svn commit: r1771105 - /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md

Thu, 24 Nov 2016 02:14:45 -0800 

Author: angela
Date: Thu Nov 24 10:14:04 2016
New Revision: 1771105

URL: http://svn.apache.org/viewvc?rev=1771105&view=rev
Log:
minor improvement: security documentation

Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md

Modified: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md?rev=1771105&r1=1771104&r2=1771105&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md 
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/default.md Thu 
Nov 24 10:14:04 2016
@@ -88,9 +88,11 @@ group membership related methods. See al
 #### Reading Authorizables
 
 ##### Handling of the Authorizable ID
-* As of Oak the node type definition of `rep:Authorizable` defines a new 
property `rep:authorizableId` which is intended to store the ID of a user or 
group.
+* As of Oak 1.0 the node type definition of `rep:Authorizable` defines a new 
property `rep:authorizableId` which is intended to store the ID of a user or 
group.
+* This property is protected and system maintained and cannot be changed after 
creation through user management API calls.
 * The default implementation comes with a dedicated property index for 
`rep:authorizableId` which asserts the uniqueness of that ID.
-* `Authorizable#getID` returns the string value contained in 
`rep:authorizableID` and for backwards compatibility falls back on the node 
name in case the ID property is missing.
+* For backwards compatibility with Jackrabbit 2.x the ID specified during 
creation is also reflected in the `jcr:uuid` (protected and mandatory), which 
is used for the lookup. 
+* `Authorizable#getID` returns the string value contained in 
`rep:authorizableID` and for backwards compatibility falls back on the node 
name in case the `rep:authorizableId` property is missing.
 * The name of the authorizable node is generated based on a configurable 
implementation of the `AuthorizableNodeName` interface (see configuration 
section below). By default it uses the ID as name hint and includes a 
conversion to a valid JCR node name.
 
 ##### equals() and hashCode()

Reply via email to