Class ReadOnlyAuthorizationConfiguration
- java.lang.Object
-
- org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
- org.apache.jackrabbit.oak.spi.security.ConfigurationBase
-
- org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration
-
- All Implemented Interfaces:
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration,org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
public final class ReadOnlyAuthorizationConfiguration extends org.apache.jackrabbit.oak.spi.security.ConfigurationBase implements org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfigurationRead Only Authorization Model
This authorization module forms part of the training material provided by the oak-exercise module and must not be used in a productive environment!Overview
This simplistic authorization model is limited to permission evaluation and doesn't support access control management. The permission evaluation is hardcoded to only allow read access to every single item in the repository (even access control content). All other permissions are denied for every set of principals. There exists a single exception to that rule: For the internalSystemPrincipalpermission evaluation is not enforced by this module i.e. this module is skipped.Intended Usage
This authorization model is intended to be used in 'AND' combination with the default authorization setup defined by Oak (and optionally additional models such as e.g. oak-authorization-cug. It is not intended to be used as standalone model as it would grant full read access to everyone.Limitations
Experimental model for training purpose and not intended for usage in production.Key Features
Access Control Management
Feature Description Supported Privileges all Supports Custom Privileges yes Management by Path not supported Management by Principals not supported Owned Policies None Effective Policies by Path for every path a single effective policy of type NamedAccessControlPolicyEffective Policies by Principals for every set of principals a single effective policy of type NamedAccessControlPolicyPermission Evaluation
Feature Description Supported Permissions all Aggregated Permission Provider yes Representation in the Repository
There exists no dedicated access control or permission content for this authorization model as it doesn't persist any information into the repository.SecurityConfiguration.getContext()therefore returns thedefault.Configuration
This model comes with a single mandatory configurable property: - configurationRanking :CompositeConfiguration.PARAM_RANKING, no default value.Installation Instructions
The following steps are required to install this authorization model in an OSGi based Oak setup.- Upload the oak-exercise bundle
- Edit configuration of 'ReadOnlyAuthorizationConfiguration' specifying the mandatory ranking property
- Edit configuration of
SecurityProviderRegistration- add
org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfigurationto the list of required service IDs - make sure the 'Authorization Composition Type' is set to AND
- add
- Wait for the
SecurityProviderto be successfully registered again.
-
-
Constructor Summary
Constructors Constructor Description ReadOnlyAuthorizationConfiguration()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description @NotNull javax.jcr.security.AccessControlManagergetAccessControlManager(@NotNull org.apache.jackrabbit.oak.api.Root root, @NotNull org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)@NotNull java.util.List<? extends org.apache.jackrabbit.oak.spi.commit.CommitHook>getCommitHooks(@NotNull java.lang.String workspaceName)@NotNull java.util.List<org.apache.jackrabbit.oak.spi.commit.ThreeWayConflictHandler>getConflictHandlers()@NotNull org.apache.jackrabbit.oak.spi.security.ContextgetContext()@NotNull java.lang.StringgetName()@NotNull org.apache.jackrabbit.oak.spi.security.ConfigurationParametersgetParameters()@NotNull org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvidergetPermissionProvider(@NotNull org.apache.jackrabbit.oak.api.Root root, @NotNull java.lang.String workspaceName, @NotNull java.util.Set<java.security.Principal> principals)@NotNull java.util.List<org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter>getProtectedItemImporters()@NotNull org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializergetRepositoryInitializer()@NotNull org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvidergetRestrictionProvider()@NotNull java.util.List<? extends org.apache.jackrabbit.oak.spi.commit.ValidatorProvider>getValidators(@NotNull java.lang.String workspaceName, @NotNull java.util.Set<java.security.Principal> principals, @NotNull org.apache.jackrabbit.oak.spi.commit.MoveTracker moveTracker)@NotNull org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializergetWorkspaceInitializer()-
Methods inherited from class org.apache.jackrabbit.oak.spi.security.ConfigurationBase
getRootProvider, getSecurityProvider, getTreeProvider, setParameters, setRootProvider, setSecurityProvider, setTreeProvider
-
-
-
-
Method Detail
-
getAccessControlManager
@NotNull public @NotNull javax.jcr.security.AccessControlManager getAccessControlManager(@NotNull @NotNull org.apache.jackrabbit.oak.api.Root root, @NotNull @NotNull org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)- Specified by:
getAccessControlManagerin interfaceorg.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
-
getRestrictionProvider
@NotNull public @NotNull org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider getRestrictionProvider()
- Specified by:
getRestrictionProviderin interfaceorg.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
-
getPermissionProvider
@NotNull public @NotNull org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider getPermissionProvider(@NotNull @NotNull org.apache.jackrabbit.oak.api.Root root, @NotNull @NotNull java.lang.String workspaceName, @NotNull @NotNull java.util.Set<java.security.Principal> principals)- Specified by:
getPermissionProviderin interfaceorg.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
-
getName
@NotNull public @NotNull java.lang.String getName()
- Specified by:
getNamein interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getNamein classorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
getParameters
@NotNull public @NotNull org.apache.jackrabbit.oak.spi.security.ConfigurationParameters getParameters()
- Specified by:
getParametersin interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getParametersin classorg.apache.jackrabbit.oak.spi.security.ConfigurationBase
-
getWorkspaceInitializer
@NotNull public @NotNull org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer getWorkspaceInitializer()
- Specified by:
getWorkspaceInitializerin interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getWorkspaceInitializerin classorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
getRepositoryInitializer
@NotNull public @NotNull org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer getRepositoryInitializer()
- Specified by:
getRepositoryInitializerin interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getRepositoryInitializerin classorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
getCommitHooks
@NotNull public @NotNull java.util.List<? extends org.apache.jackrabbit.oak.spi.commit.CommitHook> getCommitHooks(@NotNull @NotNull java.lang.String workspaceName)- Specified by:
getCommitHooksin interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getCommitHooksin classorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
getValidators
@NotNull public @NotNull java.util.List<? extends org.apache.jackrabbit.oak.spi.commit.ValidatorProvider> getValidators(@NotNull @NotNull java.lang.String workspaceName, @NotNull @NotNull java.util.Set<java.security.Principal> principals, @NotNull @NotNull org.apache.jackrabbit.oak.spi.commit.MoveTracker moveTracker)- Specified by:
getValidatorsin interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getValidatorsin classorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
getConflictHandlers
@NotNull public @NotNull java.util.List<org.apache.jackrabbit.oak.spi.commit.ThreeWayConflictHandler> getConflictHandlers()
- Specified by:
getConflictHandlersin interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getConflictHandlersin classorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
getProtectedItemImporters
@NotNull public @NotNull java.util.List<org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter> getProtectedItemImporters()
- Specified by:
getProtectedItemImportersin interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getProtectedItemImportersin classorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
getContext
@NotNull public @NotNull org.apache.jackrabbit.oak.spi.security.Context getContext()
- Specified by:
getContextin interfaceorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration- Overrides:
getContextin classorg.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
-