Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-8602

Add support for PrincipalAccessControlList and ac-management by principal

    XMLWordPrintableJSON

Details

    Description

      with JCR-4429 comes a new type of JackrabbitAccessControlList that allows to provide native support for access control management by principal as defined by org.apache.jackrabbit.api.security.JackrabbitAccessControlManager.

      now that there exists a new authorization model in Oak (OAK-8190) that implements these extensions, it would be desirable if the repo-init would cover access control management by principal.

      note: while the original aim of OAK-8190 was to store permissions for system users (aka service users) separately, the implementation in oak-authorization-principalbased is not limited to system users and doesn't mandate the policies to be stored with a user node. the location of the access controlled node is an implementation detail that can be changed. see Jackrabbit API and http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html for additional details.

      Attachments

        1. SLING-8602-jcr.patch
          29 kB
          Angela Schreiber
        2. SLING-8602-jcr-2.patch
          26 kB
          Angela Schreiber
        3. SLING-8602-parser.patch
          13 kB
          Angela Schreiber
        4. SLING-8602-parser-2.patch
          11 kB
          Angela Schreiber

        Issue Links

          blocks

          Task - A task that needs to be done. SLING-8722 Documentation for SLING-8602 and SLING-8619

          • Major - Major loss of function.
          • Resolved
          is blocked by

          Improvement - An improvement or enhancement to an existing feature or task. SLING-8619 RepoInitGrammer: Add repository-level marker to pathsList

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. SLING-8625 org.apache.sling.testing.sling-mock-oak : update oak version to 1.16.0, jackrabbit version to 2.18.2

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. SLING-8627 Update sling-jcr-repoinit to Oak 1.16.0 and Jackrabbit 2.18.2

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. SLING-8617 GeneralAclTest: test session should be refreshed to reflect latest changes

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. SLING-8604 AclUtil.setAcl: invalid assumptions regarding principal lookup

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SLING-8605 AclUtil.createLocalRestrictions should use JackrabbitAccessControlList.isMultiValueRestriction(String)

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SLING-8621 TestUtil.cleanup causes in WARNing due to SlingContext Rule

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              rombert Robert Munteanu
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: