You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/05/14 12:45:14 UTC
svn commit: r1594536 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security: accesscontrol/restriction.md authentication/tokenmanagement.md principal.md user.md user/authorizableaction.md

Author: angela
Date: Wed May 14 10:45:13 2014
New Revision: 1594536

URL: http://svn.apache.org/r1594536
Log:
OAK-301 : oak docu

Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md Wed May 14 10:45:13 2014
@@ -57,7 +57,7 @@ Oak 1.0 access control management:
 
 ### Pluggability
 
-The default security setup as present with Oak 1.0 is able to track custom
+The default security setup as present with Oak 1.0 is able to provide custom
 `RestrictionProvider` implementations and will automatically combine the
 different implementations using the `CompositeRestrictionProvider`.
 

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md Wed May 14 10:45:13 2014
@@ -195,7 +195,7 @@ _todo_
 
 ### Pluggability
 
-The default security setup as present with Oak 1.0 is able to track custom
+The default security setup as present with Oak 1.0 is able to provide custom
 `TokenProvider` implementations and will automatically combine the
 different implementations using the `CompositeTokenProvider`.
 

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md Wed May 14 10:45:13 2014
@@ -60,7 +60,7 @@ the [CompositePrincipalProvider] is an e
 
 ### Pluggability
 
-The default security setup as present with Oak 1.0 is able to track custom
+The default security setup as present with Oak 1.0 is able to provide custom
 `PrincipalConfiguration` implementations and will automatically combine the different
 principal provider implementations as noted above.
 

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md Wed May 14 10:45:13 2014
@@ -209,8 +209,10 @@ change this default behavior by pluggin 
    in case the user management implementation stores user information in the repository.
 
 In the default implementation the corresponding configuration parameter is
-
-- `PARAM_AUTHORIZABLE_NODE_NAME`
+`PARAM_AUTHORIZABLE_NODE_NAME`. The default name generator can be replace
+by installing an OSGi service that implementats the `AuthorizableNodeName` interface.
+In a non-OSGi setup the user configuration must be initialized with configuration
+parameters that provide the custom generator implementation.
 
 #### Utilities
 
@@ -259,6 +261,54 @@ The following configuration parameters p
 * "autoExpandSize"
 * "groupMembershipSplitSize"
 
+### Pluggability
+
+The default security setup as present with Oak 1.0 is able to provide custom
+implementation on various levels:
+
+1. The complete user management implementation can be changed by plugging a different
+   `UserConfiguration` implementations. In OSGi-base setup this is achieved by making
+   the configuration a service. In a non-OSGi-base setup the custom configuration
+   must be exposed by the `SecurityProvider` implementation.
+2. Within the default user management implementation the following parts can be
+   change/extended at runtime by providing corresponding OSGi services or passing
+   appropriate configuration parameters exposing the custom implementations:
+       - `AuthorizableActionProvider`: Defines the authorizable actions, see [Authorizable Actions](user/authorizableaction.html).
+       - `AuthorizableNodeName`: Defines the generation of the authorizable node names
+          in case the user management implementation stores user information in the repository.
+
+#### Examples
+
+##### Example AuthorizableNodeName
+
+In an OSGi-based setup it's sufficient to make the service available to the repository
+in order to enable this custom node name generator.
+
+    @Component
+    @Service(value = {AuthorizableNodeName.class})
+    /**
+     * Custom implementation of the {@code AuthorizableNodeName} interface
+     * that uses a uuid as authorizable node name.
+     */
+    final class UUIDNodeName implements AuthorizableNodeName {
+
+        @Override
+        @Nonnull
+        public String generateNodeName(@Nonnull String authorizableId) {
+            return UUID.randomUUID().toString();
+        }
+    }
+
+In a non-OSGi setup this custom name generator can be plugged by making it available
+to the user configuration as follows:
+
+    Map<String, Object> userParams = new HashMap<String, Object>();
+    userParams.put(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, new UUIDNodeName());
+    ConfigurationParameters config =  ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)));
+    SecurityProvider securityProvider = new SecurityProviderImpl(config));
+    Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();
+
+
 ### Further Reading
 
 - [Differences wrt Jackrabbit 2.x](user/differences.html)

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md Wed May 14 10:45:13 2014
@@ -76,7 +76,7 @@ insufficient permissions by the editing 
 
 ### Pluggability
 
-The default security setup as present with Oak 1.0 is able to track custom
+The default security setup as present with Oak 1.0 is able to provide custom
 `AuthorizableActionProvider` implementations and will automatically combine the
 different implementations using the `CompositeActionProvider`.
 
@@ -173,6 +173,14 @@ that will later be used to store various
             }
         }
 
+##### Example Non-OSGI Setup
+
+    Map<String, Object> userParams = new HashMap<String, Object>();
+    userParams.put(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, new MyAuthorizableActionProvider());
+    ConfigurationParameters config =  ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)));
+    SecurityProvider securityProvider = new SecurityProviderImpl(config));
+    Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();
+
 
 <!-- hidden references -->
 [AuthorizableAction]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.html