Author: angela
Date: Mon Apr 9 12:05:57 2018
New Revision: 1828706
URL: http://svn.apache.org/viewvc?rev=1828706&view=rev
Log:
OAK-5122 : Exercise for Custom Authorization Models (wip)
Modified:
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java
Modified:
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java?rev=1828706&r1=1828705&r2=1828706&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java
(original)
+++
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/IntroductionTest.java
Mon Apr 9 12:05:57 2018
@@ -32,7 +32,7 @@ import org.apache.jackrabbit.oak.spi.sec
*
* Goal:
* Get a basic understanding how authorization is organized in Oak and become
- * familiar with distiction between access control management and permission
+ * familiar with distinction between access control management and permission
* evaluation.
*
* Exercises:
Modified:
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java?rev=1828706&r1=1828705&r2=1828706&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java
(original)
+++
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java
Mon Apr 9 12:05:57 2018
@@ -31,7 +31,44 @@ package org.apache.jackrabbit.oak.exerci
* Note, that this section only focuses on OSGi-based Oak setup scenarios.
*
* Exercises:
- * TODO
+ *
+ * - Deploy Bundle
+ * Take a bundle that provides you with another implementation of
AuthorizationConfiguration
+ * and deploy it with your OSGi based Oak setup.
+ *
+ * Hint: Oak comes with 2 additional authorization models, which you can use
+ * > Closed User Groups in oak-authorization-cug (see also
http://jackrabbit.apache.org/oak/docs/security/authorization/cug.html)
+ * > Read Only in oak-exercise
+ *
+ * Questions:
+ * > Can you identify the OSGi components that come with the model?
+ * > Does your model require any mandatory configuration in order to be
functional?
+ *
+ * - Adjust Configuration of 'Apache Jackrabbit Oak SecurityProvider'
+ * In a second step you should adjust the configuration of the
SecurityProvider
+ * in order to make sure the additional AuthorizationConfiguration is
properly
+ * wired with the security setup.
+ *
+ * > Add the addition configuration to the list of required service IDs (see
also http://jackrabbit.apache.org/oak/docs/security/introduction.html)
+ * > Check the value of 'Authorization Composition Type'.
+ * > Observe the log INFOs to verify the SecurityProvider is properly
registered
+ * > Inspect the references to 'authorizationConfiguration' in
org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration
+ * and verify that the extra module shows up there.
+ *
+ * - Verify Access Control Management and Permission Evaluation
+ * Before moving on think about your expectations wrt result of the
aggregation
+ * both in terms of access control management and permission evaluation.
+ *
+ *
+ * Advanced Exercises:
+ *
-----------------------------------------------------------------------------
+ *
+ * - Play with the configuration option 'Authorization Composition Type'.
+ *
+ * Questions:
+ * > Would it be an option to use "OR" as the composition type with the
setup you chose?
+ * > What would be the result if this was a valid option?
+ * > If it wasn't an option, explain why. Think about a scenario where it
was valid.
*
* </pre>
*/
