jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Jackrabbit Wiki] Update of "AccessControl" by ThomasMueller
Date Tue, 08 Mar 2011 10:20:02 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Jackrabbit Wiki" for change notification.

The "AccessControl" page has been changed by ThomasMueller.
The comment on this change is: isAdmin.
http://wiki.apache.org/jackrabbit/AccessControl?action=diff&rev1=7&rev2=8

--------------------------------------------------

  = Access Control / Authorization =
+ <<TableOfContents>>
+ 
+ == Overview ==
  [[http://jcp.org/en/jsr/detail?id=283|JCR 2.0]] specifies Access Control Management in [[http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html|section
16]]. The JCR API package is [[http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/security/package-summary.html|javax.jcr.security]].
It covers the authorization part, ie. what a certain user is allowed to do with the repository,
but not UserManagement, which is provided by Jackrabbit as an implementation-specific feature.
  
  === Permissions / Privileges ===
@@ -63, +66 @@

   * Principal-based: {{{org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider}}}
   * Combined, resource+principal-based: {{{org.apache.jackrabbit.core.security.authorization.combined.CombinedProvider}}}
  
- TODOs
-  * TODO: setting resource-based and principle-based ACLs (rep:nodePath, rep:glob) via the
APIs
-  * TODO: how ACLs are stored
-  * TODO: AccessControlProvider as an interface to extend for custom acl
-  * TODO: general security config
  
+ == API ==
+ 
+ Jackrabbit provides [[http://jackrabbit.apache.org/api/2.1/org/apache/jackrabbit/api/security/|additional
API for security and user management]]. As an example to check if a user is the admin user,
use: 
+ 
+ {{{
+ JackrabbitSession js = (JackrabbitSession) session;
+ User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
+ boolean isAdmin = user.isAdmin();
+ }}}
+ 
+ == TODO == 
+ 
+  * setting resource-based and principle-based ACLs (rep:nodePath, rep:glob) via the APIs
+  * how ACLs are stored
+  * AccessControlProvider as an interface to extend for custom acl
+  * general security config
+ 

Mime
View raw message