Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java	(revision 806112)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java	(working copy)
@@ -79,7 +79,7 @@
      * @return
      * @throws javax.jcr.RepositoryException
      */
-    public NodeIterator findNodes(Set propertyNames, String value, Name ntName,
+    public NodeIterator findNodes(Set<Name> propertyNames, String value, Name ntName,
                                   boolean exact, long maxSize) throws RepositoryException {
         Query query = buildQuery(value, propertyNames, ntName, exact, maxSize);
         return query.execute().getNodes();
@@ -115,7 +115,7 @@
      * @return
      * @throws RepositoryException
      */
-    private Query buildQuery(String value, Set props, Name ntName,
+    private Query buildQuery(String value, Set<Name> props, Name ntName,
                              boolean exact, long maxSize)
             throws RepositoryException {
         StringBuilder stmt = new StringBuilder("/jcr:root");
@@ -128,10 +128,9 @@
         } else {
             stmt.append(")[");
             int i = 0;
-            Iterator itr = props.iterator();
-            while (itr.hasNext()) {
+            for (Name prop : props) {
                 stmt.append((exact) ? "@" : "jcr:like(@");
-                String pName = getNamePathResolver().getJCRName((Name) itr.next());
+                String pName = getNamePathResolver().getJCRName(prop);
                 stmt.append(ISO9075.encode(pName));
                 if (exact) {
                     stmt.append("='");
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java	(revision 806112)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java	(working copy)
@@ -16,18 +16,17 @@
  */
 package org.apache.jackrabbit.core.security.user;
 
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.util.Collections;
+import java.util.Set;
 
 import javax.jcr.Node;
 import javax.jcr.NodeIterator;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import java.util.Collections;
-import java.util.Set;
 
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
+
 /**
  * Resolver: searches for Principals stored in Nodes of a {@link javax.jcr.Workspace}
  * which match a certain criteria<p>
@@ -35,8 +34,6 @@
  */
 abstract class NodeResolver {
 
-    private static final Logger log = LoggerFactory.getLogger(NodeResolver.class);
-
     private final Session session;
     private final NamePathResolver resolver;
 
@@ -109,7 +106,7 @@
      * @return matching nodes (or an empty iterator if no match was found).
      * @throws RepositoryException If an error occurs.
      */
-    public abstract NodeIterator findNodes(Set propertyNames, String value,
+    public abstract NodeIterator findNodes(Set<Name> propertyNames, String value,
                                            Name ntName, boolean exact, long maxSize)
             throws RepositoryException;
 
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java	(revision 806112)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java	(working copy)
@@ -16,6 +16,14 @@
  */
 package org.apache.jackrabbit.core.security.user;
 
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.security.auth.Subject;
+
 import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
@@ -31,14 +39,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
 /**
  * ImpersonationImpl
  */
@@ -59,15 +59,14 @@
      * @see Impersonation#getImpersonators()
      */
     public PrincipalIterator getImpersonators() throws RepositoryException {
-        Set impersonators = getImpersonatorNames();
+        Set<String> impersonators = getImpersonatorNames();
         if (impersonators.isEmpty()) {
             return PrincipalIteratorAdapter.EMPTY;
         } else {
             final PrincipalManager pMgr = user.getSession().getPrincipalManager();
 
-            Set s = new HashSet();
-            for (Iterator it = impersonators.iterator(); it.hasNext();) {
-                String pName = it.next().toString();
+            Set<Principal> s = new HashSet<Principal>();
+            for (String pName: impersonators) {
                 Principal p = null;
                 if (pMgr.hasPrincipal(pName)) {
                     try {
@@ -115,7 +114,7 @@
         }
 
         boolean granted = false;
-        Set impersonators = getImpersonatorNames();
+        Set<String> impersonators = getImpersonatorNames();
         if (impersonators.add(pName)) {
             updateImpersonatorNames(impersonators);
             granted = true;
@@ -135,7 +134,7 @@
         boolean revoked = false;
         String pName = principal.getName();
 
-        Set impersonators = getImpersonatorNames();
+        Set<String> impersonators = getImpersonatorNames();
         if (impersonators.remove(pName)) {
             updateImpersonatorNames(impersonators);
             revoked = true;
@@ -156,9 +155,9 @@
             return true;
         }
 
-        Set principalNames = new HashSet();
-        for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
-            principalNames.add(((Principal) it.next()).getName());
+        Set<String> principalNames = new HashSet<String>();
+        for (Principal p: subject.getPrincipals()) {
+            principalNames.add(p.getName());
         }
 
         boolean allows = false;
@@ -174,21 +173,21 @@
 
     //------------------------------------------------------------< private >---
 
-    private Set getImpersonatorNames() throws RepositoryException {
-        Set princNames = new HashSet();
+    private Set<String> getImpersonatorNames() throws RepositoryException {
+        Set<String> princNames = new HashSet<String>();
         if (user.getNode().hasProperty(P_IMPERSONATORS)) {
             Value[] vs = user.getNode().getProperty(P_IMPERSONATORS).getValues();
-            for (int i = 0; i < vs.length; i++) {
-                princNames.add(vs[i].getString());
+            for (Value v : vs) {
+                princNames.add(v.getString());
             }
         }
         return princNames;
     }
 
-    private void updateImpersonatorNames(Set principalNames) throws RepositoryException {
+    private void updateImpersonatorNames(Set<String> principalNames) throws RepositoryException {
         NodeImpl userNode = user.getNode();
         try {
-            String[] pNames = (String[]) principalNames.toArray(new String[principalNames.size()]);
+            String[] pNames = principalNames.toArray(new String[principalNames.size()]);
             if (pNames.length == 0) {
                 PropertyImpl prop = userNode.getProperty(P_IMPERSONATORS);
                 userManager.removeProtectedItem(prop, userNode);
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java	(revision 806112)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java	(working copy)
@@ -80,13 +80,13 @@
      * @see Authorizable#getPrincipals()
      */
     public PrincipalIterator getPrincipals() throws RepositoryException {
-        Collection coll = new ArrayList();
+        Collection<Principal> coll = new ArrayList<Principal>();
         // the first element is the main principal of this user.
         coll.add(getPrincipal());
         // in addition add all referees.
         PrincipalManager prMgr = getSession().getPrincipalManager();
-        for (Iterator it = getRefereeValues().iterator(); it.hasNext();) {
-            String refName = ((Value) it.next()).getString();
+        for (Object o : getRefereeValues()) {
+            String refName = ((Value) o).getString();
             Principal princ = null;
             if (prMgr.hasPrincipal(refName)) {
                 try {
@@ -96,7 +96,7 @@
                 }
             }
             if (princ == null) {
-                log.warn("Principal "+ refName +" unknown to PrincipalManager.");
+                log.warn("Principal " + refName + " unknown to PrincipalManager.");
                 princ = new PrincipalImpl(refName);
             }
             coll.add(princ);
@@ -111,7 +111,7 @@
         String principalName = principal.getName();
         Value princValue = getSession().getValueFactory().createValue(principalName);
 
-        List refereeValues = getRefereeValues();
+        List<Value> refereeValues = getRefereeValues();
         if (refereeValues.contains(princValue) || getPrincipal().getName().equals(principalName)) {
             return false;
         }
@@ -120,7 +120,7 @@
         }
         refereeValues.add(princValue);
 
-        userManager.setProtectedProperty(node, P_REFEREES, (Value[]) refereeValues.toArray(new Value[refereeValues.size()]));
+        userManager.setProtectedProperty(node, P_REFEREES, refereeValues.toArray(new Value[refereeValues.size()]));
         return true;
     }
 
@@ -129,14 +129,14 @@
      */
     public synchronized boolean removeReferee(Principal principal) throws RepositoryException {
         Value princValue = getSession().getValueFactory().createValue(principal.getName());
-        List existingValues = getRefereeValues();
+        List<Value> existingValues = getRefereeValues();
 
         if (existingValues.remove(princValue))  {
             PropertyImpl prop = node.getProperty(P_REFEREES);
             if (existingValues.isEmpty()) {
                 userManager.removeProtectedItem(prop, node);
             } else {
-                userManager.setProtectedProperty(node, P_REFEREES, (Value[]) existingValues.toArray(new Value[existingValues.size()]));
+                userManager.setProtectedProperty(node, P_REFEREES, existingValues.toArray(new Value[existingValues.size()]));
             }
             return true;
         }
@@ -148,8 +148,8 @@
     /**
      * @see Authorizable#declaredMemberOf()
      */
-    public Iterator declaredMemberOf() throws RepositoryException {
-        List memberShip = new ArrayList();
+    public Iterator<Group> declaredMemberOf() throws RepositoryException {
+        List<Group> memberShip = new ArrayList<Group>();
         collectMembership(memberShip, false);
         return memberShip.iterator();
     }
@@ -157,8 +157,8 @@
     /**
      * @see Authorizable#memberOf()
      */
-    public Iterator memberOf() throws RepositoryException {
-        List memberShip = new ArrayList();
+    public Iterator<Group> memberOf() throws RepositoryException {
+        List<Group> memberShip = new ArrayList<Group>();
         collectMembership(memberShip, true);
         return memberShip.iterator();
     }
@@ -166,8 +166,8 @@
     /**
      * @see Authorizable#getPropertyNames()
      */
-    public Iterator getPropertyNames() throws RepositoryException {
-        List l = new ArrayList();
+    public Iterator<String> getPropertyNames() throws RepositoryException {
+        List<String> l = new ArrayList<String>();
         for (PropertyIterator it = node.getProperties(); it.hasNext();) {
             Property prop = it.nextProperty();
             if (isAuthorizableProperty(prop)) {
@@ -334,13 +334,13 @@
 
         Value toRemove = getSession().getValueFactory().createValue(group.getNode(), true);
         PropertyImpl property = node.getProperty(P_GROUPS);
-        List valList = new ArrayList(Arrays.asList(property.getValues()));
+        List<Value> valList = new ArrayList<Value>(Arrays.asList(property.getValues()));
         if (valList.remove(toRemove)) {
             try {
                 if (valList.isEmpty()) {
                     userManager.removeProtectedItem(property, node);
                 } else {
-                    Value[] values = (Value[]) valList.toArray(new Value[valList.size()]);
+                    Value[] values = valList.toArray(new Value[valList.size()]);
                     userManager.setProtectedProperty(node, P_GROUPS, values);
                 }
                 return true;
@@ -356,15 +356,15 @@
         }
     }
 
-    private void collectMembership(List groups, boolean includedIndirect) throws RepositoryException {
+    private void collectMembership(List<Group> groups, boolean includedIndirect) throws RepositoryException {
         NodeImpl node = getNode();
         if (!node.hasProperty(P_GROUPS)) {
             return;
         }
         Value[] refs = node.getProperty(P_GROUPS).getValues();
-        for (int i = 0; i < refs.length; i++) {
+        for (Value ref : refs) {
             try {
-                NodeImpl groupNode = (NodeImpl) getSession().getNodeByUUID(refs[i].getString());
+                NodeImpl groupNode = (NodeImpl) getSession().getNodeByUUID(ref.getString());
                 Group group = GroupImpl.create(groupNode, userManager);
                 if (groups.add(group) && includedIndirect) {
                     ((AuthorizableImpl) group).collectMembership(groups, true);
@@ -372,7 +372,7 @@
             } catch (ItemNotFoundException e) {
                 // groupNode doesn't exist any more
                 log.warn("Group node referenced by " + getID() + " doesn't exist anymore -> Ignored from membership list.");
-                // TODO: ev. clean up list of group memberships
+                // TODO: possibly clean up list of group memberships
             }
         }
     }
@@ -441,14 +441,12 @@
         }
     }
 
-    private List getRefereeValues() throws RepositoryException {
-        List principalNames = new ArrayList();
+    private List<Value> getRefereeValues() throws RepositoryException {
+        List<Value> principalNames = new ArrayList<Value>();
         if (node.hasProperty(P_REFEREES)) {
             try {
-                Value[] refProp = node.getProperty(P_REFEREES).getValues();
-                for (int i = 0; i < refProp.length; i++) {
-                    principalNames.add(refProp[i]);
-                }
+                principalNames.addAll(Arrays.asList(
+                        node.getProperty(P_REFEREES).getValues()));
             } catch (PathNotFoundException e) {
                 // ignore. should never occur.
             }
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java	(revision 806112)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java	(working copy)
@@ -462,7 +462,7 @@
      * @throws RepositoryException
      */
     boolean hasAuthorizableOrReferee(Principal principal) throws RepositoryException {
-        Set s = new HashSet(2);
+        Set<Name> s = new HashSet<Name>(2);
         s.add(P_PRINCIPAL_NAME);
         s.add(P_REFEREES);
         NodeIterator res = authResolver.findNodes(s, principal.getName(), NT_REP_AUTHORIZABLE, true, 1);
@@ -569,7 +569,7 @@
     private NodeImpl getUserNode(String userID) throws RepositoryException {
         NodeImpl n = (NodeImpl) idResolver.findNode(userID, false);
         if (n == null && compatibleJR16) {
-            // backwards-compatibiltiy with JR < 2.0 user structure that doesn't
+            // backwards-compatibility with JR < 2.0 user structure that doesn't
             // allow to determine the auth-path from the id directly.
             // search for it the node belonging to that userID
             n = (NodeImpl) authResolver.findNode(P_USERID, userID, NT_REP_USER);
@@ -587,7 +587,7 @@
     private NodeImpl getGroupNode(String groupID) throws RepositoryException {
         NodeImpl n = (NodeImpl) idResolver.findNode(groupID, true);
         if (n == null && compatibleJR16) {
-            // backwards-compatibiltiy with JR < 2.0 group structure that doesn't
+            // backwards-compatibility with JR < 2.0 group structure that doesn't
             // allow to determine the auth-path from the id directly
             // search for it the node belonging to that groupID.
             // NOTE: JR < 2.0 always returned groupIDs that didn't contain any
@@ -627,7 +627,7 @@
      */
     private final class AuthorizableIterator implements Iterator {
 
-        private final Set served = new HashSet();
+        private final Set<String> served = new HashSet<String>();
 
         private Authorizable next;
         private NodeIterator authNodeIter;
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java	(revision 806112)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java	(working copy)
@@ -100,7 +100,7 @@
     /**
      * @inheritDoc
      */
-    public NodeIterator findNodes(Set propertyNames, String value, Name ntName,
+    public NodeIterator findNodes(Set<Name> propertyNames, String value, Name ntName,
                                   boolean exact, long maxSize) throws RepositoryException {
         String sr = getSearchRoot(ntName);
         if (getSession().nodeExists(sr)) {
@@ -151,11 +151,12 @@
      * @param exact   if set to true the value has to match exactly else a
      * substring is searched
      * @param maxSize
+     * @return
      */
-    private NodeIterator collectNodes(String value, Set props, Name ntName,
+    private NodeIterator collectNodes(String value, Set<Name> props, Name ntName,
                                       NodeIterator nodes, boolean exact,
                                       long maxSize) {
-        Set matchSet = new HashSet();
+        Set<Node> matchSet = new HashSet<Node>();
         collectNodes(value, props, ntName, nodes, matchSet, exact, maxSize);
         return new NodeIteratorAdapter(matchSet);
     }
@@ -172,9 +173,9 @@
      * @param exact         if set to true the value has to match exact
      * @param maxSize
      */
-    private void collectNodes(String value, Set propertyNames,
+    private void collectNodes(String value, Set<Name> propertyNames,
                               Name nodeTypeName, NodeIterator itr,
-                              Set matchSet, boolean exact, long maxSize) {
+                              Set<Node> matchSet, boolean exact, long maxSize) {
         while (itr.hasNext()) {
             NodeImpl node = (NodeImpl) itr.nextNode();
             try {
@@ -203,7 +204,7 @@
      * @throws RepositoryException
      */
     private static boolean matches(NodeImpl node, Name nodeTypeName,
-                            Collection propertyNames, String value,
+                            Collection<Name> propertyNames, String value,
                             boolean exact) throws RepositoryException {
 
         boolean match = false;
@@ -216,9 +217,9 @@
                         match = (exact) ? node.getName().equals(value) :
                                 node.getName().matches(".*"+value+".*");
                     } else {
-                        Iterator pItr = propertyNames.iterator();
+                        Iterator<Name> pItr = propertyNames.iterator();
                         while (!match && pItr.hasNext()) {
-                            Name propertyName = (Name) pItr.next();
+                            Name propertyName = pItr.next();
                             if (node.hasProperty(propertyName)) {
                                 Property prop = node.getProperty(propertyName);
                                 if (prop.getDefinition().isMultiple()) {
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java	(revision 806112)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java	(working copy)
@@ -133,7 +133,7 @@
             userAdminGroup = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
             groupAdminGroup = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
 
-            // make sure the groups exist (and ev. create them).
+            // make sure the groups exist (and possibly create them).
             UserManager uMgr = sImpl.getUserManager();
             if (!initGroup(uMgr, userAdminGroup)) {
                 log.warn("Unable to initialize User admininistrator group -> no user admins.");
@@ -174,7 +174,7 @@
     /**
      * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#compilePermissions(Set)
      */
-    public CompiledPermissions compilePermissions(Set principals) throws RepositoryException {
+    public CompiledPermissions compilePermissions(Set<Principal> principals) throws RepositoryException {
         checkInitialized();
         if (isAdminOrSystem(principals)) {
             return getAdminPermissions();
@@ -201,11 +201,10 @@
 
     //------------------------------------------------------------< private >---
 
-    private ItemBasedPrincipal getUserPrincipal(Set principals) {
+    private ItemBasedPrincipal getUserPrincipal(Set<Principal> principals) {
         try {
             UserManager uMgr = session.getUserManager();
-            for (Iterator it = principals.iterator(); it.hasNext();) {
-                Principal p = (Principal) it.next();
+            for (Principal p : principals) {
                 if (!(p instanceof Group) && p instanceof ItemBasedPrincipal
                         && uMgr.getAuthorizable(p) != null) {
                     return (ItemBasedPrincipal) p;
@@ -253,7 +252,7 @@
         return PrivilegeRegistry.getBits(privs);
     }
 
-    private static boolean containsGroup(Set principals, String groupName) {
+    private static boolean containsGroup(Set<Principal> principals, String groupName) {
         for (Iterator it = principals.iterator(); it.hasNext() && groupName != null;) {
             Principal p = (Principal) it.next();
             if (p.getName().equals(groupName)) {
@@ -296,7 +295,7 @@
         private boolean isUserAdmin;
         private boolean isGroupAdmin;
 
-        protected CompiledPermissionsImpl(Set principals, String userNodePath) throws RepositoryException {
+        protected CompiledPermissionsImpl(Set<Principal> principals, String userNodePath) throws RepositoryException {
             this.userNodePath = userNodePath;
             isUserAdmin = containsGroup(principals, userAdminGroup);
             isGroupAdmin = containsGroup(principals, groupAdminGroup);
@@ -321,7 +320,7 @@
 
             if (userNode == null) {
                 // no Node corresponding to user for which the permissions are
-                // calculated -> no permissions/priviles.
+                // calculated -> no permissions/privileges.
                 log.debug("No node at " + userNodePath);
                 return new Result(Permission.NONE, Permission.NONE, PrivilegeRegistry.NO_PRIVILEGE, PrivilegeRegistry.NO_PRIVILEGE);
             }
@@ -493,8 +492,8 @@
                                 if (session.propertyExists(evPath)) {
                                     Value[] vs = session.getProperty(evPath).getValues();
                                     String princName = session.getJCRName(P_PRINCIPAL_NAME);
-                                    for (int i = 0; i < vs.length; i++) {
-                                        Node groupNode = session.getNodeByUUID(vs[i].getString());
+                                    for (Value v : vs) {
+                                        Node groupNode = session.getNodeByUUID(v.getString());
                                         String pName = groupNode.getProperty(princName).getString();
                                         if (userAdminGroup.equals(pName)) {
                                             isUserAdmin = true;
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java	(revision 806112)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java	(working copy)
@@ -97,14 +97,14 @@
     /**
      * @see Group#getDeclaredMembers()
      */
-    public Iterator getDeclaredMembers() throws RepositoryException {
+    public Iterator<Authorizable> getDeclaredMembers() throws RepositoryException {
         return getMembers(false).iterator();
     }
 
     /**
      * @see Group#getMembers()
      */
-    public Iterator getMembers() throws RepositoryException {
+    public Iterator<Authorizable> getMembers() throws RepositoryException {
         return getMembers(true).iterator();
     }
 
@@ -169,9 +169,9 @@
      * @return A collection of members of this group.
      * @throws RepositoryException If an error occurs while collecting the members.
      */
-    private Collection getMembers(boolean includeIndirect) throws RepositoryException {
+    private Collection<Authorizable> getMembers(boolean includeIndirect) throws RepositoryException {
         PropertyIterator itr = getNode().getWeakReferences(getSession().getJCRName(P_GROUPS));
-        Collection members = new HashSet((int) itr.getSize());
+        Collection<Authorizable> members = new HashSet<Authorizable>((int) itr.getSize());
         while (itr.hasNext()) {
             NodeImpl n = (NodeImpl) itr.nextProperty().getParent();
             if (n.isNodeType(NT_REP_GROUP)) {
@@ -266,7 +266,7 @@
      */
     private class NodeBasedGroup extends NodeBasedPrincipal implements java.security.acl.Group {
 
-        private Set members;
+        private Set<Principal> members;
 
         private NodeBasedGroup(String name) {
             super(name);
@@ -289,15 +289,14 @@
          * @see java.security.acl.Group#isMember(Principal)
          */
         public boolean isMember(Principal member) {
-            Collection members = getMembers();
+            Collection<Principal> members = getMembers();
             if (members.contains(member)) {
                 // shortcut.
                 return true;
             }
 
             // test if member of a member-group
-            for (Iterator it = members.iterator(); it.hasNext();) {
-                Principal p = (Principal) it.next();
+            for (Principal p : members) {
                 if (p instanceof java.security.acl.Group &&
                         ((java.security.acl.Group) p).isMember(member)) {
                     return true;
@@ -322,7 +321,7 @@
          *
          * @see java.security.acl.Group#members()
          */
-        public Enumeration members() {
+        public Enumeration<? extends Principal> members() {
             return Collections.enumeration(getMembers());
         }
 
@@ -340,9 +339,9 @@
         }
 
         //----------------------------------------------------------------------
-        private Collection getMembers() {
+        private Collection<Principal> getMembers() {
             if (members == null) {
-                members = new HashSet();
+                members = new HashSet<Principal>();
                 try {
                     for (Iterator it = GroupImpl.this.getMembers(); it.hasNext();) {
                         Authorizable authrz = (Authorizable) it.next();
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java	(revision 806112)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java	(working copy)
@@ -16,36 +16,37 @@
  */
 package org.apache.jackrabbit.api.security.user;
 
-import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import java.security.Principal;
+import java.util.Iterator;
 
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
-import java.security.Principal;
-import java.util.Iterator;
 
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
 /**
  * The Authorizable is the common base interface for {@link User} and
  * {@link Group}. It provides access to the <code>Principal</code>s associated
  * with an <code>Authorizable</code> (see below) and allow to access and
  * modify additional properties such as e.g. full name, e-mail or address.
  * <p/>
- *
+ * <p/>
  * Please note the difference between <code>Authorizable</code> and
  * {@link java.security.Principal Principal}:<br>
  * An <code>Authorizable</code> is repository object that is neither associated
  * with nor depending from a particular <code>Session</code> and thus independant
  * of the login mechanisms creating <code>Session</code>s.<br>
- *
+ * <p/>
  * On the other hand <code>Principal</code>s are representations of user
  * identities. In other words: each <code>Principal</code> within the set
  * associated with the Session's Subject upon login represents an identity for
  * that user. An the set of <code>Principal</code>s may differ between different
  * login mechanisms.<br>
- *
+ * <p/>
  * Consequently an one-to-many relationship exists between Authorizable
  * and Principal (see also {@link #getPrincipal()} and {@link #getPrincipals()}).
- * <p />
- *
+ * <p/>
+ * <p/>
  * The interfaces derived from Authorizable are defined as follows:
  * <ul>
  * <li>{@link User}: defined to be an authorizable that can be authenticated
@@ -57,7 +58,7 @@
  * @see User
  * @see Group
  */
-public interface Authorizable  {
+public interface Authorizable {
 
     /**
      * Return the implementation specific identifer for this
@@ -70,9 +71,9 @@
     String getID() throws RepositoryException;
 
     /**
-	 * @return if the current Authorizable is a {@link Group}
-	 */
-	boolean isGroup();
+     * @return if the current Authorizable is a {@link Group}
+     */
+    boolean isGroup();
 
     /**
      * @return a representation as Principal.
@@ -87,10 +88,8 @@
      * Principal a <code>AuthorizableExistsException</code> is thrown.
      *
      * @param principal
-     * @return true if added, false if this Authorizable already represents
-     * the given Principal.
      * @return AuthorizableExistsException If the given principal is already refered
-     * to by another Authorizable.
+     *         to by another Authorizable.
      * @throws RepositoryException
      */
     boolean addReferee(Principal principal) throws AuthorizableExistsException, RepositoryException;
@@ -106,7 +105,7 @@
 
     /**
      * @return Iterator of all Principal related to this authentication Object
-     * including the main principal, (see {@link #getPrincipal()}).
+     *         including the main principal, (see {@link #getPrincipal()}).
      * @throws RepositoryException
      */
     PrincipalIterator getPrincipals() throws RepositoryException;
@@ -115,14 +114,14 @@
      * @return all {@link Group}s, this Authorizable is declared member of.
      * @throws RepositoryException
      */
-    Iterator declaredMemberOf() throws RepositoryException;
+    Iterator<Group> declaredMemberOf() throws RepositoryException;
 
     /**
      * @return all {@link Group}s, this Authorizable is member of included
-     * indirect group membership.
+     *         indirect group membership.
      * @throws RepositoryException
      */
-    Iterator memberOf() throws RepositoryException;
+    Iterator<Group> memberOf() throws RepositoryException;
 
     /**
      * Removes this <code>Authorizable</code>, if the session has sufficient
@@ -131,7 +130,7 @@
      * a Group itself).
      *
      * @throws RepositoryException If an error occured and the
-     * <code>Authorizable</code> could not be removed.
+     *                             <code>Authorizable</code> could not be removed.
      */
     void remove() throws RepositoryException;
 
@@ -143,17 +142,17 @@
      * @see #getProperty(String)
      * @see #hasProperty(String)
      */
-    Iterator getPropertyNames() throws RepositoryException;
+    Iterator<String> getPropertyNames() throws RepositoryException;
 
     /**
-	 * Tests if a the property with specified name exists.
+     * Tests if a the property with specified name exists.
      *
-	 * @param name
-	 * @return
-	 * @throws RepositoryException
-	 * @see #getProperty(String)
-	 */
-	boolean hasProperty(String name) throws RepositoryException;
+     * @param name
+     * @return
+     * @throws RepositoryException
+     * @see #getProperty(String)
+     */
+    boolean hasProperty(String name) throws RepositoryException;
 
     /**
      * Set an arbitrary property to this <code>Authorizable</code>.
@@ -169,17 +168,17 @@
      *
      * @param name
      * @param value multiple values
-     * @throws RepositoryException  If the specified property could not be set.
+     * @throws RepositoryException If the specified property could not be set.
      */
     void setProperty(String name, Value[] value) throws RepositoryException;
 
-	/**
+    /**
      * Returns the values for the properties with the specified name or
      * <code>null</code>.
      *
      * @param name
      * @return value of the property with the given name or <code>null</code>
-     * if no such property exists.
+     *         if no such property exists.
      * @throws RepositoryException If an error occurs.
      */
     Value[] getProperty(String name) throws RepositoryException;
@@ -189,7 +188,7 @@
      *
      * @param name
      * @return true If the property with the specified name was successfully
-     * removed; false if no such property was present.
+     *         removed; false if no such property was present.
      * @throws RepositoryException If an error occurs.
      */
     boolean removeProperty(String name) throws RepositoryException;
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java	(revision 806112)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Group.java	(working copy)
@@ -29,7 +29,7 @@
      * members of this Group.
      * @throws RepositoryException
      */
-    Iterator getDeclaredMembers() throws RepositoryException;
+    Iterator<Authorizable> getDeclaredMembers() throws RepositoryException;
 
     /**
      * @return Iterator of <code>Authorizable</code>s which are members of
@@ -37,7 +37,7 @@
      * that are indirect group members.
      * @throws RepositoryException
      */
-    Iterator getMembers() throws RepositoryException;
+    Iterator<Authorizable> getMembers() throws RepositoryException;
 
     /**
      * @return true if the Authorizable to test is a direct or indirect member