sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Munteanu (Jira)" <j...@apache.org>
Subject [jira] [Resolved] (SLING-8602) Add support for PrincipalAccessControlList and ac-management by principal
Date Fri, 20 Sep 2019 09:00:01 GMT

     [ https://issues.apache.org/jira/browse/SLING-8602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Munteanu resolved SLING-8602.
------------------------------------
    Resolution: Fixed

[~angela] - applied your patches in 

* [sling-org-apache-sling-repoinit-parser commit b1797e9|https://github.com/apache/sling-org-apache-sling-repoinit-parser/commit/b1797e9]
* [sling-org-apache-sling-jcr-repoinit commit c26f293|https://github.com/apache/sling-org-apache-sling-jcr-repoinit/commit/c26f293]

By my count this wraps up queue of patches to apply, thank you for your patience.

Regarding the wrong usage on the documentation page, we'd me more than happy to see patches
:-)

> Add support for PrincipalAccessControlList and ac-management by principal
> -------------------------------------------------------------------------
>
>                 Key: SLING-8602
>                 URL: https://issues.apache.org/jira/browse/SLING-8602
>             Project: Sling
>          Issue Type: New Feature
>          Components: Repoinit
>            Reporter: angela
>            Assignee: Robert Munteanu
>            Priority: Major
>              Labels: Sling-12-ReleaseNotes
>             Fix For: Repoinit Parser 1.2.8, Repoinit JCR 1.1.14
>
>         Attachments: SLING-8602-jcr-2.patch, SLING-8602-jcr.patch, SLING-8602-parser-2.patch,
SLING-8602-parser.patch
>
>
> with JCR-4429 comes a new type of {{JackrabbitAccessControlList}} that allows to provide
native support for access control management by principal as defined by {{org.apache.jackrabbit.api.security.JackrabbitAccessControlManager}}.
 
> now that there exists a new authorization model in Oak (OAK-8190) that implements these
extensions, it would be desirable if the repo-init would cover access control management by
principal.
> note: while the original aim of OAK-8190 was to store permissions for system users (aka
service users) separately, the implementation in _oak-authorization-principalbased_ is not
limited to system users and doesn't mandate the policies to be stored with a user node. the
location of the access controlled node is an implementation detail that can be changed. see
Jackrabbit API and http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html
for additional details.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message