Hi,
Since work on Oak is progressing fast and the team is growing it get
harder to follow everyone else work. Jukka and I came up with the idea
of a newsletter summarising what has been going on in the project for
the last week or so. So expect to see such updates roughly about once a
week. Also expect me to ask you to provide a short summary of your work
to be included in these updates. Finally feel free to comment, correct,
discuss everything brought up in this newsletter.
Michael
Security
--------
- The JAAS Subject.doAs() mechanism is now used to pass the subject of
the logged in user and its associated principals down to the permissions
validator. There is also a mechanism to pass in additional principals
for code which needs different privileges. This is still work in
progress and needs further review. The current implementation however
unblocked the work on loading initial content.
- To get JAAS authentication working within an OSGi environment we
implemented a workaround using the thread context class loader. The
underlying problem however is that there is no good JAAS support for
OSGi. See Jukka's recent blog post
(http://blogs.adobe.com/jzitting/jaas-authentication-and-osgi/) for the
current state of the art (note also the comments and pointers) on how to
improve the situation.
Implementing at least a simple version of the solution presented by
Stefan Vladov
(http://www.slideshare.net/mfrancis/common-security-services-consolidation-patterns-for-legacy-components-stefan-vladov)
shouldn’t take more than a week or two of effort. Once we have something
like that, we’ll have proper pluggable login module support with OSGi in
Oak.
See also:
- OAK-256: JAAS Authentication failing in OSGi env due to classloading
issue (https://issues.apache.org/jira/browse/OAK-256)
- OAK-50: Implement User Management
(https://issues.apache.org/jira/browse/OAK-50)
Query
-----
- There is now an index manager for managing existing query indexes.
While this is still work in progress, it already allows existing indexes
to play together. As a next step the index manager should be integrated
with the content repository such that configuration changes can be made
through content.
- We now run most of the Jackrabbit 2 query tests against Oak.
- Improved support for XPath queries by a better translation from XPath
to SQL2.
See also:
- OAK-28: Query implementation
(https://issues.apache.org/jira/browse/OAK-28)
- OAK-237: Run Jackrabbit query tests
(https://issues.apache.org/jira/browse/OAK-237)
- OAK-269: Query: IndexManager to manage existing indexes
(https://issues.apache.org/jira/browse/OAK-269)
Node types
----------
- There is some initial work on validating node types on commit: the
node type manager has been refactored to make it reusable for node type
validation and the built in node types are now registered on repository
start up (when the first session is acquired, that is). The basic parts
are in place but actual validation is still largely missing.
See also:
- OAK-66: JCR Node Type Management
(https://issues.apache.org/jira/browse/OAK-66)
Miscellaneous
-------------
- The commit editor was renamed to commit hook. This was done to better
reflect its actual usages which - apart from editing commits - also
includes validating commits.
See also:
- OAK-285: Split CommitEditor into CommitEditor and Validator interfaces
(https://issues.apache.org/jira/browse/OAK-285)
