Add API to retrieve effective policies for a set of principals for a given path

JCR and Jackrabbit API currently provide the following methods to retrieve effective policies:

javax.jcr.security.AccessControlManager

    AccessControlPolicy[] getEffectivePolicies(String absPath)
            throws PathNotFoundException, AccessDeniedException, RepositoryException;

org.apache.jackrabbit.api.security.JackrabbitAccessControlManager

    AccessControlPolicy[] getEffectivePolicies(@NotNull Set<Principal> principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException;

The missing piece

What is not possible today however is retrieving the effective policies for a given set of principals that take effect on a particular path. While consumers of the method provided JackrabbitAccessControlManager might be able to guess where the policies take effect and thus filter the accordingly, this should not be taken for granted and it would be better if there was an API to retrieve the filtered set as the implementations of JackrabbitAccessControlManager are able to determine the effect (instead of guessing).... in particular when restrictions are present.

I would there suggest to introduce in JackrabbitAccessControlManager something like

    Iterator<AccessControlPolicy> getEffectivePolicies(@NotNull Set<Principal> principals, @Nullable String absPath) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException;

cc: cschneider who highlighted the issue to me while investigating an issue with Sling Content Distribution.