You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/02/17 16:40:42 UTC
svn commit: r1730861 -
/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md
Author: angela
Date: Wed Feb 17 15:40:42 2016
New Revision: 1730861
URL: http://svn.apache.org/viewvc?rev=1730861&view=rev
Log:
OAK-3947 : Document SecurityProviderRegistration (WIP)
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md?rev=1730861&r1=1730860&r2=1730861&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md Wed Feb 17 15:40:42 2016
@@ -152,14 +152,48 @@ of view. Please note the following depen
_TODO_
+#### SecurityProviderRegistration
+
+| Parameter | Type | Default | Description |
+|--------------------------|----------|-----------|------------------------|
+| `Required service PIDs` | String[] | see below | Service references mandatory for the SecurityProvider registration. |
+
+By default the `SecurityProviderRegistration` defines the following mandatory services.
+As long as these mandatory references are not available the `SecurityProviderRegistration`
+will not register the `SecurityProvider` as service.
+
+- "org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl"
+- "org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl",
+- "org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl",
+- "org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider",
+- "org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl",
+- "org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl"
+
+The value of this configuration parameter needs to be adjusted for any additional
+module or functionality that is considered mandatory for a successful security setup.
+See section [pluggability](#pluggability) below.
+
+#### CompositeConfiguration
+
+| Parameter | Type | Default | Description |
+|-----------------|-------|----------------------------|------------------------|
+| `PARAM_RANKING` | int | `NO_RANKING` (`Integer.MIN_VALUE`) | Optional configuration parameter to define the ranking within the aggregation. |
+
<a name="pluggability"/>
### Pluggability
-The Oak security setup distinguishes two types security modules:
+The Oak security setup distinguishes between the following types of modules:
- Unary modules: `AuthenticationConfiguration`, `PrivilegeConfiguration`, `UserConfiguration`
- Multiple modules: `AuthorizationConfiguration` (since Oak 1.4), `PrincipalConfiguration`, `TokenConfiguration`
+Plugging an implementation of an unary module will replace the default provided by Oak.
+As far as the multiple modules are concerned a custom implementation plugged into
+the repository will result in the creation of a [CompositeConfiguration]. The
+aggregated modules are kept in a list while the insertion order is defined by the
+`PARAM_RANKING` or by the OSGi service ranking in case the explicit ranking
+parameter is missing.
+
#### OSGi setup
_TODO_