jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tri...@apache.org
Subject svn commit: r1541294 - in /jackrabbit/site/live/oak/docs: differences_authentication.html known_issues.html overview.html security/ security/permission_eval.html
Date Tue, 12 Nov 2013 22:52:48 GMT
Author: tripod
Date: Tue Nov 12 22:52:48 2013
New Revision: 1541294

URL: http://svn.apache.org/r1541294
Log:
OAK-936: Site checkin for project Oak Documentation-0.11-SNAPSHOT

Added:
    jackrabbit/site/live/oak/docs/security/
    jackrabbit/site/live/oak/docs/security/permission_eval.html
Modified:
    jackrabbit/site/live/oak/docs/differences_authentication.html
    jackrabbit/site/live/oak/docs/known_issues.html
    jackrabbit/site/live/oak/docs/overview.html

Modified: jackrabbit/site/live/oak/docs/differences_authentication.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/differences_authentication.html?rev=1541294&r1=1541293&r2=1541294&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/differences_authentication.html (original)
+++ jackrabbit/site/live/oak/docs/differences_authentication.html Tue Nov 12 22:52:48 2013
@@ -473,6 +473,8 @@ try {
 
 <ul>
   
+<li><tt>TokenConfiguration</tt>: Interface to obtain a <tt>TokenProvider</tt>
instance.</li>
+  
 <li><tt>TokenProvider</tt>: Interface to manage login tokens.</li>
   
 <li><tt>TokenInfo</tt>: Information related to a login token and token
validity.</li>
@@ -491,12 +493,17 @@ try {
 <ul>
   
 <li><tt>getLoginContextProvider</tt> -&gt; configuration of the login
context</li>
+</ul></div>
+<div class="section">
+<h5>TokenConfiguration [10]:<a name="TokenConfiguration_10:"></a></h5>
+
+<ul>
   
-<li><tt>getTokenProvider</tt> -&gt; configuration of the token management
implementation</li>
+<li><tt>getTokenProvider</tt></li>
 </ul></div>
 <div class="section">
 <h5>Utilities<a name="Utilities"></a></h5>
-<p>There also exists a utility class that allows to obtain different <tt>javax.security.auth.login.Configuration</tt>
for the most common setup [10]:</p>
+<p>There also exists a utility class that allows to obtain different <tt>javax.security.auth.login.Configuration</tt>
for the most common setup [11]:</p>
 
 <ul>
   
@@ -527,7 +534,8 @@ try {
 <p>[7] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/</a></p>
 <p>[8] <a class="externalLink" href="http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html">http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html</a></p>
 <p>[9] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java</a></p>
-<p>[10] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationUtil.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationUtil.java</a></p></div></div></div>
+<p>[10] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConfiguration.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConfiguration.java</a></p>
+<p>[11] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationUtil.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationUtil.java</a></p></div></div></div>
                   </div>
             </div>
           </div>

Modified: jackrabbit/site/live/oak/docs/known_issues.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/known_issues.html?rev=1541294&r1=1541293&r2=1541294&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/known_issues.html (original)
+++ jackrabbit/site/live/oak/docs/known_issues.html Tue Nov 12 22:52:48 2013
@@ -239,219 +239,4 @@
                                 
       <li>
     
-                          <a href="use_getting_started.html" title="Getting Started">
-          <i class="none"></i>
-        Getting Started</a>
-            </li>
-                  
-      <li>
-    
-                          <a href="differences.html" title="Differences to Jackrabbit
2">
-          <i class="none"></i>
-        Differences to Jackrabbit 2</a>
-            </li>
-                  
-      <li class="active">
-    
-            <a href="#"><i class="none"></i>Known Issues</a>
-          </li>
-                  
-      <li>
-    
-                          <a href="dos_and_donts.html" title="Dos and don'ts">
-          <i class="none"></i>
-        Dos and don'ts</a>
-            </li>
-                  
-      <li>
-    
-                          <a href="when_things_go_wrong.html" title="When things go wrong">
-          <i class="none"></i>
-        When things go wrong</a>
-            </li>
-                              <li class="nav-header">Developing Oak</li>
-                                
-      <li>
-    
-                          <a href="dev_getting_started.html" title="Getting Started">
-          <i class="none"></i>
-        Getting Started</a>
-            </li>
-                  
-      <li>
-    
-                          <a href="participating.html" title="Participating">
-          <i class="none"></i>
-        Participating</a>
-            </li>
-                  
-      <li>
-    
-                          <a href="apidocs/index.html" title="API docs">
-          <i class="none"></i>
-        API docs</a>
-            </li>
-                              <li class="nav-header">Links</li>
-                                
-      <li>
-    
-                          <a href="http://jackrabbit.apache.org/oak" class="externalLink"
title="Apache Jackrabbit Oak">
-          <i class="none"></i>
-        Apache Jackrabbit Oak</a>
-            </li>
-                  
-      <li>
-    
-                          <a href="http://jackrabbit.apache.org/" class="externalLink"
title="Apache Jackrabbit">
-          <i class="none"></i>
-        Apache Jackrabbit</a>
-            </li>
-            </ul>
-                
-                    
-                
-          <hr class="divider" />
-
-           <div id="poweredBy">
-                   
-    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
-
-    
-    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall"
></div>
-
-                   <div class="clear"></div>
-                            <div class="clear"></div>
-                            <div class="clear"></div>
-                             <a href="http://maven.apache.org/" title="Built by Maven"
class="poweredBy">
-        <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png"
/>
-      </a>
-                  </div>
-          </div>
-        </div>
-        
-                
-        <div id="bodyColumn"  class="span9" >
-                                  
-            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
-   contributor license agreements.  See the NOTICE file distributed with
-   this work for additional information regarding copyright ownership.
-   The ASF licenses this file to You under the Apache License, Version 2.0
-   (the "License"); you may not use this file except in compliance with
-   the License.  You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License. --><h1>Known issues</h1>
-<p>All known issues are listed in the Apache <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK">JIRA</a>.
Changes with respect to Jackrabbit-core are collected in <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-14">OAK-14</a>
and its sub-tasks.</p>
-
-<ul>
-  
-<li>Locking:
-  
-<ul>
-    
-<li>Locking and unlocking of nodes is not implemented yet. You will not see an exception
as long as  the <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-193">TODO</a>-flag
prevents the implementation from  throwing UnsupportedOperationException, but the node <i>will
not</i> be locked.  See <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-150">OAK-150</a></li>
-  </ul></li>
-</ul>
-
-<ul>
-  
-<li>Versioning <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-168">OAK-168</a>:
-  
-<ul>
-    
-<li><tt>VersionHistory#removeVersion()</tt> is not implemented yet</li>
-    
-<li><tt>VersionManager#merge()</tt> is not implemented yet</li>
-    
-<li><tt>VersionManager#restore()</tt> with version-array is not implemented
yet</li>
-    
-<li>Activities are not implemented</li>
-    
-<li>Configurations are not implemented</li>
-  </ul></li>
-</ul>
-
-<ul>
-  
-<li>Query:
-  
-<ul>
-    
-<li>Known issue with OR statements in full text queries  See <a class="externalLink"
href="https://issues.apache.org/jira/browse/OAK-902">OAK-902</a></li>
-  </ul></li>
-</ul>
-
-<ul>
-  
-<li>Workspace Operations:
-  
-<ul>
-    
-<li>Cross workspace operations are not implemented yet  See <a class="externalLink"
href="https://issues.apache.org/jira/browse/OAK-916">OAK-916</a></li>
-    
-<li>Workspace Management (creating/deleting workspaces) is not implemented yet  See
<a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-916">OAK-916</a></li>
-    
-<li><tt>Workspace#copy()</tt> is not properly implemented  See <a class="externalLink"
href="https://issues.apache.org/jira/browse/OAK-917">OAK-917</a> and sub tasks
-    
-<ul>
-      
-<li>copy of versionable nodes does not create new version history  See <a class="externalLink"
href="https://issues.apache.org/jira/browse/OAK-918">OAK-918</a></li>
-      
-<li>copy of locked nodes does not remove the lock  See <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-919">OAK-919</a></li>
-      
-<li>copy of trees with limited read access  See <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-920">OAK-920</a></li>
-    </ul></li>
-  </ul></li>
-</ul>
-
-<ul>
-  
-<li>Access Control Management and Permissions:
-  
-<ul>
-    
-<li>Move operations are not properly handled wrt. permissions  See <a class="externalLink"
href="https://issues.apache.org/jira/browse/OAK-710">OAK-710</a></li>
-  </ul></li>
-</ul>
-
-<ul>
-  
-<li>User Management:
-  
-<ul>
-    
-<li>Group membership stored in tree structure is not yet implemented  See <a class="externalLink"
href="https://issues.apache.org/jira/browse/OAK-482">OAK-482</a></li>
-  </ul></li>
-</ul>
-<p>In some cases Oak throws Runtime exceptions instead of a properly typed exception.
We are working on correcting this. Please do not work around this by adapting catch clauses
in your application.</p>
-                  </div>
-            </div>
-          </div>
-
-    <hr/>
-
-    <footer>
-            <div class="container-fluid">
-              <div class="row span12">Copyright &copy;                    2012-2013
-                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
-            All Rights Reserved.      
-                    
-      </div>
-
-        
-        
-          
-    
-    
-    <div id="ohloh" class="pull-right">
-      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
-    </div>
-        </div>
-    </footer>
-  </body>
-</html>
\ No newline at end of file
+                          <a href="use_getting_started.h
\ No newline at end of file

Modified: jackrabbit/site/live/oak/docs/overview.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/overview.html?rev=1541294&r1=1541293&r2=1541294&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/overview.html (original)
+++ jackrabbit/site/live/oak/docs/overview.html Tue Nov 12 22:52:48 2013
@@ -371,7 +371,12 @@
   
 <li>Search and indexing</li>
   
-<li>Security</li>
+<li>Security
+  
+<ul>
+    
+<li><a href="security/permission_eval.html">Permission Evaluation</a></li>
+  </ul></li>
   
 <li><a class="externalLink" href="https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/README.md">Oak
Core</a></li>
   

Added: jackrabbit/site/live/oak/docs/security/permission_eval.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/permission_eval.html?rev=1541294&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/security/permission_eval.html (added)
+++ jackrabbit/site/live/oak/docs/security/permission_eval.html Tue Nov 12 22:52:48 2013
@@ -0,0 +1,422 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2013-11-12
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20131112" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - </title>
+    <link rel="stylesheet" href="../css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="../css/site.css" />
+    <link rel="stylesheet" href="../css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="../js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../index.html"  title="Jackrabbit Oak">Jackrabbit
Oak</a>
+</li>
+                  
+                      <li>      <a href="../license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="../downloads.html"  title="Downloads">Downloads</a>
+</li>
+                  
+                      <li>      <a href="../from_here.html"  title="From here">From
here</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and architecture
<b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="../nodestate.html"  title="Understanding
the node state model">Understanding the node state model</a>
+</li>
+                  
+                      <li>      <a href="../microkernel.html"  title="Microkernel">Microkernel</a>
+</li>
+                  
+                      <li>      <a href="../query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="../blobstore.html"  title="BlobStore">BlobStore</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b
class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../use_getting_started.html"  title="Getting
Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../differences.html"  title="Differences
to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="../known_issues.html"  title="Known Issues">Known
Issues</a>
+</li>
+                  
+                      <li>      <a href="../dos_and_donts.html"  title="Dos and
don'ts">Dos and don'ts</a>
+</li>
+                  
+                      <li>      <a href="../when_things_go_wrong.html"  title="When
things go wrong">When things go wrong</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b
class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../dev_getting_started.html"  title="Getting
Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="../apidocs/index.html"  title="API docs">API
docs</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache
Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache
Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2013-11-12</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version:
0.11-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="../index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../from_here.html" title="From here">
+          <i class="none"></i>
+        From here</a>
+            </li>
+                              <li class="nav-header">Concepts and architecture</li>
+                                
+      <li>
+    
+                          <a href="../overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../nodestate.html" title="Understanding the node state
model">
+          <i class="none"></i>
+        Understanding the node state model</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../microkernel.html" title="Microkernel">
+          <i class="none"></i>
+        Microkernel</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../blobstore.html" title="BlobStore">
+          <i class="none"></i>
+        BlobStore</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="../use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../differences.html" title="Differences to Jackrabbit
2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../dos_and_donts.html" title="Dos and don'ts">
+          <i class="none"></i>
+        Dos and don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../when_things_go_wrong.html" title="When things go
wrong">
+          <i class="none"></i>
+        When things go wrong</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="../dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../apidocs/index.html" title="API docs">
+          <i class="none"></i>
+        API docs</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink"
title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink"
title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall"
></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven"
class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png"
/>
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <h1>The Oak Security Layer</h1>
+<div class="section">
+<h2>Internals of Permission Evaluation<a name="Internals_of_Permission_Evaluation"></a></h2>
+<div class="section">
+<h3>What happens on <tt>session.getNode(&quot;/foo&quot;).getProperty(&quot;jar:title&quot;).getString()</tt>
in respect to access control?<a name="What_happens_on_session.getNodefoo.getPropertyjar:title.getString_in_respect_to_access_control"></a></h3>
+
+<ol style="list-style-type: decimal">
+  
+<li>
+<p><tt>SessionImpl.getNode()</tt> internally calls <tt>SessionDelegate.getNode()</tt>
 which calls <tt>Root.getTree()</tt> which calls <tt>Tree.getTree()</tt>
on the root tree.  This creates a bunch of linked <tt>MutableTree</tt> objects.</p></li>
+  
+<li>
+<p>The session delegate then checks if the tree really exists, by calling <tt>Tree.exists()</tt>
 which then calls <tt>NodeBuilder.exists()</tt>.</p></li>
+  
+<li>
+<p>If the session performing the operation is an <i>admin</i> session,
then the node builder from  the persistence layer is directly used. In all other cases, the
original node builder  is wrapped by a <tt>SecureNodeBuilder</tt>. The <tt>SecureNodeBuilder</tt>
performs access control  checks before delegating the calls to the delegated builder.</p></li>
+  
+<li>
+<p>For non <i>admin</i> sessions the <tt>SecureNodeBuilder</tt>
fetches its <i>tree permissions</i> via  <tt>getTreePermissions()</tt>
(See <a href="#getTreePermissions">below</a> of how this works) and then  calls
<tt>TreePermission.canRead()</tt>. This method (signature with no arguments) checks
the  <tt>READ_NODE</tt> permission for normal trees (as in this example) or the
<tt>READ_ACCESS_CONTROL</tt>  permission on <i>AC trees</i> [^1] and
stores the result in the <tt>ReadStatus</tt>.</p>
+<p>For that an iterator of the <i>permission entries</i> is <a href="#getEntrtyIterator">retrieved</a>
which  provides all the relevant permission entries needed to be evaluated for this tree (and
 <i>subject</i>). </p></li>
+  
+<li>
+<p>The <i>permission entries</i> are analyzed if they include the respective
permission and if so,  the read status is set accordingly. Note that the sequence of the permission
entries from  the iterator is already in the correct order for this kind of evaluation. this
is ensured  by the way how they are stored in the <a href="#permissionStore">permission
store</a> and how they  are feed into the iterator.</p>
+<p>The iteration also detects if the evaluated permission entries cover <i>this</i>
node and all  its properties. If this is the case, subsequent calls that evaluate the property
read  permissions would then not need to do the same iteration again. In order to detect this,
 the iteration checks if a non-matching permission entry or privilege was skipped  and eventually
sets the respective flag in the <tt>ReadStatus</tt>. This flag indicates if the
 present permission entries are sufficient to tell if the session is allowed to read  <i>this</i>
node and all its properties. If there are more entries present than the ones needed  for evaluating
the <tt>READ_NODE</tt> permission, then it&#x2019;s ambiguous to determine
if all  properties can be read. </p></li>
+  
+<li>
+<p>Once the <tt>ReadStatus</tt> is calculated (or was calculated earlier)
the <tt>canRead()</tt> method  returns <tt>ReadStatus.allowsThis()</tt>
which specifies if <i>this</i> node is allowed to be read.</p></li>
+  
+<li>
+<p>next up: getProperty() (WIP)</p></li>
+</ol>
+<p>[^1]: AC trees are usually the <tt>rep:policy</tt> subtrees of access
controlled nodes.</p></div>
+<div class="section">
+<h3>A Shortcut for evaluating read access: <i>readable tree configuration</i><a
name="A_Shortcut_for_evaluating_read_access:_readable_tree_configuration"></a></h3>
+
+<ol style="list-style-type: decimal">
+  
+<li>&#x2026;.</li>
+</ol></div>
+<div class="section">
+<h3><a name="getTreePermissions"></a> How does the <tt>SecureNodeBuilder</tt>
obtain his <i>tree permissions</i> ?<a name="How_does_the_SecureNodeBuilder_obtain_his_tree_permissions_"></a></h3>
+
+<ol style="list-style-type: decimal">
+  
+<li>&#x2026;</li>
+</ol></div>
+<div class="section">
+<h3><a name="getEntryIterator"></a> How does the <tt>TreePermission</tt>
obtain the permission entry iterator?<a name="How_does_the_TreePermission_obtain_the_permission_entry_iterator"></a></h3>
+
+<ol style="list-style-type: decimal">
+  
+<li>&#x2026;</li>
+</ol></div>
+<div class="section">
+<h3><a name="permissionStore"></a> How are the access control entries preprocessed
and stored in the permission store?<a name="How_are_the_access_control_entries_preprocessed_and_stored_in_the_permission_store"></a></h3>
+
+<ol style="list-style-type: decimal">
+  
+<li>&#x2026;.</li>
+</ol></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2013
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file



Mime
View raw message