Jackrabbit Oak – Multiplexing support in the PermissionStore

Multiplexing support in the PermissionStore

General Notes

Multiplexing support is implemented as a composite PermissionProvider made of the default workspace provider and the existing mounts. This is available since Oak 1.7.3 OAK-3777.

PermissionStore Evaluation (reading)

Given the following mount setup

private
    - /libs
    - /apps
default
    - /

In above setup nodes under /apps and /libs (include apps and libs) are part of “private” mount (mount name is “private”) and all other paths are part of default mount. A dedicated PermissionStore will be created under oak:mount-private-default that contains information relevant to this specific mount.

/jcr:system/rep:permissionStore
    + oak:mount-private-default
        + editor //principal name
            + 1345610890 (rep:PermissionStore) //path hash
                - rep:accessControlledPath = /libs
                    + 0
                      - rep:isAllow = false
                      - rep:privileges = [1279]
    + default  //workspace name
        + editor //principal name
            + 1227964008 (rep:PermissionStore) //path hash
                - rep:accessControlledPath = /content
                    + 0
                      - rep:isAllow = true
                      - rep:privileges = [1279]

PermissionStore updates (writing)

The PermissionHook is now mount-aware and will delegate changes to specific path to their designated components based on path.