jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tommaso Teofili <tommaso.teof...@gmail.com>
Subject Re: Dynamic ACLs in Oak?
Date Mon, 09 Dec 2013 16:23:30 GMT
Hi Bertrand,

on friday Jukka, Simo and me quickly discussed this over the chat as Jukka
had an idea on how to accomplish that with, if I recall correctly, a quite
dynamic approach which didn't imply changing the already existing ACLs.
Maybe Jukka and / or Simo had a chance to follow up on that.


2013/12/9 Bertrand Delacretaz <bdelacretaz@apache.org>

> Hi,
> Does Oak have an extension point where I can plugin my own dynamic ACL
> logic?
> A typical use case is hiding a content subtree to some of the JCR
> Sessions that are created, based on a decision done in my code at
> session creation time, without having to change any actual ACLs.
> To avoid security issues, such a dynamic ACL should only be able to
> deny permissions on top of what Oak grants, but not grant any by
> itself.
> For now my goal is just to experiment with this, even if it's
> inefficient or incomplete that would be useful.
> -Bertrand

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message