Class ReadOnlyAuthorizationConfiguration
- java.lang.Object
-
- org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default
-
- org.apache.jackrabbit.oak.spi.security.ConfigurationBase
-
- org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration
-
- All Implemented Interfaces:
AuthorizationConfiguration,SecurityConfiguration
public final class ReadOnlyAuthorizationConfiguration extends ConfigurationBase implements AuthorizationConfiguration
Read Only Authorization Model
This authorization module forms part of the training material provided by the oak-exercise module and must not be used in a productive environment!Overview
This simplistic authorization model is limited to permission evaluation and doesn't support access control management. The permission evaluation is hardcoded to only allow read access to every single item in the repository (even access control content). All other permissions are denied for every set of principals. There exists a single exception to that rule: For the internalSystemPrincipalpermission evaluation is not enforced by this module i.e. this module is skipped.Intended Usage
This authorization model is intended to be used in 'AND' combination with the default authorization setup defined by Oak (and optionally additional models such as e.g. oak-authorization-cug. It is not intended to be used as standalone model as it would grant full read access to everyone.Limitations
Experimental model for training purpose and not intended for usage in production.Key Features
Access Control Management
Feature Description Supported Privileges all Supports Custom Privileges yes Management by Path not supported Management by Principals not supported Owned Policies None Effective Policies by Path for every path a single effective policy of type NamedAccessControlPolicyEffective Policies by Principals for every set of principals a single effective policy of type NamedAccessControlPolicyPermission Evaluation
Feature Description Supported Permissions all Aggregated Permission Provider yes Representation in the Repository
There exists no dedicated access control or permission content for this authorization model as it doesn't persist any information into the repository.SecurityConfiguration.getContext()therefore returns thedefault.Configuration
This model comes with a single mandatory configurable property: - configurationRanking :CompositeConfiguration.PARAM_RANKING, no default value.Installation Instructions
The following steps are required to install this authorization model in an OSGi based Oak setup.- Upload the oak-exercise bundle
- Edit configuration of 'ReadOnlyAuthorizationConfiguration' specifying the mandatory ranking property
- Edit configuration of
SecurityProviderRegistration- add
org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfigurationto the list of required service IDs - make sure the 'Authorization Composition Type' is set to AND
- add
- Wait for the
SecurityProviderto be successfully registered again.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
SecurityConfiguration.Default
-
-
Field Summary
-
Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
NAME
-
-
Constructor Summary
Constructors Constructor Description ReadOnlyAuthorizationConfiguration()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description @NotNull AccessControlManagergetAccessControlManager(@NotNull Root root, @NotNull NamePathMapper namePathMapper)@NotNull List<? extends CommitHook>getCommitHooks(@NotNull String workspaceName)Returns the list of commit hooks that need to be executed for the specified workspace name.@NotNull List<ThreeWayConflictHandler>getConflictHandlers()Returns the list of conflict handlers available for this security configuration.@NotNull ContextgetContext()@NotNull StringgetName()Returns the name of this security configuration.@NotNull ConfigurationParametersgetParameters()Returns the configuration parameters associated with this security configuration instance.@NotNull PermissionProvidergetPermissionProvider(@NotNull Root root, @NotNull String workspaceName, @NotNull Set<Principal> principals)@NotNull List<ProtectedItemImporter>getProtectedItemImporters()@NotNull RepositoryInitializergetRepositoryInitializer()Returns a repository initializer for this security configuration.@NotNull RestrictionProvidergetRestrictionProvider()@NotNull List<? extends ValidatorProvider>getValidators(@NotNull String workspaceName, @NotNull Set<Principal> principals, @NotNull MoveTracker moveTracker)Returns the list of validators that need to be executed for the specified workspace name.@NotNull WorkspaceInitializergetWorkspaceInitializer()Returns a workspace initializer for this security configuration.-
Methods inherited from class org.apache.jackrabbit.oak.spi.security.ConfigurationBase
getRootProvider, getSecurityProvider, getTreeProvider, setParameters, setRootProvider, setSecurityProvider, setTreeProvider
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration
getMonitors
-
-
-
-
Method Detail
-
getAccessControlManager
@NotNull public @NotNull AccessControlManager getAccessControlManager(@NotNull @NotNull Root root, @NotNull @NotNull NamePathMapper namePathMapper)
- Specified by:
getAccessControlManagerin interfaceAuthorizationConfiguration
-
getRestrictionProvider
@NotNull public @NotNull RestrictionProvider getRestrictionProvider()
- Specified by:
getRestrictionProviderin interfaceAuthorizationConfiguration
-
getPermissionProvider
@NotNull public @NotNull PermissionProvider getPermissionProvider(@NotNull @NotNull Root root, @NotNull @NotNull String workspaceName, @NotNull @NotNull Set<Principal> principals)
- Specified by:
getPermissionProviderin interfaceAuthorizationConfiguration
-
getName
@NotNull public @NotNull String getName()
Description copied from interface:SecurityConfigurationReturns the name of this security configuration.- Specified by:
getNamein interfaceSecurityConfiguration- Overrides:
getNamein classSecurityConfiguration.Default- Returns:
- The name of this configuration.
-
getParameters
@NotNull public @NotNull ConfigurationParameters getParameters()
Description copied from interface:SecurityConfigurationReturns the configuration parameters associated with this security configuration instance. If no parameters are presentConfigurationParameters.EMPTYshould be returned.- Specified by:
getParametersin interfaceSecurityConfiguration- Overrides:
getParametersin classConfigurationBase- Returns:
- The configuration parameters.
-
getWorkspaceInitializer
@NotNull public @NotNull WorkspaceInitializer getWorkspaceInitializer()
Description copied from interface:SecurityConfigurationReturns a workspace initializer for this security configuration. If this configuration doesn't require any specific workspace initializationWorkspaceInitializer.DEFAULTshould be returned.- Specified by:
getWorkspaceInitializerin interfaceSecurityConfiguration- Overrides:
getWorkspaceInitializerin classSecurityConfiguration.Default- Returns:
- An instance of
WorkspaceInitializer.
-
getRepositoryInitializer
@NotNull public @NotNull RepositoryInitializer getRepositoryInitializer()
Description copied from interface:SecurityConfigurationReturns a repository initializer for this security configuration. If this configuration doesn't require any specific repository initializationRepositoryInitializer.DEFAULTshould be returned.- Specified by:
getRepositoryInitializerin interfaceSecurityConfiguration- Overrides:
getRepositoryInitializerin classSecurityConfiguration.Default- Returns:
- An instance of
RepositoryInitializer.
-
getCommitHooks
@NotNull public @NotNull List<? extends CommitHook> getCommitHooks(@NotNull @NotNull String workspaceName)
Description copied from interface:SecurityConfigurationReturns the list of commit hooks that need to be executed for the specified workspace name.- Specified by:
getCommitHooksin interfaceSecurityConfiguration- Overrides:
getCommitHooksin classSecurityConfiguration.Default- Parameters:
workspaceName- The name of the workspace.- Returns:
- A list of commit hooks.
-
getValidators
@NotNull public @NotNull List<? extends ValidatorProvider> getValidators(@NotNull @NotNull String workspaceName, @NotNull @NotNull Set<Principal> principals, @NotNull @NotNull MoveTracker moveTracker)
Description copied from interface:SecurityConfigurationReturns the list of validators that need to be executed for the specified workspace name.- Specified by:
getValidatorsin interfaceSecurityConfiguration- Overrides:
getValidatorsin classSecurityConfiguration.Default- Parameters:
workspaceName- The name of the workspace.principals- The set of principals associated with the subject that is committing modifications.moveTracker- The move tracker associated with the commit.- Returns:
- A list of validators.
-
getConflictHandlers
@NotNull public @NotNull List<ThreeWayConflictHandler> getConflictHandlers()
Description copied from interface:SecurityConfigurationReturns the list of conflict handlers available for this security configuration.- Specified by:
getConflictHandlersin interfaceSecurityConfiguration- Overrides:
getConflictHandlersin classSecurityConfiguration.Default- Returns:
- A list of
ThreeWayConflictHandler.
-
getProtectedItemImporters
@NotNull public @NotNull List<ProtectedItemImporter> getProtectedItemImporters()
- Specified by:
getProtectedItemImportersin interfaceSecurityConfiguration- Overrides:
getProtectedItemImportersin classSecurityConfiguration.Default- Returns:
- The list of protected item importers defined by this configuration.
-
getContext
@NotNull public @NotNull Context getContext()
- Specified by:
getContextin interfaceSecurityConfiguration- Overrides:
getContextin classSecurityConfiguration.Default- Returns:
- The context defined by this configuration.
-
-