jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Dynamic ACLs in Oak?
Date Tue, 10 Dec 2013 09:02:26 GMT
hi 

note however, that this just covers the authentication part. as far
as pluggable authorization is concerned this is definitely planned
for OAK 1.0 but still work in progress.

see https://issues.apache.org/jira/browse/OAK-1268 for a short
description what is planned in this area... we basically need that
for our own closed user group handling but obviously this can
be used for any other kind of additional access restrictions.

kind regards
angela

On 12/9/13 5:41 PM, "Bertrand Delacretaz" <bdelacretaz@apache.org> wrote:

>Hi,
>
>On Mon, Dec 9, 2013 at 5:34 PM, Jukka Zitting <jukka.zitting@gmail.com>
>wrote:
>> ...Assuming a working JAAS setup, you can configure a custom "optional"
>> LoginModule that adds extra principals to the current subject based on
>> whatever criteria you want (source IP, HTTP header, phase of the moon,
>> etc.)....
>
>Ok, thanks! "phase of the moon", as in "any arbitrary external value"
>is indeed the kind of use case we're looking at.
>
>This looks like another reason to use the Felix Jaas stuff [1] which
>is good as this will be useful for Sling as well.
>
>-Bertrand
>
>[1] 
>http://felix.apache.org/documentation/subprojects/apache-felix-jaas.html


Mime
View raw message