diff --git a/webapp/config/web.xml b/webapp/config/web.xml
index 1b963f506..3ac845523 100644
--- a/webapp/config/web.xml
+++ b/webapp/config/web.xml
@@ -164,6 +164,11 @@
     </listener-class>
   </listener>
  
+  <listener>
+    <listener-class> edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper$Setup
+    </listener-class>
+  </listener>
+ 
   <listener>
     <listener-class>
         edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerSetup
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictor.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictor.java
deleted file mode 100644
index b1a06a7ea..000000000
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictor.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/* $This file is distributed under the terms of the license in /doc/license.txt$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.hp.hpl.jena.rdf.model.impl.Util;
-
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
-
-/**
- * Used by several policies to disallow the modification of Vitro-reserved
- * resources and/or properties.
- */
-public class AdministrativeUriRestrictor {
-	private static final Log log = LogFactory
-			.getLog(AdministrativeUriRestrictor.class);
-
-	private static final String[] DEFAULT_PROHIBITED_PROPERTIES = {};
-
-	private static final String[] DEFAULT_PROHIBITED_RESOURCES = {};
-
-	private static final String[] DEFAULT_PROHIBITED_NAMESPACES = {
-			VitroVocabulary.vitroURI, 
-			VitroVocabulary.OWL, 
-			"" };
-
-	private static final String[] DEFAULT_EDITABLE_VITRO_URIS = {
-			VitroVocabulary.MONIKER, 
-			VitroVocabulary.BLURB,
-			VitroVocabulary.DESCRIPTION, 
-			VitroVocabulary.MODTIME,
-			VitroVocabulary.TIMEKEY,
-
-			VitroVocabulary.CITATION, 
-			VitroVocabulary.IND_MAIN_IMAGE,
-
-			VitroVocabulary.LINK, 
-			VitroVocabulary.PRIMARY_LINK,
-			VitroVocabulary.ADDITIONAL_LINK, 
-			VitroVocabulary.LINK_ANCHOR,
-			VitroVocabulary.LINK_URL,
-
-			VitroVocabulary.KEYWORD_INDIVIDUALRELATION,
-			VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD,
-			VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL,
-			VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE };
-
-	/**
-	 * Namespaces from which Self Editors should not be able to use resources.
-	 */
-	private final Set<String> prohibitedNamespaces;
-
-	/**
-	 * URIs of properties that SelfEditors should not be able to use in
-	 * statements
-	 */
-	protected final Set<String> prohibitedProperties;
-
-	/**
-	 * URIs of resources that SelfEditors should not be able to use in
-	 * statements
-	 */
-	protected final Set<String> prohibitedResources;
-
-	/**
-	 * URIs of properties from prohibited namespaces that Self Editors need to
-	 * be able to edit
-	 */
-	protected final Set<String> editableVitroUris;
-
-	public AdministrativeUriRestrictor(Set<String> prohibitedProperties,
-			Set<String> prohibitedResources, Set<String> prohibitedNamespaces,
-			Set<String> editableVitroUris) {
-		this.prohibitedProperties = useDefaultIfNull(prohibitedProperties,
-				DEFAULT_PROHIBITED_PROPERTIES);
-		this.prohibitedResources = useDefaultIfNull(prohibitedResources,
-				DEFAULT_PROHIBITED_RESOURCES);
-		this.prohibitedNamespaces = useDefaultIfNull(prohibitedNamespaces,
-				DEFAULT_PROHIBITED_NAMESPACES);
-		this.editableVitroUris = useDefaultIfNull(editableVitroUris,
-				DEFAULT_EDITABLE_VITRO_URIS);
-	}
-
-	private Set<String> useDefaultIfNull(Set<String> valueSet,
-			String[] defaultArray) {
-		Collection<String> strings = (valueSet == null) ? Arrays
-				.asList(defaultArray) : valueSet;
-		return Collections.unmodifiableSet(new HashSet<String>(strings));
-	}
-
-	public boolean canModifyResource(String uri) {
-		if (uri == null || uri.length() == 0) {
-			log.debug("Resource URI is empty: " + uri);
-			return false;
-		}
-
-		if (editableVitroUris.contains(uri)) {
-			log.debug("Resource matches an editable URI: " + uri);
-			return true;
-		}
-
-		String namespace = uri.substring(0, Util.splitNamespace(uri));
-		if (prohibitedNamespaces.contains(namespace)) {
-			log.debug("Resource matches a prohibited namespace: " + uri);
-			return false;
-		}
-
-		log.debug("Resource is not prohibited: " + uri);
-		return true;
-	}
-
-	public boolean canModifyPredicate(String uri) {
-		if (uri == null || uri.length() == 0) {
-			log.debug("Predicate URI is empty: " + uri);
-			return false;
-		}
-
-		if (prohibitedProperties.contains(uri)) {
-			log.debug("Predicate matches a prohibited predicate: " + uri);
-			return false;
-		}
-
-		if (editableVitroUris.contains(uri)) {
-			return true;
-		}
-
-		String namespace = uri.substring(0, Util.splitNamespace(uri));
-		if (prohibitedNamespaces.contains(namespace)) {
-			log.debug("Predicate matches a prohibited namespace: " + uri);
-			return false;
-		}
-		return true;
-	}
-
-	@Override
-	public String toString() {
-		return "AdministrativeUriRestrictor[prohibitedNamespaces="
-				+ prohibitedNamespaces + ", prohibitedProperties="
-				+ prohibitedProperties + ", prohibitedResources="
-				+ prohibitedResources + ", editableVitroUris="
-				+ editableVitroUris + "]";
-	}
-
-}
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java
index 516a6951a..3c96fc9ee 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java
@@ -5,16 +5,37 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.servlet.ServletContext;
+
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 
 /**
  * A base class with utility methods for policies involving self-editing.
  */
 public abstract class BaseSelfEditingPolicy {
+	protected final ServletContext ctx;
+	protected final RoleLevel roleLevel;
+
+	public BaseSelfEditingPolicy(ServletContext ctx, RoleLevel roleLevel) {
+		this.ctx = ctx;
+		this.roleLevel = roleLevel;
+	}
+
+	protected boolean canModifyResource(String uri) {
+		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource(
+				uri, roleLevel);
+	}
+
+	protected boolean canModifyPredicate(String uri) {
+		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate(
+				uri, roleLevel);
+	}
 
 	protected List<String> getUrisOfSelfEditor(IdentifierBundle ids) {
 		List<String> uris = new ArrayList<String>();
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java
index 02eef5931..90a93aa8e 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java
@@ -2,432 +2,172 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
+import javax.servlet.ServletContext;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.hp.hpl.jena.rdf.model.impl.Util;
-
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.CuratorEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 
 /**
- * Policy to use for Vivo Curator-Editing for use at Cornell.
- * All methods in this class should be thread safe
- * and side effect free.
+ * Policy to use for Vivo Curator-Editing for use at Cornell. All methods in
+ * this class should be thread safe and side effect free.
  */
-public class CuratorEditingPolicy implements VisitingPolicyIface {
-    protected static Log log = LogFactory.getLog( CuratorEditingPolicy.class );
-
-    /** regex for extracting a namespace from a URI */
-    // Do not use this; use Jena's splitNamespace() util instead.
-    //private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
-
-    /**
-     * Namespaces from which Curator Editors should not be able to use resources.
-     */
-    private  Set<String> prohibitedNs;
-
-    /** URIs of properties that CuratorEditors should not be able to use in statements*/
-    protected  Set<String>prohibitedProperties;
-
-    /** URIs of resources that CuratorEditors should not be able to use in statements*/
-    protected  Set<String>prohibitedResources;
-    
-    /** Indicates which Authorization to use when the user isn't explicitly authorized. */
-    protected Authorization defaultFailure = Authorization.INCONCLUSIVE;
-
-    /** URIs of properties from prohibited namespaces that Curator Editors need to be
-     * able to edit */
-    protected  Set<String> editableVitroUris;
-
-    public CuratorEditingPolicy(
-            Set<String>prohibitedProperties,
-            Set<String>prohibitedResources,
-            Set<String>prohibitedNamespaces,
-            Set<String>editableVitroUris ){
-
-        if( prohibitedProperties != null )
-            this.prohibitedProperties = prohibitedProperties;
-        else 
-            this.prohibitedProperties = Collections.EMPTY_SET;
-
-        if( prohibitedResources != null )
-            this.prohibitedResources = prohibitedResources;
-        else
-            this.prohibitedResources =  Collections.EMPTY_SET;
-        
-        if( prohibitedNamespaces != null )
-            this.prohibitedNs = prohibitedNamespaces;
-        else{
-            prohibitedNs = new HashSet<String>();
-            prohibitedNs.add( VitroVocabulary.vitroURI);
-            prohibitedNs.add( VitroVocabulary.OWL );
-            prohibitedNs.add("");
-        }
-
-        if( editableVitroUris != null )
-            this.editableVitroUris = editableVitroUris;
-        else{
-            this.editableVitroUris = new HashSet<String>();
-            this.editableVitroUris.add(VitroVocabulary.MONIKER);
-            this.editableVitroUris.add(VitroVocabulary.BLURB);
-            this.editableVitroUris.add(VitroVocabulary.DESCRIPTION);               
-            this.editableVitroUris.add(VitroVocabulary.MODTIME);
-            this.editableVitroUris.add(VitroVocabulary.TIMEKEY);
-
-            this.editableVitroUris.add(VitroVocabulary.CITATION);
-            this.editableVitroUris.add(VitroVocabulary.IND_MAIN_IMAGE);
-
-            this.editableVitroUris.add(VitroVocabulary.LINK);
-            this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK);
-            this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK);
-            this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR);
-            this.editableVitroUris.add(VitroVocabulary.LINK_URL);
-
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE);
-        }
-    }
-
-    public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) {
-        BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
-        if( whomToAuth == null )
-            return pd.setMessage("whomToAuth was null");
-        if(whatToAuth == null)
-            return pd.setMessage("whatToAuth was null");
-        
-        String roleStr = getRoleOf(whomToAuth);
-        if (roleStr == null)
-            return pd.setMessage("Unable to get a role for the curator from IdBundle");
-        
-        try{
-            if( Integer.parseInt( roleStr ) /*<*/ != LoginStatusBean.CURATOR)
-                return pd.setMessage("CuratorEditingPolicy found role of "+roleStr+" but only authorizes for users logged in as CURATOR or higher");            
-        }catch(NumberFormatException nef){}
-                 
-        if (whatToAuth instanceof OntoRequestedAction)
-            return pd.setMessage("CuratorEditingPolicy doesn't authorize OntoRequestedActions");
-        if (whatToAuth instanceof AdminRequestedAction)
-            return pd.setMessage("CuratorEditingPolicy doesn't authorize AdminRequestedActions");
-
-        //kick off the visitor pattern
-        return whatToAuth.accept(this, whomToAuth);
-    }
-
-    
-    protected String getRoleOf( IdentifierBundle whomToAuth) {
-        if( whomToAuth == null ) return null;
-        
-        for(Identifier id : whomToAuth){
-            if (id instanceof CuratorEditingIdentifierFactory.CuratorEditingId) {
-                return ((CuratorEditingIdentifierFactory.CuratorEditingId)id).getRole();
-            }
-        }
-        return null;
-    }
-
-    protected boolean canModifyResource(String uri){
-        if( uri == null || uri.length() == 0 )
-            return false;
-
-        if( editableVitroUris.contains( uri ) )
-            return true;
-
-        String namespace = uri.substring(0, Util.splitNamespace(uri));
-        //Matcher match = ns.matcher(uri);
-        //if( match.matches() && match.groupCount() > 0){
-        //    String namespace = match.group(1);
-            if( prohibitedNs.contains( namespace ) ) {
-                log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace");
-                return false;
-            }
-        //} 
-        return true;         
-    }
-
-
-    protected boolean canModifyPredicate(String uri){
-        if( uri == null || uri.length() == 0 )
-            return false;
-
-        if( editableVitroUris.contains( uri ) )
-            return true;
-
-        if( prohibitedProperties.contains(uri)) {
-            log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from curator editing");
-            return false;
-        }
-        
-        String namespace = uri.substring(0, Util.splitNamespace(uri));
-        //Matcher match = ns.matcher(uri);
-        //if( match.matches() && match.groupCount() > 0){
-        //    String namespace = match.group(1);
-            if( prohibitedNs.contains( namespace ) ) {
-                log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace");
-                return false;
-            }
-        //} 
-        return true;         
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " +
-                    "cannot modify " + action.uriOfPredicate);
-        
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user can edit allowed properties of anybody");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
-
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not removal of admin resources");
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may remove resource");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
-
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not allow creation of admin resources");
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may add resource");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
-        if( ids == null || action == null ) {
-            log.debug("CuratorEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids");
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
-        }
-        //cannot edit resources related to system
-        if(  prohibitedNs.contains( action.getSubjectUri() ) ) { // jc55 was getResourceURI()
-            log.debug("CuratorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources");
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources");
-        }
-
-        //many predicates are prohibited by namespace but there are many ones that curator editors need to work with
-        if(  prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) {
-            log.debug("CuratorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin controls");
-        }
-        
-        //cannot edit resources related to system
-        if( !canModifyResource( action.getSubjectUri() ) ) {
-            log.debug("CuratorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri());
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.getSubjectUri());
-        }
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("CuratorEditingPolicy for EditDatapropStmt is inconclusive because it does not grant access to admin predicates; cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-        log.debug("CuratorEditingPolicy for DropDatapropStmt returns authorization because the user is a curator");
-        
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user is may drop data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " +
-                    "cannot modify " + action.uriOfPredicate);
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user can edit any individual");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources");
-
-        //many predicates are prohibited by namespace but there are many ones that curator editors need to work with
-        if(  prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin controls");
-
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("CuratorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may add this data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
-        
-        if( ids == null || action == null ) {
-            log.debug("CuratorEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids");
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
-        }
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.getSubjectUri() ) ) {
-            log.debug("CuratorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri());
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.getSubjectUri());
-        }
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("CuratorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-        
-        log.debug("CuratorEditingPolicy for EditDatapropStmt returns authorization because the user is a curator");
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may edit data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " +
-                    "cannot modify " + action.uriOfPredicate);
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may edit any individual");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may upload files");
-    }
-
-
-    // *** the following actions are generally not part of curator editing *** //
-
-    public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
-    }
-    
-    public String toString(){
-        return "CuratorEditingPolicy " + hashCode()  
-        + " nspaces: " + prohibitedNs.size() + " prohibited Props: " 
-        + prohibitedProperties.size() + " prohibited resources: " 
-        + prohibitedResources.size();
-    }
+public class CuratorEditingPolicy implements PolicyIface {
+	private final ServletContext ctx;
+
+	public CuratorEditingPolicy(ServletContext ctx) {
+		this.ctx = ctx;
+	}
+
+	/**
+	 * Indicates which Authorization to use when the user isn't explicitly
+	 * authorized.
+	 */
+	private PolicyDecision defaultDecision(String message) {
+		return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
+	}
+
+	@Override
+	public PolicyDecision isAuthorized(IdentifierBundle whomToAuth,
+			RequestedAction whatToAuth) {
+		if (whomToAuth == null) {
+			return defaultDecision("whomToAuth was null");
+		}
+		if (whatToAuth == null) {
+			return defaultDecision("whatToAuth was null");
+		}
+
+		if (!isCurator(whomToAuth)) {
+			return defaultDecision("IdBundle does not include a Curator identifier");
+		}
+
+		if (whatToAuth instanceof OntoRequestedAction) {
+			return defaultDecision("CuratorEditingPolicy doesn't authorize OntoRequestedActions");
+		} else if (whatToAuth instanceof AdminRequestedAction) {
+			return defaultDecision("CuratorEditingPolicy doesn't authorize AdminRequestedActions");
+		}
+
+		if (whatToAuth instanceof AddDataPropStmt) {
+			return isAuthorized((AddDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof DropDataPropStmt) {
+			return isAuthorized((DropDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof EditDataPropStmt) {
+			return isAuthorized((EditDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof AddObjectPropStmt) {
+			return isAuthorized((AddObjectPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof DropObjectPropStmt) {
+			return isAuthorized((DropObjectPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof EditObjPropStmt) {
+			return isAuthorized((EditObjPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof AddResource) {
+			return isAuthorized((AddResource) whatToAuth);
+		} else if (whatToAuth instanceof DropResource) {
+			return isAuthorized((DropResource) whatToAuth);
+		} else {
+			return defaultDecision("unrecognized requested action: "
+					+ whatToAuth);
+		}
+	}
+
+	private boolean isCurator(IdentifierBundle whomToAuth) {
+		for (Identifier id : whomToAuth) {
+			if (id instanceof CuratorEditingIdentifierFactory.CuratorEditingId) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	private boolean canModifyResource(String uri) {
+		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource(
+				uri, RoleLevel.CURATOR);
+	}
+
+	private boolean canModifyPredicate(String uri) {
+		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate(
+				uri, RoleLevel.CURATOR);
+	}
+
+	/**
+	 * Check authorization for Adding, Editing or Dropping a DataProperty.
+	 */
+	private PolicyDecision isAuthorized(AbstractDataPropertyAction action) {
+		if (!canModifyResource(action.getSubjectUri())) {
+			return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.getSubjectUri());
+		}
+
+		if (!canModifyPredicate(action.getPredicateUri())) {
+			return defaultDecision("CuratorEditingPolicy does not grant access to admin predicates; "
+					+ "may not modify " + action.getPredicateUri());
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"CuratorEditingPolicy: user may modify '"
+						+ action.getSubjectUri() + "' ==> '"
+						+ action.getPredicateUri() + "'");
+	}
+
+	/**
+	 * Check authorization for Adding, Editing or Dropping an ObjectProperty.
+	 */
+	private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) {
+		if (!canModifyResource(action.uriOfSubject)) {
+			return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.uriOfSubject);
+		}
+
+		if (!canModifyPredicate(action.uriOfPredicate)) {
+			return defaultDecision("CuratorEditingPolicy does not grant access to admin predicates; "
+					+ "may not modify " + action.uriOfPredicate);
+		}
+
+		if (!canModifyResource(action.uriOfObject)) {
+			return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.uriOfObject);
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"CuratorEditingPolicy: user may modify '" + action.uriOfSubject
+						+ "' ==> '" + action.uriOfPredicate + "' ==> '"
+						+ action.uriOfObject + "'");
+	}
+
+	/**
+	 * Check authorization for Adding or Dropping a Resource.
+	 */
+	private PolicyDecision isAuthorized(AbstractResourceAction action) {
+		if (!canModifyResource(action.getSubjectUri())) {
+			return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.getSubjectUri());
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"CuratorEditingPolicy: may add or remove resource: "
+						+ action.getSubjectUri());
+	}
+
+	@Override
+	public String toString() {
+		return "CuratorEditingPolicy - " + hashCode();
+	}
 }
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java
index 98fee89a1..0bf6236fd 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java
@@ -2,445 +2,172 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
+import javax.servlet.ServletContext;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.hp.hpl.jena.rdf.model.impl.Util;
-
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 
 /**
- * Policy to use for Vivo non-privileged but user accouunt-based editing
- * All methods in this class should be thread safe
- * and side effect free.
+ * Policy to use for Vivo non-privileged but user accouunt-based editing All
+ * methods in this class should be thread safe and side effect free.
  */
-public class DbAdminEditingPolicy implements VisitingPolicyIface {
-    protected static Log log = LogFactory.getLog( DbAdminEditingPolicy.class );
-
-    /** regex for extracting a namespace from a URI */
-    // Do not use this; use Jena's splitNamespace() util instead.
-    //private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
-
-    /**
-     * Namespaces from which DbAdmins should not be able to use resources.
-     */
-    private  Set<String> prohibitedNs;
-
-    /** URIs of properties that DbAdmins should not be able to use in statements*/
-    protected  Set<String>prohibitedProperties;
-
-    /** URIs of resources that DbAdmins should not be able to use in statements*/
-    protected  Set<String>prohibitedResources;
-    
-    /** Indicates which Authorization to use when the user isn't explicitly authorized. */
-    protected Authorization defaultFailure = Authorization.INCONCLUSIVE;
-
-    /** URIs of properties from prohibited namespaces that DbAdmins need to be
-     * able to edit */
-    protected  Set<String> editableVitroUris;
-
-    public DbAdminEditingPolicy(
-            Set<String>prohibitedProperties,
-            Set<String>prohibitedResources,
-            Set<String>prohibitedNamespaces,
-            Set<String>editableVitroUris ){
-
-        if( prohibitedProperties != null )
-            this.prohibitedProperties = prohibitedProperties;
-        else 
-            this.prohibitedProperties = Collections.EMPTY_SET;
-
-        if( prohibitedResources != null )
-            this.prohibitedResources = prohibitedResources;
-        else
-            this.prohibitedResources =  Collections.EMPTY_SET;
-        
-        if( prohibitedNamespaces != null )
-            this.prohibitedNs = prohibitedNamespaces;
-        else{
-            prohibitedNs = new HashSet<String>();
-            prohibitedNs.add( VitroVocabulary.vitroURI);
-            prohibitedNs.add( VitroVocabulary.OWL );
-            prohibitedNs.add("");
-        }
-
-        if( editableVitroUris != null )
-            this.editableVitroUris = editableVitroUris;
-        else{
-            this.editableVitroUris = new HashSet<String>();
-            this.editableVitroUris.add(VitroVocabulary.MONIKER);
-            this.editableVitroUris.add(VitroVocabulary.BLURB);
-            this.editableVitroUris.add(VitroVocabulary.DESCRIPTION);            
-            this.editableVitroUris.add(VitroVocabulary.MODTIME);
-            this.editableVitroUris.add(VitroVocabulary.TIMEKEY);
-
-            this.editableVitroUris.add(VitroVocabulary.CITATION);
-            this.editableVitroUris.add(VitroVocabulary.IND_MAIN_IMAGE);
-
-            this.editableVitroUris.add(VitroVocabulary.LINK);
-            this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK);
-            this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK);
-            this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR);
-            this.editableVitroUris.add(VitroVocabulary.LINK_URL);
-
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE);
-        }
-    }
-
-    public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) {
-        BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
-        if( whoToAuth == null )
-            return pd.setMessage("whomToAuth was null");
-        if(whatToAuth == null)
-            return pd.setMessage("whatToAuth was null");
-                
-        String roleStr = getRoleOf(whoToAuth);
-        if (roleStr == null)
-            return pd.setMessage("Unable to get a role for the dbAdmin from IdBundle");
-        
-        try{
-            if( Integer.parseInt( roleStr ) /*<*/ != LoginStatusBean.DBA) {
-                return pd.setMessage("DbAdminEditingPolicy found role of "+roleStr+" and only authorizes for users logged in as DB_ADMIN");
-            }
-        } catch(NumberFormatException nef){
-            log.debug(nef,nef);
-        }
-        
-        try{
-            SelfEditing sei = SelfEditingIdentifierFactory.getSelfEditingIdentifier(whoToAuth);
-            if( sei != null && sei.isFake() ){
-                return pd.setMessage("DbAdminEditingPolicy will not authorize actions for a fake self editor");                
-            }
-        }catch( Exception e ){
-            log.debug(e,e);
-        }
-        
-        if (whatToAuth instanceof OntoRequestedAction)
-            return pd.setMessage("DbAdminEditingPolicy doesn't authorize OntoRequestedActions");
-        if (whatToAuth instanceof AdminRequestedAction)
-            return pd.setMessage("DbAdminEditingPolicy doesn't authorize AdminRequestedActions");
-
-        //kick off the visitor pattern
-        return whatToAuth.accept(this, whoToAuth);
-    }
-
-    
-    protected String getRoleOf( IdentifierBundle whomToAuth) {
-        if( whomToAuth == null ) return null;
-        
-        for(Identifier id : whomToAuth){
-            if (id instanceof DbAdminEditingIdentifierFactory.DbAdminEditingId) {
-                return ((DbAdminEditingIdentifierFactory.DbAdminEditingId)id).getRole();
-            }
-        }
-        return null;
-    }
-
-    protected boolean canModifyResource(String uri){
-        if( uri == null || uri.length() == 0 )
-            return false;
-
-        if( editableVitroUris.contains( uri ) )
-            return true;
-
-        String namespace = uri.substring(0, Util.splitNamespace(uri));
-        //Matcher match = ns.matcher(uri);
-        //if( match.matches() && match.groupCount() > 0){
-        //    String namespace = match.group(1);
-            if( prohibitedNs.contains( namespace ) ) {
-                log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace");
-                return false;
-            }
-        //} 
-        return true;         
-    }
-
-
-    protected boolean canModifyPredicate(String uri){
-        if( uri == null || uri.length() == 0 )
-            return false;
-
-        if( editableVitroUris.contains( uri ) ) // properties like moniker that are never (currently) set non-editable
-            return true;
-
-        if( prohibitedProperties.contains(uri)) {
-            log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from dbAdmin editing");
-            return false;
-        }
-        
-        String namespace = uri.substring(0, Util.splitNamespace(uri));
-        //Matcher match = ns.matcher(uri);
-        //if( match.matches() && match.groupCount() > 0){
-        //    String namespace = match.group(1);
-            if( prohibitedNs.contains( namespace ) ) {
-                log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace");
-                return false;
-            }
-        //} 
-        return true;         
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.uriOfPredicate);
-        
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user can edit allowed properties of anybody");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
-
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not removal of admin resources");
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may remove resource");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
-
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not allow creation of admin resources");
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may add resource");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
-        if( ids == null || action == null ) {
-            log.debug("DbAdminEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids");
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
-        }
-        //cannot edit resources related to system
-        if(  prohibitedNs.contains( action.getSubjectUri() ) ) { // jc55 was getResourceURI()
-            log.debug("DbAdminEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources");
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources");
-        }
-
-        //many predicates are prohibited by namespace but there are many ones that dbAdmin editors need to work with
-        if(  prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) {
-            log.debug("DbAdminEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin controls");
-        }
-        
-        //cannot edit resources related to system
-        if( !canModifyResource( action.getSubjectUri() ) ) {
-            log.debug("DbAdminEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri());
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.getSubjectUri());
-        }
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-        log.debug("DbAdminEditingPolicy for DropDatapropStmt returns authorization because the user is a dbAdmin");
-        
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user is may drop data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.uriOfPredicate);
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user can edit any individual");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy has null action or ids");
-
-        //cannot edit resources related to system
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources from prohibited namespaces");
-
-        //many predicates are prohibited by namespace but there are many ones that dbAdmin editors need to work with
-        if(  prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin controls");
-        
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("DbAdminEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-        
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may add this data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
-        
-        if( ids == null || action == null ) {
-            log.debug("DbAdminEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids");
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
-        }
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.getSubjectUri() ) ) {
-            log.debug("DbAdminEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri());
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.getSubjectUri());
-        }
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("DbAdminEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-        
-        log.debug("DbAdminEditingPolicy for EditDatapropStmt returns authorization because the user is a dbAdmin");
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may edit data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for EditObjPropStmt does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.uriOfPredicate);
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may edit any individual");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may upload files");
-    }
-
-
-    // *** the following actions are generally not part of dbAdmin editing *** //
-
-    public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
-    }
-    
-    public String toString(){
-        return "DbAdminEditingPolicy " + hashCode()  
-        + " nspaces: " + prohibitedNs.size() + " prohibited Props: " 
-        + prohibitedProperties.size() + " prohibited resources: " 
-        + prohibitedResources.size();
-    }
+public class DbAdminEditingPolicy implements PolicyIface {
+	private final ServletContext ctx;
+
+	public DbAdminEditingPolicy(ServletContext ctx) {
+		this.ctx = ctx;
+	}
+
+	/**
+	 * Indicates which Authorization to use when the user isn't explicitly
+	 * authorized.
+	 */
+	private PolicyDecision defaultDecision(String message) {
+		return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
+	}
+
+	@Override
+	public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
+			RequestedAction whatToAuth) {
+		if (whoToAuth == null) {
+			return defaultDecision("whomToAuth was null");
+		}
+		if (whatToAuth == null) {
+			return defaultDecision("whatToAuth was null");
+		}
+
+		if (!isDba(whoToAuth)) {
+			return defaultDecision("IdBundle does not include a DbAdmin identifier");
+		}
+
+		if (whatToAuth instanceof OntoRequestedAction) {
+			return defaultDecision("DbAdminEditingPolicy doesn't authorize OntoRequestedActions");
+		} else if (whatToAuth instanceof AdminRequestedAction) {
+			return defaultDecision("DbAdminEditingPolicy doesn't authorize AdminRequestedActions");
+		}
+
+		if (whatToAuth instanceof AddDataPropStmt) {
+			return isAuthorized((AddDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof DropDataPropStmt) {
+			return isAuthorized((DropDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof EditDataPropStmt) {
+			return isAuthorized((EditDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof AddObjectPropStmt) {
+			return isAuthorized((AddObjectPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof DropObjectPropStmt) {
+			return isAuthorized((DropObjectPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof EditObjPropStmt) {
+			return isAuthorized((EditObjPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof AddResource) {
+			return isAuthorized((AddResource) whatToAuth);
+		} else if (whatToAuth instanceof DropResource) {
+			return isAuthorized((DropResource) whatToAuth);
+		} else {
+			return defaultDecision("unrecognized requested action: "
+					+ whatToAuth);
+		}
+	}
+
+	private boolean isDba(IdentifierBundle whomToAuth) {
+		for (Identifier id : whomToAuth) {
+			if (id instanceof DbAdminEditingIdentifierFactory.DbAdminEditingId) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	private boolean canModifyResource(String uri) {
+		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource(
+				uri, RoleLevel.DB_ADMIN);
+	}
+
+	private boolean canModifyPredicate(String uri) {
+		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate(
+				uri, RoleLevel.DB_ADMIN);
+	}
+
+	/**
+	 * Check authorization for Adding, Editing or Dropping a DataProperty.
+	 */
+	private PolicyDecision isAuthorized(AbstractDataPropertyAction action) {
+		if (!canModifyResource(action.getSubjectUri())) {
+			return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.getSubjectUri());
+		}
+
+		if (!canModifyPredicate(action.getPredicateUri())) {
+			return defaultDecision("DbAdminEditingPolicy does not grant access to admin predicates; "
+					+ "may not modify " + action.getPredicateUri());
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"DbAdminEditingPolicy: user may modify '"
+						+ action.getSubjectUri() + "' ==> '"
+						+ action.getPredicateUri() + "'");
+	}
+
+	/**
+	 * Check authorization for Adding, Editing or Dropping an ObjectProperty.
+	 */
+	private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) {
+		if (!canModifyResource(action.uriOfSubject)) {
+			return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.uriOfSubject);
+		}
+
+		if (!canModifyPredicate(action.uriOfPredicate)) {
+			return defaultDecision("DbAdminEditingPolicy does not grant access to admin predicates; "
+					+ "may not modify " + action.uriOfPredicate);
+		}
+
+		if (!canModifyResource(action.uriOfObject)) {
+			return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.uriOfObject);
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"DbAdminEditingPolicy: user may modify '" + action.uriOfSubject
+						+ "' ==> '" + action.uriOfPredicate + "' ==> '"
+						+ action.uriOfObject + "'");
+	}
+
+	/**
+	 * Check authorization for Adding or Dropping a Resource.
+	 */
+	private PolicyDecision isAuthorized(AbstractResourceAction action) {
+		if (!canModifyResource(action.getSubjectUri())) {
+			return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.getSubjectUri());
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"DbAdminEditingPolicy: may add or remove resource: "
+						+ action.getSubjectUri());
+	}
+
+	@Override
+	public String toString() {
+		return "DbAdminEditingPolicy - " + hashCode();
+	}
 }
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java
index faeeec4ed..8c00bb665 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java
@@ -2,432 +2,172 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
+import javax.servlet.ServletContext;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.hp.hpl.jena.rdf.model.impl.Util;
-
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.EditorEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 
 /**
- * Policy to use for Vivo non-privileged but user accouunt-based editing
- * All methods in this class should be thread safe
- * and side effect free.
+ * Policy to use for Vivo non-privileged but user accouunt-based editing All
+ * methods in this class should be thread safe and side effect free.
  */
-public class EditorEditingPolicy implements VisitingPolicyIface{
-    protected static Log log = LogFactory.getLog( EditorEditingPolicy.class );
-
-    /** regex for extracting a namespace from a URI */
-    // Do not use this; use Jena's splitNamespace() util instead.
-    //private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
-
-    /**
-     * Namespaces from which Editors should not be able to use resources.
-     */
-    private  Set<String> prohibitedNs;
-
-    /** URIs of properties that Editors should not be able to use in statements*/
-    protected  Set<String>prohibitedProperties;
-
-    /** URIs of resources that Editors should not be able to use in statements*/
-    protected  Set<String>prohibitedResources;
-    
-    /** Indicates which Authorization to use when the user isn't explicitly authorized. */
-    protected Authorization defaultFailure = Authorization.INCONCLUSIVE;
-
-    /** URIs of properties from prohibited namespaces that Editors need to be
-     * able to edit */
-    protected  Set<String> editableVitroUris;
-
-    public EditorEditingPolicy(
-            Set<String>prohibitedProperties,
-            Set<String>prohibitedResources,
-            Set<String>prohibitedNamespaces,
-            Set<String>editableVitroUris ){
-
-        if( prohibitedProperties != null )
-            this.prohibitedProperties = prohibitedProperties;
-        else 
-            this.prohibitedProperties = Collections.EMPTY_SET;
-
-        if( prohibitedResources != null )
-            this.prohibitedResources = prohibitedResources;
-        else
-            this.prohibitedResources =  Collections.EMPTY_SET;
-        
-        if( prohibitedNamespaces != null )
-            this.prohibitedNs = prohibitedNamespaces;
-        else{
-            prohibitedNs = new HashSet<String>();
-            prohibitedNs.add( VitroVocabulary.vitroURI);
-            prohibitedNs.add( VitroVocabulary.OWL );
-            prohibitedNs.add("");
-        }
-
-        if( editableVitroUris != null )
-            this.editableVitroUris = editableVitroUris;
-        else{
-            this.editableVitroUris = new HashSet<String>();
-            this.editableVitroUris.add(VitroVocabulary.MONIKER);
-            this.editableVitroUris.add(VitroVocabulary.BLURB);
-            this.editableVitroUris.add(VitroVocabulary.DESCRIPTION);               
-            this.editableVitroUris.add(VitroVocabulary.MODTIME);
-            this.editableVitroUris.add(VitroVocabulary.TIMEKEY);
-
-            this.editableVitroUris.add(VitroVocabulary.CITATION);
-            this.editableVitroUris.add(VitroVocabulary.IND_MAIN_IMAGE);
-
-            this.editableVitroUris.add(VitroVocabulary.LINK);
-            this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK);
-            this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK);
-            this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR);
-            this.editableVitroUris.add(VitroVocabulary.LINK_URL);
-
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL);
-            this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE);
-        }
-    }
-
-    public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) {
-        BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
-        if( whomToAuth == null )
-            return pd.setMessage("whomToAuth was null");
-        if(whatToAuth == null)
-            return pd.setMessage("whatToAuth was null");
-        
-        String roleStr = getRoleOf(whomToAuth);
-        if (roleStr == null)
-            return pd.setMessage("Unable to get a role for the editor from IdBundle");
-        
-        try{
-            if( Integer.parseInt( roleStr ) /*<*/ != LoginStatusBean.EDITOR)
-                return pd.setMessage("EditorEditingPolicy found role of "+roleStr+" but only authorizes for users logged in as EDITOR or higher");            
-        }catch(NumberFormatException nef){}
-                 
-        if (whatToAuth instanceof OntoRequestedAction)
-            return pd.setMessage("EditorEditingPolicy doesn't authorize OntoRequestedActions");
-        if (whatToAuth instanceof AdminRequestedAction)
-            return pd.setMessage("EditorEditingPolicy doesn't authorize AdminRequestedActions");
-
-        //kick off the visitor pattern
-        return whatToAuth.accept(this, whomToAuth);
-    }
-
-    
-    protected String getRoleOf( IdentifierBundle whomToAuth) {
-        if( whomToAuth == null ) return null;
-        
-        for(Identifier id : whomToAuth){
-            if (id instanceof EditorEditingIdentifierFactory.EditorEditingId) {
-                return ((EditorEditingIdentifierFactory.EditorEditingId)id).getRole();
-            }
-        }
-        return null;
-    }
-
-    protected boolean canModifyResource(String uri){
-        if( uri == null || uri.length() == 0 )
-            return false;
-
-        if( editableVitroUris.contains( uri ) )
-            return true;
-
-        String namespace = uri.substring(0, Util.splitNamespace(uri));
-        //Matcher match = ns.matcher(uri);
-        //if( match.matches() && match.groupCount() > 0){
-        //    String namespace = match.group(1);
-            if( prohibitedNs.contains( namespace ) ) {
-                log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace");
-                return false;
-            }
-        //} 
-        return true;         
-    }
-
-
-    protected boolean canModifyPredicate(String uri){
-        if( uri == null || uri.length() == 0 )
-            return false;
-
-        if( editableVitroUris.contains( uri ) )
-            return true;
-
-        if( prohibitedProperties.contains(uri)) {
-            log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from editor editing");
-            return false;
-        }
-        
-        String namespace = uri.substring(0, Util.splitNamespace(uri));
-        //Matcher match = ns.matcher(uri);
-        //if( match.matches() && match.groupCount() > 0){
-        //    String namespace = match.group(1);
-            if( prohibitedNs.contains( namespace ) ) {
-                log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace");
-                return false;
-            }
-        //} 
-        return true;         
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " +
-                    "cannot modify " + action.uriOfPredicate);
-        
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user can edit allowed properties of anybody");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
-
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not removal of admin resources");
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may remove resource");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
-
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not allow creation of admin resources");
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may add resource");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
-        if( ids == null || action == null ) {
-            log.debug("EditorEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids");
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
-        }
-        //cannot edit resources related to system
-        if(  prohibitedNs.contains( action.getSubjectUri() ) ) { // jc55 was getResourceURI()
-            log.debug("EditorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources");
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources");
-        }
-
-        //many predicates are prohibited by namespace but there are many ones that editor editors need to work with
-        if(  prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) {
-            log.debug("EditorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin controls");
-        }
-        
-        //cannot edit resources related to system
-        if( !canModifyResource( action.getSubjectUri() ) ) {
-            log.debug("EditorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri());
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.getSubjectUri());
-        }
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("EditorEditingPolicy for EditDatapropStmt is inconclusive because it does not grant access to admin predicates; cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-        log.debug("EditorEditingPolicy for DropDatapropStmt returns authorization because the user is a editor");
-        
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user is may drop data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " +
-                    "cannot modify " + action.uriOfPredicate);
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user can edit any individual");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if(  prohibitedNs.contains( action.getSubjectUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources");
-
-        //many predicates are prohibited by namespace but there are many ones that editor editors need to work with
-        if(  prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin controls");
-        
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("EditorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may add this data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
-        
-        if( ids == null || action == null ) {
-            log.debug("EditorEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids");
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
-        }
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.getSubjectUri() ) ) {
-            log.debug("EditorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri());
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.getSubjectUri());
-        }
-        if( !canModifyPredicate( action.getPredicateUri() ) ) {
-            log.debug("EditorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri());
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
-                    "cannot modify " + action.getPredicateUri());
-        }
-        
-        log.debug("EditorEditingPolicy for EditDatapropStmt returns authorization because the user is a editor");
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may edit data property statement");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
-        if( ids == null || action == null )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
-
-        //cannot edit resources related to system
-        if( !canModifyResource( action.uriOfObject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfObject);
-
-        if(  !canModifyResource( action.uriOfSubject ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
-                    "cannot modify " + action.uriOfSubject);
-
-        if( !canModifyPredicate( action.uriOfPredicate ) )
-            return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " +
-                    "cannot modify " + action.uriOfPredicate);
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may edit any individual");
-
-        /* see SelfEditingPolicy for examples of any individual-based policy decisions */
-    }
-
-
-    public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
-        return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may upload files");
-    }
-
-
-    // *** the following actions are generally not part of editor editing *** //
-
-    public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-
-    public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) {
-        return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
-    }
-    
-    public String toString(){
-        return "EditorEditingPolicy " + hashCode()  
-        + " nspaces: " + prohibitedNs.size() + " prohibited Props: " 
-        + prohibitedProperties.size() + " prohibited resources: " 
-        + prohibitedResources.size();
-    }
+public class EditorEditingPolicy implements PolicyIface {
+
+	private final ServletContext ctx;
+
+	public EditorEditingPolicy(ServletContext ctx) {
+		this.ctx = ctx;
+	}
+
+	/**
+	 * Indicates which Authorization to use when the user isn't explicitly
+	 * authorized.
+	 */
+	private PolicyDecision defaultDecision(String message) {
+		return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
+	}
+
+	@Override
+	public PolicyDecision isAuthorized(IdentifierBundle whomToAuth,
+			RequestedAction whatToAuth) {
+		if (whomToAuth == null) {
+			return defaultDecision("whomToAuth was null");
+		}
+		if (whatToAuth == null) {
+			return defaultDecision("whatToAuth was null");
+		}
+		if (!isEditor(whomToAuth)) {
+			return defaultDecision("IdBundle does not include an Editor identifier");
+		}
+
+		if (whatToAuth instanceof OntoRequestedAction) {
+			return defaultDecision("EditorEditingPolicy doesn't authorize OntoRequestedActions");
+		} else if (whatToAuth instanceof AdminRequestedAction) {
+			return defaultDecision("EditorEditingPolicy doesn't authorize AdminRequestedActions");
+		}
+
+		if (whatToAuth instanceof AddDataPropStmt) {
+			return isAuthorized((AddDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof DropDataPropStmt) {
+			return isAuthorized((DropDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof EditDataPropStmt) {
+			return isAuthorized((EditDataPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof AddObjectPropStmt) {
+			return isAuthorized((AddObjectPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof DropObjectPropStmt) {
+			return isAuthorized((DropObjectPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof EditObjPropStmt) {
+			return isAuthorized((EditObjPropStmt) whatToAuth);
+		} else if (whatToAuth instanceof AddResource) {
+			return isAuthorized((AddResource) whatToAuth);
+		} else if (whatToAuth instanceof DropResource) {
+			return isAuthorized((DropResource) whatToAuth);
+		} else {
+			return defaultDecision("unrecognized requested action: "
+					+ whatToAuth);
+		}
+	}
+
+	private boolean isEditor(IdentifierBundle whomToAuth) {
+		for (Identifier id : whomToAuth) {
+			if (id instanceof EditorEditingIdentifierFactory.EditorEditingId) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	private boolean canModifyResource(String uri) {
+		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource(
+				uri, RoleLevel.EDITOR);
+	}
+
+	private boolean canModifyPredicate(String uri) {
+		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate(
+				uri, RoleLevel.EDITOR);
+	}
+
+	/**
+	 * Check authorization for Adding, Editing or Dropping a DataProperty.
+	 */
+	private PolicyDecision isAuthorized(AbstractDataPropertyAction action) {
+		if (!canModifyResource(action.getSubjectUri())) {
+			return defaultDecision("EditorEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.getSubjectUri());
+		}
+
+		if (!canModifyPredicate(action.getPredicateUri())) {
+			return defaultDecision("EditorEditingPolicy does not grant access to admin predicates; "
+					+ "may not modify " + action.getPredicateUri());
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"EditorEditingPolicy: user may modify '"
+						+ action.getSubjectUri() + "' ==> '"
+						+ action.getPredicateUri() + "'");
+	}
+
+	/**
+	 * Check authorization for Adding, Editing or Dropping an ObjectProperty.
+	 */
+	private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) {
+		if (!canModifyResource(action.uriOfSubject)) {
+			return defaultDecision("EditorEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.uriOfSubject);
+		}
+
+		if (!canModifyPredicate(action.uriOfPredicate)) {
+			return defaultDecision("EditorEditingPolicy does not grant access to admin predicates; "
+					+ "may not modify " + action.uriOfPredicate);
+		}
+
+		if (!canModifyResource(action.uriOfObject)) {
+			return defaultDecision("EditorEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.uriOfObject);
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"EditorEditingPolicy: user may modify '" + action.uriOfSubject
+						+ "' ==> '" + action.uriOfPredicate + "' ==> '"
+						+ action.uriOfObject + "'");
+	}
+
+	/**
+	 * Check authorization for Adding or Dropping a Resource.
+	 */
+	private PolicyDecision isAuthorized(AbstractResourceAction action) {
+		if (!canModifyResource(action.getSubjectUri())) {
+			return defaultDecision("EditorEditingPolicy does not grant access to admin resources; "
+					+ "may not modify " + action.getSubjectUri());
+		}
+
+		return new BasicPolicyDecision(Authorization.AUTHORIZED,
+				"EditorEditingPolicy: may add or remove resource: "
+						+ action.getSubjectUri());
+	}
+
+	@Override
+	public String toString() {
+		return "EditorEditingPolicy - " + hashCode();
+	}
 }
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java
index 696cd34ed..034baced5 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java
@@ -5,6 +5,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.servlet.ServletContext;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -23,6 +25,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 
 /**
@@ -44,12 +47,10 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy
 			+ "linkedAuthor";
 
 	private final OntModel model;
-	private final AdministrativeUriRestrictor restrictor;
 
-	public InformationResourceEditingPolicy(OntModel model,
-			AdministrativeUriRestrictor restrictor) {
+	public InformationResourceEditingPolicy(ServletContext ctx, OntModel model) {
+		super(ctx, RoleLevel.SELF);
 		this.model = model;
-		this.restrictor = restrictor;
 	}
 
 	@Override
@@ -91,10 +92,10 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy
 		String subject = action.getSubjectUri();
 		String predicate = action.getPredicateUri();
 
-		if (!restrictor.canModifyResource(subject)) {
+		if (!canModifyResource(subject)) {
 			return cantModifyResource(subject);
 		}
-		if (!restrictor.canModifyPredicate(predicate)) {
+		if (!canModifyPredicate(predicate)) {
 			return cantModifyPredicate(predicate);
 		}
 
@@ -120,13 +121,13 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy
 		String predicate = action.getUriOfPredicate();
 		String object = action.getUriOfObject();
 
-		if (!restrictor.canModifyResource(subject)) {
+		if (!canModifyResource(subject)) {
 			return cantModifyResource(subject);
 		}
-		if (!restrictor.canModifyPredicate(predicate)) {
+		if (!canModifyPredicate(predicate)) {
 			return cantModifyPredicate(predicate);
 		}
-		if (!restrictor.canModifyResource(object)) {
+		if (!canModifyResource(object)) {
 			return cantModifyResource(object);
 		}
 
@@ -286,34 +287,4 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy
 	private PolicyDecision authorizedObjectAuthor() {
 		return authorizedDecision("User is author of the object of the statement");
 	}
-
-	/**
-	 * TODO
-	 * 
-	 * <pre>
-	 * We don't need to do resource operations.
-	 * 
-	 * We can do data or object property operations 
-	 *    if not restricted
-	 *    if the subject or object is an information resource
-	 *    if that information resource has an author or editor who is an active self-editor.
-	 * </pre>
-	 */
-
-	/**
-	 * TODO
-	 * 
-	 * <pre>
-	 * If the request is an object property operation
-	 * 
-	 * Check restrictions. If restricted, we are done.
-	 * Get the URIs of self-editors identifiers. If none, we are done.
-	 * Get the list of editors and authors for this document. Is 
-	 * Get the list of information resources that these self-editors author or edit.
-	 * If subject or object is in that set, approve.
-	 * 
-	 * If the request is a data property operations, same except there is no object.
-	 * </pre>
-	 */
-
 }
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
index c80c2ea53..5c2023598 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
@@ -3,12 +3,8 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
 import java.util.List;
-import java.util.Set;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.hp.hpl.jena.ontology.OntModel;
+import javax.servlet.ServletContext;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
@@ -17,6 +13,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 
 /**
  * Policy to use for Vivo Self-Editing based on NetId for use at Cornell. All
@@ -24,19 +21,11 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractRe
  */
 public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
 		PolicyIface {
-	protected static Log log = LogFactory.getLog(SelfEditingPolicy.class);
-
-	protected final OntModel model;
-	private final AdministrativeUriRestrictor restrictor;
-
-	public SelfEditingPolicy(Set<String> prohibitedProperties,
-			Set<String> prohibitedResources, Set<String> prohibitedNamespaces,
-			Set<String> editableVitroUris, OntModel model) {
-		this.model = model;
-		this.restrictor = new AdministrativeUriRestrictor(prohibitedProperties,
-				prohibitedResources, prohibitedNamespaces, editableVitroUris);
+	public SelfEditingPolicy(ServletContext ctx) {
+		super(ctx, RoleLevel.SELF);
 	}
 
+	@Override
 	public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
 			RequestedAction whatToAuth) {
 		if (whoToAuth == null) {
@@ -80,13 +69,13 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
 		String predicate = action.getUriOfPredicate();
 		String object = action.getUriOfObject();
 
-		if (!restrictor.canModifyResource(subject)) {
+		if (!canModifyResource(subject)) {
 			return cantModifyResource(subject);
 		}
-		if (!restrictor.canModifyPredicate(predicate)) {
+		if (!canModifyPredicate(predicate)) {
 			return cantModifyPredicate(predicate);
 		}
-		if (!restrictor.canModifyResource(object)) {
+		if (!canModifyResource(object)) {
 			return cantModifyResource(object);
 		}
 
@@ -106,10 +95,10 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
 		String subject = action.getSubjectUri();
 		String predicate = action.getPredicateUri();
 
-		if (!restrictor.canModifyResource(subject)) {
+		if (!canModifyResource(subject)) {
 			return cantModifyResource(subject);
 		}
-		if (!restrictor.canModifyPredicate(predicate)) {
+		if (!canModifyPredicate(predicate)) {
 			return cantModifyPredicate(predicate);
 		}
 
@@ -126,7 +115,7 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
 	private PolicyDecision isAuthorizedForResourceAction(
 			AbstractResourceAction action) {
 		String uri = action.getSubjectUri();
-		if (!restrictor.canModifyResource(uri)) {
+		if (!canModifyResource(uri)) {
 			return cantModifyResource(uri);
 		} else {
 			return authorizedDecision("May add/remove resource.");
@@ -162,7 +151,7 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
 
 	@Override
 	public String toString() {
-		return "SelfEditingPolicy " + hashCode() + "[" + restrictor + "]";
+		return "SelfEditingPolicy - " + hashCode();
 	}
 
 }
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java
index fb5972346..6afeb27b0 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java
@@ -11,8 +11,8 @@ import com.hp.hpl.jena.ontology.OntModel;
 
 import edu.cornell.mannlib.vedit.beans.EditProcessObject;
 import edu.cornell.mannlib.vedit.listener.ChangeListener;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
 
 /**
  * Add this ChangeListener to your EditProcessObject when modifying the
@@ -37,7 +37,7 @@ public class PropertyRestrictionListener implements ChangeListener {
 		Property p = (Property) oldObj;
 		if (eitherRoleChanged(p.getHiddenFromDisplayBelowRoleLevel(),
 				p.getProhibitedFromUpdateBelowRoleLevel(), null, null)) {
-			log.debug("replacing all prohibition policies after deletion");
+			log.debug("rebuilding the PropertyRestrictionPolicyHelper after deletion");
 			createAndSetBean();
 		}
 	}
@@ -51,7 +51,7 @@ public class PropertyRestrictionListener implements ChangeListener {
 		if (eitherRoleChanged(null, null,
 				p.getHiddenFromDisplayBelowRoleLevel(),
 				p.getProhibitedFromUpdateBelowRoleLevel())) {
-			log.debug("replacing all prohibition policies after insertion");
+			log.debug("rebuilding the PropertyRestrictionPolicyHelper after insertion");
 			createAndSetBean();
 		}
 	}
@@ -67,7 +67,7 @@ public class PropertyRestrictionListener implements ChangeListener {
 				oldP.getProhibitedFromUpdateBelowRoleLevel(),
 				newP.getHiddenFromDisplayBelowRoleLevel(),
 				newP.getProhibitedFromUpdateBelowRoleLevel())) {
-			log.debug("replacing all prohibition policies after update");
+			log.debug("rebuilding the PropertyRestrictionPolicyHelper after update");
 			createAndSetBean();
 		}
 	}
@@ -91,6 +91,8 @@ public class PropertyRestrictionListener implements ChangeListener {
 
 	private void createAndSetBean() {
 		OntModel model = (OntModel) ctx.getAttribute("jenaOntModel");
-		PropertyRestrictionPolicyHelper.createAndSetBean(ctx, model);
+		PropertyRestrictionPolicyHelper bean = PropertyRestrictionPolicyHelper
+				.createBean(model);
+		PropertyRestrictionPolicyHelper.setBean(ctx, bean);
 	}
 }
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java
index d08ec142b..4d1a8b6cf 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java
@@ -2,12 +2,12 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
 
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
-import java.util.Set;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
@@ -27,57 +27,49 @@ import com.hp.hpl.jena.shared.Lock;
 
 import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup;
 
 /**
  * Assists the role-based policies in determining whether a property or resource
  * may be displayed or modified.
+ * 
+ * There is a bean in the context that holds the current threshold role levels
+ * for displaying and modifying restricted properties.
+ * 
+ * Create this bean after the Jena model is in place in the context.
+ * 
+ * Add PropertyRestrictionListener to your EditProcessObject if you are editing
+ * a property, to ensure that the bean stays current.
  */
 public class PropertyRestrictionPolicyHelper {
 	private static final Log log = LogFactory
 			.getLog(PropertyRestrictionPolicyHelper.class);
 
-	private static final Collection<String> PROHIBITED_NAMESPACES = setProhibitedNamespaces();
-	private static final Collection<String> PERMITTED_EXCEPTIONS = setPermittedExceptions();
+	private static final Collection<String> PROHIBITED_NAMESPACES = Arrays
+			.asList(new String[] { VitroVocabulary.vitroURI,
+					VitroVocabulary.OWL, "" });
 
-	private static Collection<String> setProhibitedNamespaces() {
-		Set<String> prohibitedNs = new HashSet<String>();
-		prohibitedNs.add(VitroVocabulary.vitroURI);
-		prohibitedNs.add(VitroVocabulary.OWL);
-		prohibitedNs.add("");
-		return Collections.unmodifiableSet(prohibitedNs);
-	}
+	private static final Collection<String> PERMITTED_EXCEPTIONS = Arrays
+			.asList(new String[] {
+					VitroVocabulary.MONIKER,
+					VitroVocabulary.BLURB,
+					VitroVocabulary.DESCRIPTION,
+					VitroVocabulary.MODTIME,
+					VitroVocabulary.TIMEKEY,
 
-	private static Collection<String> setPermittedExceptions() {
-		Set<String> editableVitroUris = new HashSet<String>();
+					VitroVocabulary.CITATION,
+					VitroVocabulary.IND_MAIN_IMAGE,
 
-		editableVitroUris.add(VitroVocabulary.MONIKER);
-		editableVitroUris.add(VitroVocabulary.BLURB);
-		editableVitroUris.add(VitroVocabulary.DESCRIPTION);
-		editableVitroUris.add(VitroVocabulary.MODTIME);
-		editableVitroUris.add(VitroVocabulary.TIMEKEY);
+					VitroVocabulary.LINK,
+					VitroVocabulary.PRIMARY_LINK,
+					VitroVocabulary.ADDITIONAL_LINK,
+					VitroVocabulary.LINK_ANCHOR,
+					VitroVocabulary.LINK_URL,
 
-		editableVitroUris.add(VitroVocabulary.CITATION);
-		editableVitroUris.add(VitroVocabulary.IND_MAIN_IMAGE);
-
-		editableVitroUris.add(VitroVocabulary.LINK);
-		editableVitroUris.add(VitroVocabulary.PRIMARY_LINK);
-		editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK);
-		editableVitroUris.add(VitroVocabulary.LINK_ANCHOR);
-		editableVitroUris.add(VitroVocabulary.LINK_URL);
-
-		editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION);
-		editableVitroUris
-				.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD);
-		editableVitroUris
-				.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL);
-		editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE);
-
-		return Collections.unmodifiableSet(editableVitroUris);
-	}
-
-	// ----------------------------------------------------------------------
-	// static methods
-	// ----------------------------------------------------------------------
+					VitroVocabulary.KEYWORD_INDIVIDUALRELATION,
+					VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD,
+					VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL,
+					VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE });
 
 	/**
 	 * The bean is attached to the ServletContext using this attribute name.
@@ -85,6 +77,10 @@ public class PropertyRestrictionPolicyHelper {
 	private static final String ATTRIBUTE_NAME = PropertyRestrictionPolicyHelper.class
 			.getName();
 
+	// ----------------------------------------------------------------------
+	// static methods
+	// ----------------------------------------------------------------------
+
 	public static PropertyRestrictionPolicyHelper getBean(ServletContext ctx) {
 		Object attribute = ctx.getAttribute(ATTRIBUTE_NAME);
 		if (!(attribute instanceof PropertyRestrictionPolicyHelper)) {
@@ -98,11 +94,19 @@ public class PropertyRestrictionPolicyHelper {
 		ctx.removeAttribute(ATTRIBUTE_NAME);
 	}
 
+	public static void setBean(ServletContext ctx,
+			PropertyRestrictionPolicyHelper bean) {
+		if (bean == null) {
+			throw new NullPointerException("bean may not be null.");
+		}
+		ctx.setAttribute(ATTRIBUTE_NAME, bean);
+	}
+
 	/**
 	 * Initialize the bean with the standard prohibitions and exceptions, and
 	 * with the thresholds obtained from the model.
 	 */
-	public static void createAndSetBean(ServletContext ctx, OntModel model) {
+	public static PropertyRestrictionPolicyHelper createBean(OntModel model) {
 		Map<String, RoleLevel> displayThresholdMap = new HashMap<String, RoleLevel>();
 		Map<String, RoleLevel> modifyThresholdMap = new HashMap<String, RoleLevel>();
 
@@ -119,12 +123,12 @@ public class PropertyRestrictionPolicyHelper {
 				PROHIBITED_NAMESPACES, PERMITTED_EXCEPTIONS,
 				displayThresholdMap, modifyThresholdMap);
 
-		ctx.setAttribute(ATTRIBUTE_NAME, bean);
+		return bean;
 	}
 
 	/**
 	 * Find all the resources that possess this property, and map the resource
-	 * URI to the require RoleLevel.
+	 * URI to the required RoleLevel.
 	 */
 	private static void populateThresholdMap(OntModel model,
 			Map<String, RoleLevel> map, String propertyUri) {
@@ -167,22 +171,22 @@ public class PropertyRestrictionPolicyHelper {
 	private final Collection<String> modifyExceptionsAllowedUris;
 
 	/**
-	 * URIs in here can be displayed only if the user's role is at least as high
+	 * These URIs can be displayed only if the user's role is at least as high
 	 * as the threshold role.
 	 */
 	private final Map<String, RoleLevel> displayThresholdMap;
 
 	/**
-	 * URIs in here can be modified only if the user's role is at least as high
-	 * as the threshold role.
+	 * These URIs can be modified only if the user's role is at least as high as
+	 * the threshold role.
 	 */
 	private final Map<String, RoleLevel> modifyThresholdMap;
 
 	/**
 	 * Store unmodifiable versions of the inputs.
 	 * 
-	 * Protected access: should only be created by the static methods, or by
-	 * unit tests.
+	 * Protected access: the bean should only be created by the static methods,
+	 * or by unit tests.
 	 */
 	protected PropertyRestrictionPolicyHelper(
 			Collection<String> modifyProhibitedNamespaces,
@@ -193,9 +197,9 @@ public class PropertyRestrictionPolicyHelper {
 		this.modifyExceptionsAllowedUris = unmodifiable(modifyExceptionsAllowedUris);
 		this.displayThresholdMap = unmodifiable(displayThresholdMap);
 		this.modifyThresholdMap = unmodifiable(modifyThresholdMap);
-		
+
 		if (log.isDebugEnabled()) {
-			log.debug("prohibited namespaces: " + this.modifyProhibitedNamespaces);
+			log.debug("prohibited: " + this.modifyProhibitedNamespaces);
 			log.debug("exceptions: " + this.modifyExceptionsAllowedUris);
 			log.debug("display thresholds: " + this.displayThresholdMap);
 			log.debug("modify thresholds: " + this.modifyThresholdMap);
@@ -347,8 +351,27 @@ public class PropertyRestrictionPolicyHelper {
 		@Override
 		public void contextInitialized(ServletContextEvent sce) {
 			ServletContext ctx = sce.getServletContext();
-			OntModel model = (OntModel) ctx.getAttribute("jenaOntModel");
-			createAndSetBean(ctx, model);
+
+			if (AbortStartup.isStartupAborted(ctx)) {
+				return;
+			}
+
+			try {
+				OntModel model = (OntModel) ctx.getAttribute("jenaOntModel");
+				if (model == null) {
+					throw new NullPointerException(
+							"jenaOntModel has not been initialized.");
+				}
+
+				PropertyRestrictionPolicyHelper bean = PropertyRestrictionPolicyHelper
+						.createBean(model);
+				PropertyRestrictionPolicyHelper.setBean(ctx, bean);
+			} catch (Exception e) {
+				log.error("could not run PropertyRestrictionPolicyHelper$Setup: "
+						+ e);
+				AbortStartup.abortStartup(ctx);
+				throw new RuntimeException(e);
+			}
 		}
 
 		@Override
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java
index 8685ecabe..978d70d0b 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java
@@ -2,10 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
 
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.Set;
-
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
@@ -13,82 +9,54 @@ import javax.servlet.ServletContextListener;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import com.hp.hpl.jena.ontology.OntModel;
-import com.hp.hpl.jena.rdf.model.Model;
-import com.hp.hpl.jena.rdf.model.ResIterator;
-import com.hp.hpl.jena.rdf.model.Resource;
-import com.hp.hpl.jena.rdf.model.ResourceFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.CuratorEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.CuratorEditingPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup;
 
 /**
- * Sets up RoleBasedPolicy and IdentifierBundleFactory.  
- * This will cause the vitro native login to add Identifiers that can
- * be used by the Auth system and the in-line editing.
+ * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the
+ * vitro native login to add Identifiers that can be used by the Auth system and
+ * the in-line editing.
  * 
- * To use this add it as a listener to the web.xml. 
+ * To use this add it as a listener to the web.xml.
  * 
  * See RoleBasedPolicy.java
- * 
- * @author bdc34
- *
  */
-public class CuratorEditingPolicySetup  implements ServletContextListener  {
-    private static final Log log = LogFactory.getLog(CuratorEditingPolicySetup.class.getName());
-   
-    @Override
+public class CuratorEditingPolicySetup implements ServletContextListener {
+	private static final Log log = LogFactory
+			.getLog(CuratorEditingPolicySetup.class.getName());
+
+	@Override
 	public void contextInitialized(ServletContextEvent sce) {
-        try{
-            log.debug("Setting up CuratorEditingPolicy");
-            
-            //need to make a policy and add it to the ServeltContext
-            OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel");
-            CuratorEditingPolicy cep = makeCuratorEditPolicyFromModel(model);
-            ServletPolicyList.addPolicy(sce.getServletContext(), cep);
-            
-            //need to put an IdentifierFactory for CuratorEditingIds into the ServletContext
-            ActiveIdentifierBundleFactories.addFactory(sce, new CuratorEditingIdentifierFactory()); 
-            
-            log.debug( "Finished setting up CuratorEditingPolicy: " + cep );            
-        }catch(Exception e){
-            log.error("could not run CuratorEditingPolicySetup: " + e);
-            e.printStackTrace();
-        }
-    }
-    
-    @Override
-	public void contextDestroyed(ServletContextEvent sce) { /*nothing*/  }
-    
-    public static CuratorEditingPolicy makeCuratorEditPolicyFromModel( Model model ){
-        CuratorEditingPolicy pol = null;
-        if( model == null )
-            pol = new CuratorEditingPolicy(null,null,null,null);
-        else{
-            Set<String> prohibitedProps = new HashSet<String>();
-            //ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROPERTY_CURATOREDITPROHIBITEDANNOT ) );
-            // need to iterate through one level higher than CURATOR (the higher of current 2 targeted levels) plus all higher levels
-            for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.DB_ADMIN,BaseResourceBean.RoleLevel.NOBODY)) {
-                ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI()));
-                while( it.hasNext() ){
-                    Resource resource = it.nextResource();
-                    if( resource != null && resource.getURI() != null ) {
-                        log.debug("adding \""+resource.getURI()+"\" to properties prohibited from inline curator editing ("+e.getLabel()+")"); 
-                        prohibitedProps.add( resource.getURI() );
-                    }
-                }
-            }
-            pol = new CuratorEditingPolicy(prohibitedProps,null,null,null);
-        }               
-        return pol;
-    }
-        
-    
-    public static void replaceCuratorEditing( ServletContext sc, Model model ){
-        ServletPolicyList.replacePolicy(sc, makeCuratorEditPolicyFromModel(model));
-    }
-}
\ No newline at end of file
+		ServletContext ctx = sce.getServletContext();
+
+		if (AbortStartup.isStartupAborted(ctx)) {
+			return;
+		}
+
+		try {
+			log.debug("Setting up CuratorEditingPolicy");
+
+			// need to make a policy and add it to the ServletContext
+			CuratorEditingPolicy cep = new CuratorEditingPolicy(ctx);
+			ServletPolicyList.addPolicy(ctx, cep);
+
+			// need to put an IdentifierFactory for CuratorEditingIds into the
+			// ServletContext
+			ActiveIdentifierBundleFactories.addFactory(sce,
+					new CuratorEditingIdentifierFactory());
+
+			log.debug("Finished setting up CuratorEditingPolicy: " + cep);
+		} catch (Exception e) {
+			log.error("could not run CuratorEditingPolicySetup: " + e);
+			AbortStartup.abortStartup(ctx);
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Override
+	public void contextDestroyed(ServletContextEvent sce) { /* nothing */
+	}
+}
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java
index 951a8a134..cf816cca1 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java
@@ -2,9 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
 
-import java.util.HashSet;
-import java.util.Set;
-
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
@@ -12,81 +9,54 @@ import javax.servlet.ServletContextListener;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import com.hp.hpl.jena.ontology.OntModel;
-import com.hp.hpl.jena.rdf.model.Model;
-import com.hp.hpl.jena.rdf.model.ResIterator;
-import com.hp.hpl.jena.rdf.model.Resource;
-import com.hp.hpl.jena.rdf.model.ResourceFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.DbAdminEditingPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup;
 
 /**
- * Sets up RoleBasedPolicy and IdentifierBundleFactory.  
- * This will cause the vitro native login to add Identifiers that can
- * be used by the Auth system and the in-line editing.
+ * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the
+ * vitro native login to add Identifiers that can be used by the Auth system and
+ * the in-line editing.
  * 
- * To use this add it as a listener to the web.xml. 
+ * To use this add it as a listener to the web.xml.
  * 
  * See RoleBasedPolicy.java
- * 
- * @author bdc34
- *
  */
-public class DbAdminEditingPolicySetup  implements ServletContextListener  {
-    private static final Log log = LogFactory.getLog(DbAdminEditingPolicySetup.class.getName());
-   
-    @Override
+public class DbAdminEditingPolicySetup implements ServletContextListener {
+	private static final Log log = LogFactory
+			.getLog(DbAdminEditingPolicySetup.class.getName());
+
+	@Override
 	public void contextInitialized(ServletContextEvent sce) {
-        try{
-            log.debug("Setting up DbAdminEditingPolicy");
-            
-            //need to make a policy and add it to the ServeltContext
-            OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel");
-            DbAdminEditingPolicy cep = makeDbAdminEditPolicyFromModel(model);
-            ServletPolicyList.addPolicy(sce.getServletContext(), cep);
-            
-            //need to put an IdentifierFactory for DbAdminEditingIds into the ServletContext
-            ActiveIdentifierBundleFactories.addFactory(sce, new DbAdminEditingIdentifierFactory()); 
-            
-            log.debug( "Finished setting up DbAdminEditingPolicy: " + cep );            
-        }catch(Exception e){
-            log.error("could not run DbAdminEditingPolicySetup: " + e);
-            e.printStackTrace();
-        }
-    }
-    
-    @Override
-	public void contextDestroyed(ServletContextEvent sce) { /*nothing*/  }
-    
-    public static DbAdminEditingPolicy makeDbAdminEditPolicyFromModel( Model model ){
-        DbAdminEditingPolicy pol = null;
-        if( model == null )
-            pol = new DbAdminEditingPolicy(null,null,null,null);
-        else{
-            Set<String> prohibitedProps = new HashSet<String>();
-            // no need to iterate through any level higher than DB_ADMIN
-            //for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.NOBODY,BaseResourceBean.RoleLevel.NOBODY)) {
-                BaseResourceBean.RoleLevel e = BaseResourceBean.RoleLevel.NOBODY;
-                ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI()));
-                while( it.hasNext() ){
-                    Resource resource = it.nextResource();
-                    if( resource != null && resource.getURI() != null ) {
-                        log.debug("adding \""+resource.getURI()+"\" to properties prohibited from dbAdmin editing ("+e.getLabel()+")"); 
-                        prohibitedProps.add( resource.getURI() );
-                    }
-                }
-            //}
-            pol = new DbAdminEditingPolicy(prohibitedProps,null,null,null);
-        }               
-        return pol;
-    }
-            
-    public static void replaceDbAdminEditing( ServletContext sc, Model model ){
-        ServletPolicyList.replacePolicy(sc, makeDbAdminEditPolicyFromModel(model));
-    }    
-}
\ No newline at end of file
+		ServletContext ctx = sce.getServletContext();
+
+		if (AbortStartup.isStartupAborted(ctx)) {
+			return;
+		}
+
+		try {
+			log.debug("Setting up DbAdminEditingPolicy");
+
+			// need to make a policy and add it to the ServletContext
+			DbAdminEditingPolicy dep = new DbAdminEditingPolicy(ctx);
+			ServletPolicyList.addPolicy(ctx, dep);
+
+			// need to put an IdentifierFactory for DbAdminEditingIds into the
+			// ServletContext
+			ActiveIdentifierBundleFactories.addFactory(sce,
+					new DbAdminEditingIdentifierFactory());
+
+			log.debug("Finished setting up DbAdminEditingPolicy: " + dep);
+		} catch (Exception e) {
+			log.error("could not run DbAdminEditingPolicySetup: " + e);
+			AbortStartup.abortStartup(ctx);
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Override
+	public void contextDestroyed(ServletContextEvent sce) { /* nothing */
+	}
+}
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java
index 30101f26f..9702a5fde 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java
@@ -2,10 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
 
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.Set;
-
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
@@ -13,80 +9,54 @@ import javax.servlet.ServletContextListener;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import com.hp.hpl.jena.ontology.OntModel;
-import com.hp.hpl.jena.rdf.model.Model;
-import com.hp.hpl.jena.rdf.model.ResIterator;
-import com.hp.hpl.jena.rdf.model.Resource;
-import com.hp.hpl.jena.rdf.model.ResourceFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.EditorEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EditorEditingPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup;
 
 /**
- * Sets up RoleBasedPolicy and IdentifierBundleFactory.  
- * This will cause the vitro native login to add Identifiers that can
- * be used by the Auth system and the in-line editing.
+ * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the
+ * vitro native login to add Identifiers that can be used by the Auth system and
+ * the in-line editing.
  * 
- * To use this add it as a listener to the web.xml. 
+ * To use this add it as a listener to the web.xml.
  * 
  * See RoleBasedPolicy.java
- * 
- * @author bdc34
- *
  */
-public class EditorEditingPolicySetup  implements ServletContextListener  {
-    private static final Log log = LogFactory.getLog(EditorEditingPolicySetup.class.getName());
-   
-    @Override
+public class EditorEditingPolicySetup implements ServletContextListener {
+	private static final Log log = LogFactory
+			.getLog(EditorEditingPolicySetup.class.getName());
+
+	@Override
 	public void contextInitialized(ServletContextEvent sce) {
-        try{
-            log.debug("Setting up EditorEditingPolicy");
-            
-            //need to make a policy and add it to the ServeltContext
-            OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel");
-            EditorEditingPolicy cep = makeEditorEditPolicyFromModel(model);
-            ServletPolicyList.addPolicy(sce.getServletContext(), cep);
-            
-            //need to put an IdentifierFactory for EditorEditingIds into the ServletContext
-            ActiveIdentifierBundleFactories.addFactory(sce, new EditorEditingIdentifierFactory()); 
-            
-            log.debug( "Finished setting up EditorEditingPolicy: " + cep );            
-        }catch(Exception e){
-            log.error("could not run EditorEditingPolicySetup: " + e);
-            e.printStackTrace();
-        }
-    }
-    
-    @Override
-	public void contextDestroyed(ServletContextEvent sce) { /*nothing*/  }
-    
-    public static EditorEditingPolicy makeEditorEditPolicyFromModel( Model model ){
-        EditorEditingPolicy pol = null;
-        if( model == null )
-            pol = new EditorEditingPolicy(null,null,null,null);
-        else{
-            Set<String> prohibitedProps = new HashSet<String>();
-            // need to iterate through one level higher than EDITOR (the higher of current 2 targeted levels) plus all higher levels
-            for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.CURATOR,BaseResourceBean.RoleLevel.NOBODY)) {
-                ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI()));
-                while( it.hasNext() ){
-                    Resource resource = it.nextResource();
-                    if( resource != null && resource.getURI() != null ) {
-                        log.debug("adding \""+resource.getURI()+"\" to properties prohibited from inline editor editing ("+e.getLabel()+")"); 
-                        prohibitedProps.add( resource.getURI() );
-                    }
-                }
-            }
-            pol = new EditorEditingPolicy(prohibitedProps,null,null,null);
-        }               
-        return pol;
-    }
-            
-    public static void replaceEditorEditing( ServletContext sc, Model model ){
-        ServletPolicyList.replacePolicy(sc, makeEditorEditPolicyFromModel(model));                                
-    }  
-}
\ No newline at end of file
+		ServletContext ctx = sce.getServletContext();
+
+		if (AbortStartup.isStartupAborted(ctx)) {
+			return;
+		}
+
+		try {
+			log.debug("Setting up EditorEditingPolicy");
+
+			// need to make a policy and add it to the ServletContext
+			EditorEditingPolicy cep = new EditorEditingPolicy(ctx);
+			ServletPolicyList.addPolicy(ctx, cep);
+
+			// need to put an IdentifierFactory for EditorEditingIds into the
+			// ServletContext
+			ActiveIdentifierBundleFactories.addFactory(sce,
+					new EditorEditingIdentifierFactory());
+
+			log.debug("Finished setting up EditorEditingPolicy: " + cep);
+		} catch (Exception e) {
+			log.error("could not run EditorEditingPolicySetup: " + e);
+			AbortStartup.abortStartup(ctx);
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Override
+	public void contextDestroyed(ServletContextEvent sce) { /* nothing */
+	}
+}
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/InformationResourceEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/InformationResourceEditingPolicySetup.java
index a857d9bdd..85548e7a9 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/InformationResourceEditingPolicySetup.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/InformationResourceEditingPolicySetup.java
@@ -2,10 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
 
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.Set;
-
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
@@ -14,15 +10,10 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import com.hp.hpl.jena.ontology.OntModel;
-import com.hp.hpl.jena.rdf.model.ResIterator;
-import com.hp.hpl.jena.rdf.model.Resource;
-import com.hp.hpl.jena.rdf.model.ResourceFactory;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.AdministrativeUriRestrictor;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.InformationResourceEditingPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup;
 
 /**
  * Set up the InformationResourceEditingPolicy. This is tied to the SelfEditor
@@ -35,62 +26,37 @@ public class InformationResourceEditingPolicySetup implements
 
 	@Override
 	public void contextInitialized(ServletContextEvent sce) {
+		ServletContext ctx = sce.getServletContext();
+
+		if (AbortStartup.isStartupAborted(ctx)) {
+			return;
+		}
+
 		try {
 			log.debug("Setting up InformationResourceEditingPolicy");
 
+			// need to make a policy and add it to the ServletContext
 			OntModel model = (OntModel) sce.getServletContext().getAttribute(
 					"jenaOntModel");
-			replacePolicy(sce.getServletContext(), model);
+			InformationResourceEditingPolicy irep = new InformationResourceEditingPolicy(
+					ctx, model);
+			ServletPolicyList.addPolicy(ctx, irep);
 
-			log.debug("InformationResourceEditingPolicy has been setup. ");
+			// don't need an IdentifierFactory if the SelfEditingPolicy is
+			// providing it.
+
+			log.debug("Finished setting up InformationResourceEditingPolicy: "
+					+ irep);
 		} catch (Exception e) {
-			log.error("could not run SelfEditingPolicySetup: " + e);
-			e.printStackTrace();
+			log.error("could not run InformationResourceEditingPolicySetup: "
+					+ e);
+			AbortStartup.abortStartup(ctx);
+			throw new RuntimeException(e);
 		}
 	}
 
-	public static InformationResourceEditingPolicy makePolicyFromModel(
-			OntModel model) {
-		InformationResourceEditingPolicy policy = null;
-		if (model == null)
-			policy = new InformationResourceEditingPolicy(null,
-					new AdministrativeUriRestrictor(null, null, null, null));
-		else {
-			Set<String> prohibitedProps = new HashSet<String>();
-
-			// need to iterate through one level higher than SELF (the lowest
-			// level where restrictions make sense) plus all higher levels
-			for (BaseResourceBean.RoleLevel e : EnumSet.range(
-					BaseResourceBean.RoleLevel.EDITOR,
-					BaseResourceBean.RoleLevel.NOBODY)) {
-				ResIterator it = model
-						.listSubjectsWithProperty(
-								model.createProperty(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),
-								ResourceFactory.createResource(e.getURI()));
-				while (it.hasNext()) {
-					Resource resource = it.nextResource();
-					if (resource != null && resource.getURI() != null) {
-						log.debug("adding '"
-								+ resource.getURI()
-								+ "' to properties prohibited from information resource editing ("
-								+ e.getLabel() + ")");
-						prohibitedProps.add(resource.getURI());
-					}
-				}
-			}
-			policy = new InformationResourceEditingPolicy(model,
-					new AdministrativeUriRestrictor(prohibitedProps, null, null, null));
-		}
-		return policy;
-	}
-
-	public static void replacePolicy(ServletContext sc, OntModel model) {
-		ServletPolicyList.replacePolicy(sc, makePolicyFromModel(model));
-	}
-
 	@Override
 	public void contextDestroyed(ServletContextEvent sce) {
 		// Nothing to do.
 	}
-
 }
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java
index a1271ee60..897cc4055 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java
@@ -2,10 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
 
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.Set;
-
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
@@ -13,88 +9,57 @@ import javax.servlet.ServletContextListener;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import com.hp.hpl.jena.ontology.OntModel;
-import com.hp.hpl.jena.rdf.model.ResIterator;
-import com.hp.hpl.jena.rdf.model.Resource;
-import com.hp.hpl.jena.rdf.model.ResourceFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup;
 
 /**
- * Policy for SelfEditors.  This will set up the self-editing policy which
- * will will look for SelfEditing identifier in the IdentifierBundle.  If
- * the user is associated with a URI in the system then they will be allowed
- * to edit resources related to that URI.
- *  
- *  To use this add it as a listener to the web.xml. 
- *  
- * The SelfEditing policy may return  
- * Authorization.UNAUTHORIZED so it should be at the start of the 
- * ServletPolicyList if you want it to override other Policies.
- * For example, this Listener should be before the curator listener so
- * that if a curator is faking selfEditing the capabilities they have
- * as curator will not override the results of the SelfEditing policy.
+ * Policy for SelfEditors. This will set up the self-editing policy which will
+ * will look for SelfEditing identifier in the IdentifierBundle. If the user is
+ * associated with a URI in the system then they will be allowed to edit
+ * resources related to that URI.
  * 
- * @author bdc34
- *
+ * To use this add it as a listener to the web.xml.
  */
-public class SelfEditingPolicySetup  implements ServletContextListener  {
-    private static final Log log = LogFactory.getLog(SelfEditingPolicySetup.class.getName());
-    public static final String SELF_EDITING_POLICY_WAS_SETUP= "selfEditingPolicyWasSetup";
-    
-    @Override
-	public void contextInitialized(ServletContextEvent sce) {
-        try{
-            log.debug("Setting up SelfEditingPolicy");
-            
-            OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel");
-            replaceSelfEditing(sce.getServletContext(), model);
+public class SelfEditingPolicySetup implements ServletContextListener {
+	private static final Log log = LogFactory
+			.getLog(SelfEditingPolicySetup.class.getName());
+	public static final String SELF_EDITING_POLICY_WAS_SETUP = "selfEditingPolicyWasSetup";
 
-            ActiveIdentifierBundleFactories.addFactory(sce, new SelfEditingIdentifierFactory());
-            
-            sce.getServletContext().setAttribute(SELF_EDITING_POLICY_WAS_SETUP, Boolean.TRUE);
-            
-            log.debug( "SelfEditingPolicy has been setup. " );            
-        }catch(Exception e){
-            log.error("could not run SelfEditingPolicySetup: " + e);
-            e.printStackTrace();
-        }
-    }
-    
-    @Override
-	public void contextDestroyed(ServletContextEvent sce) { /*nothing*/  }
-    
-    public static SelfEditingPolicy makeSelfEditPolicyFromModel( OntModel model ){
-        SelfEditingPolicy pol = null;
-        if( model == null )
-            pol = new SelfEditingPolicy(null,null,null,null, null);
-        else{
-            Set<String> prohibitedProps = new HashSet<String>();
-            //ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROPERTY_SELFEDITPROHIBITEDANNOT ) );
-            
-            // need to iterate through one level higher than SELF (the lowest level where restrictions make sense) plus all higher levels
-            for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.EDITOR,BaseResourceBean.RoleLevel.NOBODY)) {
-                ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI()));
-                while( it.hasNext() ){
-                    Resource resource = it.nextResource();
-                    if( resource != null && resource.getURI() != null ) {
-                        log.debug("adding \""+resource.getURI()+"\" to properties prohibited from self-editing ("+e.getLabel()+")"); 
-                        prohibitedProps.add( resource.getURI() );
-                    }
-                }
-            }
-            pol = new SelfEditingPolicy(prohibitedProps,null,null,null,model);
-        }               
-        return pol;
-    }
-        
-    
-    public static void replaceSelfEditing( ServletContext sc, OntModel model ){
-        ServletPolicyList.replacePolicy(sc, makeSelfEditPolicyFromModel(model));
-    }    
+	@Override
+	public void contextInitialized(ServletContextEvent sce) {
+		ServletContext ctx = sce.getServletContext();
+
+		if (AbortStartup.isStartupAborted(ctx)) {
+			return;
+		}
+
+		try {
+			log.debug("Setting up SelfEditingPolicy");
+
+			// need to make a policy and add it to the ServletContext
+			SelfEditingPolicy cep = new SelfEditingPolicy(ctx);
+			ServletPolicyList.addPolicy(ctx, cep);
+
+			// need to put an IdentifierFactory for CuratorEditingIds into the
+			// ServletContext
+			ActiveIdentifierBundleFactories.addFactory(sce,
+					new SelfEditingIdentifierFactory());
+
+			sce.getServletContext().setAttribute(SELF_EDITING_POLICY_WAS_SETUP,
+					Boolean.TRUE);
+
+			log.debug("Finished setting up SelfEditingPolicy: " + cep);
+		} catch (Exception e) {
+			log.error("could not run SelfEditingPolicySetup: " + e);
+			AbortStartup.abortStartup(ctx);
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Override
+	public void contextDestroyed(ServletContextEvent sce) { /* nothing */
+	}
 }
\ No newline at end of file
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
index e86f18ac7..35501d8b5 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
@@ -2,49 +2,47 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.edit;
 
-import java.io.IOException;
-import java.net.URLEncoder;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vedit.beans.EditProcessObject;
-import edu.cornell.mannlib.vedit.beans.FormObject;
-import edu.cornell.mannlib.vedit.beans.Option;
-import edu.cornell.mannlib.vedit.controller.BaseEditController;
-import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
-import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder;
-import edu.cornell.mannlib.vedit.util.FormUtils;
-import edu.cornell.mannlib.vedit.validator.impl.EnumValuesValidator;
-import edu.cornell.mannlib.vedit.validator.impl.IntValidator;
-import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator;
-import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.Ontology;
-import edu.cornell.mannlib.vitro.webapp.beans.Portal;
-import edu.cornell.mannlib.vitro.webapp.beans.VClass;
-import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
-import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
-import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao;
-import edu.cornell.mannlib.vitro.webapp.dao.DatatypeDao;
-import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao;
-import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
-import edu.cornell.mannlib.vitro.webapp.edit.listener.impl.EditProhibitionListener;
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vedit.beans.EditProcessObject;
+import edu.cornell.mannlib.vedit.beans.FormObject;
+import edu.cornell.mannlib.vedit.beans.Option;
+import edu.cornell.mannlib.vedit.controller.BaseEditController;
+import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
+import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder;
+import edu.cornell.mannlib.vedit.util.FormUtils;
+import edu.cornell.mannlib.vedit.validator.impl.IntValidator;
+import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionListener;
+import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.Portal;
+import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
+import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
+import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
+import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao;
+import edu.cornell.mannlib.vitro.webapp.dao.DatatypeDao;
+import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao;
+import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
 
 
 public class DatapropRetryController extends BaseEditController {
 	
 	private static final Log log = LogFactory.getLog(DatapropRetryController.class.getName());
 
-    public void doPost (HttpServletRequest request, HttpServletResponse response) {
+    @Override
+	public void doPost (HttpServletRequest request, HttpServletResponse response) {
 
         if (!checkLoginStatus(request,response))
             return;
@@ -134,7 +132,7 @@ public class DatapropRetryController extends BaseEditController {
 
         //set up any listeners
         List changeListenerList = new ArrayList();
-        changeListenerList.add(new EditProhibitionListener(getServletContext()));
+        changeListenerList.add(new PropertyRestrictionListener(getServletContext()));
         epo.setChangeListenerList(changeListenerList);
 
 
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
index 70737fe25..823c34f5e 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
@@ -2,54 +2,51 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.edit;
 
-import java.io.IOException;
-import java.net.URLEncoder;
+import java.io.IOException;
+import java.net.URLEncoder;
 import java.text.Collator;
-import java.util.ArrayList;
-import java.util.Collections;
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Comparator;
-import java.util.HashMap;
+import java.util.HashMap;
 import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
+import java.util.List;
 import java.util.ListIterator;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vedit.beans.EditProcessObject;
-import edu.cornell.mannlib.vedit.beans.FormObject;
-import edu.cornell.mannlib.vedit.beans.Option;
-import edu.cornell.mannlib.vedit.controller.BaseEditController;
-import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
-import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder;
-import edu.cornell.mannlib.vedit.util.FormUtils;
-import edu.cornell.mannlib.vedit.validator.ValidationObject;
-import edu.cornell.mannlib.vedit.validator.Validator;
-import edu.cornell.mannlib.vedit.validator.impl.EnumValuesValidator;
-import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator;
-import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.Portal;
-import edu.cornell.mannlib.vitro.webapp.beans.VClass;
-import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
-import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
-import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao;
-import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao;
-import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao;
-import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
-import edu.cornell.mannlib.vitro.webapp.edit.listener.impl.EditProhibitionListener;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vedit.beans.EditProcessObject;
+import edu.cornell.mannlib.vedit.beans.FormObject;
+import edu.cornell.mannlib.vedit.beans.Option;
+import edu.cornell.mannlib.vedit.controller.BaseEditController;
+import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
+import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder;
+import edu.cornell.mannlib.vedit.util.FormUtils;
+import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionListener;
+import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.Portal;
+import edu.cornell.mannlib.vitro.webapp.beans.VClass;
+import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
+import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
+import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
+import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao;
+import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao;
+import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao;
+import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
 
 public class PropertyRetryController extends BaseEditController {
 	
 	private static final Log log = LogFactory.getLog(PropertyRetryController.class.getName());
 	
-    public void doPost (HttpServletRequest req, HttpServletResponse response) {
+    @Override
+	public void doPost (HttpServletRequest req, HttpServletResponse response) {
     	VitroRequest request = new VitroRequest(req);
         if (!checkLoginStatus(request,response))
             return;
@@ -87,7 +84,7 @@ public class PropertyRetryController extends BaseEditController {
             String uri = request.getParameter("uri");
             if (uri != null) {
                 try {
-                    propertyForEditing = (ObjectProperty)propDao.getObjectPropertyByURI(uri);
+                    propertyForEditing = propDao.getObjectPropertyByURI(uri);
                     action = "update";
                     epo.setAction("update");
                 } catch (NullPointerException e) {
@@ -125,7 +122,7 @@ public class PropertyRetryController extends BaseEditController {
         //set up any listeners
         List changeListenerList = new ArrayList();
         //changeListenerList.add(new HiddenFromDisplayListener(getServletContext()));
-        changeListenerList.add(new EditProhibitionListener(getServletContext()));
+        changeListenerList.add(new PropertyRestrictionListener(getServletContext()));
         epo.setChangeListenerList(changeListenerList);
 
         //set portal flag to current portal
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/listener/impl/EditProhibitionListener.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/listener/impl/EditProhibitionListener.java
deleted file mode 100644
index 37c4eecfe..000000000
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/listener/impl/EditProhibitionListener.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/* $This file is distributed under the terms of the license in /doc/license.txt$ */
-
-package edu.cornell.mannlib.vitro.webapp.edit.listener.impl;
-
-import javax.servlet.ServletContext;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.hp.hpl.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vedit.beans.EditProcessObject;
-import edu.cornell.mannlib.vedit.listener.ChangeListener;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.CuratorEditingPolicySetup;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.DbAdminEditingPolicySetup;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.EditorEditingPolicySetup;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.InformationResourceEditingPolicySetup;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.SelfEditingPolicySetup;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-public class EditProhibitionListener implements ChangeListener {
-    private static final Log log = LogFactory.getLog(EditProhibitionListener.class.getName());
-    private ServletContext context = null;
-    
-    public EditProhibitionListener(ServletContext context) {
-        this.context = context;
-    }
-
-    public void doDeleted(Object oldObj, EditProcessObject epo) {
-        Property p = (Property) oldObj;
-        OntModel model = (OntModel) context.getAttribute("jenaOntModel");
-        BaseResourceBean.RoleLevel oldRoleLevel = p.getProhibitedFromUpdateBelowRoleLevel();
-        if (oldRoleLevel != null) {
-            log.debug("replacing all edit prohibition policies after deletion");
-            // do you want to do something more selective, such as seeing whether only certain policies are affected?
-            // But, some (lower) will be affected if higher levels change (or will they if the object has been deleted?)
-            SelfEditingPolicySetup.replaceSelfEditing(context,model);
-            InformationResourceEditingPolicySetup.replacePolicy(context,model);
-            EditorEditingPolicySetup.replaceEditorEditing(context,model);
-            CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-            DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model);
-            /*
-            if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.PUBLIC)==0) {
-                SelfEditingPolicySetup.replaceSelfEditing(context,model);
-            } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.SELF)==0) {
-                SelfEditingPolicySetup.replaceSelfEditing(context,model);
-            } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.EDITOR)==0) {
-                CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-            } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.CURATOR)==0) {
-                CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-            } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.DB_ADMIN)==0) {
-                CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-            } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.NOBODY)==0) {
-                CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-            } */
-        }
-    }
-
-    public void doInserted(Object newObj, EditProcessObject epo) {
-        Property p = (Property) newObj;
-        OntModel model = (OntModel) context.getAttribute("jenaOntModel");
-        BaseResourceBean.RoleLevel newRoleLevel = p.getProhibitedFromUpdateBelowRoleLevel();
-        if (newRoleLevel != null) { // note have to replace even at same level since may have been unspecified
-            if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.SELF)==0) {
-                log.debug("replacing self editing editing policies after insertion of \"self\" update level");
-                SelfEditingPolicySetup.replaceSelfEditing(context,model);
-                InformationResourceEditingPolicySetup.replacePolicy(context,model);
-            } else if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.EDITOR)==0) {
-                log.debug("replacing editor and lower editing policies after insertion of new \"editor\" update level");
-                SelfEditingPolicySetup.replaceSelfEditing(context,model);
-                InformationResourceEditingPolicySetup.replacePolicy(context,model);
-                EditorEditingPolicySetup.replaceEditorEditing(context,model);
-            } else if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.CURATOR)==0) {
-                log.debug("replacing curator and lower editing policies after insertion of new \"curator\" update level");
-                SelfEditingPolicySetup.replaceSelfEditing(context,model);
-                InformationResourceEditingPolicySetup.replacePolicy(context,model);
-                EditorEditingPolicySetup.replaceEditorEditing(context,model);
-                CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-            } else if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.DB_ADMIN)==0) {
-                log.debug("replacing db_admin and lower editing policies after insertion of new \"db_admin\" update level");
-                SelfEditingPolicySetup.replaceSelfEditing(context,model);
-                InformationResourceEditingPolicySetup.replacePolicy(context,model);
-                EditorEditingPolicySetup.replaceEditorEditing(context,model);
-                CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-                DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model);
-            } else if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.NOBODY)==0) {
-                log.debug("replacing db_admin and lower editing policies after insertion of new \"nobody\" update level");
-                SelfEditingPolicySetup.replaceSelfEditing(context,model);
-                InformationResourceEditingPolicySetup.replacePolicy(context,model);
-                EditorEditingPolicySetup.replaceEditorEditing(context,model);
-                CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-                DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model);
-            }
-        }
-    }
-
-    public void doUpdated(Object oldObj, Object newObj, EditProcessObject epo) {
-        Property oldP = (Property) oldObj;
-        Property newP = (Property) newObj;
-        OntModel model = (OntModel) context.getAttribute("jenaOntModel");
-        BaseResourceBean.RoleLevel oldRoleLevel = oldP.getProhibitedFromUpdateBelowRoleLevel();
-        BaseResourceBean.RoleLevel newRoleLevel = newP.getProhibitedFromUpdateBelowRoleLevel();
-        if (newRoleLevel != null) { // will always be true since select box has no non-empty choices
-            if (oldRoleLevel != null) {
-                if (newRoleLevel.compareTo(oldRoleLevel)!=0) {
-                    log.debug("replacing all editing policies after update when new level different from old");
-                    SelfEditingPolicySetup.replaceSelfEditing(context,model);
-                    InformationResourceEditingPolicySetup.replacePolicy(context,model);
-                    EditorEditingPolicySetup.replaceEditorEditing(context,model);
-                    CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-                    DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model);
-                } else {
-                    log.debug("update did not change role level");
-                }
-            } else {
-                log.debug("replacing all editing policies after update when a role level introduced");
-                SelfEditingPolicySetup.replaceSelfEditing(context,model);
-                InformationResourceEditingPolicySetup.replacePolicy(context,model);
-                EditorEditingPolicySetup.replaceEditorEditing(context,model);
-                CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-                DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model);
-            }
-        } else if (oldRoleLevel != null) { // with fixed selections, not likely to happen
-            log.debug("replacing all editing policies after update when old role level removed");
-            SelfEditingPolicySetup.replaceSelfEditing(context,model);
-            InformationResourceEditingPolicySetup.replacePolicy(context,model);
-            EditorEditingPolicySetup.replaceEditorEditing(context,model);
-            CuratorEditingPolicySetup.replaceCuratorEditing(context,model);
-            DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model);
-        }
-    }
-}
diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictorTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictorTest.java
deleted file mode 100644
index 9c9214514..000000000
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictorTest.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/* $This file is distributed under the terms of the license in /doc/license.txt$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
-
-/**
- * TODO
- */
-public class AdministrativeUriRestrictorTest extends AbstractTestClass {
-	private static final String SAFE_NS = "http://test.mannlib.cornell.edu/ns/01#";
-	private static final String UNSAFE_NS = VitroVocabulary.vitroURI;
-
-	private static final String SAFE_RESOURCE = SAFE_NS + "otherIndividual77777";
-	private static final String UNSAFE_RESOURCE = UNSAFE_NS	+ "otherIndividual99999";
-
-	private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle";
-	private static final String UNSAFE_PREDICATE = UNSAFE_NS + "hasSuperPowers";
-
-	private AdministrativeUriRestrictor restrictor;
-	@Before
-	public void setup() {
-		restrictor = new AdministrativeUriRestrictor(null, null, null, null);
-	}
-	@Test
-    public void testCanModifiyNs(){
-        Assert.assertTrue( restrictor.canModifyResource("http://bobs.com#hats") );        
-        Assert.assertTrue( restrictor.canModifyResource("ftp://bobs.com#hats"));
-        Assert.assertTrue( restrictor.canModifyResource( SAFE_RESOURCE ));
-        Assert.assertTrue( restrictor.canModifyPredicate( SAFE_PREDICATE ));        
-        Assert.assertTrue( restrictor.canModifyResource("http://bobs.com/hats"));
-        
-        Assert.assertTrue( ! restrictor.canModifyResource(""));
-        Assert.assertTrue( ! restrictor.canModifyResource(VitroVocabulary.vitroURI + "something"));
-        Assert.assertTrue( ! restrictor.canModifyResource(VitroVocabulary.OWL + "Ontology"));    
-        Assert.assertTrue( ! restrictor.canModifyPredicate( UNSAFE_PREDICATE ));
-        Assert.assertTrue( ! restrictor.canModifyResource( UNSAFE_RESOURCE  ));
-        Assert.assertTrue( ! restrictor.canModifyResource( UNSAFE_NS ));        
-    }
-}
diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java
index c7a8c0368..94a1534f5 100644
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java
@@ -16,6 +16,9 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
+import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub;
+import stubs.javax.servlet.ServletContextStub;
+
 import com.hp.hpl.jena.ontology.OntModel;
 import com.hp.hpl.jena.ontology.OntModelSpec;
 import com.hp.hpl.jena.rdf.model.Model;
@@ -28,6 +31,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
@@ -105,9 +109,12 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass {
 
 	@Before
 	public void setupPolicy() {
-		AdministrativeUriRestrictor restrictor = new AdministrativeUriRestrictor(
-				null, null, null, null);
-		policy = new InformationResourceEditingPolicy(ontModel, restrictor);
+		ServletContextStub ctx = new ServletContextStub();
+		PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub
+				.getInstance(new String[] { NS_RESTRICTED });
+		PropertyRestrictionPolicyHelper.setBean(ctx, prph);
+
+		policy = new InformationResourceEditingPolicy(ctx, ontModel);
 	}
 
 	private IdentifierBundle idNobody;
diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
index 28e6c7531..852d7d8d6 100644
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
@@ -8,16 +8,16 @@ import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.assertNotNull;
 import static junit.framework.Assert.assertNull;
 
-import java.util.HashSet;
-import java.util.Set;
-
 import org.junit.Before;
 import org.junit.Test;
 
+import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub;
+import stubs.javax.servlet.ServletContextStub;
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
@@ -47,295 +47,265 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
 	private static final String UNSAFE_NS = VitroVocabulary.vitroURI;
 
 	private static final String SELFEDITOR_URI = SAFE_NS + "individual244";
-	private static final String SAFE_RESOURCE = SAFE_NS + "otherIndividual77777";
+	private static final String SAFE_RESOURCE = SAFE_NS	+ "otherIndividual77777";
 	private static final String UNSAFE_RESOURCE = UNSAFE_NS	+ "otherIndividual99999";
 
 	private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle";
 	private static final String UNSAFE_PREDICATE = UNSAFE_NS + "hasSuperPowers";
 
+	private ServletContextStub ctx;
+
 	private SelfEditingPolicy policy;
 	private IdentifierBundle ids;
 	private RequestedAction whatToAuth;
-    
-    @Before
-    public void setUp() throws Exception {
-        policy = new SelfEditingPolicy(null,null,null,null,null);
-        
-        ids = new ArrayIdentifierBundle();
-        ids.add( new SelfEditingIdentifierFactory.NetId("test223") );
-        
-        IndividualImpl ind = new IndividualImpl();
-        ind.setURI( SELFEDITOR_URI );        
-        ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
-        
-    }
-    
+
+	@Before
+	public void setUp() throws Exception {
+		ctx = new ServletContextStub();
+
+		PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub
+				.getInstance(new String[] { UNSAFE_NS });
+		PropertyRestrictionPolicyHelper.setBean(ctx, prph);
+
+		policy = new SelfEditingPolicy(ctx);
+
+		ids = new ArrayIdentifierBundle();
+		ids.add(new SelfEditingIdentifierFactory.NetId("test223"));
+
+		IndividualImpl ind = new IndividualImpl();
+		ind.setURI(SELFEDITOR_URI);
+		ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind,
+				SelfEditingIdentifierFactory.NOT_BLACKLISTED));
+
+	}
+
 	@Test
 	public void testProhibitedProperties() {
-		Set<String> badProps = new HashSet<String>();
-		badProps.add("http://mannlib.cornell.edu/bad#prp234");
-		badProps.add("http://mannlib.cornell.edu/bad#prp999");
-		badProps.add("http://mannlib.cornell.edu/bad#prp333");
-		badProps.add("http://mannlib.cornell.edu/bad#prp777");
-		badProps.add("http://mannlib.cornell.edu/bad#prp0020");
-		SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps, null, null, null, null);
+		PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub
+				.getInstance(new String[] { UNSAFE_NS }, new String[] {
+						"http://mannlib.cornell.edu/bad#prp234",
+						"http://mannlib.cornell.edu/bad#prp999",
+						"http://mannlib.cornell.edu/bad#prp333",
+						"http://mannlib.cornell.edu/bad#prp777",
+						"http://mannlib.cornell.edu/bad#prp0020" });
+		PropertyRestrictionPolicyHelper.setBean(ctx, prph);
 
 		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI,
 				"http://mannlib.cornell.edu/bad#prp234", SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 
 		whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE,
 				"http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI);
-		assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 
 		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI,
 				"http://mannlib.cornell.edu/bad#prp999", SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddObjectPropStmt(
-                SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI);                
-        assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-            
-        whatToAuth = new AddObjectPropStmt(
-                SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddObjectPropStmt(
-                SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddObjectPropStmt(
-                SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-        
-        //now with dataprop statements
-        whatToAuth = new AddDataPropStmt(
-                SELFEDITOR_URI,"http://mannlib.cornell.edu/bad#prp234" ,SAFE_RESOURCE, null, null);                
-        assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddDataPropStmt(
-                SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI, null, null);                
-        assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddDataPropStmt(
-                SELFEDITOR_URI,"http://mannlib.cornell.edu/bad#prp999" ,SAFE_RESOURCE, null, null);                
-        assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddDataPropStmt(
-                SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI, null, null);                
-        assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddDataPropStmt(
-                SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI, null, null);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddDataPropStmt(
-                SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE, null, null);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-        
-        whatToAuth = new AddDataPropStmt(
-                SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE, null, null);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-    }
-    
-	@Test
-    public void testForbiddenMoniker(){
-    	  Set<String> badProps = new HashSet<String>();
-          badProps.add(VitroVocabulary.MONIKER);          
-          SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);
-          
-          whatToAuth = new AddDataPropStmt(
-                  SELFEDITOR_URI, VitroVocabulary.MONIKER ,"someValue", null, null);                
-          assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-          
-          whatToAuth = new AddDataPropStmt(
-                  SAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);                
-          assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-          
-          DataPropertyStatement dps = new DataPropertyStatementImpl();
-          dps.setIndividualURI(SELFEDITOR_URI);
-          dps.setDatapropURI(VitroVocabulary.MONIKER);
-          dps.setData("some moniker");
-          whatToAuth = new EditDataPropStmt(dps);                      
-          assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-          
-          
-          //try where moniker is permitted
-          badProps = new HashSet<String>();                   
-          badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);                    
-          
-          whatToAuth = new AddDataPropStmt(
-                  SELFEDITOR_URI, VitroVocabulary.MONIKER ,"somevalue", null, null);                
-          assertDecision(AUTHORIZED, badPropPolicy.isAuthorized(ids, whatToAuth));
-          
-          whatToAuth = new AddDataPropStmt(
-        		  UNSAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);                
-          assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-          
-          dps = new DataPropertyStatementImpl();
-          dps.setIndividualURI(SAFE_RESOURCE);
-          dps.setDatapropURI(VitroVocabulary.MONIKER);
-          dps.setData("some moniker");
-          whatToAuth = new EditDataPropStmt(dps);                      
-          assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
-    }
-    
-	@Test
-	public void testVisitIdentifierBundleAddObjectPropStmt() {
-		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE,
+				"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SELFEDITOR_URI);
 		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
 
-		whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI);
+		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				SAFE_RESOURCE);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
+				SAFE_RESOURCE);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		// now with dataprop statements
+		whatToAuth = new AddDataPropStmt(SELFEDITOR_URI,
+				"http://mannlib.cornell.edu/bad#prp234", "someString", null,
+				null);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new AddDataPropStmt(SELFEDITOR_URI,
+				"http://mannlib.cornell.edu/bad#prp999", "someString", null,
+				null);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				"someString", null, null);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
+				"someString", null, null);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+	}
+
+	@Test
+	public void testVisitIdentifierBundleAddObjectPropStmt() {
+		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				SAFE_RESOURCE);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SELFEDITOR_URI);
 		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
 
 		// this is the case where the editor is not part of the stmt
-		whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE);
+		whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SAFE_RESOURCE);
 		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 
-		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE);
+		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
+				SAFE_RESOURCE);
 		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 
-		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE);
+		whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				UNSAFE_RESOURCE);
 		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 	}
 
 	//
-//    @Test
-//    public void testVisitIdentifierBundleDropResource() {
-//        fail("Not yet implemented");
-//    }
-//
-//    @Test
-//    public void testVisitIdentifierBundleDropDataPropStmt() {
-//        fail("Not yet implemented");
-//    }
-//
-    @Test
-    public void testVisitIdentifierBundleDropObjectPropStmt() {
-        whatToAuth = new DropObjectPropStmt(
-                SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-        whatToAuth = new DropObjectPropStmt(
-                SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-//      this is the case where the editor is not part of the stmt
-        whatToAuth = new DropObjectPropStmt(
-                SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-        whatToAuth = new DropObjectPropStmt(
-                SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-        whatToAuth = new DropObjectPropStmt(
-                SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-    }
-//
-//    @Test
-//    public void testVisitIdentifierBundleAddResource() {
-//        fail("Not yet implemented");
-//    }
-//
-//    @Test
-//    public void testVisitIdentifierBundleAddDataPropStmt() {
-//        fail("Not yet implemented");
-//    }
-//
-//    @Test
-//    public void testVisitIdentifierBundleUploadFile() {
-//        fail("Not yet implemented");
-//    }
-//
-//
-    @Test
-    public void testVisitIdentifierBundleEditDataPropStmt() {
-
-        DataPropertyStatement dps = new DataPropertyStatementImpl();
-        dps.setIndividualURI(SELFEDITOR_URI);
-        dps.setDatapropURI(SAFE_PREDICATE);
-        dps.setData("junk");        
-        whatToAuth = new EditDataPropStmt(dps);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-        
-        dps = new DataPropertyStatementImpl();
-        dps.setIndividualURI(SELFEDITOR_URI);
-        dps.setDatapropURI(UNSAFE_PREDICATE);
-        dps.setData("junk");
-        whatToAuth = new EditDataPropStmt(dps);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-        dps = new DataPropertyStatementImpl();
-        dps.setIndividualURI(UNSAFE_RESOURCE);
-        dps.setDatapropURI(SAFE_PREDICATE);        
-        whatToAuth = new EditDataPropStmt(dps);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-        dps = new DataPropertyStatementImpl();
-        dps.setIndividualURI(SAFE_RESOURCE);
-        dps.setDatapropURI(SAFE_PREDICATE);        
-        whatToAuth = new EditDataPropStmt(dps);                      
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-    }
-
+	// @Test
+	// public void testVisitIdentifierBundleDropResource() {
+	// fail("Not yet implemented");
+	// }
+	//
+	// @Test
+	// public void testVisitIdentifierBundleDropDataPropStmt() {
+	// fail("Not yet implemented");
+	// }
+	//
 	@Test
-	public void testVisitIdentifierBundleEditObjPropStmt() {
-		EditObjPropStmt whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE);
+	public void testVisitIdentifierBundleDropObjectPropStmt() {
+		whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				SAFE_RESOURCE);
 		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
 
-		whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI);
+		whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SELFEDITOR_URI);
 		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
 
 		// this is the case where the editor is not part of the stmt
-		whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE);
+		whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SAFE_RESOURCE);
 		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 
-		whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE);
+		whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
+				SAFE_RESOURCE);
 		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 
-		whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE);
+		whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				UNSAFE_RESOURCE);
 		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 	}
+
+	//
+	// @Test
+	// public void testVisitIdentifierBundleAddResource() {
+	// fail("Not yet implemented");
+	// }
+	//
+	// @Test
+	// public void testVisitIdentifierBundleAddDataPropStmt() {
+	// fail("Not yet implemented");
+	// }
+	//
+	// @Test
+	// public void testVisitIdentifierBundleUploadFile() {
+	// fail("Not yet implemented");
+	// }
+	//
+	//
+	@Test
+	public void testVisitIdentifierBundleEditDataPropStmt() {
+
+		DataPropertyStatement dps = new DataPropertyStatementImpl();
+		dps.setIndividualURI(SELFEDITOR_URI);
+		dps.setDatapropURI(SAFE_PREDICATE);
+		dps.setData("junk");
+		whatToAuth = new EditDataPropStmt(dps);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+
+		dps = new DataPropertyStatementImpl();
+		dps.setIndividualURI(SELFEDITOR_URI);
+		dps.setDatapropURI(UNSAFE_PREDICATE);
+		dps.setData("junk");
+		whatToAuth = new EditDataPropStmt(dps);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		dps = new DataPropertyStatementImpl();
+		dps.setIndividualURI(UNSAFE_RESOURCE);
+		dps.setDatapropURI(SAFE_PREDICATE);
+		whatToAuth = new EditDataPropStmt(dps);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		dps = new DataPropertyStatementImpl();
+		dps.setIndividualURI(SAFE_RESOURCE);
+		dps.setDatapropURI(SAFE_PREDICATE);
+		whatToAuth = new EditDataPropStmt(dps);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+	}
+
+	@Test
+	public void testVisitIdentifierBundleEditObjPropStmt() {
+		whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				SAFE_RESOURCE);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SELFEDITOR_URI);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+
+		// this is the case where the editor is not part of the stmt
+		whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SAFE_RESOURCE);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
+				SAFE_RESOURCE);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+
+		whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				UNSAFE_RESOURCE);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+	}
+
 	// ----------------------------------------------------------------------
 	// What if there are two SelfEditor Identifiers?
 	// ----------------------------------------------------------------------
-	
+
 	@Test
 	public void twoSEIsFindObjectPropertySubject() {
 		setUpTwoSEIs();
-        whatToAuth = new DropObjectPropStmt(
-                SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+		whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
+				SAFE_RESOURCE);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
 	}
 
 	@Test
 	public void twoSEIsFindObjectPropertyObject() {
 		setUpTwoSEIs();
-        whatToAuth = new DropObjectPropStmt(
-                SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+		whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SELFEDITOR_URI);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
 	}
 
 	@Test
 	public void twoSEIsDontFindInObjectProperty() {
 		setUpTwoSEIs();
-        whatToAuth = new DropObjectPropStmt(
-                SAFE_RESOURCE ,SAFE_PREDICATE, SAFE_RESOURCE);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+		whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
+				SAFE_RESOURCE);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 	}
-	
+
 	@Test
 	public void twoSEIsFindDataPropertySubject() {
 		setUpTwoSEIs();
 
 		DataPropertyStatement dps = new DataPropertyStatementImpl();
-        dps.setIndividualURI(SELFEDITOR_URI);
-        dps.setDatapropURI(SAFE_PREDICATE);
-        dps.setData("junk");        
-        whatToAuth = new EditDataPropStmt(dps);                
-        assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
+		dps.setIndividualURI(SELFEDITOR_URI);
+		dps.setDatapropURI(SAFE_PREDICATE);
+		dps.setData("junk");
+		whatToAuth = new EditDataPropStmt(dps);
+		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
 	}
 
 	@Test
@@ -343,36 +313,39 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
 		setUpTwoSEIs();
 
 		DataPropertyStatement dps = new DataPropertyStatementImpl();
-        dps.setIndividualURI(SAFE_RESOURCE);
-        dps.setDatapropURI(SAFE_PREDICATE);
-        dps.setData("junk");        
-        whatToAuth = new EditDataPropStmt(dps);                
-        assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
+		dps.setIndividualURI(SAFE_RESOURCE);
+		dps.setDatapropURI(SAFE_PREDICATE);
+		dps.setData("junk");
+		whatToAuth = new EditDataPropStmt(dps);
+		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
 	}
 
 	private void setUpTwoSEIs() {
-        ids = new ArrayIdentifierBundle();
-        
-        ids.add( new SelfEditingIdentifierFactory.NetId("bozoUser") );
-        
-        IndividualImpl ind1 = new IndividualImpl();
-        ind1.setURI( SAFE_NS + "bozoUri" );        
-        ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind1, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
+		ids = new ArrayIdentifierBundle();
 
-        ids.add( new SelfEditingIdentifierFactory.NetId("test223") );
-        
-        IndividualImpl ind2 = new IndividualImpl();
-        ind2.setURI( SELFEDITOR_URI );        
-        ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind2, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
+		ids.add(new SelfEditingIdentifierFactory.NetId("bozoUser"));
+
+		IndividualImpl ind1 = new IndividualImpl();
+		ind1.setURI(SAFE_NS + "bozoUri");
+		ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind1,
+				SelfEditingIdentifierFactory.NOT_BLACKLISTED));
+
+		ids.add(new SelfEditingIdentifierFactory.NetId("test223"));
+
+		IndividualImpl ind2 = new IndividualImpl();
+		ind2.setURI(SELFEDITOR_URI);
+		ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind2,
+				SelfEditingIdentifierFactory.NOT_BLACKLISTED));
 	}
 
 	// ----------------------------------------------------------------------
 	// Ignore administrative requests.
 	// ----------------------------------------------------------------------
-	
+
 	@Test
 	public void testServerStatus() {
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new ServerStatus()));
+		assertDecision(INCONCLUSIVE,
+				policy.isAuthorized(ids, new ServerStatus()));
 	}
 
 	@Test
@@ -415,17 +388,20 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
 
 	@Test
 	public void testLoadOntology() {
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new LoadOntology()));
+		assertDecision(INCONCLUSIVE,
+				policy.isAuthorized(ids, new LoadOntology()));
 	}
 
 	@Test
 	public void testRebuildTextIndex() {
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new RebuildTextIndex()));
+		assertDecision(INCONCLUSIVE,
+				policy.isAuthorized(ids, new RebuildTextIndex()));
 	}
 
 	@Test
 	public void testVisitIdentifierBundleUpdateTextIndex() {
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new UpdateTextIndex()));
+		assertDecision(INCONCLUSIVE,
+				policy.isAuthorized(ids, new UpdateTextIndex()));
 	}
 
 	// ----------------------------------------------------------------------
diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java
index c3eff632a..4b833c6b0 100644
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java
@@ -11,6 +11,9 @@ import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 
+import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub;
+import stubs.javax.servlet.ServletContextStub;
+
 import com.hp.hpl.jena.ontology.OntModel;
 import com.hp.hpl.jena.rdf.model.ModelFactory;
 import com.hp.hpl.jena.rdf.model.impl.RDFDefaultErrorHandler;
@@ -21,6 +24,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
@@ -80,7 +84,12 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass {
 		Assert.assertNotNull(model);
 		Assert.assertTrue(model.size() > 0);
 
-		policy = SelfEditingPolicySetup.makeSelfEditPolicyFromModel(model);
+		ServletContextStub ctx = new ServletContextStub();
+		PropertyRestrictionPolicyHelper.setBean(ctx,
+				PropertyRestrictionPolicyHelperStub
+						.getInstance(new String[] { ADMIN_NS }));
+		
+		policy = new SelfEditingPolicy(ctx);
 		Assert.assertNotNull(policy);
 
 		seIndividual = new IndividualImpl();
@@ -116,8 +125,7 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass {
 	@Test
 	public void noSelfEditorIdentifier() {
 		ids.clear();
-		ids.add(new Identifier() {
-		});
+		ids.add(new Identifier() { /* empty identifier */ });
 		assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE,
 				Authorization.INCONCLUSIVE);
 	}
@@ -308,5 +316,4 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass {
 		Assert.assertNotNull(dec);
 		Assert.assertEquals(expectedAuthorization, dec.getAuthorized());
 	}
-
 }
diff --git a/webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperStub.java b/webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperStub.java
new file mode 100644
index 000000000..ec4a66961
--- /dev/null
+++ b/webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperStub.java
@@ -0,0 +1,63 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
+
+/**
+ * Allow the unit test to specify a variety of restrictions
+ */
+public class PropertyRestrictionPolicyHelperStub extends
+		PropertyRestrictionPolicyHelper {
+
+	/** Don't prohibit or restrict anything. */
+	public static PropertyRestrictionPolicyHelper getInstance() {
+		return getInstance(null, null);
+	}
+
+
+	/** Prohibit some namespaces. */
+	public static PropertyRestrictionPolicyHelperStub getInstance(
+			String[] restrictedNamespaces) {
+		return getInstance(restrictedNamespaces, null);
+	}
+
+	/**
+	 * Prohibit some namespaces and restrict some properties from modification
+	 * by anybody.
+	 */
+	public static PropertyRestrictionPolicyHelperStub getInstance(
+			String[] restrictedNamespaces, String[] restrictedProperties) {
+		Set<String> namespaceSet = new HashSet<String>();
+		if (restrictedNamespaces != null) {
+			namespaceSet.addAll(Arrays.asList(restrictedNamespaces));
+		}
+		
+		Map<String, RoleLevel> thresholdMap = new HashMap<String, RoleLevel>();
+		if (restrictedProperties != null) {
+			for (String prop : restrictedProperties) {
+				thresholdMap.put(prop, RoleLevel.NOBODY);
+			}
+		}
+		
+		return new PropertyRestrictionPolicyHelperStub(namespaceSet, null,
+				null, thresholdMap);
+	}
+
+	private PropertyRestrictionPolicyHelperStub(
+			Set<String> modifyRestrictedNamespaces,
+			Set<String> modifyPermittedExceptions,
+			Map<String, RoleLevel> displayThresholds,
+			Map<String, RoleLevel> modifyThresholds) {
+		super(modifyRestrictedNamespaces, modifyPermittedExceptions,
+				displayThresholds, modifyThresholds);
+	}
+
+}