You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/02/10 19:08:10 UTC

svn commit: r1729681 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security: accesscontrol/editing.md authorization/cug.md principal.md

Author: angela
Date: Wed Feb 10 18:08:10 2016
New Revision: 1729681

URL: http://svn.apache.org/viewvc?rev=1729681&view=rev
Log:
OAK-3946 : Document oak-authorization-cug
minor improvement: documenting oak security (improve structure and readibility)

Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md?rev=1729681&r1=1729680&r2=1729681&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/editing.md Wed Feb 10 18:08:10 2016
@@ -54,7 +54,6 @@ defined by JCR or the names of the Oak p
     - `getApplicablePolicies(String)`
     - `getPolicies(String)`
 
-
 - `JackrabbitAccessControlManager`
     - `getApplicablePolicies(Principal)`
     - `getPolicies(Principal)`

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md?rev=1729681&r1=1729680&r2=1729681&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md Wed Feb 10 18:08:10 2016
@@ -15,7 +15,7 @@
    limitations under the License.
 -->
 
-Managing Access with Closed User Groups (CUG)
+Managing Access with "Closed User Groups" (CUG)
 --------------------------------------------------------------------------------
 
 ### General
@@ -25,7 +25,14 @@ _todo_
 <a name="jackrabbit_api"/>
 ### Jackrabbit API
 
-_todo: PrincipalSetPolicy_
+The Jackrabbit API defines an extension of the JCR [AccessControlPolicy] interface 
+intended to grant the ability to perform certain actions to a set of
+[Principal]s:
+
+- `PrincipalSetPolicy`
+
+See [Jackrabbit API](http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/authorization/PrincipalSetPolicy.java) 
+for details and the methods exposed by the interface.
 
 <a name="api_extensions"/>
 ### API Extensions
@@ -33,11 +40,11 @@ _todo: PrincipalSetPolicy_
 _todo: CugPolicy_
 _todo: CugExclude_
 
-### Characteristics of the default CUG Implementation
+### Implementation Details
 
 _todo_
 
-#### CUG Representation in the Repository
+### Representation in the Repository
 
 CUG policies defined by this module in a dedicate node name `rep:cugPolicy` of 
 type `rep:CugPolicy`. This node is defined by a dedicate mixin type 
@@ -53,7 +60,7 @@ access in the restricted area:
       - rep:principalNames (STRING) multiple protected mandatory IGNORE
 
 <a name="validation"/>
-##### Validation
+### Validation
 
 The consistency of this content structure both on creation and modification is
 asserted by a dedicated `CugValidatorProvider`. The corresponding error are
@@ -69,6 +76,8 @@ all of type `AccessControl` with the fol
 <a name="configuration"/>
 ### Configuration
 
+_todo_
+
 #### Configuration Parameters
 
 The implementation supports the following configuration parameters:
@@ -90,4 +99,6 @@ _todo: customize cug-authorization by pr
 
 _todo_
 
-<!-- references -->
\ No newline at end of file
+<!-- hidden references -->
+[Principal]: http://docs.oracle.com/javase/7/docs/api/java/security/Principal.html
+[AccessControlPolicy]: http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/security/AccessControlPolicy.html
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md?rev=1729681&r1=1729680&r2=1729681&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md Wed Feb 10 18:08:10 2016
@@ -22,8 +22,9 @@ Principal Management
 ### JCR API
 
 JCR itself doesn't come with a dedicated principal management API. Nevertheless
-the specification mentions `java.security.Principal` as key feature for
-access control management but leaves the discovery of principals to the implementation.
+the specification mentions `java.security.Principal` as key feature for access 
+control management but leaves the discovery of principals to the implementation 
+(see [Section 16.5.7](http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html#16.5.7%20Principal%20Discovery)).
 
 Therefore an API for principal management has been defined as part of the
 extensions present with Jackrabbit API.
@@ -37,7 +38,7 @@ are missing in JCR. The relevant interfa
 
 - `PrincipalManager`
 - `PrincipalIterator`
-- `JackrabbitPrincipal`
+- `JackrabbitPrincipal` extends [Principal](http://docs.oracle.com/javase/7/docs/api/java/security/Principal.html)
     - `ItemBasedPrincipal`
 
 #### Differences wrt Jackrabbit 2.x