You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/05/14 12:45:14 UTC
svn commit: r1594536 - in
/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security:
accesscontrol/restriction.md authentication/tokenmanagement.md principal.md
user.md user/authorizableaction.md
Author: angela
Date: Wed May 14 10:45:13 2014
New Revision: 1594536
URL: http://svn.apache.org/r1594536
Log:
OAK-301 : oak docu
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/restriction.md Wed May 14 10:45:13 2014
@@ -57,7 +57,7 @@ Oak 1.0 access control management:
### Pluggability
-The default security setup as present with Oak 1.0 is able to track custom
+The default security setup as present with Oak 1.0 is able to provide custom
`RestrictionProvider` implementations and will automatically combine the
different implementations using the `CompositeRestrictionProvider`.
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md Wed May 14 10:45:13 2014
@@ -195,7 +195,7 @@ _todo_
### Pluggability
-The default security setup as present with Oak 1.0 is able to track custom
+The default security setup as present with Oak 1.0 is able to provide custom
`TokenProvider` implementations and will automatically combine the
different implementations using the `CompositeTokenProvider`.
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md Wed May 14 10:45:13 2014
@@ -60,7 +60,7 @@ the [CompositePrincipalProvider] is an e
### Pluggability
-The default security setup as present with Oak 1.0 is able to track custom
+The default security setup as present with Oak 1.0 is able to provide custom
`PrincipalConfiguration` implementations and will automatically combine the different
principal provider implementations as noted above.
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md Wed May 14 10:45:13 2014
@@ -209,8 +209,10 @@ change this default behavior by pluggin
in case the user management implementation stores user information in the repository.
In the default implementation the corresponding configuration parameter is
-
-- `PARAM_AUTHORIZABLE_NODE_NAME`
+`PARAM_AUTHORIZABLE_NODE_NAME`. The default name generator can be replace
+by installing an OSGi service that implementats the `AuthorizableNodeName` interface.
+In a non-OSGi setup the user configuration must be initialized with configuration
+parameters that provide the custom generator implementation.
#### Utilities
@@ -259,6 +261,54 @@ The following configuration parameters p
* "autoExpandSize"
* "groupMembershipSplitSize"
+### Pluggability
+
+The default security setup as present with Oak 1.0 is able to provide custom
+implementation on various levels:
+
+1. The complete user management implementation can be changed by plugging a different
+ `UserConfiguration` implementations. In OSGi-base setup this is achieved by making
+ the configuration a service. In a non-OSGi-base setup the custom configuration
+ must be exposed by the `SecurityProvider` implementation.
+2. Within the default user management implementation the following parts can be
+ change/extended at runtime by providing corresponding OSGi services or passing
+ appropriate configuration parameters exposing the custom implementations:
+ - `AuthorizableActionProvider`: Defines the authorizable actions, see [Authorizable Actions](user/authorizableaction.html).
+ - `AuthorizableNodeName`: Defines the generation of the authorizable node names
+ in case the user management implementation stores user information in the repository.
+
+#### Examples
+
+##### Example AuthorizableNodeName
+
+In an OSGi-based setup it's sufficient to make the service available to the repository
+in order to enable this custom node name generator.
+
+ @Component
+ @Service(value = {AuthorizableNodeName.class})
+ /**
+ * Custom implementation of the {@code AuthorizableNodeName} interface
+ * that uses a uuid as authorizable node name.
+ */
+ final class UUIDNodeName implements AuthorizableNodeName {
+
+ @Override
+ @Nonnull
+ public String generateNodeName(@Nonnull String authorizableId) {
+ return UUID.randomUUID().toString();
+ }
+ }
+
+In a non-OSGi setup this custom name generator can be plugged by making it available
+to the user configuration as follows:
+
+ Map<String, Object> userParams = new HashMap<String, Object>();
+ userParams.put(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, new UUIDNodeName());
+ ConfigurationParameters config = ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)));
+ SecurityProvider securityProvider = new SecurityProviderImpl(config));
+ Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();
+
+
### Further Reading
- [Differences wrt Jackrabbit 2.x](user/differences.html)
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md?rev=1594536&r1=1594535&r2=1594536&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md Wed May 14 10:45:13 2014
@@ -76,7 +76,7 @@ insufficient permissions by the editing
### Pluggability
-The default security setup as present with Oak 1.0 is able to track custom
+The default security setup as present with Oak 1.0 is able to provide custom
`AuthorizableActionProvider` implementations and will automatically combine the
different implementations using the `CompositeActionProvider`.
@@ -173,6 +173,14 @@ that will later be used to store various
}
}
+##### Example Non-OSGI Setup
+
+ Map<String, Object> userParams = new HashMap<String, Object>();
+ userParams.put(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, new MyAuthorizableActionProvider());
+ ConfigurationParameters config = ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)));
+ SecurityProvider securityProvider = new SecurityProviderImpl(config));
+ Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();
+
<!-- hidden references -->
[AuthorizableAction]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.html