jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting ...@yukatan.fi>
Subject Re: JCR Authorization
Date Thu, 05 May 2005 10:42:07 GMT

You wrote:
> I'm writing to you because I couldn't find a support mail address for 
> the Jackrabbit project and did find yours as developer on the incubator 
> page.

OK, I'll do my best to answer your question. If you have more
questions, please send them to the Jackrabbit developer list at

I'm Cc:ing this reply to the developer list in case someone else finds
this information useful.

> I'm considering to use Jackrabbits implementation of the new JCR API. 
> However, I need a customized authorization. I just viewed the source 
> code and found out that the particular part for authorization in the 
> class SimpleAccessManager is labeled with todo and that there isn't 
> anything implemented yet. Am I supposed (and have the rights) to 
> implement my custom authorization there, or is there any other way 
> proposed to customize authorization?

At the moment the SimpleAccessManager is a very simple placeholder for
more general JAAS authorization support. Please submit an issue at
http://issues.apache.org/jira/browse/JCR if you want to vote for a
quicker implementation of full JAAS support.

If you want to implement a custom authorization scheme (not based on
JAAS), then you need to write a class that implements the AccessManager
interface in org.apache.jackrabbit.core.security. Once you are done,
place the custom access manager in the Jackrabbit classpath, and change
the AccessManager element in the repository.xml configuration file to
point to your implementation. Jackrabbit will then instantiate and use
your access manager class for authorization.


Jukka Zitting

View raw message