jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daglian, Michael \(IT\)" <Michael.Dagl...@morganstanley.com>
Subject Value based AccessManager?
Date Fri, 20 Jan 2006 16:51:34 GMT
Hello everyone,

I am having a bit of trouble determining how to use the AccessManager
interface to provide authorization rather than authentication. We have a
Jackrabbit-external authorization service based upon certain attributes
of the repository data (the path and declaring node type of the modified
item as well as property values - we don't authorize to the individual
property level). I can work around the access manager configuration not
including a session instance (albeit a less than ideal solution).
However, an issue arises when attempting to authorize removal
operations. Jackrabbit appears only to invoke the access manager to
check for removal permissions upon save (i.e. in the
validateTransientItems method of ItemImpl). However, access to property
values (or even the removed item) at this point isn't possible since the
item has been removed from the session (even it's state is not very
accessible as it's in the attic of the TransientItemStateManager). Has
anyone else ventured down this path and come up with a clean solution?
Apologies if this has been addressed in earlier discussions but a search
of the archives did not yield anything.

Regards,

-- Mike
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender.  Sender does not waive confidentiality
or privilege, and use is prohibited.

Mime
View raw message