You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2016/11/23 07:49:02 UTC
svn commit: r1770929 -
/jackrabbit/site/live/oak/docs/security/authorization/cug.html
Author: angela
Date: Wed Nov 23 07:49:01 2016
New Revision: 1770929
URL: http://svn.apache.org/viewvc?rev=1770929&view=rev
Log:
OAK-936: Site checkin for project Oak Documentation-1.6-SNAPSHOT
Modified:
jackrabbit/site/live/oak/docs/security/authorization/cug.html
Modified: jackrabbit/site/live/oak/docs/security/authorization/cug.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authorization/cug.html?rev=1770929&r1=1770928&r2=1770929&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authorization/cug.html (original)
+++ jackrabbit/site/live/oak/docs/security/authorization/cug.html Wed Nov 23 07:49:01 2016
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2016-11-18
+ | Generated by Apache Maven Doxia at 2016-11-23
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20161118" />
+ <meta name="Date-Revision-yyyymmdd" content="20161123" />
<meta http-equiv="Content-Language" content="en" />
<title>Jackrabbit Oak - Managing Access with Closed User Groups (CUG)</title>
<link rel="stylesheet" href="../../css/apache-maven-fluido-1.3.0.min.css" />
@@ -216,7 +216,7 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2016-11-18</li>
+ <li id="publishDate">Last Published: 2016-11-23</li>
<li class="divider">|</li> <li id="projectVersion">Version: 1.6-SNAPSHOT</li>
@@ -619,6 +619,7 @@
[rep:CugPolicy] > rep:Policy
- rep:principalNames (STRING) multiple protected mandatory IGNORE
</pre></div>
+<p><i>Note:</i> the multivalued <tt>rep:principalNames</tt> property reflects the fact that CUGs are intended to be used for small principal sets, preferably <tt>java.security.acl.Group</tt> principals. </p>
<p><a name="validation"></a></p></div>
<div class="section">
<h3>Validation<a name="Validation"></a></h3>
@@ -733,7 +734,8 @@
<td> </td>
</tr>
</tbody>
-</table></div>
+</table>
+<p><i>Note:</i> depending on other the authorization models deployed in the composite setup, the number of CUGs used in a given deployment as well as other factors such as predominant read vs. read-write, the performance of overall permission evaluation may benefit from changing the default ranking of the CUG authorization model.</p></div>
<div class="section">
<h4>Excluding Principals<a name="Excluding_Principals"></a></h4>
<p>The CUG authorization setup can be further customized by configuring the <tt>CugExcludeImpl</tt> service with allows to list additional principals that need to be excluded from the evaluation of restricted areas:</p>
@@ -782,6 +784,7 @@
<div class="section">
<h3>Pluggability<a name="Pluggability"></a></h3>
<p>The following section describes how to deploy the CUG authorization model into an Oak repository and how to customize the <tt>CugExclude</tt> extension point.</p>
+<p><i>Note:</i> the reverse steps can be used to completely disable the CUG authorization model in case it is not needed for a given repository installation but shipped by a vendor such as e.g. Adobe AEM 6.3.</p>
<div class="section">
<h4>Deploy CugConfiguration<a name="Deploy_CugConfiguration"></a></h4>
<div class="section">