The default user management implementation present has the following characteristics that differ from the default behavior in Jackrabbit 2.x
Session#save()
to be persisted.Session#refresh
is no longer called in order to prevent reverting other changes unrelated to the user management operation. Consequently it's the responsibility of the API consumer to specifically revert pending or invalid transient modifications.PARAM_SUPPORT_AUTOSAVE
can be used to obtain backwards compatible behaviorgetAuthorizable
with empty id or null
id/principal will not throw a runtime exception but silently returns null
Object#equals()
and Object#hashCode()
for authorizables differs from Jackrabbit 2.x. It no longer relies on the sameness of the underlaying JCR node but only compares IDs and the user manager instance.rep:authorizableId
property. This value is returned upon Authorizable#getID
. For backwards compatibility it falls back on the node name in case the ID property is missing.AuthorizableNodeName
interface. Default: ID as name hint. See section Authorizable Node Name Generation for details.createGroup(Principal)
will no longer generate a groupID in case the principal name collides with an existing user or group ID. This has been considered redundant as the Jackrabbit API in the mean time added UserManager#createGroup(String groupID)
.The user query is expected to work as in Jackrabbit 2.x with the following notable bug fixes:
QueryBuilder#setScope(String groupID, boolean declaredOnly)
now also works properly for the everyone group (see OAK-949)QueryBuilder#impersonates(String principalName)
works properly for the admin principal which are specially treated in the implementation of the Impersonation
interface (see OAK-1183).UserValidator
during the Root#commit
). With Jackrabbit 2.x core it used to fail immediately.BestEffort
behavior is now also implemented for the import of impersonators (was missing in Jackrabbit /2.x).PARAM_OMIT_ADMIN_PW
config option)PARAM_ANONYMOUS_ID
config option)The former internal interface AuthorizableAction
has been slightly adjusted to match OAK requirements and is now part of the public OAK SPI interfaces.
See the corresponding section for details.
The built-in node types related to user management tasks have been modified as follows.
rep:authorizableId
rep:MemberReferences
which provides the multivalued property rep:members
rep:members
has been deprecated and is no longer usedrep:membersList
The following node type definitions have been added:
rep:members
property.The following node type definition has been deprecated and will no longer be used:
The following configuration parameters present with the default implementation in Jackrabbit 2.x are no longer supported and will be ignored: