Hi : however, I had configured the repository.xml as follow: and has the problem too. thanks. 2009-02-26 yanjie 发件人： Angela Schreiber 发送时间： 2009-02-26 17:05:43 收件人： dev 抄送：主题： Re: Authentication about Jackrabbit hi yanjie it depends on the jackrabbit version you are using prior to 1.5: - jackrabbit shipps with a simple LoginModule for authentication - ... and with a simple Access Manager to handle authorization - in order to achieve your goals you would need to write your own LoginModule and AccessManager implementation - and configure them in the repository.xml jackrabbit 1.5 in addition contains - early state implementation for the upcoming jsr283 security functionality (access control management) and jackrabbit specific extensions for user management. but this is still work in progress and may undergo heavy changes. - due to this fact the standard repository configuration doesn't expose that new functionality by default but still the simple version. - see the o.a.j.jackrabbit/api/jsr283/security and o.a.j.jackrabbit/api/security sections to get some ideas what's going to be present. regards angela yanjie wrote: > > HI everyone: > I login with "admin" and created a user "a" and didn' t join any group > , however the user "a" can create all delete node and seems to have all > privileges to handle the default workspace. why ? can I realize the > authentication to handle the workspace. For example , only I grant > privilege to a user , the user will have the privilege to handle the > specified path's nodes? > > Thanks! > > 2009-02-26 > yanjie