jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mdue...@apache.org
Subject svn commit: r1594576 [4/8] - in /jackrabbit/site/live/oak/docs: ./ security/ security/accesscontrol/ security/authentication/ security/permission/ security/principal/ security/privilege/ security/user/
Date Wed, 14 May 2014 13:30:14 GMT
Added: jackrabbit/site/live/oak/docs/security/authentication/differences.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authentication/differences.html?rev=1594576&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authentication/differences.html (added)
+++ jackrabbit/site/live/oak/docs/security/authentication/differences.html Wed May 14 13:30:13 2014
@@ -0,0 +1,492 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2014-05-14
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140514" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - Authentication : Differences wrt Jackrabbit 2.x</title>
+    <link rel="stylesheet" href="../../css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="../../css/site.css" />
+    <link rel="stylesheet" href="../../css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="../../js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="../../license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="../../downloads.html"  title="Downloads">Downloads</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="../../nodestate.html"  title="The node state model">The node state model</a>
+</li>
+                  
+                      <li>      <a href="../../microkernel.html"  title="NodeStore and MicroKernel">NodeStore and MicroKernel</a>
+</li>
+                  
+                      <li>      <a href="../../query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="../../blobstore.html"  title="BlobStore">BlobStore</a>
+</li>
+                  
+                      <li>      <a href="../../security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="../../clustering.html"  title="Clustering">Clustering</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../construct.html"  title="Repository construction">Repository construction</a>
+</li>
+                  
+                      <li>      <a href="../../osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="../../differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="../../known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="../../dos_and_donts.html"  title="Dos and don'ts">Dos and don'ts</a>
+</li>
+                  
+                      <li>      <a href="../../FAQ.html"  title="FAQ">FAQ</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="../../apidocs/index.html"  title="API docs">API docs</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-05-14</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 0.20-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="../../index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                              <li class="nav-header">Concepts and architecture</li>
+                                
+      <li>
+    
+                          <a href="../../overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestate.html" title="The node state model">
+          <i class="none"></i>
+        The node state model</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../microkernel.html" title="NodeStore and MicroKernel">
+          <i class="none"></i>
+        NodeStore and MicroKernel</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../blobstore.html" title="BlobStore">
+          <i class="none"></i>
+        BlobStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="../../use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../construct.html" title="Repository construction">
+          <i class="none"></i>
+        Repository construction</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../dos_and_donts.html" title="Dos and don'ts">
+          <i class="none"></i>
+        Dos and don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../FAQ.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="../../dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../apidocs/index.html" title="API docs">
+          <i class="none"></i>
+        API docs</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<div class="section">
+<h3>Authentication : Differences wrt Jackrabbit 2.x<a name="Authentication_:_Differences_wrt_Jackrabbit_2.x"></a></h3>
+<div class="section">
+<h4>Characteristics of the Default Implementation<a name="Characteristics_of_the_Default_Implementation"></a></h4>
+<div class="section">
+<h5>Null Login<a name="Null_Login"></a></h5>
+<p>As of Oak 1.0 <tt>Repository#login()</tt> and <tt>Repository#login(null, wspName)</tt> is no longer treated as guest login. In order to get backwards compatible behavior, Oak comes with a dedicated <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.html">GuestLoginModule</a> that can be added to the JAAS (or the corresponding OSGI) configuration.</p></div>
+<div class="section">
+<h5>Guest Login<a name="Guest_Login"></a></h5>
+<p>With respect to guest login (aka anonymous login) the Oak content repository out of the box contains the following modifications:</p>
+
+<ul>
+  
+<li>null login != guest login</li>
+  
+<li>special password handling of the anonymous user has been dropped</li>
+  
+<li>the anonymous user by default doesn&#x2019;t have a password set</li>
+</ul></div>
+<div class="section">
+<h5>Pre-Authentication<a name="Pre-Authentication"></a></h5>
+<p>Oak provides two different mechanisms to create pre-authentication that doesn&#x2019;t involve the repositories internal authentication mechanism for credentials validation. See the corresponding section <a href="security/authentication/preauthentication.html">Pre-Authentication</a> for details and examples.</p>
+
+<ul>
+  
+<li>Pre-Authentication combined with Login Module Chain</li>
+  
+<li>Pre-Authentication without Repository Involvement: the <tt>Subject</tt> must be available  with the current <tt>java.security.AccessControlContext</tt>.</li>
+</ul></div></div>
+<div class="section">
+<h4>Impersonation<a name="Impersonation"></a></h4>
+<div class="section">
+<h5>Self-Impersonation (aka Cloning a Session)<a name="Self-Impersonation_aka_Cloning_a_Session"></a></h5>
+<p>As of OAK 1.0 the latest changes made to JSR 333 with respect to <tt>Session#impersonate</tt> have been adopted (<a class="externalLink" href="https://java.net/jira/browse/JSR_333-27">JSR_333-27</a>): Any attempt to impersonate the same session (self-impersonation) will succeed as long as the user is still valid.</p></div>
+<div class="section">
+<h5>Impersonation Credentials<a name="Impersonation_Credentials"></a></h5>
+<p>The OAK implementation of <tt>Session#impersonate</tt> no longer uses <tt>SimpleCredentials</tt> to transport the original <tt>Subject</tt> but rather performs the login with dedicated <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCredentials.html">ImpersonationCredentials</a>.</p>
+<p>This modification will not affect applications that used JCR API to impersonate a given session. However the following example which &#x2018;manually&#x2019; builds impersonation credentials the way jackrabbit core was handling it will <b>no longer work</b> to impersonate an existing session:</p>
+
+<div class="source">
+<pre> org.apache.jackrabbit.core.SessionImpl sImpl = (SessionImpl) mySession;
+ SimpleCredentials jrImpCreds = new SimpleCredentials(&quot;someUserId, new char[0]);
+ creds.setAttribute(SecurityConstants.IMPERSONATOR_ATTRIBUTE, sImpl.getSubject());
+ Session impersonated = sImpl.getRepository().login(jrImpCreds, sImpl.getWorkspace().getName());
+</pre></div>
+<p>Upon migration to Oak such implementation specific code should be refactored to use regular JCR API for impersonation:</p>
+
+<div class="source">
+<pre> // Note: build credentials depends on the auth setup !
+ Credentials impersonationCredentials = new SimpleCredentials(&quot;someUserId, new char[0]);
+ Session impersonated = session.impersonate(impersonationCredentials);
+</pre></div>
+<p>In order to achieve impersonation on the Oak API directly:</p>
+
+<div class="source">
+<pre> ContentRepository contentRepo = ...
+ ContentSession editingSession = ...
+
+ AuthInfo impersonatorInfo = editingSession.getAuthInfo();
+ Credentials credentials = new SimpleCredentials(&quot;someUserId, new char[0]);
+ ImpersonationCredentials impersonationCredentials = new ImpersonationCredentials(credentials, impersonatorInfo);
+ ContentSession impersonated = contentRepo.login(impersonationCredentials, editingSession.getWorkspaceName());
+</pre></div></div></div>
+<div class="section">
+<h4>Token based Authentication<a name="Token_based_Authentication"></a></h4>
+<p>The token based authentication has been completely refactor in Oak as described in section <a href="tokenmanagement.html">Token Management</a>. The default implementation differs from Jackrabbit as follows</p>
+
+<ul>
+  
+<li>token node is created with dedicated node type (rep:Token)</li>
+  
+<li>expiration and key properties are mandatory and protected properties</li>
+  
+<li>expiration time is obtained from <tt>PARAM_TOKEN_EXPIRATION</tt> is defined by  the token management API.</li>
+</ul>
+<p>As far as the token based authentication itself is concerned the Oak implementation contains the following changes compared to Jackrabbit 2.x:</p>
+
+<ul>
+  
+<li>token based authentication is completely separated from regular uid/pw authentication.</li>
+  
+<li>the dedicated <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.html">TokenLoginModule</a> is both responsible for creating new login tokens  performing the the authentication for <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/authentication/token/TokenCredentials.java">TokenCredentials</a> passed to the repository  login. Other login modules should not attempt to do so.</li>
+  
+<li>token characteristics such as expiration time only need to be configured with the  token management API; other <tt>LoginModule</tt> implementations no longer need to have  the same config options set.</li>
+</ul>
+<!-- references --></div></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2014
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file

Added: jackrabbit/site/live/oak/docs/security/authentication/externalloginmodule.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authentication/externalloginmodule.html?rev=1594576&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authentication/externalloginmodule.html (added)
+++ jackrabbit/site/live/oak/docs/security/authentication/externalloginmodule.html Wed May 14 13:30:13 2014
@@ -0,0 +1,518 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2014-05-14
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140514" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - Authentication with the External Login Module</title>
+    <link rel="stylesheet" href="../../css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="../../css/site.css" />
+    <link rel="stylesheet" href="../../css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="../../js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="../../license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="../../downloads.html"  title="Downloads">Downloads</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="../../nodestate.html"  title="The node state model">The node state model</a>
+</li>
+                  
+                      <li>      <a href="../../microkernel.html"  title="NodeStore and MicroKernel">NodeStore and MicroKernel</a>
+</li>
+                  
+                      <li>      <a href="../../query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="../../blobstore.html"  title="BlobStore">BlobStore</a>
+</li>
+                  
+                      <li>      <a href="../../security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="../../clustering.html"  title="Clustering">Clustering</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../construct.html"  title="Repository construction">Repository construction</a>
+</li>
+                  
+                      <li>      <a href="../../osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="../../differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="../../known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="../../dos_and_donts.html"  title="Dos and don'ts">Dos and don'ts</a>
+</li>
+                  
+                      <li>      <a href="../../FAQ.html"  title="FAQ">FAQ</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="../../apidocs/index.html"  title="API docs">API docs</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-05-14</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 0.20-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="../../index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                              <li class="nav-header">Concepts and architecture</li>
+                                
+      <li>
+    
+                          <a href="../../overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestate.html" title="The node state model">
+          <i class="none"></i>
+        The node state model</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../microkernel.html" title="NodeStore and MicroKernel">
+          <i class="none"></i>
+        NodeStore and MicroKernel</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../blobstore.html" title="BlobStore">
+          <i class="none"></i>
+        BlobStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="../../use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../construct.html" title="Repository construction">
+          <i class="none"></i>
+        Repository construction</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../dos_and_donts.html" title="Dos and don'ts">
+          <i class="none"></i>
+        Dos and don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../FAQ.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="../../dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../apidocs/index.html" title="API docs">
+          <i class="none"></i>
+        API docs</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<h2>Authentication with the External Login Module<a name="Authentication_with_the_External_Login_Module"></a></h2>
+<div class="section">
+<h3>Overview<a name="Overview"></a></h3>
+<p>The purpose of the external login module is to provide a base implementation that allows easy integration of 3rd party authentication and identity systems, such as <a href="ldap.html">LDAP</a>. The general mode of the external login module is to use the external system as authentication source and as a provider for users and groups that may also be synchronized into the repository.</p>
+<p>what it does:</p>
+
+<ul>
+  
+<li>facilitate the use of a 3rd party system for authentication</li>
+  
+<li>simplify populating the oak user manager with identities from a 3rd party system</li>
+</ul>
+<p>what it does not:</p>
+
+<ul>
+  
+<li>provide a transparent oak user manager</li>
+  
+<li>provide a transparent oak principal provider.</li>
+  
+<li>offer services for background synchronization of users and groups</li>
+</ul></div>
+<div class="section">
+<h3>Structure<a name="Structure"></a></h3>
+<p>The external identity and login handling is split into 3 parts:</p>
+
+<ul>
+  
+<li><b>External Login Module</b>: LoginModule implementation that represents the connection between JAAS login mechanism, the external identity provider and the synchronization handler.</li>
+  
+<li><b>External Identity Provider</b> (IDP): This is a service implementing the <tt>ExternalIdentityProvider</tt> interface and is responsible to retrieve and authenticate identities towards an external system (e.g. LDAP).</li>
+  
+<li><b>User and Group Synchronization</b>: This is a service implementing the <tt>SyncHandler</tt> interface and is responsible to actually managing the external identities within the Oak user management. A very trivial implementation might just create users and groups for external ones on demand.</li>
+</ul>
+<p>This modularization allows to reuse the same external login module for different combinations of IDPs and synchronization handlers. Although in practice, systems usually have 1 of each.</p>
+<p>An example where multiple such entities come into play would be the case to use several LDAP servers for authentication. Here we would configure 2 LDAP IDPs, 1 Sync handler and 2 ExtLMs.</p>
+<div class="section">
+<h4>External Login Module<a name="External_Login_Module"></a></h4>
+<div class="section">
+<h5>General<a name="General"></a></h5>
+<p>The external login module has 2 main tasks. One is to authenticate credentials against a 3rd party system, the other is to coordinate syncing of the respective users and groups with the JCR repository (via the UserManager).</p>
+<p>If a user needs re-authentication (for example, if the cache validity expired or if the user is not yet present in the local system at all), the login module must check the credentials with the external system during the <tt>login()</tt> method.</p>
+<p>Note:</p>
+
+<ul>
+  
+<li>users (and groups) that are synced from the 3rd party system contain a <tt>rep:externalId</tt> property. This allows to identify the external users and distinguish them from others.</li>
+  
+<li>to reduce expensive syncing, the synced users and groups have sync timestamp <tt>rep:lastSynced</tt> and are considered valid for a configurable time. if they expire, they need to be validated against the 3rd party system again.</li>
+</ul>
+<p>Current this login module supports the following credentials:</p>
+
+<ul>
+  
+<li><tt>SimpleCredentials</tt></li>
+</ul>
+<p>The details of the external authentication are as follows:</p>
+<p><i>Phase 1: Login</i></p>
+
+<ul>
+  
+<li>if the user exists in the repository and is not an externally synced, <b>return <tt>false</tt></b></li>
+  
+<li>if the user exists in the 3rd party system but the credentials don&#x2019;t match it <b>throws <tt>LoginException</tt></b></li>
+  
+<li>if the user exists in the 3rd party system and the credentials match
+  
+<ul>
+    
+<li>put the credentials in the shared and private state</li>
+    
+<li>possibly sync the user</li>
+    
+<li>and <b>returns <tt>true</tt></b></li>
+  </ul></li>
+  
+<li>if the user does not exist in the 3rd party system, checks if it needs to remove the user and then it <b>returns <tt>false</tt></b></li>
+</ul>
+<p><i>Phase 2: Commit</i></p>
+
+<ul>
+  
+<li>if there is no credentials in the private state, it <b>returns <tt>false</tt></b></li>
+  
+<li>if there are credentials in the private state propagate the subject and <b>return <tt>true</tt></b></li>
+</ul></div></div>
+<div class="section">
+<h4>External Identity Provider<a name="External_Identity_Provider"></a></h4>
+<p>The <tt>ExternalLoginModule</tt> is designed to work with a pluggable <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.html">ExternalIdentityProvider</a> implementation that is responsible for validating the authentication request and provide information about the user that is associated with the specified credentials.</p>
+<p>See <a href="identitymanagement.html">External Identity Management</a> for further information regarding the identity management API defined by Oak. Section <a href="ldap.html">LDAP</a> further describes the <tt>LDAPIdentityProvider</tt> implementation shipped with Oak.</p></div>
+<div class="section">
+<h4>User and Group Synchronization<a name="User_and_Group_Synchronization"></a></h4>
+<p>The synchronization of users and groups is triggered by the external login module, after a user is successfully authenticated against the IDP or if it&#x2019;s no longer present on the IDP.</p>
+<p>See section <a href="usersync.html">User Synchronization</a> for further details and a description of the default implementation.</p></div></div>
+<div class="section">
+<h3>Configuration<a name="Configuration"></a></h3>
+<div class="section">
+<h4>Examples<a name="Examples"></a></h4>
+<div class="section">
+<h5>Example JAAS Configuration<a name="Example_JAAS_Configuration"></a></h5>
+<p>The following JAAS configuration shows how the <tt>ExternalLoginModule</tt> could be used in a setup that not solely uses third party login:</p>
+
+<div class="source">
+<pre>jackrabbit.oak {
+     org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule sufficient;
+     org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl sufficient;
+     org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule required
+        sync.handlerName=&quot;default&quot;
+        idp.name=&quot;ldap&quot;;
+ };
+</pre></div>
+<!-- references --></div></div></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2014
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file

Added: jackrabbit/site/live/oak/docs/security/authentication/identitymanagement.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authentication/identitymanagement.html?rev=1594576&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authentication/identitymanagement.html (added)
+++ jackrabbit/site/live/oak/docs/security/authentication/identitymanagement.html Wed May 14 13:30:13 2014
@@ -0,0 +1,419 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2014-05-14
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140514" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - External Identity Management</title>
+    <link rel="stylesheet" href="../../css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="../../css/site.css" />
+    <link rel="stylesheet" href="../../css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="../../js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="../../license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="../../downloads.html"  title="Downloads">Downloads</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="../../nodestate.html"  title="The node state model">The node state model</a>
+</li>
+                  
+                      <li>      <a href="../../microkernel.html"  title="NodeStore and MicroKernel">NodeStore and MicroKernel</a>
+</li>
+                  
+                      <li>      <a href="../../query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="../../blobstore.html"  title="BlobStore">BlobStore</a>
+</li>
+                  
+                      <li>      <a href="../../security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="../../clustering.html"  title="Clustering">Clustering</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../construct.html"  title="Repository construction">Repository construction</a>
+</li>
+                  
+                      <li>      <a href="../../osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="../../differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="../../known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="../../dos_and_donts.html"  title="Dos and don'ts">Dos and don'ts</a>
+</li>
+                  
+                      <li>      <a href="../../FAQ.html"  title="FAQ">FAQ</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="../../apidocs/index.html"  title="API docs">API docs</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-05-14</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 0.20-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="../../index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                              <li class="nav-header">Concepts and architecture</li>
+                                
+      <li>
+    
+                          <a href="../../overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestate.html" title="The node state model">
+          <i class="none"></i>
+        The node state model</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../microkernel.html" title="NodeStore and MicroKernel">
+          <i class="none"></i>
+        NodeStore and MicroKernel</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../blobstore.html" title="BlobStore">
+          <i class="none"></i>
+        BlobStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="../../use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../construct.html" title="Repository construction">
+          <i class="none"></i>
+        Repository construction</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../dos_and_donts.html" title="Dos and don'ts">
+          <i class="none"></i>
+        Dos and don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../FAQ.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="../../dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../apidocs/index.html" title="API docs">
+          <i class="none"></i>
+        API docs</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<h2>External Identity Management<a name="External_Identity_Management"></a></h2>
+<p><i>todo</i></p>
+
+<ul>
+  
+<li>ExternalIdentityProvider</li>
+  
+<li>ExternalIdentity</li>
+  
+<li>ExternalUser</li>
+  
+<li>ExternalGroup</li>
+</ul></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2014
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file

Added: jackrabbit/site/live/oak/docs/security/authentication/ldap.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authentication/ldap.html?rev=1594576&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authentication/ldap.html (added)
+++ jackrabbit/site/live/oak/docs/security/authentication/ldap.html Wed May 14 13:30:13 2014
@@ -0,0 +1,637 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2014-05-14
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140514" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - LDAP Integration</title>
+    <link rel="stylesheet" href="../../css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="../../css/site.css" />
+    <link rel="stylesheet" href="../../css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="../../js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="../../license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="../../downloads.html"  title="Downloads">Downloads</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="../../nodestate.html"  title="The node state model">The node state model</a>
+</li>
+                  
+                      <li>      <a href="../../microkernel.html"  title="NodeStore and MicroKernel">NodeStore and MicroKernel</a>
+</li>
+                  
+                      <li>      <a href="../../query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="../../blobstore.html"  title="BlobStore">BlobStore</a>
+</li>
+                  
+                      <li>      <a href="../../security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="../../clustering.html"  title="Clustering">Clustering</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../construct.html"  title="Repository construction">Repository construction</a>
+</li>
+                  
+                      <li>      <a href="../../osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="../../differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="../../known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="../../dos_and_donts.html"  title="Dos and don'ts">Dos and don'ts</a>
+</li>
+                  
+                      <li>      <a href="../../FAQ.html"  title="FAQ">FAQ</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="../../apidocs/index.html"  title="API docs">API docs</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-05-14</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 0.20-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="../../index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                              <li class="nav-header">Concepts and architecture</li>
+                                
+      <li>
+    
+                          <a href="../../overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestate.html" title="The node state model">
+          <i class="none"></i>
+        The node state model</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../microkernel.html" title="NodeStore and MicroKernel">
+          <i class="none"></i>
+        NodeStore and MicroKernel</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../blobstore.html" title="BlobStore">
+          <i class="none"></i>
+        BlobStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="../../use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../construct.html" title="Repository construction">
+          <i class="none"></i>
+        Repository construction</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../dos_and_donts.html" title="Dos and don'ts">
+          <i class="none"></i>
+        Dos and don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../FAQ.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="../../dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../apidocs/index.html" title="API docs">
+          <i class="none"></i>
+        API docs</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<h2>LDAP Integration<a name="LDAP_Integration"></a></h2>
+<p>Oak comes with a default implementation of an LDAP identity provider that allows perform external authentication against an existing LDAP in combination with user synchronization.</p>
+<p>See section <a href="externalloginmodule.html">External Login Module and User Synchronization</a> for a general overview of the <tt>ExternalLoginModule</tt> and how it can be used in combination with custom identity providers and synchronization handlers.</p>
+<div class="section">
+<h3>Default Setup<a name="Default_Setup"></a></h3>
+<p>Out of the box Oak comes with the following LDAP integration setup:</p>
+
+<ul>
+  
+<li><tt>LdapIdentityProvider</tt>: LDAP specific implementation of the <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.html">ExternalIdentityProvider</a> interface.</li>
+  
+<li><tt>DefaultSyncHandler</tt>: Default implementation of the <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncHandler.html">SyncHandler</a> interface.</li>
+  
+<li><tt>ExternalLoginModule</tt>: Login module implementation that allows for third party authentication as specified by the configured identity provider(s).</li>
+</ul>
+<div class="section">
+<h4>LDAP Identity Provider<a name="LDAP_Identity_Provider"></a></h4>
+<p>The [LdapIdentityProvider] is a service implementing the <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.html">ExternalIdentityProvider</a> interface.</p>
+<p><i>todo combining multiple ldap sources todo</i></p>
+<div class="section">
+<h5>Configuration<a name="Configuration"></a></h5>
+<p>The LDAP IPDs are configured through the <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.html">org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig</a> which is populated either via OSGi or during manual <a href="../construct.html">Repository Construction</a>.</p>
+
+<table border="0" class="table table-striped">
+  <thead>
+    
+<tr class="a">
+      
+<th>Name </th>
+      
+<th>Property </th>
+      
+<th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    
+<tr class="b">
+      
+<td>LDAP Provider Name </td>
+      
+<td><tt>provider.name</tt> </td>
+      
+<td>Name of this LDAP provider configuration. This is used to reference this provider by the login modules. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>Bind DN </td>
+      
+<td><tt>bind.dn</tt> </td>
+      
+<td>DN of the user for authentication. Leave empty for anonymous bind. </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>Bind Password </td>
+      
+<td><tt>bind.password</tt> </td>
+      
+<td>Password of the user for authentication. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>LDAP Server Hostname </td>
+      
+<td><tt>host.name</tt> </td>
+      
+<td>Hostname of the LDAP server </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>Disable certificate checking </td>
+      
+<td><tt>host.noCertCheck</tt> </td>
+      
+<td>Indicates if server certificate validation should be disabled. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>LDAP Server Port </td>
+      
+<td><tt>host.port</tt> </td>
+      
+<td>Port of the LDAP server </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>Use SSL </td>
+      
+<td><tt>host.ssl</tt> </td>
+      
+<td>Indicates if an SSL (LDAPs) connection should be used. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>Use TLS </td>
+      
+<td><tt>host.tls</tt> </td>
+      
+<td>Indicates if TLS should be started on connections. </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>Search Timeout </td>
+      
+<td><tt>searchTimeout</tt> </td>
+      
+<td>Time in until a search times out (eg: &#x2018;1s&#x2019; or &#x2018;1m 30s&#x2019;). </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>User base DN </td>
+      
+<td><tt>user.baseDN</tt> </td>
+      
+<td>The base DN for user searches. </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>User extra filter </td>
+      
+<td><tt>user.extraFilter</tt> </td>
+      
+<td>Extra LDAP filter to use when searching for users. The final filter is formatted like: <tt>(&amp;(&lt;idAttr&gt;=&lt;userId&gt;)(objectclass=&lt;objectclass&gt;)&lt;extraFilter&gt;)</tt> </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>User id attribute </td>
+      
+<td><tt>user.idAttribute</tt> </td>
+      
+<td>Name of the attribute that contains the user id. </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>User DN paths </td>
+      
+<td><tt>user.makeDnPath</tt> </td>
+      
+<td>Controls if the DN should be used for calculating a portion of the intermediate path. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>User object classes </td>
+      
+<td><tt>user.objectclass</tt> </td>
+      
+<td>The list of object classes an user entry must contain. </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>Group base DN </td>
+      
+<td><tt>group.baseDN</tt> </td>
+      
+<td>The base DN for group searches. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>Group extra filter </td>
+      
+<td><tt>group.extraFilter</tt> </td>
+      
+<td>Extra LDAP filter to use when searching for groups. The final filter is formatted like: <tt>(&amp;(&lt;nameAttr&gt;=&lt;groupName&gt;)(objectclass=&lt;objectclass&gt;)&lt;extraFilter&gt;)</tt> </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>Group DN paths </td>
+      
+<td><tt>group.makeDnPath</tt> </td>
+      
+<td>Controls if the DN should be used for calculating a portion of the intermediate path. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>Group member attribute </td>
+      
+<td><tt>group.memberAttribute</tt> </td>
+      
+<td>Group attribute that contains the member(s) of a group. </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>Group name attribute </td>
+      
+<td><tt>group.nameAttribute</tt> </td>
+      
+<td>Name of the attribute that contains the group name. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>Group object classes </td>
+      
+<td><tt>group.objectclass</tt> </td>
+      
+<td>The list of object classes a group entry must contain. </td>
+    </tr>
+    
+<tr class="b">
+      
+<td> </td>
+      
+<td> </td>
+      
+<td> </td>
+    </tr>
+  </tbody>
+</table></div></div>
+<div class="section">
+<h4>SyncHandler and External Login Module<a name="SyncHandler_and_External_Login_Module"></a></h4>
+<p>See <a href="externalloginmodule.html">External Login Module and User Synchronization</a> for details about the external login module and configuration options for the <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandler.html">DefaultSyncHandler</a>.</p>
+<!-- references --></div></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2014
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file



Mime
View raw message