A Jackrabbit {@code PrincipalProvider} that delegates to a Pentaho {@link UserDetailsService}.
A {@code java.security.Principal} represents a user. A {@code java.security.acl.Group} represents a group. InSpring Security, a group is called a role or authority or granted authority. Arguments to the method {@link #providePrincipal(String)} can either be a Principal or Group. In other words, {@link #providePrincipal(String)}might be called with an argument of a Spring Security granted authority. This happens when access control entries (ACEs) grant access to roles and the system needs to verify the role is known.
Jackrabbit assumes a unified space of all user and role names. The PrincipalProvider is responsible for determining the type of a principal/group from its name.
This implementation caches users and roles, but not passwords. Optionally, this implementation can take advantage of a Spring Security UserCache. If available, it will use said cache for role membership lookups. Also note that the removal of a role or user from the system will not be noticed by this implementation. (A restart of Jackrabbit is required.)
There are users and roles that are never expected to be in any backing store. By default, these are "everyone" (a role), "anonymous" (a user), "administrators" (a role), and "admin" (a user).
This implementation never returns null from {@link #getPrincipal(String)}. As a result, a {@code NoSuchPrincipalException} is never thrown. See the method for details.
@author mlowery