jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1730074 [4/8] - in /jackrabbit/site/live/oak/docs: ./ META-INF/ architecture/ coldstandby/ features/ nodestore/ nodestore/segment/ oak-mongo-js/ oak_api/ plugins/ query/ security/ security/accesscontrol/ security/authentication/ security/a...
Date Fri, 12 Feb 2016 17:09:07 GMT
Added: jackrabbit/site/live/oak/docs/security/authorization/composite.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authorization/composite.html?rev=1730074&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authorization/composite.html (added)
+++ jackrabbit/site/live/oak/docs/security/authorization/composite.html Fri Feb 12 17:09:05 2016
@@ -0,0 +1,555 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2016-02-12
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20160212" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - Combining Multiple Authorization Models</title>
+    <link rel="stylesheet" href="../../css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="../../css/site.css" />
+    <link rel="stylesheet" href="../../css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="../../js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                                                                <a class="brand" href="../../"  title="Oak logo">
+
+                                
+                                                                                                                    <img src="../../oak_logo.png" alt="Oak logo" />
+                
+                </a>
+                    
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="../../license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="../../downloads.html"  title="Downloads">Downloads</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and Architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../architecture/overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="../../architecture/nodestate.html"  title="The Node State Model">The Node State Model</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Main APIs <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://www.day.com/specs/jcr/2.0/index.html"  title="JCR API">JCR API</a>
+</li>
+                  
+                      <li>      <a href="../../oak_api/overview.html"  title="Oak API">Oak API</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Features and Plugins <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../features/atomic-counter.html"  title="Atomic Counter">Atomic Counter</a>
+</li>
+                  
+                      <li>      <a href="../../plugins/blobstore.html"  title="Blob Storage">Blob Storage</a>
+</li>
+                  
+                      <li>      <a href="../../clustering.html"  title="Clustering">Clustering</a>
+</li>
+                  
+                      <li>      <a href="../../nodestore/documentmk.html"  title="DocumentNodeStore">DocumentNodeStore</a>
+</li>
+                  
+                      <li>      <a href="../../nodestore/overview.html"  title="Node Storage">Node Storage</a>
+</li>
+                  
+                      <li>      <a href="../../nodestore/persistent-cache.html"  title="Persistent Cache">Persistent Cache</a>
+</li>
+                  
+                      <li>      <a href="../../query/query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="../../security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="../../nodestore/segment/overview.html"  title="Segment Node Store">Segment Node Store</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../construct.html"  title="Repository Construction">Repository Construction</a>
+</li>
+                  
+                      <li>      <a href="../../osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="../../command_line.html"  title="Command Line Tools">Command Line Tools</a>
+</li>
+                  
+                      <li>      <a href="../../migration.html"  title="Migration">Migration</a>
+</li>
+                  
+                      <li>      <a href="../../differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="../../known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="../../dos_and_donts.html"  title="Dos and Don'ts">Dos and Don'ts</a>
+</li>
+                  
+                      <li>      <a href="../../coldstandby/coldstandby.html"  title="Cold Standby">Cold Standby</a>
+</li>
+                  
+                      <li>      <a href="../../FAQ.html"  title="FAQ">FAQ</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="../../developing-with-git.html"  title="Developing with Git">Developing with Git</a>
+</li>
+                  
+                      <li>      <a href="../../diagnostic-builds.html"  title="Cutting diagnostic builds">Cutting diagnostic builds</a>
+</li>
+                  
+                      <li>      <a href="../../attribution.html"  title="Attribution">Attribution</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2016-02-12</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 1.4-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="../../index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                              <li class="nav-header">Concepts and Architecture</li>
+                                
+      <li>
+    
+                          <a href="../../architecture/overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../architecture/nodestate.html" title="The Node State Model">
+          <i class="none"></i>
+        The Node State Model</a>
+            </li>
+                              <li class="nav-header">Main APIs</li>
+                                
+      <li>
+    
+                          <a href="http://www.day.com/specs/jcr/2.0/index.html" class="externalLink" title="JCR API">
+          <i class="none"></i>
+        JCR API</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../oak_api/overview.html" title="Oak API">
+          <i class="none"></i>
+        Oak API</a>
+            </li>
+                              <li class="nav-header">Features and Plugins</li>
+                                
+      <li>
+    
+                          <a href="../../features/atomic-counter.html" title="Atomic Counter">
+          <i class="none"></i>
+        Atomic Counter</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../plugins/blobstore.html" title="Blob Storage">
+          <i class="none"></i>
+        Blob Storage</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestore/documentmk.html" title="DocumentNodeStore">
+          <i class="none"></i>
+        DocumentNodeStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestore/overview.html" title="Node Storage">
+          <i class="none"></i>
+        Node Storage</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestore/persistent-cache.html" title="Persistent Cache">
+          <i class="none"></i>
+        Persistent Cache</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../query/query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestore/segment/overview.html" title="Segment Node Store">
+          <i class="none"></i>
+        Segment Node Store</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="../../use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../construct.html" title="Repository Construction">
+          <i class="none"></i>
+        Repository Construction</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../command_line.html" title="Command Line Tools">
+          <i class="none"></i>
+        Command Line Tools</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../migration.html" title="Migration">
+          <i class="none"></i>
+        Migration</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../dos_and_donts.html" title="Dos and Don'ts">
+          <i class="none"></i>
+        Dos and Don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../coldstandby/coldstandby.html" title="Cold Standby">
+          <i class="none"></i>
+        Cold Standby</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../FAQ.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="../../dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../developing-with-git.html" title="Developing with Git">
+          <i class="none"></i>
+        Developing with Git</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../diagnostic-builds.html" title="Cutting diagnostic builds">
+          <i class="none"></i>
+        Cutting diagnostic builds</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../attribution.html" title="Attribution">
+          <i class="none"></i>
+        Attribution</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak/docs/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<h2>Combining Multiple Authorization Models<a name="Combining_Multiple_Authorization_Models"></a></h2>
+<div class="section">
+<h3>General Notes<a name="General_Notes"></a></h3>
+<p><i>TODO</i></p>
+<p><a name="api_extensions"></a></p></div>
+<div class="section">
+<h3>API Extensions<a name="API_Extensions"></a></h3>
+<p><i>TODO</i></p>
+<p><a name="details"></a></p></div>
+<div class="section">
+<h3>Implementation Details<a name="Implementation_Details"></a></h3>
+<p><a name="configuration"></a></p></div>
+<div class="section">
+<h3>Configuration<a name="Configuration"></a></h3>
+<p><i>TODO</i></p>
+<p><a name="pluggability"></a></p></div>
+<div class="section">
+<h3>Pluggability<a name="Pluggability"></a></h3>
+<!-- hidden references --></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2016
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+                
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_thin_badge.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file

Propchange: jackrabbit/site/live/oak/docs/security/authorization/composite.html
------------------------------------------------------------------------------
    svn:eol-style = native

Added: jackrabbit/site/live/oak/docs/security/authorization/cug.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authorization/cug.html?rev=1730074&view=auto
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authorization/cug.html (added)
+++ jackrabbit/site/live/oak/docs/security/authorization/cug.html Fri Feb 12 17:09:05 2016
@@ -0,0 +1,880 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia at 2016-02-12
+ | Rendered using Apache Maven Fluido Skin 1.3.0
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20160212" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Jackrabbit Oak - Managing Access with Closed User Groups (CUG)</title>
+    <link rel="stylesheet" href="../../css/apache-maven-fluido-1.3.0.min.css" />
+    <link rel="stylesheet" href="../../css/site.css" />
+    <link rel="stylesheet" href="../../css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="../../js/apache-maven-fluido-1.3.0.min.js"></script>
+
+    
+            </head>
+        <body class="topBarEnabled">
+          
+    
+    
+            
+    
+    
+    <a href="http://github.com/apache/jackrabbit-oak">
+      <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
+        src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
+        alt="Fork me on GitHub">
+    </a>
+  
+                
+                    
+                
+
+    <div id="topbar" class="navbar navbar-fixed-top ">
+      <div class="navbar-inner">
+                <div class="container-fluid">
+        <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </a>
+                
+                                                                                <a class="brand" href="../../"  title="Oak logo">
+
+                                
+                                                                                                                    <img src="../../oak_logo.png" alt="Oak logo" />
+                
+                </a>
+                    
+                                <ul class="nav">
+                          <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../index.html"  title="Jackrabbit Oak">Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="../../license.html"  title="License">License</a>
+</li>
+                  
+                      <li>      <a href="../../downloads.html"  title="Downloads">Downloads</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Concepts and Architecture <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../architecture/overview.html"  title="Overview">Overview</a>
+</li>
+                  
+                      <li>      <a href="../../architecture/nodestate.html"  title="The Node State Model">The Node State Model</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Main APIs <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://www.day.com/specs/jcr/2.0/index.html"  title="JCR API">JCR API</a>
+</li>
+                  
+                      <li>      <a href="../../oak_api/overview.html"  title="Oak API">Oak API</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Features and Plugins <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../features/atomic-counter.html"  title="Atomic Counter">Atomic Counter</a>
+</li>
+                  
+                      <li>      <a href="../../plugins/blobstore.html"  title="Blob Storage">Blob Storage</a>
+</li>
+                  
+                      <li>      <a href="../../clustering.html"  title="Clustering">Clustering</a>
+</li>
+                  
+                      <li>      <a href="../../nodestore/documentmk.html"  title="DocumentNodeStore">DocumentNodeStore</a>
+</li>
+                  
+                      <li>      <a href="../../nodestore/overview.html"  title="Node Storage">Node Storage</a>
+</li>
+                  
+                      <li>      <a href="../../nodestore/persistent-cache.html"  title="Persistent Cache">Persistent Cache</a>
+</li>
+                  
+                      <li>      <a href="../../query/query.html"  title="Query">Query</a>
+</li>
+                  
+                      <li>      <a href="../../security/overview.html"  title="Security">Security</a>
+</li>
+                  
+                      <li>      <a href="../../nodestore/segment/overview.html"  title="Segment Node Store">Segment Node Store</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Using Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../use_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../construct.html"  title="Repository Construction">Repository Construction</a>
+</li>
+                  
+                      <li>      <a href="../../osgi_config.html"  title="Configuring Oak">Configuring Oak</a>
+</li>
+                  
+                      <li>      <a href="../../command_line.html"  title="Command Line Tools">Command Line Tools</a>
+</li>
+                  
+                      <li>      <a href="../../migration.html"  title="Migration">Migration</a>
+</li>
+                  
+                      <li>      <a href="../../differences.html"  title="Differences to Jackrabbit 2">Differences to Jackrabbit 2</a>
+</li>
+                  
+                      <li>      <a href="../../known_issues.html"  title="Known Issues">Known Issues</a>
+</li>
+                  
+                      <li>      <a href="../../dos_and_donts.html"  title="Dos and Don'ts">Dos and Don'ts</a>
+</li>
+                  
+                      <li>      <a href="../../coldstandby/coldstandby.html"  title="Cold Standby">Cold Standby</a>
+</li>
+                  
+                      <li>      <a href="../../FAQ.html"  title="FAQ">FAQ</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Developing Oak <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="../../dev_getting_started.html"  title="Getting Started">Getting Started</a>
+</li>
+                  
+                      <li>      <a href="../../participating.html"  title="Participating">Participating</a>
+</li>
+                  
+                      <li>      <a href="../../developing-with-git.html"  title="Developing with Git">Developing with Git</a>
+</li>
+                  
+                      <li>      <a href="../../diagnostic-builds.html"  title="Cutting diagnostic builds">Cutting diagnostic builds</a>
+</li>
+                  
+                      <li>      <a href="../../attribution.html"  title="Attribution">Attribution</a>
+</li>
+                          </ul>
+      </li>
+                <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links <b class="caret"></b></a>
+        <ul class="dropdown-menu">
+        
+                      <li>      <a href="http://jackrabbit.apache.org/oak"  title="Apache Jackrabbit Oak">Apache Jackrabbit Oak</a>
+</li>
+                  
+                      <li>      <a href="http://jackrabbit.apache.org/"  title="Apache Jackrabbit">Apache Jackrabbit</a>
+</li>
+                          </ul>
+      </li>
+                  </ul>
+          
+          
+          
+                   
+                      </div>
+          
+        </div>
+      </div>
+    </div>
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                <div id="bannerLeft">
+                <h2>Oak Documentation</h2>
+                </div>
+                      </div>
+        <div class="pull-right">  </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2016-02-12</li>
+                  <li class="divider">|</li> <li id="projectVersion">Version: 1.4-SNAPSHOT</li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                                
+      <li>
+    
+                          <a href="../../index.html" title="Jackrabbit Oak">
+          <i class="none"></i>
+        Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../license.html" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../downloads.html" title="Downloads">
+          <i class="none"></i>
+        Downloads</a>
+            </li>
+                              <li class="nav-header">Concepts and Architecture</li>
+                                
+      <li>
+    
+                          <a href="../../architecture/overview.html" title="Overview">
+          <i class="none"></i>
+        Overview</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../architecture/nodestate.html" title="The Node State Model">
+          <i class="none"></i>
+        The Node State Model</a>
+            </li>
+                              <li class="nav-header">Main APIs</li>
+                                
+      <li>
+    
+                          <a href="http://www.day.com/specs/jcr/2.0/index.html" class="externalLink" title="JCR API">
+          <i class="none"></i>
+        JCR API</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../oak_api/overview.html" title="Oak API">
+          <i class="none"></i>
+        Oak API</a>
+            </li>
+                              <li class="nav-header">Features and Plugins</li>
+                                
+      <li>
+    
+                          <a href="../../features/atomic-counter.html" title="Atomic Counter">
+          <i class="none"></i>
+        Atomic Counter</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../plugins/blobstore.html" title="Blob Storage">
+          <i class="none"></i>
+        Blob Storage</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../clustering.html" title="Clustering">
+          <i class="none"></i>
+        Clustering</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestore/documentmk.html" title="DocumentNodeStore">
+          <i class="none"></i>
+        DocumentNodeStore</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestore/overview.html" title="Node Storage">
+          <i class="none"></i>
+        Node Storage</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestore/persistent-cache.html" title="Persistent Cache">
+          <i class="none"></i>
+        Persistent Cache</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../query/query.html" title="Query">
+          <i class="none"></i>
+        Query</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../security/overview.html" title="Security">
+          <i class="none"></i>
+        Security</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../nodestore/segment/overview.html" title="Segment Node Store">
+          <i class="none"></i>
+        Segment Node Store</a>
+            </li>
+                              <li class="nav-header">Using Oak</li>
+                                
+      <li>
+    
+                          <a href="../../use_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../construct.html" title="Repository Construction">
+          <i class="none"></i>
+        Repository Construction</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../osgi_config.html" title="Configuring Oak">
+          <i class="none"></i>
+        Configuring Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../command_line.html" title="Command Line Tools">
+          <i class="none"></i>
+        Command Line Tools</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../migration.html" title="Migration">
+          <i class="none"></i>
+        Migration</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../differences.html" title="Differences to Jackrabbit 2">
+          <i class="none"></i>
+        Differences to Jackrabbit 2</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../known_issues.html" title="Known Issues">
+          <i class="none"></i>
+        Known Issues</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../dos_and_donts.html" title="Dos and Don'ts">
+          <i class="none"></i>
+        Dos and Don'ts</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../coldstandby/coldstandby.html" title="Cold Standby">
+          <i class="none"></i>
+        Cold Standby</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../FAQ.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Developing Oak</li>
+                                
+      <li>
+    
+                          <a href="../../dev_getting_started.html" title="Getting Started">
+          <i class="none"></i>
+        Getting Started</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../participating.html" title="Participating">
+          <i class="none"></i>
+        Participating</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../developing-with-git.html" title="Developing with Git">
+          <i class="none"></i>
+        Developing with Git</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../diagnostic-builds.html" title="Cutting diagnostic builds">
+          <i class="none"></i>
+        Cutting diagnostic builds</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="../../attribution.html" title="Attribution">
+          <i class="none"></i>
+        Attribution</a>
+            </li>
+                              <li class="nav-header">Links</li>
+                                
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/oak" class="externalLink" title="Apache Jackrabbit Oak">
+          <i class="none"></i>
+        Apache Jackrabbit Oak</a>
+            </li>
+                  
+      <li>
+    
+                          <a href="http://jackrabbit.apache.org/" class="externalLink" title="Apache Jackrabbit">
+          <i class="none"></i>
+        Apache Jackrabbit</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr class="divider" />
+
+           <div id="poweredBy">
+                   
+    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
+
+    
+    <div class="g-plusone" data-href="http://jackrabbit.apache.org/oak/docs/" data-size="tall" ></div>
+
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                            <div class="clear"></div>
+                             <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+        <img class="builtBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" />
+      </a>
+                  </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            <!-- Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. --><div class="section">
+<h2>Managing Access with &#x201c;Closed User Groups&#x201d; (CUG)<a name="Managing_Access_with_Closed_User_Groups_CUG"></a></h2>
+<div class="section">
+<h3>General<a name="General"></a></h3>
+<p>The <tt>oak-authorization-cug</tt> module provides a alternative authorization model intended to limit read access to certain paths for a selected, small set of <tt>Principal</tt>s.</p>
+<p>These restricted areas called <tt>CUG</tt> are marked by a dedicated policy type and effectively prevent read-access for anybody not explicitly allowed.</p>
+<p>This implies that the CUG-authorization model solely evaluates and enforces read access to regular nodes and properties. Therefore it may only be used as an additional, complementary authorization scheme while the primary module(s) is/are in charge of enforcing the complete set of permissions including read/write access, repository operations and any kind of special permissions like reading and writing access control content. See section <a href="composite.html">Combining Multiple Authorization Models</a> for information aggregating access control management and permission evaluation from different implementations.</p>
+<p>By default the <tt>oak-authorization-cug</tt> model is disabled and it requires manual <a href="#configuration">configuration</a> steps in order to plug it into the Oak security setup.</p>
+<p>Once deployed this authorization configuration can be used in the following two operation modes:</p>
+
+<ol style="list-style-type: decimal">
+  
+<li>Evaluation disabled: Access control management is supported and policies may be applied to the repository without taking effect.</li>
+  
+<li>Evaluation enabled: All policies edited and applied by this module will take effect upon being persisted, i.e. access to items located in a restricted are will be subject to the permission evaluation associated with the authorization model.</li>
+</ol>
+<p><a name="jackrabbit_api"></a></p></div>
+<div class="section">
+<h3>Jackrabbit API<a name="Jackrabbit_API"></a></h3>
+<p>The Jackrabbit API defines an extension of the JCR <a class="externalLink" href="http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/security/AccessControlPolicy.html">AccessControlPolicy</a> interface intended to grant the ability to perform certain actions to a set of <a class="externalLink" href="http://docs.oracle.com/javase/7/docs/api/java/security/Principal.html">Principal</a>s:</p>
+
+<ul>
+  
+<li><tt>PrincipalSetPolicy</tt></li>
+</ul>
+<p>See <a class="externalLink" href="http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/authorization/PrincipalSetPolicy.java">Jackrabbit API</a> for details and the methods exposed by the interface.</p>
+<p><a name="api_extensions"></a></p></div>
+<div class="section">
+<h3>API Extensions<a name="API_Extensions"></a></h3>
+<p>The module comes with the following extension in the <tt>org.apache.jackrabbit.oak.spi.security.authorization.cug</tt> package space:</p>
+
+<ul>
+  
+<li><a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugPolicy.html">CugPolicy</a></li>
+  
+<li><a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.html">CugExclude</a></li>
+</ul>
+<div class="section">
+<div class="section">
+<h5>CugPolicy<a name="CugPolicy"></a></h5>
+<p>The <tt>CugPolicy</tt> interface extends the <tt>PrincipalSetPolicy</tt> and <tt>JackrabbitAccessControlPolicy</tt> interfaces provided by Jackrabbit API. It comes with the following set of methods that allow to read and modify the set of <tt>Principal</tt>s that will be allowed to access the restricted area defined by a given policy instance.</p>
+
+<div class="source">
+<pre>CugPolicy extends PrincipalSetPolicy, JackrabbitAccessControlPolicy
+
+   Set&lt;Principal&gt; getPrincipals();       
+   boolean addPrincipals(@Nonnull Principal... principals) throws AccessControlException;       
+   boolean removePrincipals(@Nonnull Principal... principals) throws AccessControlException;
+</pre></div></div>
+<div class="section">
+<h5>CugExclude<a name="CugExclude"></a></h5>
+<p>The <tt>CugExclude</tt> allows to customize the set of principals excluded from evaluation of the restricted areas. These principals will consequently never be prevented from accessing any of the configured CUGs and read permission evaluation is delegated to any other module present in the setup.</p>
+<p>The feature ships with two implementations out of the box:</p>
+
+<ul>
+  
+<li><tt>CugExclude.Default</tt>: Default implementation that excludes admin, system and system-user principals. It will be used as fallback if no other implementation is configured.</li>
+  
+<li><tt>CugExcludeImpl</tt>: OSGi service extending from the default that additionally allows to excluded principals by their names at runtime.</li>
+</ul>
+<p>See also section <a href="#pluggability">Pluggability</a> below. </p>
+<p><a name="details"></a></p></div></div></div>
+<div class="section">
+<h3>Implementation Details<a name="Implementation_Details"></a></h3>
+<div class="section">
+<h4>Access Control Management<a name="Access_Control_Management"></a></h4>
+<p>The access control management part of the CUG authorization models follows the requirements defined by JSR 283 the extensions defined by Jackrabbit API (see section <a href="../accesscontrol.html">Access Control Management</a> with the following characterstics:</p>
+<div class="section">
+<h5>Supported Privileges<a name="Supported_Privileges"></a></h5>
+<p>This implemenation of the <tt>JackrabbitAccessControlManager</tt> only supports a subset of privileges, namely <tt>jcr:read</tt>, <tt>rep:readProperties</tt>, <tt>rep:readNodes</tt>.</p></div>
+<div class="section">
+<h5>Access Control Policies<a name="Access_Control_Policies"></a></h5>
+<p>Only a single type of access control policies (<tt>CugPolicy</tt>) is exposed and accepted by the access control manager. Once effective each CUG policy creates a restricted area starting at the target node and inherited to the complete subtree defined therein. </p>
+<p>Depending on the value of the mandatory <tt>PARAM_CUG_SUPPORTED_PATHS</tt> <a href="#configuration">configuration</a> option creation (and evaluation) of CUG policies can be limited to certain paths within the repository. Within these supported paths CUGs can be nested. Note however, that the principal set defined with a given <tt>CugPolicy</tt> is not inherited to the nested policies applied in the subtree.</p>
+<p><i>Note:</i> For performance reasons it is recommended to limited the usage of <tt>CugPolicy</tt>s to a couple of subtrees in the repository.</p></div>
+<div class="section">
+<h5>Management by Principal<a name="Management_by_Principal"></a></h5>
+<p>Given the fact that a given CUG policy takes effect for all principals present in the system, access control management by <tt>Principal</tt> is not supported currently. The corresponding Jackrabbit API methods always return an empty policy array.</p></div></div>
+<div class="section">
+<h4>Permission Evaluation<a name="Permission_Evaluation"></a></h4>
+<p>As stated above evaluation of the restricted areas requires the <tt>PARAM_CUG_ENABLED</tt> <a href="#configuration">configuration</a> option to be set to <tt>true</tt>. This switch allows to setup restricted areas in a staging enviroment and only let them take effect in the public facing production instance.</p>
+<p>If permission evaluation is enabled, the <tt>PermissionProvider</tt> implementation associated with the authorization model will prevent read access to all restricted areas defined by a <tt>CugPolicy</tt>. Only <tt>Principal</tt>s explicitly allowed by the policy itself or the globally configured <tt>CugExclude</tt> will be granted read permissions to the affected items in the subtree.</p>
+<p>For example, applying and persisting a new <tt>CugPolicy</tt> at path _/content/restricted/apache<i>foundation</i>, setting the principal names to <i>apache-members</i> and <i>jackrabbit-pmc</i> will prevent read access to the tree defined by this path for all <tt>Subject</tt>s that doesn&#x2019;t match any of the two criteria:</p>
+
+<ul>
+  
+<li>the <tt>Subject</tt> contains<tt>Principal</tt> <i>apache-members</i> and|or <i>jackrabbit-pmc</i> (as defined in the <tt>CugPolicy</tt>)</li>
+  
+<li>the <tt>Subject</tt> contains at least one <tt>Principal</tt> explicitly excluded from CUG evaluation in the configured, global <tt>CugExclude</tt></li>
+</ul>
+<p>This further implies that the <tt>PermissionProvider</tt> will only evaluate regular read permissions (i.e. <tt>READ_NODE</tt> and <tt>READ_PROPERTY</tt>). Evaluation of any other <a href="../permissions.html#oak_permissions">permissions</a> including reading the cug policy node (access control content) is consequently delegated to other authorization modules. In case there was no module dealing with these permissions, access will be denied (see in section <i>Combining Multiple Authorization Models</i> for <a href="composite.html#details">details</a>). </p></div></div>
+<div class="section">
+<h3>Representation in the Repository<a name="Representation_in_the_Repository"></a></h3>
+<p>CUG policies defined by this module in a dedicate node name <tt>rep:cugPolicy</tt> of type <tt>rep:CugPolicy</tt>. This node is defined by a dedicate mixin type <tt>rep:CugMixin</tt> (similar to <tt>rep:AccessControllable</tt>) and has a single mandatory, protected property which stores the name of principals that are granted read access in the restricted area:</p>
+
+<div class="source">
+<pre>[rep:CugMixin]
+  mixin
+  + rep:cugPolicy (rep:CugPolicy) protected IGNORE
+
+[rep:CugPolicy] &gt; rep:Policy
+  - rep:principalNames (STRING) multiple protected mandatory IGNORE
+</pre></div>
+<p><a name="validation"></a></p></div>
+<div class="section">
+<h3>Validation<a name="Validation"></a></h3>
+<p>The consistency of this content structure both on creation and modification is asserted by a dedicated <tt>CugValidatorProvider</tt>. The corresponding error are all of type <tt>AccessControl</tt> with the following codes:</p>
+
+<table border="0" class="table table-striped">
+  <thead>
+    
+<tr class="a">
+      
+<th>Code </th>
+      
+<th>Message </th>
+    </tr>
+  </thead>
+  <tbody>
+    
+<tr class="b">
+      
+<td>0020 </td>
+      
+<td>Attempt to change primary type of/to cug policy </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>0021 </td>
+      
+<td>Wrong primary type of &#x2018;rep:cugPolicy&#x2019; node </td>
+    </tr>
+    
+<tr class="b">
+      
+<td>0022 </td>
+      
+<td>Access controlled not not of mixin &#x2018;rep:CugMixin&#x2019; </td>
+    </tr>
+    
+<tr class="a">
+      
+<td>0023 </td>
+      
+<td>Wrong name of node with primary type &#x2018;rep:CugPolicy&#x2019; </td>
+    </tr>
+  </tbody>
+</table>
+<p><a name="configuration"></a></p></div>
+<div class="section">
+<h3>Configuration<a name="Configuration"></a></h3>
+<p>The CUG authorization extension is an optional feature that requires mandatory configuration: this includes defining the supported paths and enabling the permission evaluation.</p>
+<div class="section">
+<h4>Configuration Parameters<a name="Configuration_Parameters"></a></h4>
+<p>The <tt>org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration</tt> supports the following configuration parameters:</p>
+
+<table border="0" class="table table-striped">
+  <thead>
+    
+<tr class="a">
+      
+<th>Parameter </th>
+      
+<th>Type </th>
+      
+<th>Default </th>
+      
+<th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    
+<tr class="b">
+      
+<td><tt>PARAM_CUG_ENABLED</tt> </td>
+      
+<td>boolean </td>
+      
+<td>false </td>
+      
+<td>Flag to enable evaluation of CUG policies upon read-access. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td><tt>PARAM_CUG_SUPPORTED_PATHS</tt> </td>
+      
+<td>Set&lt;String&gt; </td>
+      
+<td>- </td>
+      
+<td>Paths under which CUGs can be created and will be evaluated. </td>
+    </tr>
+    
+<tr class="b">
+      
+<td><tt>PARAM_RANKING</tt> </td>
+      
+<td>int </td>
+      
+<td>200 </td>
+      
+<td>Ranking within the composite authorization setup. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td> </td>
+      
+<td> </td>
+      
+<td> </td>
+      
+<td> </td>
+    </tr>
+  </tbody>
+</table></div>
+<div class="section">
+<h4>Excluding Principals<a name="Excluding_Principals"></a></h4>
+<p>The CUG authorization setup can be further customized by configuring the <tt>CugExcludeImpl</tt> service with allows to list additional principals that need to be excluded from the evaluation of restricted areas:</p>
+
+<table border="0" class="table table-striped">
+  <thead>
+    
+<tr class="a">
+      
+<th>Parameter </th>
+      
+<th>Type </th>
+      
+<th>Default </th>
+      
+<th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    
+<tr class="b">
+      
+<td><tt>principalNames</tt> </td>
+      
+<td>Set&lt;String&gt; </td>
+      
+<td>- </td>
+      
+<td>Name of principals that are always excluded from CUG evaluation. </td>
+    </tr>
+    
+<tr class="a">
+      
+<td> </td>
+      
+<td> </td>
+      
+<td> </td>
+      
+<td> </td>
+    </tr>
+  </tbody>
+</table>
+<p><i>Note:</i> this is an optional feature to extend the <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.Default.html">default</a> exclusion list. Alternatively, it is possible to plug a custom <tt>CugExclude</tt> implementation matching specific needs (see <a href="#pluggability">below</a>).</p>
+<p><a name="pluggability"></a></p></div></div>
+<div class="section">
+<h3>Pluggability<a name="Pluggability"></a></h3>
+<p>The following section describes how to deploy the CUG authorization model into an Oak repository and how to customize the <tt>CugExclude</tt> extension point.</p>
+<div class="section">
+<h4>Deploy CugConfiguration<a name="Deploy_CugConfiguration"></a></h4>
+<div class="section">
+<h5>OSGi Setup<a name="OSGi_Setup"></a></h5>
+<p>The following steps are required in order to deploy the CUG authorization model in an OSGi-base Oak repository:</p>
+
+<ol style="list-style-type: decimal">
+  
+<li>Deploy the <tt>oak-authorization-cug</tt> bundle</li>
+  
+<li>Activate the <tt>CugConfiguration</tt> <i>(&#x201c;Apache Jackrabbit Oak CUG Configuration&#x201d;)</i> by providing the desired component configuration (<i>ConfigurationPolicy.REQUIRE</i>)</li>
+  
+<li>Find the <tt>SecurityProviderRegistration</tt> <i>(&#x201c;Apache Jackrabbit Oak SecurityProvider&#x201d;)</i> configuration and enter <i><tt>org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration</tt></i> as additional value to the <tt>requiredServicePids</tt> property.</li>
+</ol>
+<p>The third step will enforce the recreation of the <tt>SecurityProvider</tt> and hence trigger the <tt>RepositoryInitializer</tt> provided by the CUG authorization module.</p></div>
+<div class="section">
+<h5>Non-OSGi Setup<a name="Non-OSGi_Setup"></a></h5>
+<p>The following example shows a simplified setup that contains the <tt>CugConfiguration</tt> as additional authorization model (second position in the aggregation). See also unit tests for an alternative approach.</p>
+
+<div class="source">
+<pre> // setup CugConfiguration
+ ConfigurationParameters params = ConfigurationParameters.of(AuthorizationConfiguration.NAME,
+         ConfigurationParameters.of(ConfigurationParameters.of(
+                 CugConstants.PARAM_CUG_SUPPORTED_PATHS, &quot;/content&quot;,
+                 CugConstants.PARAM_CUG_ENABLED, true)));
+ CugConfiguration cug = new CugConfiguration();
+ cug.setParameters(params);
+
+ // bind it to the security provider (simplified =&gt; subclassing required due to protected access)
+ SecurityProviderImpl securityProvider = new SecurityProviderImpl();
+ securityProvider.bindAuthorizationConfiguration(cug);
+
+ // create the Oak repository (alternatively: create the JCR repository)
+ Oak oak = new Oak()
+         .with(new InitialContent())
+         // TODO: add all required editors
+         .with(securityProvider);
+         withEditors(oak);     
+ ContentRepository contentRepository = oak.createContentRepository();     
+</pre></div></div></div>
+<div class="section">
+<h4>Customize CugExclude<a name="Customize_CugExclude"></a></h4>
+<p>The following steps are required in order to customize the <tt>CugExclude</tt> implementation in a OSGi-based repository setup. Ultimately the implementation needs to be referenced in the <tt>org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration</tt>.</p>
+
+<ol style="list-style-type: decimal">
+  
+<li>implement <tt>CugExclude</tt> interface according to you needs,</li>
+  
+<li>make your implementation an OSGi service</li>
+  
+<li>deploy the bundle containing your implementation in the OSGi container and activate the service.</li>
+</ol>
+<div class="section">
+<div class="section">
+<h6>Example<a name="Example"></a></h6>
+
+<div class="source">
+<pre>@Component()
+@Service(CugExclude.class)
+public class MyCugExclude implements CugExclude {
+
+    private static final Principal PRINCIPAL_APACHE_MEMBERS = new PrincipalImpl(&quot;apache-members&quot;);
+    private static final Principal PRINCIPAL_JACKRABBIT_PMC = new PrincipalImpl(&quot;jackrabbit_pmc&quot;);
+
+    public MyCugExclude() {}
+
+    //-----------------------------------------------------&lt; CugExclude &gt;---
+    @Override
+    public boolean isExcluded(@Nonnull Set&lt;Principal&gt; principals) {
+        return principals.contains(PRINCIPAL_APACHE_MEMBERS) || principals.contains(PRINCIPAL_JACKRABBIT_PMC);
+    }
+
+    //------------------------------------------------&lt; SCR Integration &gt;---
+    @Activate
+    private void activate(Map&lt;String, Object&gt; properties) {
+    }
+}
+</pre></div>
+<!-- hidden references --></div></div></div></div></div>
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+              <div class="row span12">Copyright &copy;                    2012-2016
+                        <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+            All Rights Reserved.      
+                    
+      </div>
+
+        
+        
+          
+    
+    
+                
+    <div id="ohloh" class="pull-right">
+      <script type="text/javascript" src="http://www.ohloh.net/p/jackrabbit-oak/widgets/project_thin_badge.js"></script>
+    </div>
+        </div>
+    </footer>
+  </body>
+</html>
\ No newline at end of file

Propchange: jackrabbit/site/live/oak/docs/security/authorization/cug.html
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message