jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torgeir Veimo <torg...@pobox.com>
Subject Re: custom AccessManager: overwrite isGranted() or checkPermissions()
Date Thu, 02 Mar 2006 22:13:35 GMT
On Thu, 2006-02-16 at 10:19 +0100, stephan lohwasser wrote:
> Torgeir Veimo schrieb:
> > On Wed, 2006-02-15 at 15:55 +0100, stephan lohwasser wrote:
> >   
> >> i am currently working on an own AccessManager-implementaion based on 
> >> acls. (first of all: is there any prior art, or are examples
> >> availible?)
> >>     
> >
> > Are you storing your ACLs as node properties?
> >   
> acls are stored as subnodes of a page with other subnodes for the acutal 
> acl entries, which have the properties owner, isNegative and permissions.
> the problems arising are the overhaed (performance) and complications of 
> asking the repoisitory each time i ask for a permission.
> what i do is: during system startup the acls are read and put into 
> java.security.acl datastructures, which are then queried by the access 
> manager. also, the acl structure observes the repository and each time 
> an access right is changed for an item the ram structure is synchronized 
> with the repository data.

My initial thought about it would be to create a mixin nodetype that
defines a few acl specific properties; an owner property, a multivalue
property for principals that can read, another one for delete, modify
etc. One can have similar properties for negative values, eg. canNotRead
etc. This does not provide for making ace's inheritable though. 

With a subnode approach you'd still have to add a mixin node to the
parent to allow the acl specific subnode?

Torgeir Veimo <torgeir@pobox.com>

View raw message