jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tommaso Teofili <tommaso.teof...@gmail.com>
Subject Re: Dynamic ACLs in Oak?
Date Mon, 09 Dec 2013 16:23:30 GMT
Hi Bertrand,

on friday Jukka, Simo and me quickly discussed this over the chat as Jukka
had an idea on how to accomplish that with, if I recall correctly, a quite
dynamic approach which didn't imply changing the already existing ACLs.
Maybe Jukka and / or Simo had a chance to follow up on that.

Regards,
Tommaso


2013/12/9 Bertrand Delacretaz <bdelacretaz@apache.org>

> Hi,
>
> Does Oak have an extension point where I can plugin my own dynamic ACL
> logic?
>
> A typical use case is hiding a content subtree to some of the JCR
> Sessions that are created, based on a decision done in my code at
> session creation time, without having to change any actual ACLs.
>
> To avoid security issues, such a dynamic ACL should only be able to
> deny permissions on top of what Oak grants, but not grant any by
> itself.
>
> For now my goal is just to experiment with this, even if it's
> inefficient or incomplete that would be useful.
>
> -Bertrand
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message