jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: User and Rights management
Date Tue, 24 Apr 2012 06:44:30 GMT
hi

> We use jackrabbit in a web-app (tomcat, seam, JSF) environnent and the
> authentication on the site is already done with a LDAP module. We don't want
> to double-check the user identity with JCR but we do want custom right
> access to nodes for each users (groups actually).

there is no direct need to store the users in JCR. second the user
management API defined in jackrabbit is not used to evaluate
permissions.

what you have to make sure though:
a) provide and configure a (an additional) PrincipalProvider
    -> PrincipalManager will use those
b) make sure your login module populates that Subject with principals
    known to the provider and thus later on to the ac-evaluation.

hope that helps and also answers the question later on your
original mail.

regards
angela

> The goal for us is to log into the repository with a user whithout identity
> check : a loginModule that always return true for exemple and set custom
> rights for the session using ACL.
> I tried different things as follows :
> - Using DefaultLoginModule, DefaultAccessManager : the probleme here is that
> jackrabbit doesn't know the user and we don't want to add every user in the
> LDAP to the JCR tree.
> - Using SimpleLoginModule and SimpleAccessmanager : here the user is
> successfully loged in but apparently it's impossible to use ACL with
> SimpleAccessManager...
>
> - I tried to implement my custom AccessManager and loginModule but i'm a bit
> lost
> The only result I have is to successfully log in and access the repository
> but I can't add/set any right to the User (AccessDenied when changing
> rights).
> Is it possible to open a session with admin user, and set the rights for a
> unknown user, loged-in in another session ? or add an unknown Principal to
> the subject the admin principal is using ?
> What is the best solution for the this purpose ?
> Thanks for your help
>
> --
> View this message in context: http://jackrabbit.510166.n4.nabble.com/User-and-Rights-management-tp4574664p4574664.html
> Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.

Mime
View raw message