org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal

Class ExternalPrincipalConfiguration

java.lang.Object

org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default

org.apache.jackrabbit.oak.spi.security.ConfigurationBase

org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration

All Implemented Interfaces:

PrincipalConfiguration, SecurityConfiguration

@Service(value={PrincipalConfiguration.class,SecurityConfiguration.class})
 @Property(name="protectExternalId",label="External Identity Protection",description="If disabled rep:externalId properties won\'t be properly protected (backwards compatible behavior). NOTE: for security reasons it is strongly recommend to keep the protection enabled!",boolValue=true) @Property(name="oak.security.name",propertyPrivate=true,value="org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration")
public class ExternalPrincipalConfiguration
extends ConfigurationBase
implements PrincipalConfiguration

Implementation of the PrincipalConfiguration interface that provides principal management for Group principals associated with external identities managed outside of the scope of the repository by an ExternalIdentityProvider.

Since:

Oak 1.5.3

See Also:

OAK-4101

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration

SecurityConfiguration.Default

Field Summary

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration

NAME

Constructor Summary

Constructors

Constructor and Description
ExternalPrincipalConfiguration()
ExternalPrincipalConfiguration(SecurityProvider securityProvider)

Method Summary

Modifier and Type	Method and Description
String	getName() Returns the name of this security configuration.
PrincipalManager	getPrincipalManager(Root root, NamePathMapper namePathMapper) Returns an instance of PrincipalManager that can be used to query and retrieve principals such as needed for JCR access control management.
PrincipalProvider	getPrincipalProvider(Root root, NamePathMapper namePathMapper) Returns an instance of the OAK PrincipalProvider.
List<ProtectedItemImporter>	getProtectedItemImporters()
RepositoryInitializer	getRepositoryInitializer() Returns a repository initializer for this security configuration.
List<? extends ValidatorProvider>	getValidators(String workspaceName, Set<Principal> principals, MoveTracker moveTracker) Returns the list of validators that need to be executed for the specified workspace name.

Methods inherited from class org.apache.jackrabbit.oak.spi.security.ConfigurationBase

getParameters, getRootProvider, getSecurityProvider, getTreeProvider, setParameters, setRootProvider, setSecurityProvider, setTreeProvider

Methods inherited from class org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default

getCommitHooks, getConflictHandlers, getContext, getWorkspaceInitializer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration

getCommitHooks, getConflictHandlers, getContext, getParameters, getWorkspaceInitializer

Constructor Detail

ExternalPrincipalConfiguration

public ExternalPrincipalConfiguration()

ExternalPrincipalConfiguration

public ExternalPrincipalConfiguration(SecurityProvider securityProvider)

Method Detail

getPrincipalManager

@Nonnull
public PrincipalManager getPrincipalManager(Root root,
                                                      NamePathMapper namePathMapper)

Description copied from interface: PrincipalConfiguration

Returns an instance of PrincipalManager that can be used to query and retrieve principals such as needed for JCR access control management.

Specified by:

getPrincipalManager in interface PrincipalConfiguration

Parameters:

root - The target root.

namePathMapper - The NamePathMapper to be used.

Returns:

An instance of PrincipalManager.

See Also:

JackrabbitSession.getPrincipalManager()

getPrincipalProvider

@Nonnull
public PrincipalProvider getPrincipalProvider(Root root,
                                                        NamePathMapper namePathMapper)

Description copied from interface: PrincipalConfiguration

Returns an instance of the OAK PrincipalProvider.

Backwards compatibility with Jackrabbit 2.x

Configuration of Principal Providers

In Jackrabbit 2.x the configuration of principal providers was tied to the LoginModule configuration and thus mixing authentication concerns with the principal management. Since OAK makes the PrincipalProvider a public interface of the SPI, it's configuration goes along with the configuration of the JCR level PrincipalManager. The authentication setup may have access to the principal configuration if the SecurityProvider is made available in the AuthenticationConfiguration.

Multiple Sources for Principals

In Jackrabbit 2.x it was possible to configure multiple principal providers. As of OAK there is only one single principal provider implementation responsible for a given workspace. If principals originate from different sources it is recommended to use the CompositePrincipalProvider to combine the different sources.

Specified by:

getPrincipalProvider in interface PrincipalConfiguration

Parameters:

root - The target Root.

namePathMapper - The NamePathMapper to be used.

Returns:

An instance of PrincipalProvider.

getName

@Nonnull
public String getName()

Description copied from interface: SecurityConfiguration

Returns the name of this security configuration.

Specified by:

getName in interface SecurityConfiguration

Overrides:

getName in class SecurityConfiguration.Default

Returns:

The name of this configuration.

getRepositoryInitializer

@Nonnull
public RepositoryInitializer getRepositoryInitializer()

Description copied from interface: SecurityConfiguration

Returns a repository initializer for this security configuration. If this configuration doesn't require any specific repository initialization RepositoryInitializer.DEFAULT should be returned.

Specified by:

getRepositoryInitializer in interface SecurityConfiguration

Overrides:

getRepositoryInitializer in class SecurityConfiguration.Default

Returns:

An instance of RepositoryInitializer.

getValidators

@Nonnull
public List<? extends ValidatorProvider> getValidators(@Nonnull
                                                                 String workspaceName,
                                                                 @Nonnull
                                                                 Set<Principal> principals,
                                                                 @Nonnull
                                                                 MoveTracker moveTracker)

Description copied from interface: SecurityConfiguration

Returns the list of validators that need to be executed for the specified workspace name.

Specified by:

getValidators in interface SecurityConfiguration

Overrides:

getValidators in class SecurityConfiguration.Default

Parameters:

workspaceName - The name of the workspace.

principals - The set of principals associated with the subject that is committing modifications.

moveTracker - The move tracker associated with the commit.

Returns:

A list of validators.

getProtectedItemImporters

@Nonnull
public List<ProtectedItemImporter> getProtectedItemImporters()

Specified by:

getProtectedItemImporters in interface SecurityConfiguration

Overrides:

getProtectedItemImporters in class SecurityConfiguration.Default

Returns:

The list of protected item importers defined by this configuration.