svn commit: r1663559 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown: oak_api/error_codes.md security/accesscontrol/cug.md security/authentication/tokenmanagement.md

Tue, 03 Mar 2015 01:08:28 -0800 

Author: angela
Date: Tue Mar  3 09:07:20 2015
New Revision: 1663559

URL: http://svn.apache.org/r1663559
Log:
OAK-2563 : Cleanup and document security related error codes (user mgt, token 
mgt, cug))

Added:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/cug.md
Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/oak_api/error_codes.md
    
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/oak_api/error_codes.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/oak_api/error_codes.md?rev=1663559&r1=1663558&r2=1663559&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/oak_api/error_codes.md 
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/oak_api/error_codes.md Tue 
Mar  3 09:07:20 2015
@@ -43,6 +43,25 @@ information about the issue. This page i
 | 0025              | Mandatory child node X not included in a new node        
|
 | 0026              | Mandatory child node X can not be removed                
|
 
+#### User Validation
+
+| Code              | Message                                                  
|
+|-------------------|----------------------------------------------------------|
+| 0020              | Admin user cannot be disabled                            
|
+| 0021              | Invalid jcr:uuid for authorizable (creation)             
|
+| 0022              | Changing Id, principal name after creation               
|
+| 0023              | Invalid jcr:uuid for authorizable (mod)                  
|
+| 0024              | Password may not be plain text                           
|
+| 0025              | Attempt to remove id, principalname or pw                
|
+| 0026              | Mandatory property rep:principalName missing             
|
+| 0027              | The admin user cannot be removed                         
|
+| 0028              | Attempt to create outside of configured scope            
|
+| 0029              | Intermediate folders not rep:AuthorizableFolder          
|
+| 0030              | Missing uuid for group (check for cyclic membership)     
|
+| 0031              | Cyclic group membership                                  
|
+| 0032              | Attempt to set password with system user                 
|
+| 0033              | Attempt to add rep:pwd node to a system user             
|
+
 #### Privilege Validation
 
 | Code              | Message                                                  
|
@@ -61,16 +80,30 @@ information about the issue. This page i
 | 0052              | Detected circular aggregation                            
|
 | 0053              | Custom aggregate privilege X is already covered.         
|
 
-#### User Validation
+#### Token Validation
+
+see section [Token Management](../security/authentication/tokenmanagement.html)
 
-_todo_
 
 ### Type Access
 
+#### Access Validation
+_todo_
+
 #### Permission Validation
+_todo_
+
+
+### Type Access Control
+
+#### Default Access Control Validation
 
 _todo_
 
+#### CUG Validation
+
+see section [Closed User Groups](../security/authorization/cug.html)
+
 
 <!-- hidden references -->
 [OAK-764]: https://issues.apache.org/jira/browse/OAK-764
\ No newline at end of file

Added: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/cug.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/cug.md?rev=1663559&view=auto
==============================================================================
--- 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/cug.md 
(added)
+++ 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/accesscontrol/cug.md 
Tue Mar  3 09:07:20 2015
@@ -0,0 +1,72 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+
+Managing Access with Closed User Groups (CUG)
+--------------------------------------------------------------------------------
+
+### General
+
+_todo_
+
+### CUG API
+
+_todo_
+
+### Characteristics of the CUG Implementation
+
+_todo_
+
+#### CUG Representation in the Repository
+
+##### Content Structure
+
+_todo_
+
+##### Validation
+
+The consistency of this content structure both on creation and modification is
+asserted by a dedicated `TokenValidator`. The corresponding error are
+all of type `AccessControl` with the following codes:
+
+| Code              | Message                                                  
|
+|-------------------|----------------------------------------------------------|
+| 0020              | Attempt to change primary type of/to cug policy          
|
+| 0021              | Wrong primary type of 'rep:cugPolicy' node               
|
+| 0022              | Access controlled not not of mixin 'rep:CugMixin'        
|
+
+### Configuration
+
+_todo_
+
+#### Configuration Parameters
+
+_todo_
+
+
+#### Examples
+
+_todo_
+
+### Pluggability
+
+_todo_
+
+##### Examples
+
+_todo_
+
+<!-- references -->
\ No newline at end of file

Modified: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md?rev=1663559&r1=1663558&r2=1663559&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
 (original)
+++ 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
 Tue Mar  3 09:07:20 2015
@@ -176,6 +176,25 @@ definition:
         }
     }
 
+##### Validation
+
+The consistency of this content structure both on creation and modification is
+asserted by a dedicated `TokenValidator`. The corresponding error are
+all of type `Constraint` with the following codes:
+
+| Code              | Message                                                  
|
+|-------------------|----------------------------------------------------------|
+| 0060              | Attempt to create reserved token property in other ctx   
|
+| 0061              | Attempt to change existing token key                     
|
+| 0062              | Change primary type of existing node to rep:Token        
|
+| 0063              | Creation/Manipulation of tokens without using provider   
|
+| 0064              | Create a token outside of configured scope               
|
+| 0065              | Invalid location of token node                           
|
+| 0066              | Invalid token key                                        
|
+| 0067              | Mandatory token expiration missing                       
|
+| 0068              | Invalid location of .tokens node                         
|
+| 0069              | Change type of .tokens parent node                       
|
+
 ### Configuration
 
 The Oak token management comes with it's own [TokenConfiguration] which allows

Reply via email to