jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanjiv Kumar <sanj...@lightsurf.com>
Subject JackRabbit authorization - how to
Date Tue, 13 Dec 2005 06:34:29 GMT
Hi,

I want to know if there is any example code around JackRabbit
authorization. I am looking for code that would help in understanding
how to ascertain which user actions can be performed on which folders. 


My problem context is as follows : 

1. There are two roles - Content Uploaders and Content Approvers. 
2. Every Uploader or Approver owns a 'home' folder (similar to a home
directory).
3. Uploaders can view/add/delete files in their home folder and only
view files in other user's folders. 
4. Approvers can view/add/delete files in any folder for which they are
approvers. Just like Uploaders, they can only view files in folders for
which they are not approvers.
5. Sometimes Uploaders/Approvers can get 'rights' to folders owned by
other uploaders/approvers and this would allow them to 'add' & 'delete'
files in those folders.

What is the best practice to solve this in JackRabbit ? 


One approach here would be to have a UserId property for every node
(which is a folder). If the userId in the User object is equal to the
userId property of the node, then that user is given full rights to that
folder (essentially it is that user's home directory - s/he is the
owner). 

The node could have two more properties - 'uploaderIds' & 'approverIds'
- having a comma separated list of userIds, which tell the system who
are the 'other' Uploaders & Approvers who can access the folder APART
from the folder 'owner'.

Is this a good way to go about solving the problem ? Using
AccessManager, SimpleAccessManager which requires AMContext, Subject,
Principal, Credentials, HeirarchyManager and knowing how to create a
jaas.config sounds complicated.

Regards,
Sanjiv.


Mime
View raw message