Oak 1.0 comes with a extension to the Jackrabbit user management API that allows to change the way how the name of an authorizable node is being generated.
As in Jackrabbit 2.x the target ID is used as name-hint by default. In order to prevent exposing identifier related information in the path of the authorizable node, it it’s desirable to change this default behavior by plugging a different implementation of the AuthorizableNodeName interface.
In the default implementation the corresponding configuration parameter is PARAM_AUTHORIZABLE_NODE_NAME. The default name generator can be replace by installing an OSGi service that implementations the AuthorizableNodeName interface. In a non-OSGi setup the user configuration must be initialized with configuration parameters that provide the custom generator implementation.
The following public interfaces are provided by Oak in the package org.apache.jackrabbit.oak.spi.security.user:
The AuthorizableNodeName interface itself defines single method that allows to generate a valid JCR name for a given authorizable ID.
Oak 1.0 provides the following base implementations:
The default security setup as present with Oak 1.0 can be run with a custom RandomAuthorizableNodeName implementations.
In an OSGi setup the following steps are required in order to add a different implementation:
In an OSGi-based setup it’s sufficient to make the service available to the repository in order to enable this custom node name generator.
@Component @Service(value = {AuthorizableNodeName.class}) /** * Custom implementation of the {@code AuthorizableNodeName} interface * that uses a uuid as authorizable node name. */ final class UUIDNodeName implements AuthorizableNodeName { @Override @Nonnull public String generateNodeName(@Nonnull String authorizableId) { return UUID.randomUUID().toString(); } }
In a non-OSGi setup this custom name generator can be plugged by making it available to the user configuration as follows:
Map<String, Object> userParams = new HashMap<String, Object>(); userParams.put(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, new UUIDNodeName()); ConfigurationParameters config = ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams))); SecurityProvider securityProvider = new SecurityProviderImpl(config)); Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();