You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/05/13 16:20:31 UTC

svn commit: r1594234 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security: authentication/tokenmanagement.md user.md

Author: angela
Date: Tue May 13 14:20:31 2014
New Revision: 1594234

URL: http://svn.apache.org/r1594234
Log:
OAK-301 : oak docu

Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md?rev=1594234&r1=1594233&r2=1594234&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md Tue May 13 14:20:31 2014
@@ -62,14 +62,18 @@ authentication phases behave as follows:
 
 ### Token Management API
 
-_todo_
+Oak 1.0 defines the following interfaces used to manage login tokens:
+
+- [TokenProvider]: Interface to read and manage login tokens.
+- [TokenInfo]: Information associated with a given login token.
+
+In addition Oak comes with a default implementation of the provider interface
+that is able to aggregate multiple `TokenProvider`s:
 
-- [TokenProvider]
-- [TokenInfo]
 - [CompositeTokenProvider]
 
 
-### Characteristics of the Default Implementation
+### Characteristics of the TokenProvider Implementation
 
 The default implementation of the token management API stores login tokens along
 with the user's home directory in the repository. Along with the hash of the
@@ -82,16 +86,21 @@ with each [ContentSession].
 
 #### Token Creation
 
-_todo_
+The creation of a new token is triggered by valid `SimpleCredentials` passed
+to the login module chain that contain an additional, empty `.token` attribute.
+The default `TokenProvider` implementation will consequently generate a new
+token and store it's hash along with all mandatory and informative attributes
+to the new content node representing the new token.
 
 #### Token Removal
 
-_todo_
+In the default implementation a given login token (and the node associated with it)
+will be removed if the authentication fails due to an expired token.
 
 #### Resetting Expiration Time
 
-_todo_
-
+The default `TokenProvider` implementation will automatically reset the expiration
+time of a given token upon successful authentication.
 
 #### Token Representation in the Repository
 

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md?rev=1594234&r1=1594233&r2=1594234&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user.md Tue May 13 14:20:31 2014
@@ -188,13 +188,20 @@ details and examples.
 
 #### Node Name Generation
 
-_todo_
-
-`org.apache.jackrabbit.oak.spi.security.user.*`
+The default user management implementation with Oak 1.0 allows to specify how
+the name of a new authorizable node is being generated. As in Jackrabbit 2.x
+the ID is used as name-hint by default. In order to prevent exposing identifier
+related information in the path of the authorizable node, it it's desirable to
+change this default behavior by pluggin a custom implementation of the
+`AuthorizableNodeName` interface.
 
 - `AuthorizableNodeName` : Defines the generation of the authorizable node names
    in case the user management implementation stores user information in the repository.
 
+In the default implementation the corresponding configuration parameter is
+
+- `PARAM_AUTHORIZABLE_NODE_NAME`
+
 #### Utilities
 
 `org.apache.jackrabbit.oak.spi.security.user.*`
@@ -213,10 +220,10 @@ _todo_
 
 ### Configuration
 
-The following configuration options are present with the `UserConfiguration` as of OAK 1.0:
+The following user management specific methods are present with the `UserConfiguration`
+as of OAK 1.0:
 
 * getUserManager: Obtain a new user manager instance
-* getAuthorizableActionProvider: Obtain a new instance of the AuthorizableActionProvider (see above)
 
 #### Configuration Parameters supported by the default implementation
 
@@ -232,6 +239,7 @@ The following configuration options are 
 | `PARAM_PASSWORD_HASH_ITERATIONS`    | int     | 1000                                         |
 | `PARAM_PASSWORD_SALT_SIZE`          | int     | 8                                            |
 | `PARAM_AUTHORIZABLE_NODE_NAME`      | AuthorizableNodeName | AuthorizableNodeName#DEFAULT    |
+| `PARAM_AUTHORIZABLE_ACTION_PROVIDER`| AuthorizableActionProvider | DefaultAuthorizableActionProvider |
 | `PARAM_SUPPORT_AUTOSAVE`            | boolean | false                                        |
 
 The following configuration parameters present with the default implementation in Jackrabbit 2.x are no longer supported and will be ignored: