Class ReadOnlyAuthorizationConfiguration
java.lang.Object
org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
org.apache.jackrabbit.oak.spi.security.ConfigurationBase
org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration
- All Implemented Interfaces:
AuthorizationConfiguration,SecurityConfiguration
public final class ReadOnlyAuthorizationConfiguration
extends ConfigurationBase
implements AuthorizationConfiguration
Read Only Authorization Model
This authorization module forms part of the training material provided by the oak-exercise module and must not be used in a productive environment!Overview
This simplistic authorization model is limited to permission evaluation and doesn't support access control management. The permission evaluation is hardcoded to only allow read access to every single item in the repository (even access control content). All other permissions are denied for every set of principals. There exists a single exception to that rule: For the internalSystemPrincipal
permission evaluation is not enforced by this module i.e. this module is skipped.
Intended Usage
This authorization model is intended to be used in 'AND' combination with the default authorization setup defined by Oak (and optionally additional models such as e.g. oak-authorization-cug. It is not intended to be used as standalone model as it would grant full read access to everyone.Limitations
Experimental model for training purpose and not intended for usage in production.Key Features
Access Control Management
| Feature | Description |
|---|---|
| Supported Privileges | all |
| Supports Custom Privileges | yes |
| Management by Path | not supported |
| Management by Principals | not supported |
| Owned Policies | None |
| Effective Policies by Path | for every path a single effective policy of type NamedAccessControlPolicy |
| Effective Policies by Principals | for every set of principals a single effective policy of type NamedAccessControlPolicy |
Permission Evaluation
| Feature | Description |
|---|---|
| Supported Permissions | all |
| Aggregated Permission Provider | yes |
Representation in the Repository
There exists no dedicated access control or permission content for this authorization model as it doesn't persist any information into the repository.SecurityConfiguration.getContext() therefore returns the default.
Configuration
This model comes with a single mandatory configurable property: - configurationRanking :CompositeConfiguration.PARAM_RANKING, no default value.
Installation Instructions
The following steps are required to install this authorization model in an OSGi based Oak setup.- Upload the oak-exercise bundle
- Edit configuration of 'ReadOnlyAuthorizationConfiguration' specifying the mandatory ranking property
- Edit configuration of
SecurityProviderRegistration- add
org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfigurationto the list of required service IDs - make sure the 'Authorization Composition Type' is set to AND
- add
- Wait for the
SecurityProviderto be successfully registered again.
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
SecurityConfiguration.Default -
Field Summary
Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
NAME -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription@NotNull AccessControlManagergetAccessControlManager(@NotNull Root root, @NotNull NamePathMapper namePathMapper) @NotNull List<? extends CommitHook>getCommitHooks(@NotNull String workspaceName) Returns the list of commit hooks that need to be executed for the specified workspace name.@NotNull List<ThreeWayConflictHandler>Returns the list of conflict handlers available for this security configuration.@NotNull Context@NotNull StringgetName()Returns the name of this security configuration.@NotNull ConfigurationParametersReturns the configuration parameters associated with this security configuration instance.@NotNull PermissionProvidergetPermissionProvider(@NotNull Root root, @NotNull String workspaceName, @NotNull Set<Principal> principals) @NotNull List<ProtectedItemImporter>@NotNull RepositoryInitializerReturns a repository initializer for this security configuration.@NotNull RestrictionProvider@NotNull List<? extends ValidatorProvider>getValidators(@NotNull String workspaceName, @NotNull Set<Principal> principals, @NotNull MoveTracker moveTracker) Returns the list of validators that need to be executed for the specified workspace name.@NotNull WorkspaceInitializerReturns a workspace initializer for this security configuration.Methods inherited from class org.apache.jackrabbit.oak.spi.security.ConfigurationBase
getRootProvider, getSecurityProvider, getTreeProvider, setParameters, setRootProvider, setSecurityProvider, setTreeProviderMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
getMonitors
-
Constructor Details
-
ReadOnlyAuthorizationConfiguration
public ReadOnlyAuthorizationConfiguration()
-
-
Method Details
-
getAccessControlManager
@NotNull public @NotNull AccessControlManager getAccessControlManager(@NotNull @NotNull Root root, @NotNull @NotNull NamePathMapper namePathMapper) - Specified by:
getAccessControlManagerin interfaceAuthorizationConfiguration
-
getRestrictionProvider
- Specified by:
getRestrictionProviderin interfaceAuthorizationConfiguration
-
getPermissionProvider
@NotNull public @NotNull PermissionProvider getPermissionProvider(@NotNull @NotNull Root root, @NotNull @NotNull String workspaceName, @NotNull @NotNull Set<Principal> principals) - Specified by:
getPermissionProviderin interfaceAuthorizationConfiguration
-
getName
Description copied from interface:SecurityConfigurationReturns the name of this security configuration.- Specified by:
getNamein interfaceSecurityConfiguration- Overrides:
getNamein classSecurityConfiguration.Default- Returns:
- The name of this configuration.
-
getParameters
Description copied from interface:SecurityConfigurationReturns the configuration parameters associated with this security configuration instance. If no parameters are presentConfigurationParameters.EMPTYshould be returned.- Specified by:
getParametersin interfaceSecurityConfiguration- Overrides:
getParametersin classConfigurationBase- Returns:
- The configuration parameters.
-
getWorkspaceInitializer
Description copied from interface:SecurityConfigurationReturns a workspace initializer for this security configuration. If this configuration doesn't require any specific workspace initializationWorkspaceInitializer.DEFAULTshould be returned.- Specified by:
getWorkspaceInitializerin interfaceSecurityConfiguration- Overrides:
getWorkspaceInitializerin classSecurityConfiguration.Default- Returns:
- An instance of
WorkspaceInitializer.
-
getRepositoryInitializer
Description copied from interface:SecurityConfigurationReturns a repository initializer for this security configuration. If this configuration doesn't require any specific repository initializationRepositoryInitializer.DEFAULTshould be returned.- Specified by:
getRepositoryInitializerin interfaceSecurityConfiguration- Overrides:
getRepositoryInitializerin classSecurityConfiguration.Default- Returns:
- An instance of
RepositoryInitializer.
-
getCommitHooks
@NotNull public @NotNull List<? extends CommitHook> getCommitHooks(@NotNull @NotNull String workspaceName) Description copied from interface:SecurityConfigurationReturns the list of commit hooks that need to be executed for the specified workspace name.- Specified by:
getCommitHooksin interfaceSecurityConfiguration- Overrides:
getCommitHooksin classSecurityConfiguration.Default- Parameters:
workspaceName- The name of the workspace.- Returns:
- A list of commit hooks.
-
getValidators
@NotNull public @NotNull List<? extends ValidatorProvider> getValidators(@NotNull @NotNull String workspaceName, @NotNull @NotNull Set<Principal> principals, @NotNull @NotNull MoveTracker moveTracker) Description copied from interface:SecurityConfigurationReturns the list of validators that need to be executed for the specified workspace name.- Specified by:
getValidatorsin interfaceSecurityConfiguration- Overrides:
getValidatorsin classSecurityConfiguration.Default- Parameters:
workspaceName- The name of the workspace.principals- The set of principals associated with the subject that is committing modifications.moveTracker- The move tracker associated with the commit.- Returns:
- A list of validators.
-
getConflictHandlers
Description copied from interface:SecurityConfigurationReturns the list of conflict handlers available for this security configuration.- Specified by:
getConflictHandlersin interfaceSecurityConfiguration- Overrides:
getConflictHandlersin classSecurityConfiguration.Default- Returns:
- A list of
ThreeWayConflictHandler.
-
getProtectedItemImporters
- Specified by:
getProtectedItemImportersin interfaceSecurityConfiguration- Overrides:
getProtectedItemImportersin classSecurityConfiguration.Default- Returns:
- The list of protected item importers defined by this configuration.
-
getContext
- Specified by:
getContextin interfaceSecurityConfiguration- Overrides:
getContextin classSecurityConfiguration.Default- Returns:
- The context defined by this configuration.
-