jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From thom...@apache.org
Subject svn commit: r1627294 [3/7] - in /jackrabbit/site/live/oak/docs: ./ META-INF/ architecture/ coldstandby/ nodestore/ oak_api/ plugins/ security/ security/accesscontrol/ security/authentication/ security/permission/ security/principal/ security/privilege/...
Date Wed, 24 Sep 2014 12:24:02 GMT
Added: jackrabbit/site/live/oak/docs/differences_principal.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/differences_principal.html?rev=1627294&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/differences_principal.html (added)
+++ jackrabbit/site/live/oak/docs/differences_principal.html Wed Sep 24 12:23:59 2014
@@ -0,0 +1,449 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2014-04-15
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140415" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - Principal Management : Differences wrt Jackrabbit 2.x</title>
+    <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="./css/site.css" />
+    <link rel="stylesheet" href="./css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="./js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="downloads.html"  title="Downloads">Downloads</a>
+</li>
+                  
+                      <li>      <a href="from_here.html"  title="From here">From here</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="nodestate.html"  title="The node state model">The node state model</a>
+</li>
+                  
+                      <li>      <a href="microkernel.html"  title="NodesStore and MicroKernel">NodesStore and MicroKernel</a>
+</li>
+                  
+                      <li>      <a href="query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="blobstore.html"  title="BlobStore">BlobStore</a>
+</li>
+                  
+                      <li>      <a href="security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="clustering.html"  title="Clustering">Clustering</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="dos_and_donts.html"  title="Dos and don'ts">Dos and don'ts</a>
+</li>
+                  
+                      <li>      <a href="when_things_go_wrong.html"  title="When things go wrong">When things go wrong</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="apidocs/index.html"  title="API docs">API docs</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-04-15</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 0.20-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="from_here.html" title="From here">
+          <i class="none"></i>
+        From here</a>
+            </li>
+                              <li class="nav-header">Concepts and architecture</li>
+                                
+      <li>
+    
+                          <a href="overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="nodestate.html" title="The node state model">
+          <i class="none"></i>
+        The node state model</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="microkernel.html" title="NodesStore and MicroKernel">
+          <i class="none"></i>
+        NodesStore and MicroKernel</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="blobstore.html" title="BlobStore">
+          <i class="none"></i>
+        BlobStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="dos_and_donts.html" title="Dos and don'ts">
+          <i class="none"></i>
+        Dos and don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="when_things_go_wrong.html" title="When things go wrong">
+          <i class="none"></i>
+        When things go wrong</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="apidocs/index.html" title="API docs">
+          <i class="none"></i>
+        API docs</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<div class="section">
+<h3>Principal Management : Differences wrt Jackrabbit 2.x<a name="Principal_Management_:_Differences_wrt_Jackrabbit_2.x"></a></h3>
+<div class="section">
+<h4>1. Characteristics of the Principal Management Implementation<a name="a1._Characteristics_of_the_Principal_Management_Implementation"></a></h4>
+<p>The default implementation of the principal management API basically corresponds to the default in Jackrabbit 2.x and is based on the user management implementation. Note however, that as of OAK only a single principal provider is exposed on the SPI level (used to be multiple principal providers with the LoginModule configuration in Jackrabbit 2.x). See the configuration section below for details.</p></div>
+<div class="section">
+<h4>2. API Extensions<a name="a2._API_Extensions"></a></h4>
+
+<ul>
+  
+<li><tt>PrincipalProvider</tt> [0]: SPI level access to principals known to the repository which is also used by the default implementation of the <tt>PrincipalManager</tt> interface. This interface replaces the internal PrincipalProvider interface present in Jackrabbit 2.x. Note, that principals from different sources can be supported by using <tt>CompositePrincipalProvider</tt> [1] or a similar implementation that proxies different sources.</li>
+</ul>
+<div class="section">
+<h5>Special Principals<a name="Special_Principals"></a></h5>
+
+<ul>
+  
+<li><tt>AdminPrincipal</tt>: Marker interface to identify the principal associated with administrative user(s) [2].</li>
+  
+<li><tt>EveryonePrincipal</tt>: built-in group principal implementation that has every other valid principal as member [3].</li>
+  
+<li><tt>SystemPrincipal</tt>: built-in principal implementation to mark system internal subjects [4].</li>
+</ul></div></div>
+<div class="section">
+<h4>3. Configuration<a name="a3._Configuration"></a></h4>
+<div class="section">
+<h5>PrincipalConfiguration [5]:<a name="PrincipalConfiguration_5:"></a></h5>
+
+<ul>
+  
+<li><tt>getPrincipalManager</tt> -&gt; returns a new instance of o.a.j.api.security.principal.PrincipalManager [6] (see also <tt>JackrabbitSession#getPrincipalManager()</tt></li>
+  
+<li><tt>getPrincipalProvider</tt> -&gt; returns a new instance of principal provider. Note, that in contrast to Jackrabbit 2.x the system may only have one single principal provider implementation configured. In order to combine principals from different sources a implementation that properly handles the different sources is required; the <tt>CompositePrincipalProvider</tt> [1] is an example that combines multiple implementations.</li>
+</ul></div></div>
+<div class="section">
+<h4>4. References<a name="a4._References"></a></h4>
+<p>[0] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java</a></p>
+<p>[1] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java</a></p>
+<p>[2] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java</a></p>
+<p>[3] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java</a></p>
+<p>[4] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java</a></p>
+<p>[5] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java</a></p>
+<p>[6] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java">http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java</a></p></div></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2014
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file

Added: jackrabbit/site/live/oak/docs/differences_privileges.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/differences_privileges.html?rev=1627294&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/differences_privileges.html (added)
+++ jackrabbit/site/live/oak/docs/differences_privileges.html Wed Sep 24 12:23:59 2014
@@ -0,0 +1,542 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2014-04-15
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140415" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - Privilege Management : Differences wrt Jackrabbit 2.x</title>
+    <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="./css/site.css" />
+    <link rel="stylesheet" href="./css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="./js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="downloads.html"  title="Downloads">Downloads</a>
+</li>
+                  
+                      <li>      <a href="from_here.html"  title="From here">From here</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="nodestate.html"  title="The node state model">The node state model</a>
+</li>
+                  
+                      <li>      <a href="microkernel.html"  title="NodesStore and MicroKernel">NodesStore and MicroKernel</a>
+</li>
+                  
+                      <li>      <a href="query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="blobstore.html"  title="BlobStore">BlobStore</a>
+</li>
+                  
+                      <li>      <a href="security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="clustering.html"  title="Clustering">Clustering</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="dos_and_donts.html"  title="Dos and don'ts">Dos and don'ts</a>
+</li>
+                  
+                      <li>      <a href="when_things_go_wrong.html"  title="When things go wrong">When things go wrong</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="apidocs/index.html"  title="API docs">API docs</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-04-15</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 0.20-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="from_here.html" title="From here">
+          <i class="none"></i>
+        From here</a>
+            </li>
+                              <li class="nav-header">Concepts and architecture</li>
+                                
+      <li>
+    
+                          <a href="overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="nodestate.html" title="The node state model">
+          <i class="none"></i>
+        The node state model</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="microkernel.html" title="NodesStore and MicroKernel">
+          <i class="none"></i>
+        NodesStore and MicroKernel</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="blobstore.html" title="BlobStore">
+          <i class="none"></i>
+        BlobStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="dos_and_donts.html" title="Dos and don'ts">
+          <i class="none"></i>
+        Dos and don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="when_things_go_wrong.html" title="When things go wrong">
+          <i class="none"></i>
+        When things go wrong</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="apidocs/index.html" title="API docs">
+          <i class="none"></i>
+        API docs</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<div class="section">
+<h3>Privilege Management : Differences wrt Jackrabbit 2.x<a name="Privilege_Management_:_Differences_wrt_Jackrabbit_2.x"></a></h3>
+<div class="section">
+<h4>1. Characteristics of the Privilege Management Implementation<a name="a1._Characteristics_of_the_Privilege_Management_Implementation"></a></h4>
+<div class="section">
+<h5>General Notes<a name="General_Notes"></a></h5>
+<p>As of OAK the built-in and custom privileges are stored in the repository underneath <tt>/jcr:system/rep:privileges</tt>. Similar to other repository level date (node types, namespaces and versions) this location is shared by all workspaces present in the repository. The nodes and properties storing the privilege definitions are protected by their node type definition. In addition a specific privilege <tt>Validator</tt> and <tt>CommitHook</tt> implementations assert the consistency of the privilege store. The built-in privileges are installed using a dedicated implementation of the <tt>RepositoryInitializer</tt> [0].</p></div>
+<div class="section">
+<h5>Registration of Custom Privileges<a name="Registration_of_Custom_Privileges"></a></h5>
+<p>As far as registration of custom privileges the OAK implementation behaves different to Jackrabbit 2.x in the following aspects: - Registration of new privileges fails with <tt>IllegalStateException</tt> if the editing session has pending changes. - Any validation is performed by CommitHooks in order to make sure that modifications made on the OAK API directly is equally verified. Subsequently any violation (permission, privilege consistency) is only detected at the end of the registration process. The privilege manager itself does not perform any validation.</p></div></div>
+<div class="section">
+<h4>2. Built-in Privilege Definitions<a name="a2._Built-in_Privilege_Definitions"></a></h4>
+
+<ul>
+  
+<li>All Privileges as defined by JSR 283
+  
+<ul>
+    
+<li>jcr:read</li>
+    
+<li>jcr:modifyProperties</li>
+    
+<li>jcr:addChildNodes</li>
+    
+<li>jcr:removeNode</li>
+    
+<li>jcr:removeChildNodes</li>
+    
+<li>jcr:readAccessControl</li>
+    
+<li>jcr:modifyAccessControl</li>
+    
+<li>jcr:lockManagement</li>
+    
+<li>jcr:versionManagement</li>
+    
+<li>jcr:nodeTypeManagement</li>
+    
+<li>jcr:retentionManagement (NOTE: retention management not yet implemented)</li>
+    
+<li>jcr:lifecycleManagement (NOTE: lifecycle management not yet implemented)</li>
+    
+<li>jcr:write</li>
+    
+<li>jcr:all</li>
+  </ul></li>
+</ul>
+
+<ul>
+  
+<li>All Privileges defined by JSR 333
+  
+<ul>
+    
+<li>jcr:workspaceManagement (NOTE: wsp management not yet implemented)</li>
+    
+<li>jcr:nodeTypeDefinitionManagement</li>
+    
+<li>jcr:namespaceManagement</li>
+  </ul></li>
+</ul>
+
+<ul>
+  
+<li>All Privileges defined by Jackrabbit 2.x
+  
+<ul>
+    
+<li>rep:write</li>
+    
+<li>rep:privilegeManagement</li>
+  </ul></li>
+</ul>
+
+<ul>
+  
+<li>New Privileges defined by OAK 1.0:
+  
+<ul>
+    
+<li>rep:userManagement</li>
+    
+<li>rep:readNodes</li>
+    
+<li>rep:readProperties</li>
+    
+<li>rep:addProperties</li>
+    
+<li>rep:alterProperties</li>
+    
+<li>rep:removeProperties</li>
+    
+<li>rep:indexDefinitionManagement</li>
+  </ul></li>
+</ul>
+<p>Note the following differences with respect to Jackrabbit 2.x definitions: - jcr:read is now an aggregation of rep:readNodes and rep:readProperties - jcr:modifyProperties is now an aggregation of rep:addProperties, rep:alterProperties and rep:removeProperties</p></div>
+<div class="section">
+<h4>3. Node Type Definitions<a name="a3._Node_Type_Definitions"></a></h4>
+<p>The following privilege related built-in node types have been added in OAK 1.0. They are used to represent built-in and custom privilege definitions in the repository.</p>
+
+<div class="source">
+<pre>[rep:Privileges]
+  + * (rep:Privilege) = rep:Privilege protected ABORT
+  - rep:next (LONG) protected multiple mandatory
+
+[rep:Privilege]
+  - rep:isAbstract (BOOLEAN) protected
+  - rep:aggregates (NAME) protected multiple
+  - rep:bits (LONG) protected multiple mandatory
+</pre></div></div>
+<div class="section">
+<h4>4. API Extensions<a name="a4._API_Extensions"></a></h4>
+<p>org.apache.jackrabbit.oak.spi.security.privilege</p>
+
+<ul>
+  
+<li><tt>PrivilegeBitsProvider</tt> : Provider implementation to read <tt>PrivilegeBits</tt> from the repository content and map names to internal representation (and vice versa) [2].</li>
+  
+<li><tt>PrivilegeBits</tt>: Internal representation of JCR privileges [3].</li>
+</ul></div>
+<div class="section">
+<h4>5. Configuration<a name="a5._Configuration"></a></h4>
+<div class="section">
+<h5>PrivilegeConfiguration [1]:<a name="PrivilegeConfiguration_1:"></a></h5>
+
+<ul>
+  
+<li><tt>getPrivilegeManager</tt> -&gt; returns a new instance of the <tt>PrivilegeManager</tt>  interface such as exposed by <tt>JackrabbitWorkspace#getPrivilegeManager</tt>.  Note that the default implementation is based on OAK API and can equally be  used for privilege related tasks in the OAK layer.</li>
+</ul></div></div>
+<div class="section">
+<h4>6. References<a name="a6._References"></a></h4>
+<p>[0] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java</a></p>
+<p>[1] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java</a></p>
+<p>[2] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsProvider.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsProvider.java</a></p>
+<p>[3] <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java">http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java</a></p></div></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2014
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file

Added: jackrabbit/site/live/oak/docs/differences_user.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/differences_user.html?rev=1627294&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/differences_user.html (added)
+++ jackrabbit/site/live/oak/docs/differences_user.html Wed Sep 24 12:23:59 2014
@@ -0,0 +1,806 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2014-04-15
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140415" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - User Management : Differences to Jackrabbit 2.x</title>
+    <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="./css/site.css" />
+    <link rel="stylesheet" href="./css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="./js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="downloads.html"  title="Downloads">Downloads</a>
+</li>
+                  
+                      <li>      <a href="from_here.html"  title="From here">From here</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="nodestate.html"  title="The node state model">The node state model</a>
+</li>
+                  
+                      <li>      <a href="microkernel.html"  title="NodesStore and MicroKernel">NodesStore and MicroKernel</a>
+</li>
+                  
+                      <li>      <a href="query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="blobstore.html"  title="BlobStore">BlobStore</a>
+</li>
+                  
+                      <li>      <a href="security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="clustering.html"  title="Clustering">Clustering</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="dos_and_donts.html"  title="Dos and don'ts">Dos and don'ts</a>
+</li>
+                  
+                      <li>      <a href="when_things_go_wrong.html"  title="When things go wrong">When things go wrong</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="apidocs/index.html"  title="API docs">API docs</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-04-15</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 0.20-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="from_here.html" title="From here">
+          <i class="none"></i>
+        From here</a>
+            </li>
+                              <li class="nav-header">Concepts and architecture</li>
+                                
+      <li>
+    
+                          <a href="overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="nodestate.html" title="The node state model">
+          <i class="none"></i>
+        The node state model</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="microkernel.html" title="NodesStore and MicroKernel">
+          <i class="none"></i>
+        NodesStore and MicroKernel</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="blobstore.html" title="BlobStore">
+          <i class="none"></i>
+        BlobStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="dos_and_donts.html" title="Dos and don'ts">
+          <i class="none"></i>
+        Dos and don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="when_things_go_wrong.html" title="When things go wrong">
+          <i class="none"></i>
+        When things go wrong</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="apidocs/index.html" title="API docs">
+          <i class="none"></i>
+        API docs</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak-doc/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<div class="section">
+<h3>User Management : Differences to Jackrabbit 2.x<a name="User_Management_:_Differences_to_Jackrabbit_2.x"></a></h3>
+<div class="section">
+<h4>1. Characteristics of the Default Implementation<a name="a1._Characteristics_of_the_Default_Implementation"></a></h4>
+<p>The default user management implementation present with OAK always stores user/group information in the workspace associated with the editing Session (see Jackrabbit 2.x <tt>UserPerWorkspaceUserManager</tt>). The implementation of a user management variant corresponding to Jackrabbit&#x2019;s default <tt>UserManagerImpl</tt> is blocked by missing workspace handling (see <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-118">OAK-118</a>). The current user manager has the following characteristics that differ from the corresponding Jackrabbit implementation:</p>
+<div class="section">
+<h5>General<a name="General"></a></h5>
+
+<ul>
+  
+<li>Changes made to the user management API are always transient and require <tt>Session#save()</tt> to be persisted.</li>
+  
+<li>In case of a failure <tt>Session#refresh</tt> is no longer called in order to prevent reverting other changes unrelated to the user management operation. Consequently it&#x2019;s the responsibility of the API consumer to specifically revert pending or invalid transient modifications.</li>
+  
+<li>The implementation is no longer built on top of the JCR API but instead directly acts on <tt>Tree</tt> and <tt>PropertyState</tt> defined by the OAK API. This move allows to make use of the user management API within the OAK layer (aka SPI).</li>
+</ul></div>
+<div class="section">
+<h5>User/Group Creation<a name="UserGroup_Creation"></a></h5>
+
+<ul>
+  
+<li>The <tt>rep:password</tt> property is no longer defined to be mandatory. Therefore a new user might be created without specifying a password. Note however, that <tt>User#changePassword</tt> does not allow to remove the password property.</li>
+  
+<li><tt>UserManager#createGroup(Principal)</tt> will no longer generate a groupID in case the principal name collides with an existing user or group ID. This has been considered redundant as the Jackrabbit API in the mean time added <tt>UserManager#createGroup(String groupID)</tt>.</li>
+  
+<li>Since OAK is designed to scale with flat hierarchies the former configuration options <tt>autoExpandTree</tt> and <tt>autoExpandSize</tt> are no longer supported.</li>
+</ul></div>
+<div class="section">
+<h5>Handling of the Authorizable ID<a name="Handling_of_the_Authorizable_ID"></a></h5>
+
+<ul>
+  
+<li>As of OAK the node type definition of <tt>rep:Authorizable</tt> defines a new property <tt>rep:authorizableId</tt> which is intended to store the ID of a user or group.</li>
+  
+<li>The default implementation comes with a dedicated property index for <tt>rep:authorizableId</tt> which asserts the uniqueness of that ID.</li>
+  
+<li><tt>Authorizable#getID</tt> returns the string value contained in <tt>rep:authorizableID</tt> and for backwards compatibility falls back on the node name in case the ID property is missing.</li>
+  
+<li>The name of the authorizable node is generated based on a configurable implementation of the <tt>AuthorizableNodeName</tt> interface (see configuration section below). By default it uses the ID as name hint and includes a conversion to a valid JCR node name.</li>
+</ul></div>
+<div class="section">
+<h5>equals() and hashCode() for Authorizables<a name="equals_and_hashCode_for_Authorizables"></a></h5>
+<p>The implementation of <tt>Object#equals()</tt> and <tt>Object#hashCode()</tt> for user and groups slightly differs from Jackrabbit 2.x. It no longer relies on the <i>sameness</i> of the underlaying JCR node but only compares IDs and the user manager instance.</p></div>
+<div class="section">
+<h5>The <i>everyone</i> Group<a name="The_everyone_Group"></a></h5>
+<p>As in Jackrabbit 2.x the OAK implementation contains special handling for the optional group corresponding to the <tt>EveryonePrincipal</tt> which always contains all Authorizable as member. As of OAK this fact is consistently reflected in all group membership related methods.</p></div>
+<div class="section">
+<h5>Query<a name="Query"></a></h5>
+<p>The user query is expected to work as in Jackrabbit 2.x with the following notable differences:</p>
+
+<ul>
+  
+<li><tt>QueryBuilder#setScope(String groupID, boolean declaredOnly)</tt> now also works properly  for the everyone group (see <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-949">OAK-949</a>)</li>
+  
+<li><tt>QueryBuilder#impersonates(String principalName)</tt> works properly for the admin  principal which are specially treated in the implementation of the <tt>Impersonation</tt>  interface (see <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-1183">OAK-1183</a>).</li>
+</ul></div>
+<div class="section">
+<h5>Autosave Behavior<a name="Autosave_Behavior"></a></h5>
+<p>Due to the nature of the UserManager (see above) we decided to drop the auto-save behavior in the default implementation present with OAK. Consequently,</p>
+
+<ul>
+  
+<li><tt>UserManager#autoSave(boolean)</tt> throws <tt>UnsupportedRepositoryOperationException</tt></li>
+  
+<li><tt>UserManager#isAutoSave()</tt> always returns <tt>false</tt></li>
+</ul>
+<p>See also <tt>PARAM_SUPPORT_AUTOSAVE</tt> below; while this should not be needed if application code has been written against the Jackrabbit API (and thus testing if auto-save mode is enabled or not) this configuration option can be used as last resort.</p></div>
+<div class="section">
+<h5>XML Import<a name="XML_Import"></a></h5>
+<p>As of OAK 1.0 user and group nodes can be imported both with Session and Workspace import. The difference compare to Jackrabbit 2.x are listed below:</p>
+
+<ul>
+  
+<li>Importing an authorizable to another tree than the configured user/group node will only failed upon save (-&gt; see <tt>UserValidator</tt> during the <tt>Root#commit</tt>). With Jackrabbit 2.x core it used to fail immediately.</li>
+  
+<li>NEW: The <tt>BestEffort</tt> behavior is now also implemented for the import of impersonators (was missing in Jackrabbit /2.x).</li>
+  
+<li>NEW: Workspace Import</li>
+</ul></div>
+<div class="section">
+<h5>Group Membership<a name="Group_Membership"></a></h5>
+<div class="section">
+<h6>Behavior in Jackrabbit 2.x<a name="Behavior_in_Jackrabbit_2.x"></a></h6>
+<p>With the default configuration Jackrabbit 2.x stores the group members as <i>weak references</i> in a <tt>rep:members</tt> multi value property in the group node. If the <tt>groupMembershipSplitSize</tt> configuration parameter is set and valid, the group memberships are collected in a node structure below <tt>rep:members</tt> instead of the default multi valued property. Its value determines the maximum number of member properties until additional intermediate nodes are inserted. Valid parameter values are integers &gt; 4. The node structure is a balanced b-tree where only the leave nodes carry the actual values in residual properties which name is the principal name of the member.</p></div>
+<div class="section">
+<h6>Behavior as of OAK 1.0<a name="Behavior_as_of_OAK_1.0"></a></h6>
+<p>As of Oak the user manager automatically chooses an appropriate storage structure depending on the number of group members. If the number of members is low they are stored as <i>weak references</i> in a <tt>rep:members</tt> multi value property. This is similar to Jackrabbit 2.x. If the number of members is high the user manager will limit the size of the multi value properties and create overflow <tt>rep:MemberReferences</tt> nodes below a <tt>rep:membersList</tt> node to hold the extra members.</p></div>
+<div class="section">
+<h6>Relevant new and modified node types<a name="Relevant_new_and_modified_node_types"></a></h6>
+
+<div class="source">
+<pre>[rep:Group] &gt; rep:Authorizable, rep:MemberReferences
+  + rep:members (rep:Members) = rep:Members multiple protected VERSION /* @deprecated */
+  + rep:membersList (rep:MemberReferencesList) = rep:MemberReferencesList protected COPY
+
+[rep:MemberReferences]
+  - rep:members (WEAKREFERENCE) protected multiple &lt; 'rep:Authorizable'
+
+[rep:MemberReferencesList]
+  + * (rep:MemberReferences) = rep:MemberReferences protected COPY
+</pre></div></div>
+<div class="section">
+<h6>Example Group with few members<a name="Example_Group_with_few_members"></a></h6>
+<p><i>(irrelevant properties excluded)</i></p>
+
+<div class="source">
+<pre>{
+    &quot;jcr:primaryType&quot;: &quot;rep:Group&quot;,
+    &quot;rep:principalName&quot;: &quot;contributor&quot;,
+    &quot;rep:members&quot;: [
+        &quot;429bbd5b-46a6-3c3d-808b-5fd4219d5c4d&quot;,
+        &quot;ca58c408-fe06-357e-953c-2d23ffe1e096&quot;,
+        &quot;3ebb1c04-76dd-317e-a9ee-5164182bc390&quot;,
+        &quot;d3c827d3-4db2-30cc-9c41-0ed8117dbaff&quot;,
+        &quot;f5777a0b-a933-3b4d-9405-613d8bc39cc7&quot;,
+        &quot;fdd1547a-b19a-3154-90da-1eae8c2c3504&quot;,
+        &quot;65c3084e-abfc-3719-8223-72c6cb9a3d6f&quot;
+    ]
+}
+</pre></div></div>
+<div class="section">
+<h6>Example Group with many members<a name="Example_Group_with_many_members"></a></h6>
+<p><i>(irrelevant properties excluded)</i></p>
+
+<div class="source">
+<pre>{
+    &quot;jcr:primaryType&quot;: &quot;rep:Group&quot;,
+    &quot;rep:principalName&quot;: &quot;employees&quot;,
+    &quot;rep:membersList&quot;: {
+        &quot;jcr:primaryType&quot;: &quot;rep:MemberReferencesList&quot;,
+        &quot;0&quot;: {
+            &quot;jcr:primaryType&quot;: &quot;rep:MemberReferences&quot;,
+            &quot;rep:members&quot;: [
+                &quot;429bbd5b-46a6-3c3d-808b-5fd4219d5c4d&quot;,
+                &quot;ca58c408-fe06-357e-953c-2d23ffe1e096&quot;,
+                ...
+            ]
+        },
+        ...
+        &quot;341&quot;: {
+            &quot;jcr:primaryType&quot;: &quot;rep:MemberReferences&quot;,
+            &quot;rep:members&quot;: [
+                &quot;fdd1547a-b19a-3154-90da-1eae8c2c3504&quot;,
+                &quot;65c3084e-abfc-3719-8223-72c6cb9a3d6f&quot;,
+                ...
+            ]
+        }
+    }
+}
+</pre></div>
+<p><i>Note</i>: The exact threshold value that determines the storage strategy is an implementation detail and might even vary depending on the underlying persistence layer.</p></div>
+<div class="section">
+<h6>Upgrading Groups from Jackrabbit 2.x to OAK content structure<a name="Upgrading_Groups_from_Jackrabbit_2.x_to_OAK_content_structure"></a></h6>
+<p>Upon upgrade from a Jackrabbit 2.x repository to OAK the group member lists that adjusted to reflect the new content structure as created by the OAK user management implementation; this means that the group member node structure will be changed by the migration process. Applications that rely on these implementation details of Jackrabbit 2.x user management instead of use the corresponding API calls will need to be modified accordingly.</p></div>
+<div class="section">
+<h6>Importing Group Members<a name="Importing_Group_Members"></a></h6>
+<p>Importing group members through the import methods in <tt>javax.jcr.Session</tt> or <tt>javax.jcr.Workspace</tt> is storage agnostic and supports both, property based and node based, strategies and is backward compatible to content exported from Jackrabbit 2.x. The group member lists that are modified during an import are internally processed using the normal user manager APIs. This implies that the node structure after the import might not be the same as the one represented in the input.</p></div></div></div>
+<div class="section">
+<h4>2. Builtin Users<a name="a2._Builtin_Users"></a></h4>
+<p>The setup of builtin user and group accounts is triggered by the configured <tt>WorkspaceInitializer</tt> associated with the user management configuration (see Configuration section below). </p>
+<p>The default user management implementation in OAK comes with an initializer that creates the following builtin user accounts (as in Jackrabbit 2.x):</p>
+<div class="section">
+<h5>Administrator User<a name="Administrator_User"></a></h5>
+<p>The admin user is always being created. The ID of this user is retrieved from the user configuration parameter <tt>PARAM_ADMIN_ID</tt>, which defaults to <tt>admin</tt>.</p>
+<p>As of OAK 1.0 however the administrator user might be created without initial password forcing the application to set the password upon start (see <tt>PARAM_OMIT_ADMIN_PW</tt> configuration parameter).</p></div>
+<div class="section">
+<h5>Anonymous User<a name="Anonymous_User"></a></h5>
+<p>In contrast to Jackrabbit 2.x the anonymous (or guest) user is optional. Creation will be skipped if the value of the <tt>PARAM_ANONYMOUS_ID</tt> configuration parameter is <tt>null</tt> or empty.</p>
+<p>Note, that the anonymous user will always be created without specifying a password in order to prevent login with SimpleCredentials. </p>
+<p>The proper way to obtain a guest session is (see also <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-793">OAK-793</a>):</p>
+
+<div class="source">
+<pre>Repository#login(new GuestCredentials(), wspName);
+</pre></div></div></div>
+<div class="section">
+<h4>3. Authorizable Actions<a name="a3._Authorizable_Actions"></a></h4>
+<p>The former internal interface <tt>AuthorizableAction</tt> has been slightly adjusted to match OAK requirements and is now part of the public OAK SPI interfaces. In contrast to Jackrabbit-core the AuthorizableAction(s) now operate directly on the OAK API which eases the handling of implementation specific tasks such as writing protected items.</p>
+<p>The example implementations of the <tt>AuthorizableAction</tt> interface present with OAK match the implementations available with Jackrabbit 2.x:</p>
+
+<ul>
+  
+<li><tt>AccessControlAction</tt>: set up permission for new authorizables</li>
+  
+<li><tt>PasswordAction</tt>: simplistic password verification upon user creation and password modification</li>
+  
+<li><tt>PasswordChangeAction</tt>: verifies that the new password is different from the old one</li>
+  
+<li><tt>ClearMembershipAction</tt>: clear group membership upon removal of an authorizable.</li>
+</ul>
+<p>As in jackrabbit core the actions are executed with the editing session and the target operation will fail if any of the configured actions fails (e.g. due to insufficient permissions by the editing OAK ContentSession).</p>
+<p>In order to match the OAK repository configuration setup and additional interface AuthorizableActionProvider has been introduced. See section Configuration below.</p></div>
+<div class="section">
+<h4>4. Node Type Definitions<a name="a4._Node_Type_Definitions"></a></h4>
+<p>The built-in node types related to user management tasks have been modified as follows:</p>
+
+<div class="source">
+<pre>[rep:Authorizable] &gt; mix:referenceable, nt:hierarchyNode
+  abstract
+  + * (nt:base) = nt:unstructured VERSION
+  - rep:principalName  (STRING) protected mandatory
+  - rep:authorizableId (STRING) protected /* @since oak 1.0 */
+  - * (UNDEFINED)
+  - * (UNDEFINED) multiple
+
+[rep:Group] &gt; rep:Authorizable, rep:MemberReferences
+  + rep:members (rep:Members) = rep:Members multiple protected VERSION /* @deprecated */
+  + rep:membersList (rep:MemberReferencesList) = rep:MemberReferencesList protected COPY
+
+/** @since oak 1.0 */
+[rep:MemberReferences]
+  - rep:members (WEAKREFERENCE) protected multiple &lt; 'rep:Authorizable'
+
+/** @since oak 1.0 */
+[rep:MemberReferencesList]
+  + * (rep:MemberReferences) = rep:MemberReferences protected COPY
+
+/** @deprecated since oak 1.0 */
+[rep:Members]
+  orderable
+  + * (rep:Members) = rep:Members protected multiple
+  - * (WEAKREFERENCE) protected &lt; 'rep:Authorizable'
+</pre></div></div>
+<div class="section">
+<h4>5. API Extensions<a name="a5._API_Extensions"></a></h4>
+<p>The OAK project introduces the following user management related public interfaces and classes:</p>
+<p><tt>org.apache.jackrabbit.oak.spi.security.user.*</tt></p>
+
+<ul>
+  
+<li><tt>AuthorizableNodeName</tt> : Defines the generation of the authorizable node names  in case the user management implementation stores user information in the repository.</li>
+  
+<li><tt>AuthorizableType</tt> : Ease handling with the different authorizable types.</li>
+  
+<li><tt>UserConstants</tt> : Constants (NOTE: OAK names/paths)</li>
+</ul>
+<p><tt>org.apache.jackrabbit.oak.spi.security.user.action.*</tt></p>
+
+<ul>
+  
+<li><tt>AuthorizableAction</tt> : (see above)</li>
+  
+<li><tt>AuthorizableActionProvider</tt> : (see above)</li>
+</ul>
+<p><tt>org.apache.jackrabbit.oak.spi.security.user.util.*</tt></p>
+
+<ul>
+  
+<li><tt>PasswordUtil</tt> : Utilities for password generation. This utility corresponds  to the internal jackrabbit utility.  As of OAK it also supports Password-Based Key Derivation Function 2 (PBKDF2)  function for password generation.</li>
+  
+<li><tt>UserUtil</tt> : Utilities related to general user management tasks.</li>
+</ul></div>
+<div class="section">
+<h4>6. Configuration<a name="a6._Configuration"></a></h4>
+<p>The following configuration options are present with the <tt>UserConfiguration</tt> as of OAK 1.0:</p>
+
+<ul>
+  
+<li>getUserManager: Obtain a new user manager instance</li>
+  
+<li>getAuthorizableActionProvider: Obtain a new instance of the AuthorizableActionProvider (see above)</li>
+</ul>
+<div class="section">
+<h5>Configuration Parameters supported by the default implementation<a name="Configuration_Parameters_supported_by_the_default_implementation"></a></h5>
+
+<table border="0" class="table table-striped">
+  <thead>
+    
+<tr class="a">
+      
+<th>Parameter </th>
+      
+<th>Type </th>
+      
+<th>Default </th>
+    </tr>
+  </thead>
+  <tbody>
+    
+<tr class="b">
+      
+<td><tt>PARAM_ADMIN_ID</tt> </td>
+      
+<td>String </td>
+      
+<td>&#x201c;admin&#x201d; </td>
+    </tr>
+    
+<tr class="a">
+      
+<td><tt>PARAM_OMIT_ADMIN_PW</tt> </td>
+      
+<td>boolean </td>
+      
+<td>false </td>
+    </tr>
+    
+<tr class="b">
+      
+<td><tt>PARAM_ANONYMOUS_ID</tt> </td>
+      
+<td>String </td>
+      
+<td>&#x201c;anonymous&#x201d; (nullable) </td>
+    </tr>
+    
+<tr class="a">
+      
+<td><tt>PARAM_USER_PATH</tt> </td>
+      
+<td>String </td>
+      
+<td>&#x201c;/rep:security/rep:authorizables/rep:users&#x201d; </td>
+    </tr>
+    
+<tr class="b">
+      
+<td><tt>PARAM_GROUP_PATH</tt> </td>
+      
+<td>String </td>
+      
+<td>&#x201c;/rep:security/rep:authorizables/rep:groups&#x201d; </td>
+    </tr>
+    
+<tr class="a">
+      
+<td><tt>PARAM_DEFAULT_DEPTH</tt> </td>
+      
+<td>int </td>
+      
+<td>2 </td>
+    </tr>
+    
+<tr class="b">
+      
+<td><tt>PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE</tt> </td>
+      
+<td>int </td>
+      
+<td> </td>
+    </tr>
+    
+<tr class="a">
+      
+<td><tt>PARAM_PASSWORD_HASH_ALGORITHM</tt> </td>
+      
+<td>String </td>
+      
+<td>&#x201c;SHA-256&#x201d; </td>
+    </tr>
+    
+<tr class="b">
+      
+<td><tt>PARAM_PASSWORD_HASH_ITERATIONS</tt> </td>
+      
+<td>int </td>
+      
+<td>1000 </td>
+    </tr>
+    
+<tr class="a">
+      
+<td><tt>PARAM_PASSWORD_SALT_SIZE</tt> </td>
+      
+<td>int </td>
+      
+<td>8 </td>
+    </tr>
+    
+<tr class="b">
+      
+<td><tt>PARAM_AUTHORIZABLE_NODE_NAME</tt> </td>
+      
+<td>AuthorizableNodeName </td>
+      
+<td>AuthorizableNodeName#DEFAULT </td>
+    </tr>
+    
+<tr class="a">
+      
+<td><tt>PARAM_SUPPORT_AUTOSAVE</tt> </td>
+      
+<td>boolean </td>
+      
+<td>false </td>
+    </tr>
+  </tbody>
+</table>
+<p>The following configuration parameters present with the default implementation in Jackrabbit 2.x are no longer supported and will be ignored:</p>
+
+<ul>
+  
+<li>&#x201c;compatibleJR16&#x201d;</li>
+  
+<li>&#x201c;autoExpandTree&#x201d;</li>
+  
+<li>&#x201c;autoExpandSize&#x201d;</li>
+  
+<li>&#x201c;groupMembershipSplitSize&#x201d;</li>
+</ul>
+<!-- hidden references --></div></div></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2014
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_users_logo.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file



Mime
View raw message