Package org.apache.jackrabbit.oak.spi.security.authorization.permission

Interface PermissionConstants

  • public interface PermissionConstants
    Implementation specific constants related to permission evaluation.
    Since:
    OAK 1.0

    • Field Detail

      • PERMISSION_NODETYPE_NAMES

        static final Set<String> PERMISSION_NODETYPE_NAMES

      • PERMISSION_NODE_NAMES

        static final Set<String> PERMISSION_NODE_NAMES

      • PERMISSION_PROPERTY_NAMES

        static final Set<String> PERMISSION_PROPERTY_NAMES

      • PARAM_PERMISSIONS_JR2

        static final String PARAM_PERMISSIONS_JR2
        Configuration parameter to enforce backwards compatible permission validation with respect to user management and node removal:
        • User Management: As of OAK 1.0 creation/removal of user and groups as well as modification of user/group specific protected properties requires USER_MANAGEMENT permissions while in Jackrabbit 2.0 they were covered by regular item write permissions.
        • Removing Nodes: As of OAK 1.0 removing a node will succeed if the removal is granted on that specific node irrespective of the permission granted or denied within the subtree. This contrasts to JR 2.0 where removal of a node only succeeded if all child items (nodes and properties) could be removed.
        In order to enforce backwards compatible behavior of the listed permissions above the access control configuration setup needs to contain the #PARAM_PERMISSIONS_JR2 configuration parameter whose value is expected to be a comma separated string of permission names for which backwards compatible behavior should be turned on.

        Currently the following values are respected:

        • "USER_MANAGEMENT" : to avoid enforcing Permissions.USER_MANAGEMENT permission.
        • "REMOVE_NODE" : to enforce permission checks for all items located in the subtree in case of removal.
        Since:
        OAK 1.0
        See Also:
        Constant Field Values

      • VALUE_PERMISSIONS_JR2

        static final String VALUE_PERMISSIONS_JR2
        Value of the PARAM_PERMISSIONS_JR2 configuration parameter that contains all value entries.

      • PARAM_ADMINISTRATIVE_PRINCIPALS

        static final String PARAM_ADMINISTRATIVE_PRINCIPALS
        Configuration parameter specifying additional principals that should be treated as 'administrator' thus get granted full permissions on the complete repository content.
        Since:
        OAK 1.0
        See Also:
        Constant Field Values

      • PARAM_READ_PATHS

        static final String PARAM_READ_PATHS
        Configuration parameter to enable full read access to regular nodes and properties at the specified paths.
        Since:
        OAK 1.0
        See Also:
        Constant Field Values

      • DEFAULT_READ_PATHS

        static final Set<String> DEFAULT_READ_PATHS
        Default value for the PARAM_READ_PATHS configuration parameter.
        Since:
        OAK 1.0