@ -417,17 +440,15 @@
         /**
          * the following validations/checks are performed on transient items:
          *
+         * for every transient item:
+         * - if it is 'modified' check the WRITE permission
+         *
          * for every transient node:
-         * - if it is 'new', check that its node type satisfies the
+         * - if it is 'new' check that its node type satisfies the
          *   'required node type' constraint specified in its definition
-         * - if new child nodes have been added to the node in question,
-         *   check the WRITE permission
-         * - if child items have been removed from the node in question,
-         *   check the WRITE permission
          * - check if 'mandatory' child items exist
          *
          * for every transient property:
-         * - check the WRITE permission
          * - check if the property value satisfies the value constraints
          *   specified in the property's definition
          *
@@ -437,11 +458,23 @@
          * and in Property.setValue (for properties to be modified).
          */
 
-        AccessManagerImpl accessMgr = session.getAccessManager();
+        AccessManager accessMgr = session.getAccessManager();
         // walk through list of transient items and validate each
         while (iter.hasNext()) {
             ItemState itemState = (ItemState) iter.next();
 
+            if (itemState.getStatus() != ItemState.STATUS_NEW) {
+                // transient item is not 'new', therefore it has to be 'modified'
+
+                // check WRITE permission
+                ItemId id = itemState.getId();
+                if (!accessMgr.isGranted(itemState.getId(), AccessManager.WRITE)) {
+                    String msg = itemMgr.safeGetJCRPath(id) + ": not allowed modify item";
+                    log.debug(msg);
+                    throw new AccessDeniedException(msg);
+                }
+            }
+
             if (itemState.isNode()) {
                 // the transient item is a node
                 NodeState nodeState = (NodeState) itemState;
@@ -470,37 +503,6 @@
                     }
                 }
 
-                // check child removals
-                if (!nodeState.getRemovedChildNodeEntries().isEmpty() || !nodeState.getRemovedPropertyEntries().isEmpty()) {
-                    // check WRITE permission
-                    if (!accessMgr.isGranted(id, AccessManager.WRITE)) {
-                        String msg = node.safeGetJCRPath() + ": not allowed to remove a child item";
-                        log.debug(msg);
-                        throw new AccessDeniedException(msg);
-                    }
-
-                    /**
-                     * no need to check the protected flag as this is checked
-                     * in NodeImpl.remove(String)
-                     */
-                }
-
-                // check child additions
-                // added child nodes
-                Iterator addedIter = nodeState.getAddedChildNodeEntries().iterator();
-                while (addedIter.hasNext()) {
-                    NodeState.ChildNodeEntry entry = (NodeState.ChildNodeEntry) addedIter.next();
-                    Node childNode = (Node) itemMgr.getItem(new NodeId(entry.getUUID()));
-                    NodeDef childDef = childNode.getDefinition();
-                    if (!childDef.isAutoCreate()) {
-                        // check WRITE permission
-                        if (!accessMgr.isGranted(id, AccessManager.WRITE)) {
-                            String msg = node.safeGetJCRPath() + ": not allowed to add node " + childNode.getName();
-                            log.debug(msg);
-                            throw new AccessDeniedException(msg);
-                        }
-                    }
-                }
                 // mandatory child properties
                 PropertyDef[] propDefs = nt.getMandatoryPropertyDefs();
                 for (int i = 0; i < propDefs.length; i++) {
@@ -525,26 +527,8 @@
                 // the transient item is a property
                 PropertyState propState = (PropertyState) itemState;
                 ItemId propId = propState.getId();
-                NodeId nodeId = new NodeId(propState.getParentUUID());
                 PropertyImpl prop = (PropertyImpl) itemMgr.getItem(propId);
                 PropertyDefImpl def = (PropertyDefImpl) prop.getDefinition();
-
-                if (!def.isAutoCreate()) {
-                    // check WRITE permission on property
-                    if (!accessMgr.isGranted(propId, AccessManager.WRITE)) {
-                        String msg = itemMgr.safeGetJCRPath(nodeId) + ": not allowed to set property " + prop.getName();
-                        log.debug(msg);
-                        throw new AccessDeniedException(msg);
-                    }
-                    if (propState.getOverlayedState() == null) {
-                        // property has been added, check WRITE permission on parent
-                        if (!accessMgr.isGranted(nodeId, AccessManager.WRITE)) {
-                            String msg = itemMgr.safeGetJCRPath(nodeId) + ": not allowed to set property " + prop.getName();
-                            log.debug(msg);
-                            throw new AccessDeniedException(msg);
-                        }
-                    }
-                }
 
                 /**
                  * check value constraints

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemManager.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemManager.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemManager.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/ItemManager.java Fri Feb 25 08:48:02 2005
@@ -17,15 +17,29 @@
 package org.apache.jackrabbit.core;
 
 import org.apache.commons.collections.ReferenceMap;
-import org.apache.jackrabbit.core.nodetype.*;
-import org.apache.jackrabbit.core.state.*;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.nodetype.NodeDefId;
+import org.apache.jackrabbit.core.nodetype.NodeDefImpl;
+import org.apache.jackrabbit.core.nodetype.PropDefId;
+import org.apache.jackrabbit.core.nodetype.PropertyDefImpl;
+import org.apache.jackrabbit.core.state.ItemState;
+import org.apache.jackrabbit.core.state.ItemStateException;
+import org.apache.jackrabbit.core.state.ItemStateManager;
+import org.apache.jackrabbit.core.state.NoSuchItemStateException;
+import org.apache.jackrabbit.core.state.NodeState;
+import org.apache.jackrabbit.core.state.PropertyState;
 import org.apache.jackrabbit.core.version.InternalVersion;
 import org.apache.jackrabbit.core.version.InternalVersionHistory;
 import org.apache.jackrabbit.core.version.VersionHistoryImpl;
 import org.apache.jackrabbit.core.version.VersionImpl;
 import org.apache.log4j.Logger;
 
-import javax.jcr.*;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.NodeIterator;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.PropertyIterator;
+import javax.jcr.RepositoryException;
 import javax.jcr.nodetype.NodeDef;
 import javax.jcr.nodetype.PropertyDef;
 import java.io.PrintStream;

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/NodeImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/NodeImpl.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/NodeImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/NodeImpl.java Fri Feb 25 08:48:02 2005
@@ -402,16 +402,6 @@
             log.debug(msg);
             throw new RepositoryException(msg);
         }
-        // make sure this node is checked-out
-        /*
-         to internal place to check this
-
-        if (!internalIsCheckedOut()) {
-            String msg = "Cannot set the value of a property of a checked-in node " + safeGetJCRPath() + "/" + name.toString();
-            log.debug(msg);
-            throw new VersionException(msg);
-        }
-        */
 
         String parentUUID = ((NodeState) state).getUUID();
 
@@ -2689,12 +2679,13 @@
         } catch (RepositoryException e) {
             session.refresh(false);
             throw e;
-    }
+        }
         session.save();
     }
 
     /**
      * updates this node with the state given by <code>srcNode</code>
+     *
      * @param srcNode
      * @param removeExisting
      * @param replaceExisting
@@ -2725,8 +2716,8 @@
             PropertyImpl p = (PropertyImpl) iter.nextProperty();
             // ignore system types
             if (p.getQName().equals(JCR_PRIMARYTYPE)
-                || p.getQName().equals(JCR_MIXINTYPES)
-                || p.getQName().equals(JCR_UUID)) {
+                    || p.getQName().equals(JCR_MIXINTYPES)
+                    || p.getQName().equals(JCR_UUID)) {
                 continue;
             }
             if (p.getDefinition().isMultiple()) {
@@ -2789,7 +2780,7 @@
                 dstNode = internalAddChildNode(child.getQName(), (NodeTypeImpl) child.getPrimaryNodeType(), uuid);
                 // add mixins
                 NodeType[] mixins = child.getMixinNodeTypes();
-                for (int i=0; i<mixins.length; i++) {
+                for (int i = 0; i < mixins.length; i++) {
                     dstNode.addMixin(mixins[i].getName());
                 }
             }
@@ -3398,19 +3389,16 @@
             }
         }
 
-        // check primarty type
+        // check primary type
         if (!freeze.getFrozenPrimaryType().equals(nodeType.getQName())) {
             // todo: check with spec what should happen here
             throw new ItemExistsException("Unable to restore version of " + safeGetJCRPath() + ". PrimaryType changed.");
         }
 
         // adjust mixins
-        NodeState thisState = (NodeState) getOrCreateTransientItemState();
         QName[] mixinNames = freeze.getFrozenMixinTypes();
-        Set mixins = new HashSet(Arrays.asList(mixinNames));
-        NodeTypeManagerImpl ntMgr = session.getNodeTypeManager();
-        thisState.setMixinTypeNames(mixins);
-        internalSetProperty(JCR_MIXINTYPES, InternalValue.create(mixinNames));
+        setMixinTypesProperty(new HashSet(Arrays.asList(mixinNames)));
+
         // copy frozen properties
         PropertyState[] props = freeze.getFrozenProperties();
         HashSet propNames = new HashSet();
@@ -3423,7 +3411,7 @@
                 internalSetProperty(props[i].getName(), prop.getValues()[0]);
             }
         }
-        // remove properties that do not exist the the frozen representation
+        // remove properties that do not exist in the frozen representation
         PropertyIterator piter = getProperties();
         while (piter.hasNext()) {
             PropertyImpl prop = (PropertyImpl) piter.nextProperty();
@@ -3441,8 +3429,9 @@
             }
         }
 
-        // adjust autocreate properties, that do not exist yet
-        for (int j=0; j<mixinNames.length; j++) {
+        // add 'auto-create' properties that do not exist yet
+        NodeTypeManagerImpl ntMgr = session.getNodeTypeManager();
+        for (int j = 0; j < mixinNames.length; j++) {
             NodeTypeImpl mixin = ntMgr.getNodeType(mixinNames[j]);
             PropertyDef[] pda = mixin.getAutoCreatePropertyDefs();
             for (int i = 0; i < pda.length; i++) {

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java Fri Feb 25 08:48:02 2005
@@ -26,6 +26,7 @@
 import org.apache.jackrabbit.core.fs.FileSystem;
 import org.apache.jackrabbit.core.fs.FileSystemException;
 import org.apache.jackrabbit.core.fs.FileSystemResource;
+import org.apache.jackrabbit.core.security.CredentialsCallbackHandler;
 import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
 import org.apache.jackrabbit.core.nodetype.NodeTypeRegistry;
 import org.apache.jackrabbit.core.observation.ObservationManagerFactory;
@@ -40,12 +41,28 @@
 import org.apache.jackrabbit.core.version.persistence.NativePVM;
 import org.apache.log4j.Logger;
 
-import javax.jcr.*;
+import javax.jcr.Credentials;
+import javax.jcr.LoginException;
+import javax.jcr.NamespaceRegistry;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
 import javax.jcr.observation.Event;
 import javax.jcr.observation.EventIterator;
 import javax.jcr.observation.EventListener;
-import java.io.*;
-import java.util.*;
+import javax.security.auth.login.LoginContext;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
 
 /**
  * A <code>RepositoryImpl</code> ...
@@ -63,14 +80,12 @@
     private static final String SYSTEM_ROOT_NODE_UUID = "deadbeef-cafe-babe-cafe-babecafebabe";
     private static final String VERSION_STORAGE_NODE_UUID = "deadbeef-face-babe-cafe-babecafebabe";
 
-    private static final String ANONYMOUS_USER = "anonymous";
-
-    private static final Credentials ANONYMOUS_CREDENTIALS =
-            new SimpleCredentials(ANONYMOUS_USER, new char[0]);
-
     private static final String PROPERTIES_RESOURCE = "rep.properties";
     private final Properties repProps;
 
+    // name of jaas config entry
+    public static final String JAAS_CONFIG_APPNAME = "Jackrabbit";
+
     // names of well known repository properties
     public static final String STATS_NODE_COUNT_PROPERTY = "jcr.repository.stats.nodes.count";
     public static final String STATS_PROP_COUNT_PROPERTY = "jcr.repository.stats.properties.count";
@@ -650,22 +665,20 @@
         if (wspInfo == null) {
             throw new NoSuchWorkspaceException(workspaceName);
         }
-        if (credentials == null) {
-            // anonymous login
-            SessionImpl ses = new XASessionImpl(this, ANONYMOUS_CREDENTIALS, wspInfo.getConfig());
-            activeSessions.put(ses, ses);
-            return ses;
-        } else if (credentials instanceof SimpleCredentials) {
-            // username/password credentials
-            // @todo implement authentication/authorization
-            Session ses = new XASessionImpl(this, credentials, wspInfo.getConfig());
-            activeSessions.put(ses, ses);
-            return ses;
-        } else {
-            String msg = "login failed: incompatible credentials";
-            log.debug(msg);
-            throw new RepositoryException(msg);
+
+        CredentialsCallbackHandler cbHandler =
+                new CredentialsCallbackHandler(credentials);
+        LoginContext lc;
+        try {
+            lc = new LoginContext(JAAS_CONFIG_APPNAME, cbHandler);
+            lc.login();
+        } catch (javax.security.auth.login.LoginException le) {
+            throw new LoginException(le.getMessage());
         }
+
+        Session ses = new XASessionImpl(this, lc, wspInfo.getConfig());
+        activeSessions.put(ses, ses);
+        return ses;
     }
 
     /**
@@ -854,7 +867,7 @@
          */
         synchronized SystemSession getSystemSession() throws RepositoryException {
             if (systemSession == null) {
-                systemSession = new SystemSession(RepositoryImpl.this, config);
+                systemSession = SystemSession.create(RepositoryImpl.this, config);
             }
             return systemSession;
         }

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java Fri Feb 25 08:48:02 2005
@@ -18,6 +18,8 @@
 
 import org.apache.commons.collections.ReferenceMap;
 import org.apache.jackrabbit.core.config.WorkspaceConfig;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.security.SimpleAccessManager;
 import org.apache.jackrabbit.core.nodetype.NodeDefId;
 import org.apache.jackrabbit.core.nodetype.NodeDefImpl;
 import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
@@ -29,9 +31,9 @@
 import org.apache.jackrabbit.core.version.VersionManager;
 import org.apache.jackrabbit.core.xml.DocViewSAXEventGenerator;
 import org.apache.jackrabbit.core.xml.ImportHandler;
-import org.apache.jackrabbit.core.xml.SysViewSAXEventGenerator;
-import org.apache.jackrabbit.core.xml.SessionImporter;
 import org.apache.jackrabbit.core.xml.Importer;
+import org.apache.jackrabbit.core.xml.SessionImporter;
+import org.apache.jackrabbit.core.xml.SysViewSAXEventGenerator;
 import org.apache.log4j.Logger;
 import org.apache.xml.serialize.OutputFormat;
 import org.apache.xml.serialize.XMLSerializer;
@@ -56,20 +58,23 @@
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
 import javax.jcr.Workspace;
 import javax.jcr.lock.LockException;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.version.VersionException;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.PrintStream;
 import java.security.AccessControlException;
+import java.security.Principal;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * A <code>SessionImpl</code> ...
@@ -102,6 +107,12 @@
     protected final String userId;
 
     /**
+     * the LoginContext of this session (can be null if this
+     * session was not instantiated through a login process)
+     */
+    protected LoginContext loginContext;
+
+    /**
      * the attibutes of this session
      */
     protected final HashMap attributes = new HashMap();
@@ -114,7 +125,7 @@
     /**
      * the AccessManager associated with this session
      */
-    protected AccessManagerImpl accessMgr;
+    protected AccessManager accessMgr;
 
     /**
      * the item state mgr associated with this session
@@ -155,64 +166,38 @@
      * Protected constructor.
      *
      * @param rep
-     * @param credentials
+     * @param loginContext
      * @param wspConfig
      */
-    protected SessionImpl(RepositoryImpl rep, Credentials credentials,
+    protected SessionImpl(RepositoryImpl rep, LoginContext loginContext,
                           WorkspaceConfig wspConfig)
             throws RepositoryException {
-        alive = true;
-        this.rep = rep;
-        if (credentials instanceof SimpleCredentials) {
-            SimpleCredentials sc = (SimpleCredentials) credentials;
-            // clear password for security reasons
-            char[] pwd = sc.getPassword();
-            if (pwd != null) {
-                for (int i = 0; i < pwd.length; i++) {
-                    pwd[i] = 0;
-                }
-            }
-            userId = sc.getUserId();
-            String[] names = sc.getAttributeNames();
-            for (int i = 0; i < names.length; i++) {
-                attributes.put(names[i], sc.getAttribute(names[i]));
-            }
-        } else {
-            userId = null;
-        }
-        nsMappings = new LocalNamespaceMappings(rep.getNamespaceRegistry());
-        ntMgr = new NodeTypeManagerImpl(rep.getNodeTypeRegistry(), getNamespaceResolver());
-        String wspName = wspConfig.getName();
-        wsp = new WorkspaceImpl(wspConfig, rep.getWorkspaceStateManager(wspName),
-                rep, this);
-        itemStateMgr = createSessionItemStateManager(wsp.getItemStateManager());
-        hierMgr = itemStateMgr.getHierarchyMgr();
-        itemMgr = createItemManager(itemStateMgr, hierMgr);
-        accessMgr = createAccessManager(credentials, hierMgr);
-        versionMgr = rep.getVersionManager();
-
-        // add virtual item managers only for normal sessions
-        if (!(this instanceof SystemSession)) {
-            try {
-                itemStateMgr.addVirtualItemStateProvider(versionMgr.getVirtualItemStateProvider(this, itemStateMgr));
-            } catch (Exception e) {
-                log.error("Unable to add vmgr: " + e.toString(), e);
-            }
-        }
+        this(rep, loginContext.getSubject(), wspConfig);
+        this.loginContext = loginContext;
     }
 
     /**
      * Protected constructor.
      *
      * @param rep
-     * @param userId
+     * @param subject
      * @param wspConfig
      */
-    protected SessionImpl(RepositoryImpl rep, String userId, WorkspaceConfig wspConfig)
+    protected SessionImpl(RepositoryImpl rep, Subject subject,
+                          WorkspaceConfig wspConfig)
             throws RepositoryException {
         alive = true;
         this.rep = rep;
-        this.userId = userId;
+        Set principals = subject.getPrincipals();
+        if (principals.isEmpty()) {
+            String msg = "unable to instantiate Session: no principals found";
+            log.error(msg);
+            throw new RepositoryException(msg);
+        } else {
+            // use 1st principal in case there are more that one
+            Principal principal = (Principal) principals.iterator().next();
+            userId = principal.getName();
+        }
         nsMappings = new LocalNamespaceMappings(rep.getNamespaceRegistry());
         ntMgr = new NodeTypeManagerImpl(rep.getNodeTypeRegistry(), getNamespaceResolver());
         String wspName = wspConfig.getName();
@@ -221,9 +206,10 @@
         itemStateMgr = createSessionItemStateManager(wsp.getItemStateManager());
         hierMgr = itemStateMgr.getHierarchyMgr();
         itemMgr = createItemManager(itemStateMgr, hierMgr);
+        accessMgr = createAccessManager(subject, hierMgr);
         versionMgr = rep.getVersionManager();
 
-        // add virtual item managers only for normal sessions
+        // add virtual item managers (only for non-system sessions)
         if (!(this instanceof SystemSession)) {
             try {
                 itemStateMgr.addVirtualItemStateProvider(versionMgr.getVirtualItemStateProvider(this, itemStateMgr));
@@ -239,7 +225,6 @@
      * @return session item state manager
      */
     protected SessionItemStateManager createSessionItemStateManager(UpdatableItemStateManager manager) {
-
         return new SessionItemStateManager(rep.getRootNodeUUID(),
                 manager, getNamespaceResolver());
     }
@@ -260,9 +245,9 @@
      *
      * @return access manager
      */
-    protected AccessManagerImpl createAccessManager(Credentials credentials,
-                                                    HierarchyManager hierMgr) {
-        return new AccessManagerImpl(credentials, hierMgr);
+    protected AccessManager createAccessManager(Subject subject,
+                                                HierarchyManager hierMgr) {
+        return new SimpleAccessManager(subject, hierMgr);
     }
 
     /**
@@ -284,7 +269,7 @@
      *
      * @return the <code>AccessManager</code> associated with this session
      */
-    public AccessManagerImpl getAccessManager() {
+    public AccessManager getAccessManager() {
         return accessMgr;
     }
 
@@ -1018,6 +1003,15 @@
         // invalidate session
         alive = false;
 
+        // logout jaas subject
+        if (loginContext != null) {
+            try {
+                loginContext.logout();
+            } catch (javax.security.auth.login.LoginException le) {
+                log.warn("failed to logout current subject: " + le.getMessage());
+            }
+            loginContext = null;
+        }
         // finally notify listeners that session has been closed
         notifyLoggedOut();
     }

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SystemSession.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SystemSession.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SystemSession.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SystemSession.java Fri Feb 25 08:48:02 2005
@@ -17,11 +17,18 @@
 package org.apache.jackrabbit.core;
 
 import org.apache.jackrabbit.core.config.WorkspaceConfig;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.security.SimpleAccessManager;
+import org.apache.jackrabbit.core.security.SystemPrincipal;
 import org.apache.log4j.Logger;
 
 import javax.jcr.AccessDeniedException;
-import javax.jcr.RepositoryException;
 import javax.jcr.ItemNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.security.auth.Subject;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
 
 /**
  * A <code>SystemTicket</code> ...
@@ -30,26 +37,53 @@
 
     private static Logger log = Logger.getLogger(SystemSession.class);
 
-    private static final String SYSTEM_USER_ID = "system";
+    /**
+     * Package private factory method
+     *
+     * @param rep
+     * @param wspConfig
+     * @return
+     * @throws RepositoryException
+     */
+    static SystemSession create(RepositoryImpl rep, WorkspaceConfig wspConfig)
+            throws RepositoryException {
+        // create subject with SystemPrincipal
+        Set principals = new HashSet();
+        principals.add(new SystemPrincipal());
+        Subject subject =
+                new Subject(true, principals, Collections.EMPTY_SET,
+                        Collections.EMPTY_SET);
+        return new SystemSession(rep, subject, wspConfig);
+    }
 
     /**
-     * Package private constructor.
+     * private constructor
      *
      * @param rep
      * @param wspConfig
      */
-    SystemSession(RepositoryImpl rep, WorkspaceConfig wspConfig)
+    private SystemSession(RepositoryImpl rep, Subject subject,
+                          WorkspaceConfig wspConfig)
             throws RepositoryException {
-        super(rep, SYSTEM_USER_ID, wspConfig);
+        super(rep, subject, wspConfig);
+    }
 
-        accessMgr = new SystemAccessManqager(hierMgr);
+    /**
+     * Overridden in order to create custom access manager
+     *
+     * @return access manager
+     */
+    protected AccessManager createAccessManager(Subject subject,
+                                                HierarchyManager hierMgr) {
+        //return new SystemAccessManager(subject, hierMgr);
+        return super.createAccessManager(subject, hierMgr);
     }
 
     //--------------------------------------------------------< inner classes >
-    private class SystemAccessManqager extends AccessManagerImpl {
+    private class SystemAccessManager extends SimpleAccessManager {
 
-        SystemAccessManqager(HierarchyManager hierMgr) {
-            super(null, hierMgr);
+        SystemAccessManager(Subject subject, HierarchyManager hierMgr) {
+            super(subject, hierMgr);
         }
 
         //----------------------------------------------------< AccessManager >

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/WorkspaceImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/WorkspaceImpl.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/WorkspaceImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/WorkspaceImpl.java Fri Feb 25 08:48:02 2005
@@ -17,9 +17,23 @@
 package org.apache.jackrabbit.core;
 
 import org.apache.jackrabbit.core.config.WorkspaceConfig;
-import org.apache.jackrabbit.core.nodetype.*;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.nodetype.ChildNodeDef;
+import org.apache.jackrabbit.core.nodetype.EffectiveNodeType;
+import org.apache.jackrabbit.core.nodetype.NodeDefId;
+import org.apache.jackrabbit.core.nodetype.NodeTypeConflictException;
+import org.apache.jackrabbit.core.nodetype.NodeTypeRegistry;
+import org.apache.jackrabbit.core.nodetype.PropDef;
+import org.apache.jackrabbit.core.nodetype.PropDefId;
 import org.apache.jackrabbit.core.search.QueryManagerImpl;
-import org.apache.jackrabbit.core.state.*;
+import org.apache.jackrabbit.core.state.ItemStateException;
+import org.apache.jackrabbit.core.state.ItemStateManager;
+import org.apache.jackrabbit.core.state.NoSuchItemStateException;
+import org.apache.jackrabbit.core.state.NodeState;
+import org.apache.jackrabbit.core.state.PropertyState;
+import org.apache.jackrabbit.core.state.SharedItemStateManager;
+import org.apache.jackrabbit.core.state.TransactionalItemStateManager;
+import org.apache.jackrabbit.core.state.UpdatableItemStateManager;
 import org.apache.jackrabbit.core.util.uuid.UUID;
 import org.apache.jackrabbit.core.xml.ImportHandler;
 import org.apache.log4j.Logger;
@@ -29,7 +43,18 @@
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
 
-import javax.jcr.*;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.InvalidItemStateException;
+import javax.jcr.InvalidSerializedDataException;
+import javax.jcr.ItemExistsException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.NamespaceRegistry;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.Workspace;
 import javax.jcr.lock.LockException;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.nodetype.NodeTypeManager;
@@ -328,7 +353,7 @@
      */
     protected static void checkAddNode(Path nodePath, QName nodeTypeName,
                                        NodeTypeRegistry ntReg,
-                                       AccessManagerImpl accessMgr,
+                                       AccessManager accessMgr,
                                        HierarchyManagerImpl hierMgr,
                                        ItemStateManager stateMgr)
             throws ConstraintViolationException, AccessDeniedException,
@@ -406,7 +431,7 @@
      */
     protected static void checkRemoveNode(Path nodePath,
                                           NodeTypeRegistry ntReg,
-                                          AccessManagerImpl accessMgr,
+                                          AccessManager accessMgr,
                                           HierarchyManagerImpl hierMgr,
                                           ItemStateManager stateMgr)
             throws ConstraintViolationException, AccessDeniedException,
@@ -595,7 +620,7 @@
                                      String destAbsPath,
                                      UpdatableItemStateManager destStateMgr,
                                      HierarchyManagerImpl destHierMgr,
-                                     AccessManagerImpl accessMgr,
+                                     AccessManager accessMgr,
                                      NamespaceResolver nsResolver,
                                      NodeTypeRegistry ntReg,
                                      boolean clone)

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java Fri Feb 25 08:48:02 2005
@@ -28,6 +28,7 @@
 import javax.transaction.xa.XAException;
 import javax.transaction.xa.XAResource;
 import javax.transaction.xa.Xid;
+import javax.security.auth.login.LoginContext;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -61,15 +62,15 @@
      * Create a new instance of this class.
      *
      * @param rep         repository
-     * @param credentials credentials
+     * @param loginContext credentials
      * @param wspConfig   workspace configuration
-     * @throws javax.jcr.RepositoryException if an error occurs
+     * @throws RepositoryException if an error occurs
      */
-    public XASessionImpl(RepositoryImpl rep, Credentials credentials,
+    public XASessionImpl(RepositoryImpl rep, LoginContext loginContext,
                          WorkspaceConfig wspConfig)
             throws RepositoryException {
 
-        super(rep, credentials, wspConfig);
+        super(rep, loginContext, wspConfig);
     }
 
     //-------------------------------------------------------------< XASession >

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AccessManager.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AccessManager.java?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AccessManager.java (added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AccessManager.java Fri Feb 25 08:48:02 2005
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import org.apache.jackrabbit.core.ItemId;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.ItemNotFoundException;
+
+/**
+ * The <code>AccessManager</code> can be queried to determines whether permission
+ * is granted to perform a specific action on a specific item.
+ */
+public interface AccessManager {
+
+    /** READ permission constant */
+    public static final int READ = 1;
+    /** WRITE permission constant */
+    public static final int WRITE = 2;
+
+    /**
+     * Determines whether the specified <code>permissions</code> are granted
+     * on the item with the specified <code>id</code> (i.e. the <i>target</i> item).
+     *
+     * @param id the id of the target item
+     * @param permissions A combination of one or more of the following constants
+     * encoded as a bitmask value:
+     * <ul>
+     * <li><code>READ</code></li>
+     * <li><code>WRITE</code></li>
+     * </ul>
+     *
+     * @throws AccessDeniedException if permission is denied
+     * @throws ItemNotFoundException if the target item does not exist
+     * @throws RepositoryException it an error occurs
+     */
+    public void checkPermission(ItemId id, int permissions)
+            throws AccessDeniedException, ItemNotFoundException, RepositoryException;
+
+    /**
+     * Determines whether the specified <code>permissions</code> are granted
+     * on the item with the specified <code>id</code> (i.e. the <i>target</i> item).
+     *
+     * @param id the id of the target item
+     * @param permissions A combination of one or more of the following constants
+     * @return <code>true</code> if permission is granted; otherwise <code>false</code>
+     * @throws ItemNotFoundException if the target item does not exist
+     * @throws RepositoryException it an error occurs
+     */
+    public boolean isGranted(ItemId id, int permissions)
+            throws ItemNotFoundException, RepositoryException;
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AccessManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AnonymousPrincipal.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AnonymousPrincipal.java?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AnonymousPrincipal.java (added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AnonymousPrincipal.java Fri Feb 25 08:48:02 2005
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A <code>AnonymousPrincipal</code> ...
+ */
+public class AnonymousPrincipal implements Principal, Serializable {
+
+    private static final String ANONYMOUS_USER = "anonymous";
+
+    /**
+     * Creates an <code>AnonymousPrincipal</code>.
+     */
+    public AnonymousPrincipal() {
+    }
+
+    public String toString() {
+        return ("AnonymousPrincipal");
+    }
+
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof AnonymousPrincipal) {
+            return true;
+        }
+        return false;
+    }
+
+    public int hashCode() {
+        return ANONYMOUS_USER.hashCode();
+    }
+
+    //------------------------------------------------------------< Principal >
+    /**
+     * @see Principal#getName()
+     */
+    public String getName() {
+        return ANONYMOUS_USER;
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/AnonymousPrincipal.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallback.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallback.java?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallback.java (added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallback.java Fri Feb 25 08:48:02 2005
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import javax.jcr.Credentials;
+import javax.security.auth.callback.Callback;
+import java.io.Serializable;
+
+/**
+ * A <code>CredentialsCallback</code> ...
+ */
+public class CredentialsCallback implements Callback, Serializable {
+
+    private Credentials credentials;
+
+    /**
+     * Constructor
+     */
+    public CredentialsCallback() {
+    }
+
+    /**
+     * Get the retrieved credentials.
+     *
+     * @return the retrieved credentials (which may be null)
+     */
+    public Credentials getCredentials() {
+        return credentials;
+    }
+
+    /**
+     * Set the retrieved credentials.
+     *
+     * @param credentials the retrieved credentials (which may be null)
+     */
+    public void setCredentials(Credentials credentials) {
+        this.credentials = credentials;
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallback.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallbackHandler.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallbackHandler.java?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallbackHandler.java (added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallbackHandler.java Fri Feb 25 08:48:02 2005
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import org.apache.log4j.Logger;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+/**
+ * A <code>CredentialsCallbackHandler</code> ...
+ */
+public class CredentialsCallbackHandler implements CallbackHandler {
+
+    private static Logger log = Logger.getLogger(CredentialsCallbackHandler.class);
+
+    protected final Credentials credentials;
+
+    /**
+     * Constructor
+     *
+     * @param credentials
+     */
+    public CredentialsCallbackHandler(Credentials credentials) {
+        this.credentials = credentials;
+    }
+
+    //------------------------------------------------------< CallbackHandler >
+    /**
+     * @see CallbackHandler#handle(Callback[])
+     */
+    public void handle(Callback[] callbacks) throws IOException,
+            UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof CredentialsCallback) {
+                CredentialsCallback ccb = (CredentialsCallback) callbacks[i];
+                // supply credentials
+                ccb.setCredentials(credentials);
+            } else if (callbacks[i] instanceof NameCallback
+                    && credentials instanceof SimpleCredentials) {
+                NameCallback ncb = (NameCallback) callbacks[i];
+                SimpleCredentials sc = (SimpleCredentials) credentials;
+                // supply name
+                ncb.setName(sc.getUserId());
+            } else if (callbacks[i] instanceof PasswordCallback
+                    && credentials instanceof SimpleCredentials) {
+                PasswordCallback pcb = (PasswordCallback) callbacks[i];
+                SimpleCredentials sc = (SimpleCredentials) credentials;
+                // supply password
+                pcb.setPassword(sc.getPassword());
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/CredentialsCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleAccessManager.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleAccessManager.java?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleAccessManager.java (added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleAccessManager.java Fri Feb 25 08:48:02 2005
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import org.apache.jackrabbit.core.HierarchyManager;
+import org.apache.jackrabbit.core.ItemId;
+import org.apache.log4j.Logger;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.security.auth.Subject;
+
+/**
+ * <code>SimpleAccessManager</code> ...
+ */
+public class SimpleAccessManager implements AccessManager {
+
+    private static Logger log = Logger.getLogger(SimpleAccessManager.class);
+
+    /**
+     * Subject whose access rights this AccessManager should reflect
+     */
+    protected final Subject subject;
+
+    /**
+     * hierarchy manager used for ACL-based access control model
+     */
+    protected final HierarchyManager hierMgr;
+
+    protected final boolean system;
+    protected final boolean anonymous;
+
+    /**
+     * Constructor
+     *
+     * @param subject
+     * @param hierMgr
+     */
+    public SimpleAccessManager(Subject subject, HierarchyManager hierMgr) {
+        this.subject = subject;
+        this.hierMgr = hierMgr;
+        anonymous = !subject.getPrincipals(AnonymousPrincipal.class).isEmpty();
+        system = !subject.getPrincipals(SystemPrincipal.class).isEmpty();
+    }
+
+    //--------------------------------------------------------< AccessManager >
+    /**
+     * @see AccessManager#checkPermission(ItemId, int)
+     */
+    public void checkPermission(ItemId id, int permissions)
+            throws AccessDeniedException, ItemNotFoundException,
+            RepositoryException {
+        if (system) {
+            // system has always all permissions
+            return;
+        } else if (anonymous) {
+            // anonymous is always denied WRITE premission
+            if ((permissions & WRITE) == WRITE) {
+                throw new AccessDeniedException();
+            }
+        }
+        // @todo check permission based on principals
+    }
+
+    /**
+     * @see AccessManager#isGranted(ItemId, int)
+     */
+    public boolean isGranted(ItemId id, int permissions)
+            throws ItemNotFoundException, RepositoryException {
+        if (system) {
+            // system has always all permissions
+            return true;
+        } else if (anonymous) {
+            // anonymous is always denied WRITE premission
+            if ((permissions & WRITE) == WRITE) {
+                return false;
+            }
+        }
+
+        // @todo check permission based on principals
+        return true;
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleAccessManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleLoginModule.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleLoginModule.java?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleLoginModule.java (added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleLoginModule.java Fri Feb 25 08:48:02 2005
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import org.apache.log4j.Logger;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * A <code>SimpleLoginModule</code> ...
+ */
+public class SimpleLoginModule implements LoginModule {
+
+    private static Logger log = Logger.getLogger(SimpleLoginModule.class);
+
+    // initial state
+    private Subject subject;
+    private CallbackHandler callbackHandler;
+    private Map sharedState;
+    private Map options;
+
+    // configurable options
+    //private boolean someOpt = false;
+
+    // local authentication state:
+    // the principals, i.e. the authenticated identities
+    private final Set principals = new HashSet();
+
+    /**
+     * Constructor
+     */
+    public SimpleLoginModule() {
+    }
+
+    //----------------------------------------------------------< LoginModule >
+    /**
+     * @see LoginModule#initialize(Subject, CallbackHandler, Map, Map)
+     */
+    public void initialize(Subject subject, CallbackHandler callbackHandler,
+                           Map sharedState, Map options) {
+        this.subject = subject;
+        this.callbackHandler = callbackHandler;
+        this.sharedState = sharedState;
+        this.options = options;
+
+        // initialize any configured options
+        //someOpt = "true".equalsIgnoreCase((String)options.get("someOpt"));
+    }
+
+    /**
+     * @see LoginModule#login()
+     */
+    public boolean login() throws LoginException {
+        // prompt for a user name and password
+        if (callbackHandler == null) {
+            throw new LoginException("no CallbackHandler available");
+        }
+
+        Callback[] callbacks = new Callback[]{
+            new CredentialsCallback()
+        };
+
+        boolean authenticated = false;
+        principals.clear();
+        try {
+            callbackHandler.handle(callbacks);
+            // credentials
+            CredentialsCallback ccb = (CredentialsCallback) callbacks[0];
+            Credentials creds = ccb.getCredentials();
+            if (creds != null) {
+                if (creds instanceof SimpleCredentials) {
+                    SimpleCredentials sc = (SimpleCredentials) creds;
+                    // authenticate
+                    // @todo implement simple username/password authentication
+                    // assume the user we authenticated is the UserPrincipal
+                    principals.add(new UserPrincipal(sc.getUserId()));
+                    authenticated = true;
+                }
+            } else {
+                // null credentials, assume AnonymousPrincipal
+                principals.add(new AnonymousPrincipal());
+                authenticated = true;
+            }
+        } catch (java.io.IOException ioe) {
+            throw new LoginException(ioe.toString());
+        } catch (UnsupportedCallbackException uce) {
+            throw new LoginException(uce.getCallback().toString() + " not available");
+        }
+
+        if (authenticated) {
+            return !principals.isEmpty();
+        } else {
+            // authentication failed: clean out state
+            principals.clear();
+            throw new FailedLoginException();
+        }
+    }
+
+    /**
+     * @see LoginModule#commit()
+     */
+    public boolean commit() throws LoginException {
+        if (principals.isEmpty()) {
+            return false;
+        } else {
+            // add a principals (authenticated identities) to the Subject
+            subject.getPrincipals().addAll(principals);
+            return true;
+        }
+    }
+
+    /**
+     * @see LoginModule#abort()
+     */
+    public boolean abort() throws LoginException {
+        if (principals.isEmpty()) {
+            return false;
+        } else {
+            logout();
+        }
+        return true;
+    }
+
+    /**
+     * @see LoginModule#logout()
+     */
+    public boolean logout() throws LoginException {
+        subject.getPrincipals().removeAll(principals);
+        principals.clear();
+        return true;
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SimpleLoginModule.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SystemPrincipal.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SystemPrincipal.java?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SystemPrincipal.java (added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SystemPrincipal.java Fri Feb 25 08:48:02 2005
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A <code>SystemPrincipal</code> ...
+ */
+public class SystemPrincipal implements Principal, Serializable {
+
+    private static final String SYSTEM_USER = "system";
+
+    /**
+     * Creates a <code>SystemPrincipal</code>.
+     */
+    public SystemPrincipal() {
+    }
+
+    public String toString() {
+        return ("SystemPrincipal");
+    }
+
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof SystemPrincipal) {
+            return true;
+        }
+        return false;
+    }
+
+    public int hashCode() {
+        return SYSTEM_USER.hashCode();
+    }
+
+    //------------------------------------------------------------< Principal >
+    /**
+     * @see Principal#getName()
+     */
+    public String getName() {
+        return SYSTEM_USER;
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/SystemPrincipal.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/UserPrincipal.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/UserPrincipal.java?view=auto&rev=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/UserPrincipal.java (added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/UserPrincipal.java Fri Feb 25 08:48:02 2005
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A <code>UserPrincipal</code> ...
+ */
+public class UserPrincipal implements Principal, Serializable {
+
+    private final String name;
+
+    /**
+     * Creates a <code>UserPrincipal</code> with the given name.
+     *
+     * @param name the name of this principal
+     * @throws IllegalArgumentException if <code>name</code> is <code>null</code>.
+     */
+    public UserPrincipal(String name) {
+        if (name == null) {
+            throw new IllegalArgumentException("name can not be null");
+        }
+        this.name = name;
+    }
+
+    public String toString() {
+        return ("UserPrincipal: " + name);
+    }
+
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof UserPrincipal) {
+            UserPrincipal other = (UserPrincipal) obj;
+            return name.equals(other.name);
+        }
+        return false;
+    }
+
+    public int hashCode() {
+        return name.hashCode();
+    }
+
+    //------------------------------------------------------------< Principal >
+    /**
+     * @see Principal#getName()
+     */
+    public String getName() {
+        return name;
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/jaas/UserPrincipal.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/observation/EventConsumer.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/observation/EventConsumer.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/observation/EventConsumer.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/observation/EventConsumer.java Fri Feb 25 08:48:02 2005
@@ -16,7 +16,11 @@
  */
 package org.apache.jackrabbit.core.observation;
 
-import org.apache.jackrabbit.core.*;
+import org.apache.jackrabbit.core.ItemId;
+import org.apache.jackrabbit.core.NodeId;
+import org.apache.jackrabbit.core.PropertyId;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.AccessManager;
 import org.apache.log4j.Logger;
 
 import javax.jcr.RepositoryException;
@@ -24,7 +28,12 @@
 import javax.jcr.observation.Event;
 import javax.jcr.observation.EventIterator;
 import javax.jcr.observation.EventListener;
-import java.util.*;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * The <code>EventConsumer</code> class combines the {@link

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/search/lucene/QueryImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/search/lucene/QueryImpl.java?view=diff&r1=155343&r2=155344
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/search/lucene/QueryImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/search/lucene/QueryImpl.java Fri Feb 25 08:48:02 2005
@@ -16,11 +16,22 @@
  */
 package org.apache.jackrabbit.core.search.lucene;
 
-import org.apache.jackrabbit.core.*;
 import org.apache.jackrabbit.core.Constants;
+import org.apache.jackrabbit.core.ItemManager;
+import org.apache.jackrabbit.core.NodeId;
+import org.apache.jackrabbit.core.QName;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.AccessManager;
 import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
 import org.apache.jackrabbit.core.nodetype.PropertyDefImpl;
-import org.apache.jackrabbit.core.search.*;
+import org.apache.jackrabbit.core.search.DefaultQueryNodeVisitor;
+import org.apache.jackrabbit.core.search.ExecutableQuery;
+import org.apache.jackrabbit.core.search.LocationStepQueryNode;
+import org.apache.jackrabbit.core.search.NodeTypeQueryNode;
+import org.apache.jackrabbit.core.search.OrderQueryNode;
+import org.apache.jackrabbit.core.search.PropertyTypeRegistry;
+import org.apache.jackrabbit.core.search.QueryParser;
+import org.apache.jackrabbit.core.search.QueryRootNode;
 import org.apache.log4j.Logger;
 import org.apache.lucene.search.Hits;
 import org.apache.lucene.search.Query;
@@ -125,7 +136,7 @@
 
         List uuids;
         List scores;
-        AccessManagerImpl accessMgr = session.getAccessManager();
+        AccessManager accessMgr = session.getAccessManager();
 
         // execute it
         try {



Mime
View raw message