You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/05/16 17:53:20 UTC
svn commit: r1595243 - in
/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission:
differences.md evaluation.md
Author: angela
Date: Fri May 16 15:53:19 2014
New Revision: 1595243
URL: http://svn.apache.org/r1595243
Log:
OAK-301 : oak docu
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/evaluation.md
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md?rev=1595243&r1=1595242&r2=1595243&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md Fri May 16 15:53:19 2014
@@ -18,7 +18,13 @@
#### General Notes
-_todo_
+The permission evaluation as present in Oak 1.0 differs from Jackrabbit 2.x
+in two fundamental aspects:
+
+1. Permission evaluation has been completely separated from the access control
+ content and is executed based on the information stored in the permission store.
+2. Each JCR `Session` (or Oak `ContentSession`) gets it's own `PermissionProvider`
+ associated with the current repository revision the session is operating on.
#### Permissions
@@ -88,5 +94,6 @@ This changes is covered by [OAK-444] and
<!-- hidden references -->
[Permissions]: http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/Permissions.java
+[PermissionHook]: http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
[OAK-444]: https://issues.apache.org/jira/browse/OAK-444
[JCR-2963]: https://issues.apache.org/jira/browse/JCR-2963
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/evaluation.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/evaluation.md?rev=1595243&r1=1595242&r2=1595243&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/evaluation.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/evaluation.md Fri May 16 15:53:19 2014
@@ -20,7 +20,17 @@ Permission Evaluation in Detail
### General Remarks
-_todo_
+As of Oak 1.0 Permission evaluation is completely separated from the access control
+content and is executed based on the information stored in the permission store.
+The latter is kept in sync with the access control information using dedicated
+`CommitHook` implementation ([PermissionHook]). The evaluation itself is done
+by the configured `PermissionProvider` that read and evaluates the information
+stored in the permission store.
+
+Each JCR `Session` (or Oak `ContentSession`) gets it's own `PermissionProvider`
+associated with the current repository revision the session is operating on.
+Consequently, the evaluated permissions and caches are not shared between different
+sessions even if they represent the same subject.
#### Evaluation of Permission Entries