All Classes and Interfaces
Class
Description
Abstract base implementation of the
JackrabbitAccessControlList
interface.Default implementation of the
JackrabbitAccessControlManager interface.Abstract implementation of the
AuthorizableAction interface that
doesn't perform any action.Abstract implementation of the
GroupAction interface that
doesn't perform any action.Abstract implementation of the
LoginModule interface that can act
as base class for login modules that aim to authenticate subjects against
information stored in the content repository.The
AccessControlAction allows to setup permissions upon creation
of a new authorizable; namely the privileges the new authorizable should be
granted on it's own 'home directory' being represented by the new node
associated with that new authorizable.Constants for the default access control management implementation and
and for built-in access control related node types.
Default implementation of the
JackrabbitAccessControlEntry interface.Principal used to mark an administrator.
Extension of the
PermissionProvider interface that allows it to be
used in combination with other provider implementations.Marker interface intended to extend a
RestrictionProvider to make it aware of it's aggregated
nature in a composite when it comes to evaluate the validity of restrictions.The
Authentication interface defines methods to validate
Credentials during the
login step of the
authentication process.Interface for the authentication setup.
Default implementation of the AuthInfo interface.
The
AuthorizableAction interface provide an implementation
specific way to execute additional validation or write tasks upon
User creation,
Group creation,
Authorizable removal and
User password modification.AuthorizableActionProvider is used to provide AuthorizableActions
for each instance of UserManager.The
AuthorizableNodeName is in charge of generating a valid node
name from a given authorizable ID.Default implementation of the
AuthorizableNodeName interface
that uses the specified authorizable identifier as node name
escaping
any illegal JCR chars.The different authorizable types.
Configuration for access control management and permission evaluation.
Constants for persisted user management related caches.
Interface for reading the membership information of a given authorizable and store the result in a cache.
Responsible for providing the set of principals for a given user.
Factory for creating
Principal instances based on the principal name.Authorizable action attempting to clear all group membership before removing
the specified authorizable.
Aggregates a collection of
AuthorizableActionProviders into a single
provider.Abstract base implementation for
SecurityConfigurations that can
combine different implementations.Composite implementation of the
CredentialsSupport
interface that handles multiple providers.Aggregates of a list of
RestrictionPatterns into a single pattern.PrincipalConfiguration that combines different principal provider
implementations that share a common principal manager implementation.PrincipalProvider implementation that aggregates a list of principal
providers into a single.Aggregates of a collection of
RestrictionProvider implementations
into a single provider.TokenConfiguration that combines different token provider implementations.Aggregates a collection of
TokenProviders into a single
provider.Abstract base implementation for the various security configurations.
ConfigurationParameters is a convenience class that allows typed access to configuration properties.
Helper class for configuration parameters that denote a "duration", such
as a timeout or expiration time.
Utility to create
Configurations for built-in LoginModule implementations.Context represents item related information in relation to a
dedicated SecurityConfiguration.Default implementation of the
Context interface that always returns
false.Callback implementation to retrieve
Credentials.Simple helper interface that allows to easily plug support for additional or
custom
Credentials implementations during authentication.Default implementation of the
AuthorizableActionProvider interface
that allows to config all actions provided by the OAK.Permission provider implementation that does not grant any permissions.
Implementation of the
PrincipalProvider interface that never
returns any principals.Built-in principal group that has every other principal as member.
The
GroupAction interface allows for implementations to be informed about and react to the following
changes to a Group's members:
GroupAction.onMemberAdded(Group, Authorizable, Root, NamePathMapper)
GroupAction.onMembersAdded(Group, Iterable, Iterable, Root, NamePathMapper)
GroupAction.onMembersAddedContentId(Group, Iterable, Iterable, Root, NamePathMapper)
GroupAction.onMemberRemoved(Group, Authorizable, Root, NamePathMapper)
GroupAction.onMembersRemoved(Group, Iterable, Iterable, Root, NamePathMapper)
Helper class to deal with the migration between the 2 types of groups
The
GuestLoginModule is intended to provide backwards compatibility
with the login handling present in the JCR reference implementation located
in jackrabbit-core.An implementation of the
JackrabbitAccessControlList interface that only
allows for reading.Default implementation of the
PrivilegeDefinition interface.Implementation of the JCR
Credentials interface used to distinguish
a regular login request from Session.impersonate(javax.jcr.Credentials).Utility class defining specific, configurable import behavior.
Content importer.
Bridge class that connects the JAAS
LoginContext class with the
LoginContext interface used by Oak.Interface version of the JAAS
LoginContext
class.Configurable provider taking care of building login contexts for
the desired authentication mechanism.
Deprecated.
Since Oak 1.40.0.
Deprecated.
Since Oak 1.38.0 in favor of
SecurityConfiguration.getMonitors(StatisticsProvider)Information about a node being imported.
This implementation of the authentication configuration provides login
contexts that accept any credentials and doesn't validate specified
workspace name.
This class implements an
AuthorizationConfiguration which grants
full access to any Subject.Permission provider implementation that grants full access everywhere.
Rudimentary
SecurityProvider implementation that allow every subject
to authenticate and grants it full access everywhere.PasswordChangeAction asserts that the upon
PasswordChangeAction.onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, org.apache.jackrabbit.oak.api.Root, org.apache.jackrabbit.oak.namepath.NamePathMapper)
a different, non-null password is specified.Utility to generate and compare password hashes.
PasswordValidationAction provides a simple password validation
mechanism with the following configurable option:
constraint: a regular expression that can be compiled
to a Pattern defining validation rules for a password.Interface indicating that a given object (like e.g.
Implementation specific constants related to permission evaluation.
Main entry point for permission evaluation in Oak.
Provides constants for permissions used in the OAK access evaluation as well
as permission related utility methods.
Interface to improve pluggability of the
AccessControlManager,
namely the interaction of multiple managers within a
single repository.LoginContext for pre-authenticated subjects that don't require further
validation nor additional login/logout steps.
PreAuthenticatedLogin is used as marker in the shared map of the login context.Configuration interface for principal management.
Default implementation of the
JackrabbitPrincipal interface.Principal specific
RangeIteratorAdapter implementing the
PrincipalIterator interface.Default implementation of the
PrincipalManager interface.The
PrincipalProvider defines methods to provide access to sources
of Principals.Callback implementation used to pass a
PrincipalProvider to the
login module.Extension for the
PrincipalManager that offers range search.Internal representation of JCR privileges.
Allows to obtain the internal
representation of privileges (or their names) and to covert the
internal representation back to privilege names.Interface for the privilege management configuration.
Internal name constants used for the privilege management.
The
PrivilegeDefinition interface defines the characteristics of
a JCR Privilege.Privilege management related utility methods.
Information about a property being imported.
Hint indicating whether the property is multi- or single-value
Base interface for
ProtectedNodeImporter and ProtectedPropertyImporter.ProtectedNodeImporter provides means to import protected
Nodes and the subtree defined below such nodes.ProtectedPropertyImporter is in charge of importing single
properties with a protected PropertyDefinition.Marker interface to indicate if a
Tree or Root
can only be read (write operations not implemented).Helper class used to keep track of uuid mappings (e.g.
Holds the names of well-known registration properties for security-related components
Callback implementation used to access the repository.
The
RepositoryPermission allows to evaluate permissions that have
been defined on the repository level and which consequently are not bound
to a particular item.A
Restriction object represents a "live" restriction object that
has been created using the Jackrabbit specific extensions of the
AccessControlEntry interface.The
RestrictionDefinition interface provides methods for
discovering the static definition of any additional policy-internal refinements
of the access control definitions.Default implementation of the
RestrictionDefinition interface.RestrictionImplInterface used to verify if a given
restriction applies to a given
item or path.Interface to manage the supported restrictions present with a given access
control and permission management implementation.
Base interface for all security related configurations.
Default implementation that provides empty initializers, validators,
commit hooks and parameters.
Main entry point for security related plugins to an Oak repository.
Callback implementation to set and get the
SecurityProvider.Implementation of the
CredentialsSupport
interface that handles SimpleCredentials.Principal to mark an system internal subject.
Internal utility providing access to a system internal subject instance.
Principal used to mark a system user.
TextValue represents a serialized property value read
from a System or Document View XML document.Configuration for token management.
Subclass of
CredentialException indicating that the token credentials used for repository login have expired.The
TokenInfo provides data associated with a login token and
basic methods to verify the validity of token credentials at given
point in time.Interface to manage create and manage login tokens.
Callback implementation to set and retrieve a login token provider.
Oak internal utility interface to avoid repeated retrieval of an underlying
Tree.TreeContext represents item related information in relation to a
dedicated module.A
TreeLocation denotes a location inside a tree.The
TreePermission allow to evaluate permissions defined for a given
Tree and it's properties.Allows to distinguish different types of trees based on their name, ancestry
or primary type.
Utility providing common operations for the
Tree that are not provided
by the API.The
UserAction interface allows for implementations to be informed
about and react to the following changes to a User:
UserAction.onDisable(User, String, Root, NamePathMapper)
Provides a user management specific implementation of the
Authentication
interface to those LoginModules that verify
a given authentication request by evaluation information exposed by the
Jackrabbit user management API.Configuration interface for user management.
User management related constants.
Credentials implementation that only contains a
userId but no password.Callback implementation used to pass a
UserManager to the
login module.Utility methods for user management.
Callback implementation to set and retrieve the
Whiteboard.