JCR itself doesn’t come with a dedicated user management API. The only method related and ultimately used for user management tasks is Session.getUserID(). Therefore an API for user and group management has been defined as part of the extensions present with Jackrabbit API.
The Jackrabbit API provides the user management related extensions that are missing in JCR. The relevant interfaces are defined in the `org.apache.jackrabbit.api.security.user’ package space:
The Oak project introduces the following user management related public interfaces and classes:
org.apache.jackrabbit.oak.spi.security.user.*
org.apache.jackrabbit.oak.spi.security.user.util.*
The behavior of the default user management implementation is described in section User Management: The Default Implementation.
The Oak user management comes with a dedicated entry point called UserConfiguration. This class is responsible for passing configuration options to the implementation and provides the following two methods:
The supported configuration options of the default implementation are described in the corresponding section.
The default security setup as present with Oak 1.0 is able to have the default user management implementation replaced as follows:
The complete user management implementation can be changed by plugging a different UserConfiguration implementations. In OSGi-base setup this is achieved by making the configuration a service which must take precedence over the default. In a non-OSGi-base setup the custom configuration must be exposed by the SecurityProvider implementation.
Alternatively the default user management implementation can be extended and adjusted using various means. See the corresponding section for further details.