You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/02/22 11:28:34 UTC
svn commit: r1731617 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security: ./ accesscontrol/ authorization/ permission/ privilege/ user/

Author: angela
Date: Mon Feb 22 10:28:33 2016
New Revision: 1731617

URL: http://svn.apache.org/viewvc?rev=1731617&view=rev
Log:
minor improvement: oak security documentation (consistency, fixing broken links)

Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/default.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/default.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/privilege/default.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol.md Mon Feb 22 10:28:33 2016
@@ -151,8 +151,8 @@ The supported configuration options of t
 
 - [Differences wrt Jackrabbit 2.x](accesscontrol/differences.html)
 - [Access Control Management: The Default Implementation](accesscontrol/default.html)
-- [Restriction Management](accesscontrol/restriction.html)
 - [Using the Access Control Management API](accesscontrol/editing.html)
+- [Restriction Management](authorization/restriction.html)
 
 <!-- hidden references -->
 [JSR 283]: http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/default.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/default.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/default.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/default.md Mon Feb 22 10:28:33 2016
@@ -99,7 +99,6 @@ option. However, it is important to note
 accessibility of the namespace, nodetype and privilege information. Removing the
 corresponding paths from the configuration will most probably have undesired effects.
 
-
 #### Access Control Entries
 
 The access control entries present in a given list are subject to the following
@@ -109,7 +108,6 @@ rules applied upon editing but not enfor
 - *merging*: if an entry exists for a given principal with the same allow-status and restrictions, the existing entry will be updated without being moved in the list.
 - *redundancy*: if an new entry makes an existing entry (partially) redundant the existing entry will be updated or removed altogether.
 
-
 #### Restrictions
 
 Access control entries may be created by limiting their effect by adding
@@ -117,7 +115,7 @@ restrictions as mentioned by JSR 283. De
 in Oak 1.0 as well as a list of built-in restrictions and extensibility can be
 found in section [Restriction Management](../authorization/restriction.html).
 
-
+<a href="representation"/>
 ### Representation in the Repository
 
 All access control policies defined with an Oak repository are stores child of

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication.md Mon Feb 22 10:28:33 2016
@@ -113,16 +113,6 @@ The Oak API contains the following authe
 - `ContentRepository.login(Credentials, String)`: The Oak counterpart of the JCR login.
 - `ContentSession.getAuthInfo()`: exposes the `AuthInfo` associated with the `ContentSession`.
 
-<a href="default_implementation"/>
-### Oak Authentication Implementation
-
-A description of the various requirements covered by Oak by default as well
-as the characteristics of the corresponding implementations can be found in
-section [Authentication: Implementation Details].
-
-See section [differences](authentication/differences.html) for comprehensive list 
-of differences wrt authentication between Jackrabbit 2.x and Oak.
-
 <a name="api_extensions"/>
 ### API Extension
 
@@ -195,6 +185,16 @@ Subclasses are required to implement the
         }
     }
 
+<a href="default_implementation"/>
+### Oak Authentication Implementation
+
+A description of the various requirements covered by Oak by default as well
+as the characteristics of the corresponding implementations can be found in
+section [Authentication: Implementation Details].
+
+See section [differences](authentication/differences.html) for comprehensive list 
+of differences wrt authentication between Jackrabbit 2.x and Oak.
+
 <a name="configuration"/>
 ### Configuration
 

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization.md Mon Feb 22 10:28:33 2016
@@ -104,6 +104,7 @@ items matching a given, defined behavior
 
 - [Access Control Management](accesscontrol.html)
 - [Permission Evalution](permission.html)
+- [Restriction Management](authorization/restriction.html)
 - [Combining Multiple Authorization Models](authorization/composite.html)
 
 <!-- hidden references -->

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md Mon Feb 22 10:28:33 2016
@@ -21,7 +21,7 @@ Restriction Management
 ### Overview
 
 The concept of restriction has been created as extension to JCR access control
-management in order to allow for further refinement of individual policy entries.
+management in order to refine the effect of individual access control entries.
 
 Quoting from JSR 283 section 16.6.2 Permissions:
 
@@ -35,8 +35,8 @@ Furthermore the restriction concept is a
 default access control implementation to meet project specific needs without
 having to implement the common functionality provided by JCR.
 
-Existing and potential examples of the restriction concept to limit the effect of
-a given access control entry include:
+Existing and potential examples of restrictions limiting the effect of
+a given access control entry during permission evaluation include:
 
 - set of node types
 - set of namespaces
@@ -44,11 +44,14 @@ a given access control entry include:
 - dedicated time frame
 - size of a value
 
-While few examples have been present with Jackrabbit 2.x the set of built-in
-restrictions has been extended as of Oak 1.0 along with some useful extensions
-of the Jackrabbit API. In addition Oak provides it's own public restriction
-API that add support for internal validation and evaluation.
+The set of built-in restrictions present with Jackrabbit 2.x has extended as of 
+Oak 1.0 along with some extensions of the Jackrabbit API. This covers the public 
+facing usage of restrictions i.e. access control management.
 
+In addition Oak provides it's own restriction API that adds support for internal 
+validation and permission evaluation.
+
+<a name="jackrabbit_api"/>
 ### Jackrabbit API
 
 The Jackrabbit API add the following extensions to JCR access control management
@@ -74,11 +77,12 @@ The following public interfaces are prov
 support for pluggable restrictions both for access control management and the 
 repository internal permission evaluation:
 
-- [RestrictionProvider]
-- [Restriction]
-- [RestrictionDefinition]
-- [RestrictionPattern]
+- [RestrictionProvider]: interface to obtain restriction information needed for access control and permission management
+- [Restriction]: the restriction object as created using Jackrabbit access control API
+- [RestrictionDefinition]: the static definition of a supported restriction
+- [RestrictionPattern]: the processed restriction ready for permission evaluation
 
+<a href="default_implementation"/>
 ### Default Implementation
 
 Oak 1.0 provides the following base implementations:
@@ -138,7 +142,7 @@ values of `rep:glob`.
 | /cat/\*           | all descendants of '/foo/cat'                            |
 | \*cat/\*          | all descendants of /foo that have an intermediate segment ending with 'cat' |
 
-
+<a name="representation"/>
 ### Representation in the Repository
 
 All restrictions defined by default in a Oak repository are stored as properties 

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission.md Mon Feb 22 10:28:33 2016
@@ -286,6 +286,7 @@ The supported configuration options of t
 - [Differences wrt Jackrabbit 2.x](permission/differences.html)
 - [Permissions : The Default Implementation](permission/default.html)
 - [Permission Evaluation in Detail](permission/evaluation.html)
+- [Restriction Management](authorization/restriction.html)
 
 <!-- references -->
 [Permissions]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/permission/Permissions.html

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/default.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/default.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/default.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/default.md Mon Feb 22 10:28:33 2016
@@ -24,6 +24,7 @@ The default implementation of the `Permi
 based on the information stored in a dedicated part of the repository content call
 the [permission store](#permissionStore).
 
+<a href="default_implementation"/>
 ### Characteristics of the Permission Evaluation
 
 #### Regular Permission Evaluation
@@ -60,8 +61,8 @@ on the Oak API) irrespective of the acce
 evaluation and is currently not reflected in other security models nor methods
 that deal with the administrator (i.e. `User#isAdmin`).
 
-
-### Permission Representation in the Repository
+<a name="representation"/>
+### Representation in the Repository
 
 <a name="permissionStore"/>
 #### Permission Store

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md Mon Feb 22 10:28:33 2016
@@ -159,6 +159,13 @@ provider implementation:
          ...
      }
 
+<a name="further_reading"/>
+### Further Reading
+
+- [Differences wrt Jackrabbit 2.x](principal/differences.html)
+- [Implementations of the PrincipalProvider Interface](principal/principalprovider.html)
+    - [Caching Results of Principal Resolution](principal/cache.html)
+
 <!-- references -->
 
 [PrincipalManager]: http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/privilege/default.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/privilege/default.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/privilege/default.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/privilege/default.md Mon Feb 22 10:28:33 2016
@@ -94,7 +94,8 @@ An overview on how the built-in privileg
 can be found in ['Mapping Privileges to Items'](mappingtoitems.html)
 and ['Mapping API Calls to Privileges'](mappingtoprivileges.html)
 
-### Privilege Representation in the Repository
+<a name="representation"/>
+### Representation in the Repository
 
 As of Oak 1.0 all privilege definitions are stored in the repository itself
 underneath `/jcr:system/rep:privileges`. The following privilege related built-in

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md?rev=1731617&r1=1731616&r2=1731617&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md Mon Feb 22 10:28:33 2016
@@ -147,7 +147,8 @@ history support. By default this feature
 
 See section [Password History](history.html) for details.
 
-### User/Group Representation in the Repository
+<a name="representation"/>
+### Representation in the Repository
 
 The following block lists the built-in node types related to user management tasks: