Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-8602

Add support for PrincipalAccessControlList and ac-management by principal

    XMLWordPrintableJSON

    Details

      Description

      with JCR-4429 comes a new type of JackrabbitAccessControlList that allows to provide native support for access control management by principal as defined by org.apache.jackrabbit.api.security.JackrabbitAccessControlManager.

      now that there exists a new authorization model in Oak (OAK-8190) that implements these extensions, it would be desirable if the repo-init would cover access control management by principal.

      note: while the original aim of OAK-8190 was to store permissions for system users (aka service users) separately, the implementation in oak-authorization-principalbased is not limited to system users and doesn't mandate the policies to be stored with a user node. the location of the access controlled node is an implementation detail that can be changed. see Jackrabbit API and http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html for additional details.

        Attachments

        1. SLING-8602-parser.patch
          13 kB
          Angela Schreiber
        2. SLING-8602-jcr.patch
          29 kB
          Angela Schreiber
        3. SLING-8602-parser-2.patch
          11 kB
          Angela Schreiber
        4. SLING-8602-jcr-2.patch
          26 kB
          Angela Schreiber

          Issue Links

            Activity

              People

              • Assignee:
                rombert Robert Munteanu
                Reporter:
                angela Angela Schreiber
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: