jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mat Lowery <mlow...@pentaho.com>
Subject Thinking behind o.a.j.core.security.authorization.acl.ACLProvider
Date Tue, 15 Dec 2009 23:40:34 GMT
Can someone provide some background on the implementation of
o.a.j.core.security.authorization.acl.ACLProvider?

For example, why is the entire path of nodes from root to leaf consulted
when making authorization decisions?  One could imagine an
implementation that consults only the first non-empty ACL starting at
the leaf and moving up towards the root.

Additionally, why are the access control entries ordered by principal?
At first I thought that ACE order mattered but now I'm not sure.

In general, the logic behind buildResult() is a mystery.  Any help would
be appreciated.

Mime
View raw message