Class ReadOnlyAuthorizationConfiguration
java.lang.Object
org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
org.apache.jackrabbit.oak.spi.security.ConfigurationBase
org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration
- All Implemented Interfaces:
AuthorizationConfiguration
,SecurityConfiguration
public final class ReadOnlyAuthorizationConfiguration
extends ConfigurationBase
implements AuthorizationConfiguration
Read Only Authorization Model
This authorization module forms part of the training material provided by the oak-exercise module and must not be used in a productive environment!Overview
This simplistic authorization model is limited to permission evaluation and doesn't support access control management. The permission evaluation is hardcoded to only allow read access to every single item in the repository (even access control content). All other permissions are denied for every set of principals. There exists a single exception to that rule: For the internalSystemPrincipal
permission evaluation is not enforced by this module i.e. this module is skipped.
Intended Usage
This authorization model is intended to be used in 'AND' combination with the default authorization setup defined by Oak (and optionally additional models such as e.g. oak-authorization-cug. It is not intended to be used as standalone model as it would grant full read access to everyone.Limitations
Experimental model for training purpose and not intended for usage in production.Key Features
Access Control Management
Feature | Description |
---|---|
Supported Privileges | all |
Supports Custom Privileges | yes |
Management by Path | not supported |
Management by Principals | not supported |
Owned Policies | None |
Effective Policies by Path | for every path a single effective policy of type NamedAccessControlPolicy |
Effective Policies by Principals | for every set of principals a single effective policy of type NamedAccessControlPolicy |
Permission Evaluation
Feature | Description |
---|---|
Supported Permissions | all |
Aggregated Permission Provider | yes |
Representation in the Repository
There exists no dedicated access control or permission content for this authorization model as it doesn't persist any information into the repository.SecurityConfiguration.getContext()
therefore returns the default
.
Configuration
This model comes with a single mandatory configurable property: - configurationRanking :CompositeConfiguration.PARAM_RANKING
, no default value.
Installation Instructions
The following steps are required to install this authorization model in an OSGi based Oak setup.- Upload the oak-exercise bundle
- Edit configuration of 'ReadOnlyAuthorizationConfiguration' specifying the mandatory ranking property
- Edit configuration of
SecurityProviderRegistration
- add
org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration
to the list of required service IDs - make sure the 'Authorization Composition Type' is set to AND
- add
- Wait for the
SecurityProvider
to be successfully registered again.
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
SecurityConfiguration.Default
-
Field Summary
Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
NAME
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription@NotNull AccessControlManager
getAccessControlManager
(@NotNull Root root, @NotNull NamePathMapper namePathMapper) @NotNull List<? extends CommitHook>
getCommitHooks
(@NotNull String workspaceName) Returns the list of commit hooks that need to be executed for the specified workspace name.@NotNull List<ThreeWayConflictHandler>
Returns the list of conflict handlers available for this security configuration.@NotNull Context
@NotNull String
getName()
Returns the name of this security configuration.@NotNull ConfigurationParameters
Returns the configuration parameters associated with this security configuration instance.@NotNull PermissionProvider
getPermissionProvider
(@NotNull Root root, @NotNull String workspaceName, @NotNull Set<Principal> principals) @NotNull List<ProtectedItemImporter>
@NotNull RepositoryInitializer
Returns a repository initializer for this security configuration.@NotNull RestrictionProvider
@NotNull List<? extends ValidatorProvider>
getValidators
(@NotNull String workspaceName, @NotNull Set<Principal> principals, @NotNull MoveTracker moveTracker) Returns the list of validators that need to be executed for the specified workspace name.@NotNull WorkspaceInitializer
Returns a workspace initializer for this security configuration.Methods inherited from class org.apache.jackrabbit.oak.spi.security.ConfigurationBase
getRootProvider, getSecurityProvider, getTreeProvider, setParameters, setRootProvider, setSecurityProvider, setTreeProvider
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
getMonitors
-
Constructor Details
-
ReadOnlyAuthorizationConfiguration
public ReadOnlyAuthorizationConfiguration()
-
-
Method Details
-
getAccessControlManager
@NotNull public @NotNull AccessControlManager getAccessControlManager(@NotNull @NotNull Root root, @NotNull @NotNull NamePathMapper namePathMapper) - Specified by:
getAccessControlManager
in interfaceAuthorizationConfiguration
-
getRestrictionProvider
- Specified by:
getRestrictionProvider
in interfaceAuthorizationConfiguration
-
getPermissionProvider
@NotNull public @NotNull PermissionProvider getPermissionProvider(@NotNull @NotNull Root root, @NotNull @NotNull String workspaceName, @NotNull @NotNull Set<Principal> principals) - Specified by:
getPermissionProvider
in interfaceAuthorizationConfiguration
-
getName
Description copied from interface:SecurityConfiguration
Returns the name of this security configuration.- Specified by:
getName
in interfaceSecurityConfiguration
- Overrides:
getName
in classSecurityConfiguration.Default
- Returns:
- The name of this configuration.
-
getParameters
Description copied from interface:SecurityConfiguration
Returns the configuration parameters associated with this security configuration instance. If no parameters are presentConfigurationParameters.EMPTY
should be returned.- Specified by:
getParameters
in interfaceSecurityConfiguration
- Overrides:
getParameters
in classConfigurationBase
- Returns:
- The configuration parameters.
-
getWorkspaceInitializer
Description copied from interface:SecurityConfiguration
Returns a workspace initializer for this security configuration. If this configuration doesn't require any specific workspace initializationWorkspaceInitializer.DEFAULT
should be returned.- Specified by:
getWorkspaceInitializer
in interfaceSecurityConfiguration
- Overrides:
getWorkspaceInitializer
in classSecurityConfiguration.Default
- Returns:
- An instance of
WorkspaceInitializer
.
-
getRepositoryInitializer
Description copied from interface:SecurityConfiguration
Returns a repository initializer for this security configuration. If this configuration doesn't require any specific repository initializationRepositoryInitializer.DEFAULT
should be returned.- Specified by:
getRepositoryInitializer
in interfaceSecurityConfiguration
- Overrides:
getRepositoryInitializer
in classSecurityConfiguration.Default
- Returns:
- An instance of
RepositoryInitializer
.
-
getCommitHooks
@NotNull public @NotNull List<? extends CommitHook> getCommitHooks(@NotNull @NotNull String workspaceName) Description copied from interface:SecurityConfiguration
Returns the list of commit hooks that need to be executed for the specified workspace name.- Specified by:
getCommitHooks
in interfaceSecurityConfiguration
- Overrides:
getCommitHooks
in classSecurityConfiguration.Default
- Parameters:
workspaceName
- The name of the workspace.- Returns:
- A list of commit hooks.
-
getValidators
@NotNull public @NotNull List<? extends ValidatorProvider> getValidators(@NotNull @NotNull String workspaceName, @NotNull @NotNull Set<Principal> principals, @NotNull @NotNull MoveTracker moveTracker) Description copied from interface:SecurityConfiguration
Returns the list of validators that need to be executed for the specified workspace name.- Specified by:
getValidators
in interfaceSecurityConfiguration
- Overrides:
getValidators
in classSecurityConfiguration.Default
- Parameters:
workspaceName
- The name of the workspace.principals
- The set of principals associated with the subject that is committing modifications.moveTracker
- The move tracker associated with the commit.- Returns:
- A list of validators.
-
getConflictHandlers
Description copied from interface:SecurityConfiguration
Returns the list of conflict handlers available for this security configuration.- Specified by:
getConflictHandlers
in interfaceSecurityConfiguration
- Overrides:
getConflictHandlers
in classSecurityConfiguration.Default
- Returns:
- A list of
ThreeWayConflictHandler
.
-
getProtectedItemImporters
- Specified by:
getProtectedItemImporters
in interfaceSecurityConfiguration
- Overrides:
getProtectedItemImporters
in classSecurityConfiguration.Default
- Returns:
- The list of protected item importers defined by this configuration.
-
getContext
- Specified by:
getContext
in interfaceSecurityConfiguration
- Overrides:
getContext
in classSecurityConfiguration.Default
- Returns:
- The context defined by this configuration.
-