jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Meschberger <fmesc...@gmail.com>
Subject Re: remove JackrabbitRepository.shutdown()
Date Tue, 15 Apr 2008 09:45:31 GMT
Hi,

Am Montag, den 14.04.2008, 10:16 -0700 schrieb Tobias Bocanegra:
> hi,
> i want to remove the shutdown method from the JackrabbitRepository
> interface. the reason is that there should at least be some
> authorization. so rather move that to workspace or session.
> OTOH, since repository creation is not covered by the api, it's
> destruction should be neither.
> 
> wdyt?

First of all, the method is public API (for quite some time now). So we
cannot just remove the method without breaking backwards compatibility !

-1 therefore to just removing.

BUT: I understand the "security" requirement to prevent shutting down an
instance which you happen to get into your hands. Especially in case the
instance is the RepositoryImpl instance retrieved e.g. from JDNI.

My two options would be:

(1) JackrabbitRepository.shutdown(Session)
provide a valid Session with enough access rights

(2) Add an RepositoryAdmin interface which is retrieved from
JackrabbitSession.getRepositoryAdmin() method
This would allow implementing more repository level administrative
functionality which may be tied to limited access rights. Node Type
Management (actually available from the Workspace interface in JCR) and
Workspace Management (actually available from the Workspace interface in
JCR 2.0).

My personal favourite would be #2. But as the possible additional
functionality (NodeType Management and Workspace management) is
available from the Workspace interface in JCR 2.0, I tend to favorize
#1.

Regards
Felix


Mime
View raw message