Return-Path: Delivered-To: apmail-jackrabbit-users-archive@locus.apache.org Received: (qmail 22261 invoked from network); 2 Feb 2007 18:02:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Feb 2007 18:02:03 -0000 Received: (qmail 15738 invoked by uid 500); 2 Feb 2007 18:02:09 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 15719 invoked by uid 500); 2 Feb 2007 18:02:09 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 15705 invoked by uid 99); 2 Feb 2007 18:02:08 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Feb 2007 10:02:08 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of sriramnrn@gmail.com designates 66.249.92.169 as permitted sender) Received: from [66.249.92.169] (HELO ug-out-1314.google.com) (66.249.92.169) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Feb 2007 10:01:59 -0800 Received: by ug-out-1314.google.com with SMTP id m3so813724uge for ; Fri, 02 Feb 2007 10:01:38 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=o1LZMU4qI7szTc1zz9VvVCdJIkIR1wsiJ//OdVuwg2r/+DHokRoG+iU5ZIefCnfe8Rz0Fl64wErn3ReZkGuiIGGPHEModQSNgW8+KZc5VMrUt214bAwhbxdMSxq2QhtqVhgO2xIdNWLVumGxibTWBdtf+bV6OEIp+J+M/pLe86Q= Received: by 10.82.113.6 with SMTP id l6mr1266142buc.1170439298275; Fri, 02 Feb 2007 10:01:38 -0800 (PST) Received: by 10.82.166.17 with HTTP; Fri, 2 Feb 2007 10:01:38 -0800 (PST) Message-ID: <49977f270702021001mafbb1b7ic07815c6c11d4548@mail.gmail.com> Date: Fri, 2 Feb 2007 23:31:38 +0530 From: "Sriram Narayanan" To: users@jackrabbit.apache.org Subject: Re: permissions on jcr nodes In-Reply-To: <45C2F6B8.7000703@sun.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <45C2F6B8.7000703@sun.com> X-Virus-Checked: Checked by ClamAV on apache.org On 2/2/07, ruchi goel wrote: > Hi all, > I want to know how r/w/o permissions are used for jcr nodes. Session > class is supposed to implement checkPermissions. Does Jackrabbit > implement it ? As far as I can understand, It creates an instance of > AccessManager . Does it allow plugging in the AccessManager ? Do we > store permissions as properties of nodes ? > Yes. JackRabbit does indeed allow us to plug in our own access managers. All you need to do is specify your class in the repository.xml file. Read the sources for SimpleAccessManager and you'll find some starting information for your own access manager. Also, search the threads for the duration of October-November 2006, and you'll find some posts by me and responses on how to write custom Access Managers. I was supposed to complete my own implementation and contribute that as a patch, but I'm really tied up with other work right now. Essentially, here's what you need to do: 1. Write your own EventListener. 2. Listen to Node creation and Node Deletion events via this EventListener. 3. Store the UUID and permission information of that node somewhere. This has to be a location outside of your repository 4. When a Node is being accessed, you AccessManager should use the UUID, look this up in its own storage (mentioned in point 3 above), and then return permissions for read and write as required. -- Sriram