Package org.apache.jackrabbit.oak.spi.security.principal

Interface PrincipalConfiguration

All Superinterfaces:

SecurityConfiguration

All Known Implementing Classes:

CompositePrincipalConfiguration

public interface PrincipalConfiguration
extends SecurityConfiguration

Configuration interface for principal management.

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration

SecurityConfiguration.Default

Field Summary

Fields

Modifier and Type	Field	Description
static final String	NAME

Method Summary

Modifier and Type	Method	Description
@NotNull org.apache.jackrabbit.api.security.principal.PrincipalManager	getPrincipalManager(org.apache.jackrabbit.oak.api.Root root, org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)	Returns an instance of PrincipalManager that can be used to query and retrieve principals such as needed for JCR access control management.
@NotNull PrincipalProvider	getPrincipalProvider(org.apache.jackrabbit.oak.api.Root root, org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)	Returns an instance of the OAK PrincipalProvider.

Methods inherited from interface org.apache.jackrabbit.oak.spi.security.SecurityConfiguration

getCommitHooks, getConflictHandlers, getContext, getMonitors, getName, getParameters, getProtectedItemImporters, getRepositoryInitializer, getValidators, getWorkspaceInitializer

Field Details

NAME

static final String NAME

See Also:

• Constant Field Values

Method Details

getPrincipalManager

@NotNull
@NotNull org.apache.jackrabbit.api.security.principal.PrincipalManager getPrincipalManager(org.apache.jackrabbit.oak.api.Root root,
 org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)

Returns an instance of PrincipalManager that can be used to query and retrieve principals such as needed for JCR access control management.

Parameters:

root - The target root.

namePathMapper - The NamePathMapper to be used.

Returns:

An instance of PrincipalManager.

See Also:

• JackrabbitSession.getPrincipalManager()

getPrincipalProvider

@NotNull
@NotNull PrincipalProvider getPrincipalProvider(org.apache.jackrabbit.oak.api.Root root,
 org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)

Returns an instance of the OAK PrincipalProvider.

Backwards compatibility with Jackrabbit 2.x

Configuration of Principal Providers

In Jackrabbit 2.x the configuration of principal providers was tied to the LoginModule configuration and thus mixing authentication concerns with the principal management. Since OAK makes the PrincipalProvider a public interface of the SPI, it's configuration goes along with the configuration of the JCR level PrincipalManager. The authentication setup may have access to the principal configuration if the SecurityProvider is made available in the AuthenticationConfiguration.

Multiple Sources for Principals

In Jackrabbit 2.x it was possible to configure multiple principal providers. As of OAK there is only one single principal provider implementation responsible for a given configuration. If principals originate from different sources it is recommended to define a separate PrincipalConfiguration for each source.

Parameters:

root - The target Root.

namePathMapper - The NamePathMapper to be used.

Returns:

An instance of PrincipalProvider.