jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: "Secure realm" of internal APIs to prevent costly access control lookups
Date Tue, 26 Mar 2013 10:09:31 GMT
hi lukas

(moving discussion back to the regular jackrabbit dev list)

>> consequently we no longer have the need for (shared) system session.
>> btw: in jackrabbit-core system sessions already bypasses all kind
>> of access control evaluation.
>
> That's what I would've expected. However, this bypass is implemented
> explicitly in AccessControlProvider implementations.

that's is not correct.
i don't know what you are doing but solely configuring the
custom ac provider in the workspace configuration should be
sufficient to get the setup right...

please note that the ac provider interface is *not* part
of the public jackrabbit API but an internal interface which
is not meant to be accessed by JCR API consumers.

regards
angela

Mime
View raw message