jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Brossard <david.bross...@gmail.com>
Subject Re: Access Control in Jackrabbit
Date Thu, 25 Feb 2010 22:48:34 GMT
Thanks for the clarification.

What I am doing now is extend AbstractAccessControlManager and implement
AccessManager.

I still use the same config in repository.xml:

        <AccessManager
class="org.apache.jackrabbit.core.security.simple.AnotherAccessManager">
            <!-- <param name="config" value="${rep.home}/access.xml"/> -->
        </AccessManager>

And I can now access ItemId. I will let you know how I get along. My aim
eventually is to be able to see item info (be it a file or a folder) and
attached metadata (properties, file properties, user-defined properties...)

I will post here my results for future reference.

David.

On Thu, Feb 25, 2010 at 6:50 PM, Mat Lowery <mlowery@pentaho.com> wrote:

>  All comments result from my experiences with Jackrabbit 1.6.  Version 1.6
> is a weird beast because it contains a full JCR 1.0 implementation with some
> JCR 2.0 implementation too.  (But the JCR 2.0 implementation isn't against
> the standard JCR 2.0 interfaces.)  So AccessControlManager (a JCR 2.0
> interface) exists in Jackrabbit 1.6 but it doesn't implement the standard
> interface.
>
> There is no JCR API for configuring access control logic.  Jackrabbit's
> SimpleAccessManager doesn't care about the "target of the user's request."
> Instead, I recommend turning on  DefaultAccessManager and putting your
> breakpoint at
> org.apache.jackrabbit.core.security.authorization.acl.ACLProvider$AbstractCompiledPermissions#buildResult(Path).
> The Path object is the "target of the user's request."  This is where ACL
> decisions are made with this manager.
>
> AccessControlManager is the JCR 2.0 method of getting and setting the
> policy for a given path.  The only policies that I have used are
> javax.jcr.security.AccessControlList.  This is a traditional ACL.
>
>
> On Thu, 2010-02-25 at 17:31 +0100, David Brossard wrote:
>
> Hi folks,
>
> I am new to this list and to Jackrabbit. My interest lies mainly in JCR
> rather than Jackrabbit per se...
>
> I downloaded and started running Jackrabbit on top of my own webapp. Very
> smooth beginning, no probs. I wanted to play around with security so I:
>
> (a) had a look at repository.xml
> (b) edited <AccessManager class=" to point to a class I wrote and that is
> an exact copy of
> org.apache.jackrabbit.core.security.simple.SimpleAccessManager
> (c) started looking at the session and the context objects
>
> From what I can see I can find the subject object which lets me know who
> authenticated. I can also retrieve the userid from the session...
>
> But I would now like to know what node the user is trying to access. If I
> want some smart access control, it should take into account the target of
> the user's request. I couldn't find anything like that.
>
> In addition, what is the AccessControlManager and what policies is it
> referring to?
>
> Cheers,
> David.
>
>
>


-- 
---
David Brossard
http://www.linkedin.com/in/davidbrossard
http://twitter.com/davidjbrossard
http://delicious.com/foggybottom
---
Stay safe on the Internet: http://www.ic3.gov/preventiontips.aspx
Prenez vos précautions sur Internet:
http://www.securite-informatique.gouv.fr/gp_rubrique34.html

Mime
View raw message