jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: Dynamic ACLs in Oak?
Date Mon, 09 Dec 2013 16:34:11 GMT

On Mon, Dec 9, 2013 at 11:23 AM, Tommaso Teofili
<tommaso.teofili@gmail.com> wrote:
> on friday Jukka, Simo and me quickly discussed this over the chat as Jukka
> had an idea on how to accomplish that with, if I recall correctly, a quite
> dynamic approach which didn't imply changing the already existing ACLs.
> Maybe Jukka and / or Simo had a chance to follow up on that.

Assuming a working JAAS setup, you can configure a custom "optional"
LoginModule that adds extra principals to the current subject based on
whatever criteria you want (source IP, HTTP header, phase of the moon,

It should then be possible to use such "dynamic" principals in normal
ACLs, for example to make a particular subtree accessible only during
full moon.


Jukka Zitting

View raw message