You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/05/08 19:30:19 UTC
svn commit: r1593342 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security: principal.md principal/differences.md user/membership.md user/query.md

Author: angela
Date: Thu May  8 17:30:19 2014
New Revision: 1593342

URL: http://svn.apache.org/r1593342
Log:
OAK-301 : oak docu

Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal/differences.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/membership.md
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/query.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md?rev=1593342&r1=1593341&r2=1593342&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal.md Thu May  8 17:30:19 2014
@@ -38,6 +38,8 @@ This interface replaces the internal `Pr
 Jackrabbit 2.x. Note, that principals from different sources can be supported by
 using [CompositePrincipalProvider] or a similar implementation that proxies
 different sources.
+- [CompositePrincipalProvider]: Implementation that combines different principals
+from different source providers.
 
 ##### Special Principals
 - [AdminPrincipal]: Marker interface to identify the principal associated with administrative user(s).
@@ -51,11 +53,79 @@ The [PrincipalConfiguration] is the Oak 
 options. The default implementation of the [PrincipalManager] interface is based
 on Oak API and can equally be used for privilege related tasks in the Oak layer.
 
-Note, that in contrast to Jackrabbit 2.x the system may only have one single principal
+In contrast to Jackrabbit 2.x the system may only have one single principal
 provider implementation configured. In order to combine principals from different
 sources a implementation that properly handles the different sources is required;
 the [CompositePrincipalProvider] is an example that combines multiple implementations.
 
+### Pluggability
+
+The default security setup as present with Oak 1.0 is able to track custom
+`PrincipalConfiguration` implementations and will automatically combine the different
+principal provider implementations as noted above.
+
+In an OSGi setup the following steps are required in order to add a custom principal
+provider implementation:
+
+- implement `PrincipalProvider` interface
+- create the `PrincipalConfiguration` that exposes the custom provider
+- make the configuration implementation an OSGi service and make it available to the Oak repository.
+
+#### Examples
+
+##### Custom PrincipalConfiguration
+
+     @Component()
+     @Service({PrincipalConfiguration.class, SecurityConfiguration.class})
+     public class MyPrincipalConfiguration extends ConfigurationBase implements PrincipalConfiguration {
+
+         public MyPrincipalConfiguration() {
+             super();
+         }
+
+         public MyPrincipalConfiguration(SecurityProvider securityProvider) {
+             super(securityProvider, securityProvider.getParameters(NAME));
+         }
+
+         @Activate
+         private void activate(Map<String, Object> properties) {
+             setParameters(ConfigurationParameters.of(properties));
+         }
+
+
+         //---------------------------------------------< PrincipalConfiguration >---
+         @Nonnull
+         @Override
+         public PrincipalManager getPrincipalManager(Root root, NamePathMapper namePathMapper) {
+             PrincipalProvider principalProvider = getPrincipalProvider(root, namePathMapper);
+             return new PrincipalManagerImpl(principalProvider);
+         }
+
+         @Nonnull
+         @Override
+         public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) {
+             return new MyPrincipalProvider(root, namePathMapper);
+         }
+
+         //----------------------------------------------< SecurityConfiguration >---
+         @Nonnull
+         @Override
+         public String getName() {
+             return NAME;
+         }
+     }
+
+##### Custom PrincipalProvider
+
+     final class MyPrincipalProvider implements PrincipalProvider {
+
+         MyPrincipalProvider(Root root, NamePathMapper namePathMapper) {
+              ...
+         }
+
+         ...
+     }
+
 <!-- references -->
 
 [PrincipalManager]: http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal/differences.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal/differences.md?rev=1593342&r1=1593341&r2=1593342&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal/differences.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/principal/differences.md Thu May  8 17:30:19 2014
@@ -33,8 +33,7 @@ order to combine principals from differe
 handles the different sources is required; the [CompositePrincipalProvider] is an
 example that combines multiple implementations.
 
-NOTE: see [OAK-1798] for an improvement to ease pluggability of custom `PrincipalProvider`
-implementations.
+See [Principal Management](../principal.html) for an example.
 
 <!-- references -->
 
@@ -43,4 +42,3 @@ implementations.
 [org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.html
 [org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.html
 [org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.html
-[OAK-1798]: https://issues.apache.org/jira/browse/OAK-1798

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/membership.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/membership.md?rev=1593342&r1=1593341&r2=1593342&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/membership.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/membership.md Thu May  8 17:30:19 2014
@@ -105,7 +105,7 @@ will limit the size of the multi value p
 implementation detail and might even vary depending on the underlying persistence layer.
 In Oak 1.0 the threshold value is set to 100.
 
-#### Upgrading Groups from Jackrabbit 2.x to OAK content structure
+#### Upgrading Groups from Jackrabbit 2.x to Oak content structure
 
 Upon upgrade from a Jackrabbit 2.x repository to OAK the group member lists that
 adjusted to reflect the new content structure as created by the OAK user management

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/query.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/query.md?rev=1593342&r1=1593341&r2=1593342&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/query.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/query.md Thu May  8 17:30:19 2014
@@ -41,6 +41,7 @@ _todo_
 
 - simple search by property
 - query api
+- examples
 
 
 ### Characteristics of the Default Implementation