Red Hat Training

A Red Hat training course is available for Red Hat JBoss Data Virtualization

Chapter 14. Security

The hierarchical database delegates all authentication and authorization to the providers with which a repository is configured. The hierarchical database includes a few providers, but it is also possible to create custom authentication and/or authorization providers.
One exception is the access control feature, new in this latest release, that provides a way to use the standard JCR API to define node-level access control lists (ACLs) that augment the normal authorization mechanism. These fine-grained access controls are handled entirely within the hierarchical database, stored within the normal repository content, and built on top of the existing authentication and authorization providers.

14.1. Authentication and Authorization

In order to create a Session , a client application must authenticate their identity by logging in and providing a javax.jcr.Credential . The hierarchical database passes this credential to a series of AuthenticationProvider components. The first provider to accept the credential will result in the hierarchical database authenticating the caller and returning a valid Session .
The authorizing provider, as part of the authentication step, returns an internal SecurityContext that is associated with that session. This SecurityContext is then used to determine whether the session is authorized to read, write, or administer the repository. These are coarse-grained roles that apply to all content; for example, if a session only has the read role, then it can read all repository content but can write or administer no content.
The names of the three roles are readonly, readwrite, and admin.

See Also: