Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (working copy) @@ -59,6 +59,7 @@ import org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider; import org.apache.jackrabbit.core.security.principal.AdminPrincipal; import org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.apache.jackrabbit.core.security.principal.PrincipalManagerImpl; import org.apache.jackrabbit.core.security.principal.PrincipalProvider; import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry; @@ -354,7 +355,7 @@ Set s = subject.getPrincipals(cl); if (!s.isEmpty()) { for (Principal p : s) { - if (!(p instanceof java.security.acl.Group)) { + if (!GroupPrincipals.isGroup(p)) { return p.getName(); } } Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/JackrabbitRepositoryStub.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/JackrabbitRepositoryStub.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/JackrabbitRepositoryStub.java (working copy) @@ -22,7 +22,6 @@ import java.io.InputStream; import java.io.OutputStream; import java.security.Principal; -import java.security.acl.Group; import java.util.HashMap; import java.util.Map; import java.util.Properties; @@ -33,6 +32,7 @@ import org.apache.commons.io.IOUtils; import org.apache.jackrabbit.core.config.RepositoryConfig; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.apache.jackrabbit.test.NotExecutableException; import org.apache.jackrabbit.test.RepositoryStub; import org.apache.jackrabbit.test.RepositoryStubException; @@ -208,7 +208,7 @@ if (session instanceof SessionImpl) { for (Principal p : ((SessionImpl)session).getSubject().getPrincipals()) { - if (! (p instanceof Group)) { + if (!GroupPrincipals.isGroup(p)) { knownPrincipal = p; } } Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java (working copy) @@ -25,6 +25,7 @@ import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; import org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider; import org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.apache.jackrabbit.core.security.principal.PrincipalManagerImpl; import org.apache.jackrabbit.core.security.principal.PrincipalProvider; import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry; @@ -40,7 +41,6 @@ import javax.jcr.Session; import javax.security.auth.Subject; import java.security.Principal; -import java.security.acl.Group; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -361,7 +361,7 @@ } else { UserManager umgr = UserPerWorkspaceSecurityManager.this.getSystemUserManager(workspaceName); for (Principal principal : principals) { - if (!(principal instanceof Group)) { + if (!GroupPrincipals.isGroup(principal)) { // check if the workspace identified by the given workspace // name contains a user with this principal if (umgr.getAuthorizable(principal) != null) { Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java (nonexistent) @@ -1,142 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jackrabbit.core.security; - -import org.apache.jackrabbit.core.id.ItemId; -import org.apache.jackrabbit.core.security.authorization.AccessControlProvider; -import org.apache.jackrabbit.core.security.authorization.Permission; -import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; -import org.apache.jackrabbit.spi.Name; -import org.apache.jackrabbit.spi.Path; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.jcr.AccessDeniedException; -import javax.jcr.RepositoryException; -import java.io.File; -import java.io.FileInputStream; -import java.security.Principal; -import java.security.acl.Group; -import java.util.Enumeration; -import java.util.Properties; - -/** - * The simple JBoss access manager is a specialized Access Manager to - * handle Authorization of individuals authenticated through JBoss - * login modules. It maps roles from the JBoss simplegroup class to - * Jackrabbit permissions. - * - * @author dhartford - * @see http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager - */ -public class SimpleJBossAccessManager implements AccessManager { - - /** - * Logger instance. - */ - private static Logger log = - LoggerFactory.getLogger(SimpleJBossAccessManager.class); - - protected boolean system; - - protected boolean anonymous; - - //--------------------------------------------------------< AccessManager > - - public void init(AMContext context) - throws AccessDeniedException, Exception { - init(context, null, null); - } - - public void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessMgr) throws AccessDeniedException, Exception { - Properties rolemaps = new Properties(); - File rolemap = new File(context.getHomeDir(), "rolemapping.properties"); - log.info("Loading jbossgroup role mappings from {}", rolemap.getPath()); - FileInputStream rolefs = new FileInputStream(rolemap); - try { - rolemaps.load(rolefs); - } finally { - rolefs.close(); - } - - for (Principal principal : context.getSubject().getPrincipals()) { - if (principal instanceof Group - && principal.getName().equalsIgnoreCase("Roles")) { - Group group = (Group) principal; - Enumeration< ? extends Principal> members = group.members(); - while (members.hasMoreElements()) { - Principal member = members.nextElement(); - String role = rolemaps.getProperty(member.getName()); - system = system || "full".equalsIgnoreCase(role); - anonymous = anonymous || "read".equalsIgnoreCase(role); - } - } - } - - // @todo check permission to access given workspace based on principals - } - - public synchronized void close() { - } - - public void checkPermission(ItemId id, int permissions) - throws AccessDeniedException, RepositoryException { - if (!isGranted(id, permissions)) { - throw new AccessDeniedException("Access denied"); - } - } - - public void checkPermission(Path absPath, int permissions) throws AccessDeniedException, RepositoryException { - if (!isGranted(absPath, permissions)) { - throw new AccessDeniedException("Access denied"); - } - } - - public void checkRepositoryPermission(int permissions) throws AccessDeniedException, RepositoryException { - if (!isGranted((ItemId) null, permissions)) { - throw new AccessDeniedException("Access denied"); - } - } - - public boolean isGranted(ItemId id, int permissions) throws RepositoryException { - // system has always all permissions - // anonymous has only READ permissions - return system || (anonymous && ((permissions & (WRITE | REMOVE)) == 0)); - } - - public boolean isGranted(Path absPath, int permissions) throws RepositoryException { - return internalIsGranted(permissions); - } - - public boolean isGranted(Path parentPath, Name childName, int permissions) throws RepositoryException { - return internalIsGranted(permissions); - } - - public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException { - return true; - } - - public boolean canAccess(String workspaceName) throws RepositoryException { - return system || anonymous; - } - - private boolean internalIsGranted(int permissions) { - /* system has always all permissions, - anonymous has only READ permissions */ - return system || (anonymous && Permission.READ == permissions); - } -} Property changes on: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java (working copy) @@ -17,7 +17,6 @@ package org.apache.jackrabbit.core.security.authorization.acl; import java.security.Principal; -import java.security.acl.Group; import java.util.ArrayList; import java.util.List; import javax.jcr.NodeIterator; @@ -33,6 +32,7 @@ import org.apache.jackrabbit.core.security.authorization.GlobPattern; import org.apache.jackrabbit.core.security.authorization.PrivilegeBits; import org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.apache.jackrabbit.core.value.InternalValue; import org.apache.jackrabbit.spi.Name; import org.slf4j.Logger; @@ -87,7 +87,7 @@ boolean isGroupEntry = false; Principal princ = principalMgr.getPrincipal(principalName); if (princ != null) { - isGroupEntry = (princ instanceof Group); + isGroupEntry = GroupPrincipals.isGroup(princ); } InternalValue[] privValues = aceNode.getProperty(P_PRIVILEGES).internalGetValues(); Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/EveryonePrincipal.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/EveryonePrincipal.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/EveryonePrincipal.java (working copy) @@ -16,6 +16,7 @@ */ package org.apache.jackrabbit.core.security.principal; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal; import java.security.Principal; @@ -24,7 +25,7 @@ /** * The EveryonePrincipal contains all principals (excluding itself). */ -public final class EveryonePrincipal implements java.security.acl.Group, JackrabbitPrincipal { +public final class EveryonePrincipal implements java.security.acl.Group, GroupPrincipal, JackrabbitPrincipal { public static final String NAME = "everyone"; private static final EveryonePrincipal INSTANCE = new EveryonePrincipal(); Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/GroupPrincipals.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/GroupPrincipals.java (nonexistent) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/GroupPrincipals.java (working copy) @@ -0,0 +1,61 @@ +package org.apache.jackrabbit.core.security.principal; + +import java.security.Principal; +import java.security.acl.Group; +import java.util.Collections; +import java.util.Enumeration; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; + +/** + * Helper class to deal with the migration between the 2 types of groups + * + */ +public final class GroupPrincipals { + + private GroupPrincipals() { + } + + /** + * Checks if the provided principal is a group. + * + * @param principal + * to be checked. + * + * @return true if the principal is of type group. + */ + public static boolean isGroup(Principal principal) { + return principal instanceof Group || principal instanceof GroupPrincipal; + } + + /** + * Returns an enumeration of the members in the group. + * @param principal the principal whose membership is listed. + * @return an enumeration of the group members. + */ + public static Enumeration members(Principal principal) { + if (principal instanceof Group) { + return ((Group) principal).members(); + } + if (principal instanceof GroupPrincipal) { + return ((GroupPrincipal) principal).members(); + } + return Collections.emptyEnumeration(); + } + + /** + * Returns true if the passed principal is a member of the group. + * @param principal the principal whose members are being checked. + * @param member the principal whose membership is to be checked. + * @return true if the principal is a member of this group, false otherwise. + */ + public static boolean isMember(Principal principal, Principal member) { + if (principal instanceof Group) { + return ((Group) principal).isMember(member); + } + if (principal instanceof GroupPrincipal) { + return ((GroupPrincipal) principal).isMember(member); + } + return false; + } +} Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java (working copy) @@ -27,6 +27,7 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; @@ -190,17 +191,16 @@ * everyone principal. */ private Principal disguise(Principal principal, PrincipalProvider provider) { - if (!(principal instanceof Group) || principal instanceof EveryonePrincipal) { + if (!GroupPrincipals.isGroup(principal) || principal instanceof EveryonePrincipal) { // nothing to do. return principal; } - Group gr = (Group) principal; // make sure all groups except for the 'everyone' group expose only // principals visible to the session. if (principal instanceof ItemBasedPrincipal) { - return new ItemBasedCheckedGroup(gr, provider); + return new ItemBasedCheckedGroup(principal, provider); } else { - return new CheckedGroup(gr, provider); + return new CheckedGroup(principal, provider); } } @@ -212,12 +212,12 @@ * due to the fact, that the principal provider is not bound to a particular * Session object. */ - private class CheckedGroup implements Group, JackrabbitPrincipal { + private class CheckedGroup implements Group, GroupPrincipal, JackrabbitPrincipal { - final Group delegatee; + final Principal delegatee; private final PrincipalProvider provider; - private CheckedGroup(Group delegatee, PrincipalProvider provider) { + private CheckedGroup(Principal delegatee, PrincipalProvider provider) { this.delegatee = delegatee; this.provider = provider; } @@ -230,12 +230,13 @@ throw new UnsupportedOperationException("Not implemented"); } + @Override public boolean isMember(Principal member) { - return delegatee.isMember(member); + return GroupPrincipals.isMember(delegatee, member); } public Enumeration members() { - Iterator it = Collections.list(delegatee.members()).iterator(); + Iterator it = Collections.list(GroupPrincipals.members(delegatee)).iterator(); final PrincipalIterator members = new CheckedPrincipalIterator(it, provider); return new Enumeration() { public boolean hasMoreElements() { @@ -268,7 +269,7 @@ */ private class ItemBasedCheckedGroup extends CheckedGroup implements ItemBasedPrincipal { - private ItemBasedCheckedGroup(Group delegatee, PrincipalProvider provider) { + private ItemBasedCheckedGroup(Principal delegatee, PrincipalProvider provider) { super(delegatee, provider); if (!(delegatee instanceof ItemBasedPrincipal)) { throw new IllegalArgumentException(); Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalProvider.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalProvider.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalProvider.java (working copy) @@ -81,7 +81,8 @@ /** * Returns an iterator over all group principals for which the given * principal is either direct or indirect member of. If a principal is - * a direct member of a group, then {@link java.security.acl.Group#isMember(Principal)} + * a direct member of a group, then + * {@link org.apache.jackrabbit.api.security.principal.GroupPrincipal#isMember(Principal)} * evaluates to true. A principal is an indirect member of a * group if any of its groups (to any degree of separation) is direct member * of the group. Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleLoginModule.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleLoginModule.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleLoginModule.java (working copy) @@ -18,6 +18,7 @@ import org.apache.jackrabbit.core.security.authentication.AbstractLoginModule; import org.apache.jackrabbit.core.security.authentication.Authentication; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -28,7 +29,6 @@ import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import java.security.Principal; -import java.security.acl.Group; import java.util.Map; /** @@ -52,7 +52,7 @@ */ @Override protected boolean impersonate(Principal principal, Credentials credentials) throws RepositoryException, LoginException { - if (principal instanceof Group) { + if (GroupPrincipals.isGroup(principal)) { return false; } Subject impersSubject = getImpersonatorSubject(credentials); @@ -64,7 +64,7 @@ */ @Override protected Authentication getAuthentication(Principal principal, Credentials creds) throws RepositoryException { - if (principal instanceof Group) { + if (GroupPrincipals.isGroup(principal)) { return null; } return new Authentication() { @@ -93,7 +93,7 @@ protected Principal getPrincipal(Credentials credentials) { String userId = getUserID(credentials); Principal principal = principalProvider.getPrincipal(userId); - if (principal == null || principal instanceof Group) { + if (principal == null || GroupPrincipals.isGroup(principal)) { // no matching user principal return null; } else { Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java (working copy) @@ -17,7 +17,6 @@ package org.apache.jackrabbit.core.security.simple; import java.security.Principal; -import java.security.acl.Group; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; @@ -56,6 +55,7 @@ import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; import org.apache.jackrabbit.core.security.principal.AdminPrincipal; import org.apache.jackrabbit.core.security.principal.EveryonePrincipal; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter; import org.apache.jackrabbit.core.security.principal.PrincipalManagerImpl; import org.apache.jackrabbit.core.security.principal.PrincipalProvider; @@ -272,7 +272,7 @@ // are the same (not totally correct) and thus return the name // of the first non-group principal. for (Principal p : subject.getPrincipals()) { - if (!(p instanceof Group)) { + if (!GroupPrincipals.isGroup(p)) { uid = p.getName(); break; } @@ -338,8 +338,8 @@ Principal p = getPrincipal(simpleFilter); if (p == null) { return PrincipalIteratorAdapter.EMPTY; - } else if (p instanceof Group && searchType == PrincipalManager.SEARCH_TYPE_NOT_GROUP || - !(p instanceof Group) && searchType == PrincipalManager.SEARCH_TYPE_GROUP) { + } else if (GroupPrincipals.isGroup(p) && searchType == PrincipalManager.SEARCH_TYPE_NOT_GROUP || + !GroupPrincipals.isGroup(p) && searchType == PrincipalManager.SEARCH_TYPE_GROUP) { return PrincipalIteratorAdapter.EMPTY; } else { return new PrincipalIteratorAdapter(Collections.singletonList(p)); Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java (working copy) @@ -38,6 +38,7 @@ import javax.jcr.UnsupportedRepositoryOperationException; import javax.jcr.Value; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.UserManager; @@ -290,7 +291,7 @@ /** * Principal Implementation */ - private class NodeBasedGroup extends NodeBasedPrincipal implements java.security.acl.Group { + private class NodeBasedGroup extends NodeBasedPrincipal implements java.security.acl.Group, GroupPrincipal { private NodeBasedGroup(String name) { super(name); @@ -308,10 +309,21 @@ } /** + * @return Always false. Group membership must be edited + * using the enclosing GroupImpl object. + * @see java.security.acl.Group#isMember(Principal) + */ + public boolean removeMember(Principal user) { + return false; + } + + //----------------------------------------------------------< GroupPrincipal >--- + + /** * Returns true, if the given Principal is represented by * a Authorizable, that is a member of the underlying UserGroup. * - * @see java.security.acl.Group#isMember(Principal) + * @see org.apache.jackrabbit.api.security.principal.GroupPrincipal#isMember(Principal) */ public boolean isMember(Principal member) { // shortcut for everyone group -> avoid collecting all members @@ -329,19 +341,10 @@ } /** - * @return Always false. Group membership must be edited - * using the enclosing GroupImpl object. - * @see java.security.acl.Group#isMember(Principal) - */ - public boolean removeMember(Principal user) { - return false; - } - - /** * Return all principals that refer to every member of the underlying * user group. * - * @see java.security.acl.Group#members() + * @see org.apache.jackrabbit.api.security.principal.GroupPrincipal#members() */ public Enumeration members() { return Collections.enumeration(getMembers()); Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (working copy) @@ -17,7 +17,6 @@ package org.apache.jackrabbit.core.security.user; import java.security.Principal; -import java.security.acl.Group; import java.util.HashSet; import java.util.Set; @@ -31,6 +30,7 @@ import org.apache.jackrabbit.api.security.user.Impersonation; import org.apache.jackrabbit.core.NodeImpl; import org.apache.jackrabbit.core.PropertyImpl; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.apache.jackrabbit.core.security.principal.PrincipalImpl; import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter; import org.apache.jackrabbit.value.StringValue; @@ -145,7 +145,7 @@ if (!allows) { // check if subject belongs to administrator user for (Principal p : subject.getPrincipals()) { - if (p instanceof Group) { + if (GroupPrincipals.isGroup(p)) { continue; } Authorizable a = userManager.getAuthorizable(p); Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java =================================================================== --- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (revision 1823203) +++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (working copy) @@ -37,6 +37,7 @@ import org.apache.jackrabbit.core.security.authorization.PrivilegeBits; import org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl; import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.apache.jackrabbit.core.security.principal.PrincipalImpl; import org.apache.jackrabbit.spi.Name; import org.apache.jackrabbit.spi.Path; @@ -54,7 +55,6 @@ import javax.jcr.security.Privilege; import java.security.Principal; -import java.security.acl.Group; import java.util.Iterator; import java.util.Map; import java.util.Set; @@ -271,7 +271,7 @@ try { UserManager uMgr = session.getUserManager(); for (Principal p : principals) { - if (!(p instanceof Group) && p instanceof ItemBasedPrincipal + if (!(GroupPrincipals.isGroup(p)) && p instanceof ItemBasedPrincipal && uMgr.getAuthorizable(p) != null) { return (ItemBasedPrincipal) p; } Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java =================================================================== --- jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java (revision 1823203) +++ jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java (working copy) @@ -24,7 +24,6 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import java.security.Principal; -import java.security.acl.Group; import java.util.Enumeration; import java.util.HashSet; import java.util.Set; @@ -35,7 +34,7 @@ public class PrincipalManagerTest extends AbstractJCRTest { private PrincipalManager principalMgr; - private Group everyone; + private GroupPrincipal everyone; @Override protected void setUp() throws Exception { @@ -45,7 +44,7 @@ throw new NotExecutableException(); } principalMgr = ((JackrabbitSession) superuser).getPrincipalManager(); - everyone = (Group) principalMgr.getEveryone(); + everyone = (GroupPrincipal) principalMgr.getEveryone(); } private static Principal[] getPrincipals(Session session) { @@ -55,7 +54,7 @@ } private static boolean isGroup(Principal p) { - return p instanceof java.security.acl.Group; + return p instanceof GroupPrincipal; } public void testGetEveryone() { @@ -145,7 +144,7 @@ while (it.hasNext()) { Principal p = it.nextPrincipal(); if (isGroup(p) && !p.equals(principalMgr.getEveryone())) { - Enumeration en = ((java.security.acl.Group) p).members(); + Enumeration en = ((GroupPrincipal) p).members(); while (en.hasMoreElements()) { Principal memb = en.nextElement(); assertTrue(principalMgr.hasPrincipal(memb.getName())); @@ -198,7 +197,7 @@ assertTrue(isGroup(p)); - Enumeration members = ((java.security.acl.Group) p).members(); + Enumeration members = ((GroupPrincipal) p).members(); while (members.hasMoreElements()) { Principal memb = members.nextElement(); Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/GroupTest.java =================================================================== --- jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/GroupTest.java (revision 1823203) +++ jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/GroupTest.java (working copy) @@ -16,6 +16,7 @@ */ package org.apache.jackrabbit.api.security.user; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.test.NotExecutableException; import javax.jcr.RepositoryException; @@ -417,8 +418,8 @@ newGroup2.addMember(auth); save(superuser); - java.security.acl.Group ngPrincipal = (java.security.acl.Group) newGroup.getPrincipal(); - java.security.acl.Group ng2Principal = (java.security.acl.Group) newGroup2.getPrincipal(); + GroupPrincipal ngPrincipal = (GroupPrincipal) newGroup.getPrincipal(); + GroupPrincipal ng2Principal = (GroupPrincipal) newGroup2.getPrincipal(); assertFalse(ng2Principal.isMember(ngPrincipal)); Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java =================================================================== --- jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java (revision 1823203) +++ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java (working copy) @@ -17,7 +17,6 @@ package org.apache.jackrabbit.core; import java.security.Principal; -import java.security.acl.Group; import java.util.Calendar; import javax.jcr.ItemExistsException; @@ -35,6 +34,7 @@ import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.commons.JcrUtils; +import org.apache.jackrabbit.core.security.principal.GroupPrincipals; import org.apache.jackrabbit.test.AbstractJCRTest; import org.apache.jackrabbit.test.NotExecutableException; import org.apache.jackrabbit.test.RepositoryHelper; @@ -89,7 +89,7 @@ SessionImpl s = (SessionImpl) helper.getReadOnlySession(); try { for (Principal p : s.getSubject().getPrincipals()) { - if (!(p instanceof Group)) { + if (!GroupPrincipals.isGroup(p)) { return p; } } Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java =================================================================== --- jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (revision 1823203) +++ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (working copy) @@ -19,6 +19,7 @@ import org.apache.jackrabbit.api.JackrabbitSession; import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.core.SessionImpl; @@ -34,12 +35,9 @@ import javax.jcr.security.AccessControlEntry; import javax.jcr.security.Privilege; import java.security.Principal; -import java.security.acl.Group; import java.util.Arrays; import java.util.Collections; -import java.util.HashSet; import java.util.Map; -import java.util.Set; /** * ACLTemplateTest... @@ -145,7 +143,7 @@ Principal grPrincipal = null; PrincipalIterator it = pMgr.findPrincipals("", PrincipalManager.SEARCH_TYPE_GROUP); while (it.hasNext()) { - Group gr = (Group) it.nextPrincipal(); + GroupPrincipal gr = (GroupPrincipal) it.nextPrincipal(); if (!everyone.equals(gr)) { grPrincipal = gr; } @@ -168,7 +166,7 @@ public void testSetEntryForGroupPrincipal() throws RepositoryException, NotExecutableException { JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath()); Privilege[] privs = privilegesFromName(Privilege.JCR_READ); - Group grPrincipal = (Group) principalMgr.getEveryone(); + GroupPrincipal grPrincipal = (GroupPrincipal) principalMgr.getEveryone(); // adding allow-entry must succeed assertTrue(pt.addAccessControlEntry(grPrincipal, privs)); Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerTest.java =================================================================== --- jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerTest.java (revision 1823203) +++ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerTest.java (working copy) @@ -17,12 +17,12 @@ package org.apache.jackrabbit.core.security.principal; import java.security.Principal; -import java.security.acl.Group; import java.util.Properties; import javax.jcr.RepositoryException; import javax.jcr.Session; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.test.AbstractJCRTest; @@ -36,7 +36,7 @@ public class PrincipalManagerTest extends AbstractJCRTest { private static final String TESTGROUP_NAME = "org.apache.jackrabbit.core.security.principal.PrincipalManagerTest.testgroup"; - private static final Group TESTGROUP = Mockito.mock(Group.class); + private static final GroupPrincipal TESTGROUP = Mockito.mock(GroupPrincipal.class); private static class CustomPrincipalProvider extends AbstractPrincipalProvider { Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/DefaultPrincipalProviderTest.java =================================================================== --- jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/DefaultPrincipalProviderTest.java (revision 1823203) +++ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/DefaultPrincipalProviderTest.java (working copy) @@ -22,6 +22,7 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.user.AbstractUserTest; import org.apache.jackrabbit.api.security.user.Authorizable; @@ -163,7 +164,7 @@ try { Principal p = principalProvider.getPrincipal(testName); assertNotNull(p); - assertTrue(p instanceof java.security.acl.Group); + assertTrue(p instanceof GroupPrincipal); } finally { a.remove(); save(superuser); @@ -175,7 +176,7 @@ try { Principal p = principalProvider.getPrincipal(testName); assertNotNull(p); - assertFalse(p instanceof java.security.acl.Group); + assertFalse(p instanceof GroupPrincipal); } finally { a.remove(); save(superuser); @@ -245,8 +246,8 @@ save(superuser); Principal groupPrincipal = principalProvider.getPrincipal(g.getPrincipal().getName()); - assertTrue(groupPrincipal instanceof java.security.acl.Group); - assertTrue(((java.security.acl.Group) groupPrincipal).isMember(u.getPrincipal())); + assertTrue(groupPrincipal instanceof GroupPrincipal); + assertTrue(((GroupPrincipal) groupPrincipal).isMember(u.getPrincipal())); // remove the user from the group and assert the user is no longer a member of the group g.removeMember(u); @@ -253,7 +254,7 @@ save(superuser); groupPrincipal = principalProvider.getPrincipal(g.getPrincipal().getName()); - assertFalse(((java.security.acl.Group) groupPrincipal).isMember(u.getPrincipal())); + assertFalse(((GroupPrincipal) groupPrincipal).isMember(u.getPrincipal())); } finally { if (null != g) { g.remove(); } if (null != u) { u.remove(); } Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupImplTest.java =================================================================== --- jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupImplTest.java (revision 1823203) +++ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupImplTest.java (working copy) @@ -17,6 +17,7 @@ package org.apache.jackrabbit.core.security.user; import org.apache.jackrabbit.api.JackrabbitSession; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.AbstractUserTest; @@ -109,7 +110,7 @@ g = userMgr.createGroup(EveryonePrincipal.NAME); save(superuser); - java.security.acl.Group principal = (java.security.acl.Group) g.getPrincipal(); + GroupPrincipal principal = (GroupPrincipal) g.getPrincipal(); assertTrue(principal.isMember(new Principal() { public String getName() { Index: jackrabbit-jcr-rmi/pom.xml =================================================================== --- jackrabbit-jcr-rmi/pom.xml (revision 1823203) +++ jackrabbit-jcr-rmi/pom.xml (working copy) @@ -53,7 +53,7 @@ jcr,jackrabbit http://jackrabbit.apache.org/ - org.apache.jackrabbit.rmi.*;version=3.0.0 + org.apache.jackrabbit.rmi.*;version=3.1.0 Index: jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/client/LocalAdapterFactory.java =================================================================== --- jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/client/LocalAdapterFactory.java (revision 1823203) +++ jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/client/LocalAdapterFactory.java (working copy) @@ -403,7 +403,7 @@ * Factory method for creating a local adapter for a remote principal. *

* If remote is a {@link RemoteGroup} the - * principal returned implements the java.security.acl.Group + * principal returned implements the org.apache.jackrabbit.api.security.principal.GroupPrincipal * interface. * * @param remote principal @@ -418,7 +418,7 @@ * Each entry in the remote iterator which is a * {@link RemoteGroup} will be * provided as a principal implementing the - * java.security.acl.Group interface. + * org.apache.jackrabbit.api.security.principal.GroupPrincipal interface. * * @param remote remote principal iterator * @return local principal iterator Index: jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/remote/principal/RemoteGroup.java =================================================================== --- jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/remote/principal/RemoteGroup.java (revision 1823203) +++ jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/remote/principal/RemoteGroup.java (working copy) @@ -22,7 +22,7 @@ import org.apache.jackrabbit.rmi.remote.RemoteIterator; /** - * Remote version of the JCR {@link java.security.acl.Group Group} interface. + * Remote version of the JCR {@link org.apache.jackrabbit.api.security.principal.GroupPrincipal GroupPrincipal} interface. * Used by the {@link org.apache.jackrabbit.rmi.server.principal.ServerGroup * ServerGroup} and * {@link org.apache.jackrabbit.rmi.client.principal.ClientGroup ClientGroup} @@ -36,7 +36,7 @@ * returned as remote references to the corresponding remote interface. RMI * errors are signaled with RemoteExceptions. * - * @see java.security.acl.Group + * @see org.apache.jackrabbit.api.security.principal.GroupPrincipal * @see org.apache.jackrabbit.rmi.client.principal.ClientGroup * @see org.apache.jackrabbit.rmi.server.principal.ServerGroup */ @@ -43,12 +43,12 @@ public interface RemoteGroup extends RemotePrincipal { /** - * @see java.security.acl.Group#isMember(java.security.Principal) + * @see org.apache.jackrabbit.api.security.principal.GroupPrincipal#isMember(java.security.Principal) */ boolean isMember(String member) throws RemoteException; /** - * @see java.security.acl.Group#members() + * @see org.apache.jackrabbit.api.security.principal.GroupPrincipal#members() */ RemoteIterator members() throws RemoteException; Index: jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/server/ServerAdapterFactory.java =================================================================== --- jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/server/ServerAdapterFactory.java (revision 1823203) +++ jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/server/ServerAdapterFactory.java (working copy) @@ -18,7 +18,6 @@ import java.rmi.RemoteException; import java.security.Principal; -import java.security.acl.Group; import java.util.ArrayList; import java.util.Iterator; import java.util.List; @@ -514,8 +513,8 @@ } public RemotePrincipal getRemotePrincipal(final Principal principal) throws RemoteException { - if (principal instanceof Group) { - return new ServerGroup((Group) principal, this); + if (ServerGroup.isGroup(principal)) { + return new ServerGroup(principal, this); } return new ServerPrincipal(principal, this); Index: jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/server/principal/ServerGroup.java =================================================================== --- jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/server/principal/ServerGroup.java (revision 1823203) +++ jackrabbit-jcr-rmi/src/main/java/org/apache/jackrabbit/rmi/server/principal/ServerGroup.java (working copy) @@ -21,9 +21,11 @@ import java.rmi.RemoteException; import java.security.Principal; import java.security.acl.Group; +import java.util.Collections; import java.util.Enumeration; import java.util.Iterator; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.rmi.remote.RemoteIterator; import org.apache.jackrabbit.rmi.remote.principal.RemoteGroup; import org.apache.jackrabbit.rmi.server.RemoteAdapterFactory; @@ -35,13 +37,18 @@ super(principal, factory); } + public ServerGroup(final Principal principal, final RemoteAdapterFactory factory) + throws RemoteException { + super(principal, factory); + } + public boolean isMember(String member) { - return isMember(member, (Group) getPrincipal()); + return isMember(member, getPrincipal()); } public RemoteIterator members() throws RemoteException { Iterator members = new Iterator() { - final Enumeration base = ((Group) getPrincipal()).members(); + final Enumeration base = members(getPrincipal()); public boolean hasNext() { return base.hasMoreElements(); @@ -58,8 +65,8 @@ return getFactory().getRemotePrincipalIterator(members); } - private static boolean isMember(final String memberName, final Group group) { - Enumeration pe = group.members(); + private static boolean isMember(final String memberName, final Principal group) { + Enumeration pe = members(group); while (pe.hasMoreElements()) { Principal p = pe.nextElement(); if (memberName.equals(p.getName())) { @@ -66,11 +73,24 @@ return true; } - if ((p instanceof Group) && isMember(memberName, (Group) p)) { + if (isGroup(p) && isMember(memberName, p)) { return true; } } - return false; } + + public static boolean isGroup(Principal principal) { + return principal instanceof Group || principal instanceof GroupPrincipal; + } + + private static Enumeration members(Principal principal) { + if (principal instanceof Group) { + return ((Group) principal).members(); + } + if (principal instanceof GroupPrincipal) { + return ((GroupPrincipal) principal).members(); + } + return Collections.emptyEnumeration(); + } } \ No newline at end of file Index: jackrabbit-jcr-rmi/src/test/java/org/apache/jackrabbit/rmi/RepositoryStubImpl.java =================================================================== --- jackrabbit-jcr-rmi/src/test/java/org/apache/jackrabbit/rmi/RepositoryStubImpl.java (revision 1823203) +++ jackrabbit-jcr-rmi/src/test/java/org/apache/jackrabbit/rmi/RepositoryStubImpl.java (working copy) @@ -22,7 +22,6 @@ import java.io.ObjectOutputStream; import java.rmi.server.RemoteObject; import java.security.Principal; -import java.security.acl.Group; import java.util.Properties; import javax.jcr.Repository; @@ -37,6 +36,7 @@ import org.apache.jackrabbit.rmi.remote.RemoteRepository; import org.apache.jackrabbit.rmi.server.RemoteAdapterFactory; import org.apache.jackrabbit.rmi.server.ServerAdapterFactory; +import org.apache.jackrabbit.rmi.server.principal.ServerGroup; import org.apache.jackrabbit.test.RepositoryStubException; public class RepositoryStubImpl extends JackrabbitRepositoryStub { @@ -89,7 +89,7 @@ new SimpleCredentials("admin", "admin".toCharArray())); try { for (Principal principal : session.getSubject().getPrincipals()) { - if (!(principal instanceof Group)) { + if (!ServerGroup.isGroup(principal)) { return principal; } }