You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2018/04/09 12:05:57 UTC

svn commit: r1828706 - in /jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization: IntroductionTest.java advanced/L2_SetupAggregationTest.java

Author: angela
Date: Mon Apr  9 12:05:57 2018
New Revision: 1828706

URL: http://svn.apache.org/viewvc?rev=1828706&view=rev
Log:
OAK-5122 : Exercise for Custom Authorization Models (wip)

Modified:
    jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java
    jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java

Modified: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java?rev=1828706&r1=1828705&r2=1828706&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java (original)
+++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java Mon Apr  9 12:05:57 2018
@@ -32,7 +32,7 @@ import org.apache.jackrabbit.oak.spi.sec
  *
  * Goal:
  * Get a basic understanding how authorization is organized in Oak and become
- * familiar with distiction between access control management and permission
+ * familiar with distinction between access control management and permission
  * evaluation.
  *
  * Exercises:

Modified: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java?rev=1828706&r1=1828705&r2=1828706&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java (original)
+++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java Mon Apr  9 12:05:57 2018
@@ -31,7 +31,44 @@ package org.apache.jackrabbit.oak.exerci
  * Note, that this section only focuses on OSGi-based Oak setup scenarios.
  *
  * Exercises:
- * TODO
+ *
+ * - Deploy Bundle
+ *   Take a bundle that provides you with another implementation of AuthorizationConfiguration
+ *   and deploy it with your OSGi based Oak setup.
+ *
+ *   Hint: Oak comes with 2 additional authorization models, which you can use
+ *   > Closed User Groups in oak-authorization-cug (see also http://jackrabbit.apache.org/oak/docs/security/authorization/cug.html)
+ *   > Read Only in oak-exercise
+ *
+ *   Questions:
+ *   > Can you identify the OSGi components that come with the model?
+ *   > Does your model require any mandatory configuration in order to be functional?
+ *
+ * - Adjust Configuration of 'Apache Jackrabbit Oak SecurityProvider'
+ *   In a second step you should adjust the configuration of the SecurityProvider
+ *   in order to make sure the additional AuthorizationConfiguration is properly
+ *   wired with the security setup.
+ *
+ *   > Add the addition configuration to the list of required service IDs (see also http://jackrabbit.apache.org/oak/docs/security/introduction.html)
+ *   > Check the value of 'Authorization Composition Type'.
+ *   > Observe the log INFOs to verify the SecurityProvider is properly registered
+ *   > Inspect the references to 'authorizationConfiguration' in org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration
+ *     and verify that the extra module shows up there.
+ *
+ * - Verify Access Control Management and Permission Evaluation
+ *   Before moving on think about your expectations wrt result of the aggregation
+ *   both in terms of access control management and permission evaluation.
+ *
+ *
+ * Advanced Exercises:
+ * -----------------------------------------------------------------------------
+ *
+ * - Play with the configuration option 'Authorization Composition Type'.
+ *
+ *   Questions:
+ *   > Would it be an option to use "OR" as the composition type with the setup you chose?
+ *   > What would be the result if this was a valid option?
+ *   > If it wasn't an option, explain why. Think about a scenario where it was valid.
  *
  * </pre>
  */