Package org.apache.jackrabbit.oak.spi.security.authorization.permission

Interface PermissionConstants

    • Field Detail

      • NT_REP_PERMISSION_STORE

        static final java.lang.String NT_REP_PERMISSION_STORE
        See Also:
        Constant Field Values

      • REP_PERMISSION_STORE

        static final java.lang.String REP_PERMISSION_STORE
        See Also:
        Constant Field Values

      • PERMISSIONS_STORE_PATH

        static final java.lang.String PERMISSIONS_STORE_PATH
        See Also:
        Constant Field Values

      • REP_ACCESS_CONTROLLED_PATH

        static final java.lang.String REP_ACCESS_CONTROLLED_PATH
        See Also:
        Constant Field Values

      • PERMISSION_NODETYPE_NAMES

        static final java.util.Set<java.lang.String> PERMISSION_NODETYPE_NAMES

      • PERMISSION_NODE_NAMES

        static final java.util.Set<java.lang.String> PERMISSION_NODE_NAMES

      • PERMISSION_PROPERTY_NAMES

        static final java.util.Set<java.lang.String> PERMISSION_PROPERTY_NAMES

      • PARAM_PERMISSIONS_JR2

        static final java.lang.String PARAM_PERMISSIONS_JR2
        Configuration parameter to enforce backwards compatible permission validation with respect to user management and node removal:
        • User Management: As of OAK 1.0 creation/removal of user and groups as well as modification of user/group specific protected properties requires USER_MANAGEMENT permissions while in Jackrabbit 2.0 they were covered by regular item write permissions.
        • Removing Nodes: As of OAK 1.0 removing a node will succeed if the removal is granted on that specific node irrespective of the permission granted or denied within the subtree. This contrasts to JR 2.0 where removal of a node only succeeded if all child items (nodes and properties) could be removed.
        In order to enforce backwards compatible behavior of the listed permissions above the access control configuration setup needs to contain the #PARAM_PERMISSIONS_JR2 configuration parameter whose value is expected to be a comma separated string of permission names for which backwards compatible behavior should be turned on.

        Currently the following values are respected:

        • "USER_MANAGEMENT" : to avoid enforcing Permissions.USER_MANAGEMENT permission.
        • "REMOVE_NODE" : to enforce permission checks for all items located in the subtree in case of removal.
        Since:
        OAK 1.0
        See Also:
        Constant Field Values

      • VALUE_PERMISSIONS_JR2

        static final java.lang.String VALUE_PERMISSIONS_JR2
        Value of the PARAM_PERMISSIONS_JR2 configuration parameter that contains all value entries.

      • PARAM_ADMINISTRATIVE_PRINCIPALS

        static final java.lang.String PARAM_ADMINISTRATIVE_PRINCIPALS
        Configuration parameter specifying additional principals that should be treated as 'administrator' thus get granted full permissions on the complete repository content.
        Since:
        OAK 1.0
        See Also:
        Constant Field Values

      • PARAM_READ_PATHS

        static final java.lang.String PARAM_READ_PATHS
        Configuration parameter to enable full read access to regular nodes and properties at the specified paths.
        Since:
        OAK 1.0
        See Also:
        Constant Field Values

      • DEFAULT_READ_PATHS

        static final java.util.Set<java.lang.String> DEFAULT_READ_PATHS
        Default value for the PARAM_READ_PATHS configuration parameter.
        Since:
        OAK 1.0