Author: angela Date: Mon Apr 9 12:05:57 2018 New Revision: 1828706 URL: http://svn.apache.org/viewvc?rev=1828706&view=rev Log: OAK-5122 : Exercise for Custom Authorization Models (wip)
Modified: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java Modified: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java?rev=1828706&r1=1828705&r2=1828706&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java (original) +++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java Mon Apr 9 12:05:57 2018 @@ -32,7 +32,7 @@ import org.apache.jackrabbit.oak.spi.sec * * Goal: * Get a basic understanding how authorization is organized in Oak and become - * familiar with distiction between access control management and permission + * familiar with distinction between access control management and permission * evaluation. * * Exercises: Modified: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java?rev=1828706&r1=1828705&r2=1828706&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java (original) +++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java Mon Apr 9 12:05:57 2018 @@ -31,7 +31,44 @@ package org.apache.jackrabbit.oak.exerci * Note, that this section only focuses on OSGi-based Oak setup scenarios. * * Exercises: - * TODO + * + * - Deploy Bundle + * Take a bundle that provides you with another implementation of AuthorizationConfiguration + * and deploy it with your OSGi based Oak setup. + * + * Hint: Oak comes with 2 additional authorization models, which you can use + * > Closed User Groups in oak-authorization-cug (see also http://jackrabbit.apache.org/oak/docs/security/authorization/cug.html) + * > Read Only in oak-exercise + * + * Questions: + * > Can you identify the OSGi components that come with the model? + * > Does your model require any mandatory configuration in order to be functional? + * + * - Adjust Configuration of 'Apache Jackrabbit Oak SecurityProvider' + * In a second step you should adjust the configuration of the SecurityProvider + * in order to make sure the additional AuthorizationConfiguration is properly + * wired with the security setup. + * + * > Add the addition configuration to the list of required service IDs (see also http://jackrabbit.apache.org/oak/docs/security/introduction.html) + * > Check the value of 'Authorization Composition Type'. + * > Observe the log INFOs to verify the SecurityProvider is properly registered + * > Inspect the references to 'authorizationConfiguration' in org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration + * and verify that the extra module shows up there. + * + * - Verify Access Control Management and Permission Evaluation + * Before moving on think about your expectations wrt result of the aggregation + * both in terms of access control management and permission evaluation. + * + * + * Advanced Exercises: + * ----------------------------------------------------------------------------- + * + * - Play with the configuration option 'Authorization Composition Type'. + * + * Questions: + * > Would it be an option to use "OR" as the composition type with the setup you chose? + * > What would be the result if this was a valid option? + * > If it wasn't an option, explain why. Think about a scenario where it was valid. * * </pre> */