Index: src/main/java/org/apache/jackrabbit/api/security/principal/GroupPrincipal.java =================================================================== --- src/main/java/org/apache/jackrabbit/api/security/principal/GroupPrincipal.java (nonexistent) +++ src/main/java/org/apache/jackrabbit/api/security/principal/GroupPrincipal.java (working copy) @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.api.security.principal; + +import java.security.Principal; +import java.util.Enumeration; + +import org.osgi.annotation.versioning.ProviderType; + +/** + * This interface is used to represent a group of principals. It is meant to + * replace the deprecated {@code java.security.acl.Group}. + */ +@ProviderType +public interface GroupPrincipal extends Principal { + + /** + * Returns true if the passed principal is a member of the group. + * This method does a recursive search, so if a principal belongs to a + * group which is a member of this group, true is returned. + * + * @param member the principal whose membership is to be checked. + * @return true if the principal is a member of this group, + * false otherwise. + */ + public boolean isMember(Principal member); + + /** + * Returns an enumeration of the members in the group. The returned objects + * can be instances of either Principal or GroupPrincipal (which is a + * subclass of Principal). + * + * @return an enumeration of the group members. + */ + public Enumeration members(); + +} Index: src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java =================================================================== --- src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java (revision 1820891) +++ src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java (working copy) @@ -17,40 +17,45 @@ package org.apache.jackrabbit.api.security.principal; import java.security.Principal; -import java.security.acl.Group; /** - * This interface defines the principal manager which is the clients view on - * all principals known to the repository. Each principal manager is bound to - * a session and is restricted by the respective access control. The principal + * This interface defines the principal manager which is the clients view on all + * principals known to the repository. Each principal manager is bound to a + * session and is restricted by the respective access control. The principal * manager in addition provides basic search facilities. *

- * A {@link Principal} is an object used to connect - * to any kind of security mechanism. Example for this are the + * A {@link Principal} is an object used to connect to any kind + * of security mechanism. Example for this are the * {@link javax.security.auth.spi.LoginModule login modules} that use principals * to process the login procedure.
- * A principal can be a member of a {@link Group}. A + * A principal can be a member of a {@link GroupPrincipal}. A * group is a principal itself and can therefore be a member of a group again. *

* Please note the following security considerations that need to be respected * when implementing the PrincipalManager: All principals returned by this - * manager as well as {@link Group#members()} must respect access restrictions - * that may be present for the Session this manager has been built - * for. The same applies for {@link #getGroupMembership(Principal)}. + * manager as well as {@link GroupPrincipal#members()} must respect access + * restrictions that may be present for the Session this manager + * has been built for. The same applies for + * {@link #getGroupMembership(Principal)}. + *

+ * Since Jackrabbit 2.18, a new interface has been introduced to represent the + * concept of a group of principals: {@link GroupPrincipal}, alongside + * {@code java.security.acl.Group} which is deprecated to be deleted. Until the + * final deletion of {@code java.security.acl.Group}, the 2 interfaces will be + * used concurrently for backwards compatibility reasons. See JCR-4249 for more + * details. */ public interface PrincipalManager { /** * Filter flag indicating that only Principals that do NOT - * represent a {@link java.security.acl.Group group} should be searched - * and returned. + * represent a group should be searched and returned. */ int SEARCH_TYPE_NOT_GROUP = 1; /** * Filter flag indicating that only Principals that represent - * a {@link java.security.acl.Group group} of Principals should be searched - * and returned. + * a group of Principals should be searched and returned. */ int SEARCH_TYPE_GROUP = 2; @@ -75,7 +80,7 @@ /** * Returns the principal with the given name if is known to this manager * (with respect to the sessions access rights). - * Please note that due to security reasons Group principals will only + * Please note that due to security reasons group principals will only * reveal those members that are visible to the Session this * PrincipalManager has been built for. * Index: src/main/java/org/apache/jackrabbit/api/security/principal/package-info.java =================================================================== --- src/main/java/org/apache/jackrabbit/api/security/principal/package-info.java (revision 1820891) +++ src/main/java/org/apache/jackrabbit/api/security/principal/package-info.java (working copy) @@ -18,5 +18,5 @@ /** * Jackrabbit extensions for JAAS principals. */ -@org.osgi.annotation.versioning.Version("2.3") +@org.osgi.annotation.versioning.Version("2.4.0") package org.apache.jackrabbit.api.security.principal;