Class CompositeAuthorizationConfiguration

java.lang.Object
org.apache.jackrabbit.oak.spi.security.CompositeConfiguration<AuthorizationConfiguration>
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration
All Implemented Interfaces:
AuthorizationConfiguration, SecurityConfiguration

public class CompositeAuthorizationConfiguration extends CompositeConfiguration<AuthorizationConfiguration> implements AuthorizationConfiguration
CompositeAuthorizationConfiguration that combines different authorization models. This implementation has the following characteristics:

AccessControlManager

  • This method will return an aggregation of AccessControlManagers in case multiple AuthorizationConfigurations are present (see CompositeAccessControlManager).
  • If the composite only contains a single entry the AccessControlManager of this implementation is return without extra wrapping.
  • If the list of configurations is empty an IllegalStateException is thrown.

PermissionProvider

  • This method will return an aggregation of PermissionProviders in case multiple AuthorizationConfigurations exposing an AggregatedPermissionProvider are present (see CompositePermissionProvider. Note however, that providers not implementing the AggregatedPermissionProvider extension will be ignored.
  • If the composite only contains a single entry the PermissionProvider of this implementation is return without extra wrapping.
  • If the list of configurations is empty an IllegalStateException is thrown.

RestrictionProvider

  • This method will return an aggregation of RestrictionProviders in case multiple AuthorizationConfigurations are present (see CompositeRestrictionProvider).
  • If the composite only contains a single entry the RestrictionProvider of this implementation is return without extra wrapping.
  • If the list of configurations is empty RestrictionProvider.EMPTY is returned.