jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vidar Ramdal" <vi...@idium.no>
Subject Re: Limiting access to node children in Jackrabbit 1.5
Date Thu, 22 May 2008 13:58:53 GMT
On Thu, May 22, 2008 at 2:27 PM, Jukka Zitting <jukka.zitting@gmail.com> wrote:
>
> Hi,
>
> On Thu, May 22, 2008 at 2:37 PM, Vidar Ramdal <vidar@idium.no> wrote:
> > Yes, I've read the spec draft, but the sections on access control
> > policies (6.11.2) is very generic, leaving a lot to be desired by the
> > different implementations (as I suspect you know :). Allthough I
> > prefer writing as much as possible by the spec, the feature I need
> > (limiting child node access) is a must-have. I guess the chances of
> > that feature being included in the JSR are pretty slim?

> Doesn't AccessControlManager.addAccessControlEntry() cover your needs?

I don't think so, no.  There doesn't seem to be a way to restrict
privileges, ref. the error I got:
http://markmail.org/message/tz3zfoddbmwgllgy (if I'm mistaken, I'd be
really happy to know).

In contrast, with PolicyTemplate.setEntry(Principal, int, boolean) I
can specify a boolean false (for DENY). This specific "negative" ACE
would deny access to a child node (AFAIK).

> It sounds like you are looking for a setup where you grant access to
> the root node, but don't want those permissions to apply to the entire
> tree so you can selectively enable access to specific child nodes or
> subtrees.

Exactly.


--
Vidar S. Ramdal <vidar@idium.no> - http://www.idium.no
Akersgata 16, N-0158 Oslo, Norway

Mime
View raw message