Package org.apache.jackrabbit.oak.spi.security.authentication.external.impl

Interface ExternalIdentityConstants

public interface ExternalIdentityConstants

Constants used by the external identity management.

Since:

Oak 1.5.3

Field Summary

Fields

Modifier and Type	Field	Description
static boolean	DEFAULT_PROTECT_EXTERNAL_IDS	Default value for PARAM_PROTECT_EXTERNAL_IDS.
static String	PARAM_PROTECT_EXTERNAL_IDENTITIES	Configuration parameter to enable special protection of external users and groups and the subtrees they define.
static String	PARAM_PROTECT_EXTERNAL_IDS	Configuration parameter to enable special protection of external IDs
static String	PARAM_SYSTEM_PRINCIPAL_NAMES	Configuration parameter to define names of SystemUserPrincipals that should be excluded from the protection verification for any of the RESERVED_PROPERTY_NAMES in addition to the built in system principal.
static String	REP_EXTERNAL_ID	Name of the property storing the external identifier.
static String	REP_EXTERNAL_PRINCIPAL_NAMES	Name of the property storing the principal names of the external groups a given external identity (user) is member.
static String	REP_LAST_DYNAMIC_SYNC	Name of the property storing the date of the last synchronization of the dynamic membership of an external user together with REP_EXTERNAL_PRINCIPAL_NAMES.
static String	REP_LAST_SYNCED	Name of the property storing the date of the last synchronization of an external identity.
static Set<String>	RESERVED_PROPERTY_NAMES	The set of served property names defined by this interface.
static String	VALUE_PROTECT_EXTERNAL_IDENTITIES_NONE	Default value for the PARAM_PROTECT_EXTERNAL_IDENTITIES configuration option that doesn't enforce any protection (backwards compatible behavior).
static String	VALUE_PROTECT_EXTERNAL_IDENTITIES_PROTECTED	Value for the PARAM_PROTECT_EXTERNAL_IDENTITIES configuration option that will enforce protection of synchronized external identities.
static String	VALUE_PROTECT_EXTERNAL_IDENTITIES_WARN	Value for the PARAM_PROTECT_EXTERNAL_IDENTITIES configuration option that will log warnings upon modification synchronized external users/groups but doesn't enforce the protection.

Field Detail

REP_EXTERNAL_ID

static final String REP_EXTERNAL_ID

Name of the property storing the external identifier. This property is of type Type.STRING and mandatory for external identities that have been synchronized into the repository.

See Also:

DefaultSyncContext.REP_EXTERNAL_ID, Constant Field Values

REP_LAST_SYNCED

static final String REP_LAST_SYNCED

Name of the property storing the date of the last synchronization of an external identity. This property is of type Type.DATE

See Also:

DefaultSyncContext.REP_LAST_SYNCED, Constant Field Values

REP_EXTERNAL_PRINCIPAL_NAMES

static final String REP_EXTERNAL_PRINCIPAL_NAMES

Name of the property storing the principal names of the external groups a given external identity (user) is member. Not that the set depends on the configured nesting depth. The existence of this property is optional and will only be created if DefaultSyncConfig.User.getDynamicMembership() is turned on. This property is of type Type.STRINGS. Please note, that for security reasons is system maintained and protected on the Oak level and cannot be manipulated by regular ContentSession objects irrespective of the effective permissions.

See Also:

Constant Field Values

REP_LAST_DYNAMIC_SYNC

static final String REP_LAST_DYNAMIC_SYNC

Name of the property storing the date of the last synchronization of the dynamic membership of an external user together with REP_EXTERNAL_PRINCIPAL_NAMES. This property is of type Type.DATE.

See Also:

OAK-10517, Constant Field Values

RESERVED_PROPERTY_NAMES

static final Set<String> RESERVED_PROPERTY_NAMES

The set of served property names defined by this interface.

PARAM_PROTECT_EXTERNAL_IDS

static final String PARAM_PROTECT_EXTERNAL_IDS

Configuration parameter to enable special protection of external IDs

See Also:

OAK-4301, Constant Field Values

DEFAULT_PROTECT_EXTERNAL_IDS

static final boolean DEFAULT_PROTECT_EXTERNAL_IDS

Default value for PARAM_PROTECT_EXTERNAL_IDS.

See Also:

Constant Field Values

PARAM_PROTECT_EXTERNAL_IDENTITIES

static final String PARAM_PROTECT_EXTERNAL_IDENTITIES

Configuration parameter to enable special protection of external users and groups and the subtrees they define.

See Also:

OAK-9799, Constant Field Values

VALUE_PROTECT_EXTERNAL_IDENTITIES_NONE

static final String VALUE_PROTECT_EXTERNAL_IDENTITIES_NONE

Default value for the PARAM_PROTECT_EXTERNAL_IDENTITIES configuration option that doesn't enforce any protection (backwards compatible behavior).

See Also:

Constant Field Values

VALUE_PROTECT_EXTERNAL_IDENTITIES_WARN

static final String VALUE_PROTECT_EXTERNAL_IDENTITIES_WARN

Value for the PARAM_PROTECT_EXTERNAL_IDENTITIES configuration option that will log warnings upon modification synchronized external users/groups but doesn't enforce the protection.

See Also:

Constant Field Values

VALUE_PROTECT_EXTERNAL_IDENTITIES_PROTECTED

static final String VALUE_PROTECT_EXTERNAL_IDENTITIES_PROTECTED

Value for the PARAM_PROTECT_EXTERNAL_IDENTITIES configuration option that will enforce protection of synchronized external identities.

See Also:

Constant Field Values

PARAM_SYSTEM_PRINCIPAL_NAMES

static final String PARAM_SYSTEM_PRINCIPAL_NAMES

Configuration parameter to define names of SystemUserPrincipals that should be excluded from the protection verification for any of the RESERVED_PROPERTY_NAMES in addition to the built in system principal.

See Also:

OAK-9663, Constant Field Values