org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal

Class ExternalPrincipalConfiguration

java.lang.Object

org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default

org.apache.jackrabbit.oak.spi.security.ConfigurationBase

org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration

All Implemented Interfaces:

PrincipalConfiguration, SecurityConfiguration

@Service(value={PrincipalConfiguration.class,SecurityConfiguration.class})
 @Property(name="protectExternalId",label="External Identity Protection",description="If disabled rep:externalId properties won\'t be properly protected (backwards compatible behavior). NOTE: for security reasons it is strongly recommend to keep the protection enabled!",boolValue=true) @Property(name="oak.security.name",propertyPrivate=true,value="org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration")
public class ExternalPrincipalConfiguration
extends ConfigurationBase
implements PrincipalConfiguration

Implementation of the PrincipalConfiguration interface that provides principal management for Group principals associated with external identities managed outside of the scope of the repository by an ExternalIdentityProvider.

Since:

Oak 1.5.3

See Also:

OAK-4101

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration

SecurityConfiguration.Default

Field Summary

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration

NAME

Constructor Summary

Constructors

Constructor and Description
ExternalPrincipalConfiguration()
ExternalPrincipalConfiguration(SecurityProvider securityProvider)

Method Summary

Modifier and Type	Method and Description
@NotNull List<ThreeWayConflictHandler>	getConflictHandlers() Returns the list of conflict handlers available for this security configuration.
@NotNull String	getName() Returns the name of this security configuration.
@NotNull org.apache.jackrabbit.api.security.principal.PrincipalManager	getPrincipalManager(Root root, NamePathMapper namePathMapper) Returns an instance of PrincipalManager that can be used to query and retrieve principals such as needed for JCR access control management.
@NotNull PrincipalProvider	getPrincipalProvider(Root root, NamePathMapper namePathMapper) Returns an instance of the OAK PrincipalProvider.
@NotNull List<ProtectedItemImporter>	getProtectedItemImporters()
@NotNull RepositoryInitializer	getRepositoryInitializer() Returns a repository initializer for this security configuration.
@NotNull List<? extends ValidatorProvider>	getValidators(@NotNull String workspaceName, @NotNull Set<Principal> principals, @NotNull MoveTracker moveTracker) Returns the list of validators that need to be executed for the specified workspace name.

Methods inherited from class org.apache.jackrabbit.oak.spi.security.ConfigurationBase

getParameters, getRootProvider, getSecurityProvider, getTreeProvider, setParameters, setRootProvider, setSecurityProvider, setTreeProvider

Methods inherited from class org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.Default

getCommitHooks, getContext, getWorkspaceInitializer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration

getCommitHooks, getContext, getParameters, getWorkspaceInitializer

Constructor Detail

ExternalPrincipalConfiguration

public ExternalPrincipalConfiguration()

ExternalPrincipalConfiguration

public ExternalPrincipalConfiguration(SecurityProvider securityProvider)

Method Detail

getPrincipalManager

@NotNull
public @NotNull org.apache.jackrabbit.api.security.principal.PrincipalManager getPrincipalManager(Root root,
                                                                                                           NamePathMapper namePathMapper)

Description copied from interface: PrincipalConfiguration

Returns an instance of PrincipalManager that can be used to query and retrieve principals such as needed for JCR access control management.

Specified by:

getPrincipalManager in interface PrincipalConfiguration

Parameters:

root - The target root.

namePathMapper - The NamePathMapper to be used.

Returns:

An instance of PrincipalManager.

See Also:

JackrabbitSession.getPrincipalManager()

getPrincipalProvider

@NotNull
public @NotNull PrincipalProvider getPrincipalProvider(Root root,
                                                                NamePathMapper namePathMapper)

Description copied from interface: PrincipalConfiguration

Returns an instance of the OAK PrincipalProvider.

Backwards compatibility with Jackrabbit 2.x

Configuration of Principal Providers

In Jackrabbit 2.x the configuration of principal providers was tied to the LoginModule configuration and thus mixing authentication concerns with the principal management. Since OAK makes the PrincipalProvider a public interface of the SPI, it's configuration goes along with the configuration of the JCR level PrincipalManager. The authentication setup may have access to the principal configuration if the SecurityProvider is made available in the AuthenticationConfiguration.

Multiple Sources for Principals

In Jackrabbit 2.x it was possible to configure multiple principal providers. As of OAK there is only one single principal provider implementation responsible for a given workspace. If principals originate from different sources it is recommended to use the CompositePrincipalProvider to combine the different sources.

Specified by:

getPrincipalProvider in interface PrincipalConfiguration

Parameters:

root - The target Root.

namePathMapper - The NamePathMapper to be used.

Returns:

An instance of PrincipalProvider.

getName

@NotNull
public @NotNull String getName()

Description copied from interface: SecurityConfiguration

Returns the name of this security configuration.

Specified by:

getName in interface SecurityConfiguration

Overrides:

getName in class SecurityConfiguration.Default

Returns:

The name of this configuration.

getRepositoryInitializer

@NotNull
public @NotNull RepositoryInitializer getRepositoryInitializer()

Description copied from interface: SecurityConfiguration

Returns a repository initializer for this security configuration. If this configuration doesn't require any specific repository initialization RepositoryInitializer.DEFAULT should be returned.

Specified by:

getRepositoryInitializer in interface SecurityConfiguration

Overrides:

getRepositoryInitializer in class SecurityConfiguration.Default

Returns:

An instance of RepositoryInitializer.

getValidators

@NotNull
public @NotNull List<? extends ValidatorProvider> getValidators(@NotNull
                                                                         @NotNull String workspaceName,
                                                                         @NotNull
                                                                         @NotNull Set<Principal> principals,
                                                                         @NotNull
                                                                         @NotNull MoveTracker moveTracker)

Description copied from interface: SecurityConfiguration

Returns the list of validators that need to be executed for the specified workspace name.

Specified by:

getValidators in interface SecurityConfiguration

Overrides:

getValidators in class SecurityConfiguration.Default

Parameters:

workspaceName - The name of the workspace.

principals - The set of principals associated with the subject that is committing modifications.

moveTracker - The move tracker associated with the commit.

Returns:

A list of validators.

getProtectedItemImporters

@NotNull
public @NotNull List<ProtectedItemImporter> getProtectedItemImporters()

Specified by:

getProtectedItemImporters in interface SecurityConfiguration

Overrides:

getProtectedItemImporters in class SecurityConfiguration.Default

Returns:

The list of protected item importers defined by this configuration.

getConflictHandlers

@NotNull
public @NotNull List<ThreeWayConflictHandler> getConflictHandlers()

Description copied from interface: SecurityConfiguration

Returns the list of conflict handlers available for this security configuration.

Specified by:

getConflictHandlers in interface SecurityConfiguration

Overrides:

getConflictHandlers in class SecurityConfiguration.Default

Returns:

A list of ThreeWayConflictHandler.