I understand that UserManager related work is currently in progress and
hence might not be stable. However to continue my work around usage of Oak
in Sling I had to do some temporary workaround. Below are the details of
the changes done in current implementation
1. Creation of default system users - In JR2 the system users are created
by repository itself as part of
o.a.j.core.DefaultSecurityManager#createSystemUsers. I was not able to find
any such support in current implementation. So I had to create admin user
from outside. I am doing it in the bundle which registers the repository
with OSGi
2. Constraints on path under which users and groups are created - Current
logic (o.a.j.oak.security.user.UserValidator) restricts the user creation
under /rep:security/rep:authorizables/rep:users path only. This path is
possibly configurable as part of UserManagerConfig but currently its not
possible to specify them. Due to this I am not able to import platform
content packages which has user's under /home/users path. As a workaround I
would try to modify the constants in
o.a.j.oak.spi.security.user.UserConstants
Any better way for the same?
3. Issues in current user creation logic - I had to do some changes in user
creation logic in UserProviderImpl
- o.a.j.oak.security.user.UserProviderImpl#isAuthorizableTree - Should
check for tree being null
- o.a.j.oak.security.user.UserProviderImpl#createFolderNodes - The
root.getTree("") should use root.getTree("/").
- o.a.j.oak.spi.security.user.UserConstants - User and Group paths have to
start with '/'
Given its a wip I have not created issues for them. Let me know if issues
should be created for them.
Chetan Mehrotra
